Privacy Policy

Last updated: February 2026

1. Who We Are

YourInfoSec ("we", "us", "our") operates the website yourinfosec.com. We provide free cybersecurity assessment tools for individuals and businesses.

2. What Data We Collect

Assessment Data

When you take our cybersecurity assessment as an anonymous user, your answers are processed entirely in your browser. We do not transmit or store your assessment responses on any server.

If you create an account and are logged in, your assessment answers and results are stored on our servers so you can track your progress over time. You can delete all stored assessment data at any time from your profile.

Account Data

When you create an account, we collect:

  • Email address — used for login, verification, and password recovery
  • Name (optional) — used for personalisation
  • Password — stored as a cryptographic hash (PBKDF2-SHA256, 100,000 iterations). We never store passwords in plain text.

Business Waitlist

If you sign up for our business features waitlist, we collect your email address solely to notify you when business features become available.

Cookies

We use essential and functional cookies for authentication and security. We do not use advertising or tracking cookies. See our Cookie Policy for details.

3. How We Use Your Data

  • To provide the cybersecurity assessment service
  • To authenticate you and keep your account secure
  • To save your assessment history and show progress over time
  • To send transactional emails (verification, password reset)
  • To notify business waitlist subscribers when features launch
  • To improve our service and fix issues

We do not sell, rent or share your personal data with third parties for marketing purposes.

4. Data Storage and Security

Anonymous assessment data is processed and stored locally in your browser (sessionStorage). It is never transmitted to our servers.

Account data and authenticated assessment results are stored in a Cloudflare D1 database. All data is encrypted in transit (TLS) and at rest. Passwords are hashed with PBKDF2-SHA256 using a unique random salt per account.

Authentication tokens are stored as httpOnly, Secure cookies with SameSite=Strict to prevent cross-site attacks.

5. Data Retention

  • Account data — retained until you delete your account
  • Assessment history — retained until you delete your account
  • Email verification tokens — automatically expire after 24 hours
  • Password reset tokens — automatically expire after 1 hour
  • Refresh tokens — automatically expire after 30 days
  • Audit logs — retained for 90 days for security purposes

6. Account Deletion

You can delete your account and all associated data at any time from your profile page. Deletion is immediate and irreversible. All your personal data, assessment history, and tokens are permanently removed.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (or delete your account directly)
  • Export your assessment history
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

8. Contact

For any privacy-related questions, contact us at: privacy [at] yourinfosec.com

9. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.