Privacy Policy

Isomorph Cyber (HK) Limited (“Isomorph”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our services.

1. Information We Collect

We may collect the following categories of personal data:

• Contact information — name, email address, phone number, company name, and job title provided through enquiry forms or service agreements.
• Account data — login credentials and profile information when you register for our client portal.
• Technical data — browser type, IP address, device information, and pages visited, collected automatically through cookies and server logs.
• Service data — information provided during security assessments, penetration tests, or compliance reviews, strictly within the scope of our engagement.

2. How We Use Your Information

• To provide, maintain, and improve our cybersecurity services.
• To communicate with you about engagements, support, and updates.
• To process payments and manage billing.
• To comply with legal obligations and regulatory requirements.
• To protect the security and integrity of our platform.

3. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

• Service providers — trusted third parties that assist us in operating our platform (e.g., cloud hosting, payment processing), bound by confidentiality obligations.
• Legal requirements — when required by law, regulation, or legal process in Hong Kong.
• Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users.

4. Data Retention & PDPO Compliance

We comply with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). In accordance with the PDPO:

• Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected.
• Engagement-related data is retained for a maximum of 7 years for audit and regulatory purposes, then securely destroyed.
• Automated data shredding processes ensure timely deletion of data that exceeds its retention period.
• All data is stored within the Hong Kong (ap-east-1) region to ensure data sovereignty.

5. Cookies & Tracking

We use essential cookies to maintain session state and authentication. We may use analytics cookies to understand how visitors interact with our website. You can control cookie preferences through your browser settings. We do not use cookies for advertising purposes.

6. Data Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments of our own infrastructure.

7. Your Rights

Under the PDPO, you have the right to:

• Request access to your personal data held by us.
• Request correction of inaccurate personal data.
• Request deletion of your personal data where it is no longer required.

To exercise any of these rights, please contact us using the details below.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection Officer at privacy@isomorph-cyber.com.