Security First

We protect what matters most: your data, your reputation, and your business.

Contact

Language

Privacy
Policy

Legal

Transparent information about data processing, protection and security at Primitive.

Last Updated:

December, 2025

Controller:

Primitive Security Ops.

1. Security and Privacy Commitment

At Primitive, we understand that trust is the foundation of cybersecurity. We are committed to protecting our users' privacy and the critical confidentiality of our clients' technical information with the same rigorous standards we apply in our audit and defense services. This policy details how we collect, use, and shield your personal and corporate data in accordance with GDPR and current regulations.

2. Data We Collect

Depending on your interaction with us (web, audit, consultancy), we may process:

  • Contact Data: Name, corporate email, phone, and position, provided via forms or direct communication.
  • Technical Data (Clients): IP addresses, server logs, network topologies, and temporary credentials necessary for the execution of Pentesting or Hardening services. (These data are governed by specific confidentiality clauses in the service agreement).
  • Navigation Data: Technical cookies necessary for website security and anonymous traffic analysis.

3. Purpose of Processing

We use your data exclusively for:

  • Service Provision: Execution of audits, secure development, and contracted consultancy.
  • Operational Security: Identity verification and prevention of fraud or attacks against our infrastructure.
  • B2B Communications: Sending technical reports, quotes, and, if consented, news about critical threats or services (Newsletter).

4. Confidentiality and Recipients

We do not sell your data to third parties. Given the sensitive nature of our work, we apply a Need-to-Know policy. To deliver the service we rely on a small number of data processors (Art. 28 GDPR) that process data on our behalf and under our instructions:

  • Resend (Delaware, USA) — Transactional delivery of the confirmation email and the internal notification when you submit the contact form or subscribe to the newsletter. Data processed: name, email address, company, phone number and message content. International transfer covered by EU Standard Contractual Clauses.
  • Disify and Kickbox (public verification APIs) — Real-time check of email domain validity and detection of disposable addresses at the moment the form is submitted. Only data processed: the email address. They do not store or reuse the addresses checked.
  • Vercel Inc. (USA) — Website hosting and serverless function execution. Complies with EU Standard Contractual Clauses.
  • Competent legal authorities, solely under formal judicial requirement.
  • Other critical infrastructure providers (e.g., Datacenters) that comply with ISO 27001 and GDPR regulations, strictly necessary for service operation.

5. Security Measures

We apply enterprise-grade security measures, including:

  • Data encryption in transit (TLS 1.3) and at rest (AES-256).
  • Two-Factor Authentication (2FA) for all internal access.
  • Network segmentation and strict access control.
  • Secure destruction of sensitive data upon completion of audit projects.

6. Your Rights

You can exercise your rights of Access, Rectification, Deletion, Limitation, Portability, and Opposition by contacting our Data Protection Officer (DPO):