Skip to main content
Scoping call

Choose your region and language

Privacy

Privacy Notice

Last updated: 2026-06-02.

Who we are

HackingByte is a senior-led cybersecurity firm (offensive security, GRC, and business risk advisory). The data controller for this website is HackingByte S.A.R.L.. Full entity details are listed in the Legal Notice. For any question about this notice or your information, contact privacy@hackingbyte.com.

How to contact us about privacy

Privacy questions: privacy@hackingbyte.com. General enquiries: contact@hackingbyte.com. Security reports: security@hackingbyte.com.

What information we receive

This website receives personal information in two main ways: when you submit the contact form on /contact/ or email us directly, and when analytics cookies are loaded after you accept the analytics banner (see below). For form submissions and emails, we receive what you put in your message, for example:

  • your name and email address (and anything else you include);
  • the content of your enquiry or message; and
  • for security reports, the technical details you choose to share.

Please do not submit credentials, secrets, sensitive vulnerability details, personal identification documents, or confidential production data through the contact form. Use security@hackingbyte.com (see security.txt) for vulnerability reports and responsible disclosure.

Contact enquiries

If you submit the contact form on /contact/ or email contact@hackingbyte.com, we use your message to respond to you and to discuss a possible engagement. The contact form collects your name, business email, and (optionally) your company, role, website, the service area you want to discuss, and the message context you choose to share. Submissions are delivered to the existing Google Workspace mailbox behind contact@hackingbyte.com — no additional processor handles them. We use Cloudflare Turnstile to protect our forms from automated abuse. To provide this protection, Cloudflare receives the data necessary to assess whether a request is automated — such as your IP address and interaction signals with the challenge. Cloudflare acts as our processor for this purpose. The lawful basis is our legitimate interest in responding to business enquiries and, where applicable, taking steps at your request prior to entering a contract.

Security reports

If you email security@hackingbyte.com (see our security.txt), we use the report to assess and respond to the issue you raise. The lawful basis is our legitimate interest in maintaining the security of our services and protecting our users.

Analytics, cookies, and tracking

We use Google Analytics (GA4), loaded through Google Tag Manager, to understand how visitors use the site at an aggregate level. The site uses Google Consent Mode v2: the Google Analytics loader runs on every page, but no analytics identifiers and no _ga* cookies are set before you click Accept on the cookie banner. Under denied consent, Google Analytics sends only "cookieless pings" used for aggregate signal modelling, without an identifier we can tie to you. When you click Accept, the consent state updates to granted for analytics and the standard _ga* cookies are set on this domain. Advertising consent (ad_storage, ad_user_data, ad_personalization) remains denied at all times because HackingByte does not use Google Ads. You can change your analytics choice at any time using the Cookie settings link in the footer; rejecting analytics after previously accepting them stops further data collection on this device and clears the related _ga* cookies on this domain.

The lawful basis for analytics identifiers and _ga* cookies is your consent. Beyond Google Analytics (loaded via Google Tag Manager), the site uses no advertising trackers, social-network embeds, or other third-party trackers.

The banner controls three non-essential categories — Analytics, Functionality, and Personalization — each off by default; Analytics (Google Analytics) is currently the only one in active use. Non-essential cookies are set only after you consent. You can change your choice at any time via Cookie settings in the footer. This approach is intended to meet both EEA (GDPR/ePrivacy) and Moroccan (Law 09-08 / CNDP) expectations regarding consent for non-essential cookies.

Hosting and technical logs

The website is served by Cloudflare as hosting and CDN provider. Like most web hosting, Cloudflare processes limited technical connection data (such as IP address and basic request information) to deliver and secure the site. The lawful basis is our legitimate interest in operating a functional and protected website.

How long we keep information

We keep enquiry and security-report emails for up to 24 months after the last communication with you, then delete or archive them. Analytics data is retained according to the configured Google Analytics retention period (which we keep at the shortest reasonable setting). Edge and security logs handled by Cloudflare are retained according to Cloudflare's standard log retention.

Sharing and processors

We do not sell your information. We rely on the following service providers, which act as processors on our behalf:

  • Cloudflare — website hosting, CDN, and edge security.
  • Google Workspace — business email (the inboxes behind @hackingbyte.com).
  • Google Analytics — aggregate website analytics, loaded on every page under Consent Mode v2; identifiers and _ga* cookies are set only after you click Accept.

International transfers

Personal data may be transferred outside the European Economic Area as part of operating these services (for example, when Google or Cloudflare process data on infrastructure outside the EEA, or when communications take place with our team in Morocco). Where required for transfers from the EEA, such processing relies on appropriate safeguards — including the European Commission's Standard Contractual Clauses and the providers' supplementary measures.

Your rights

Subject to applicable data protection law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal information, the right to data portability, and the right to withdraw consent for analytics at any time (by using Cookie settings in the footer). To exercise any of these rights, email privacy@hackingbyte.com.

Complaints

If you have a concern, please contact us first at privacy@hackingbyte.com. You may also have the right to complain to the competent data protection authority in your country or region.

Personal data and Moroccan law (Law 09-08)

HackingByte S.A.R.L. is a company established in Casablanca, Morocco. Where we process personal data through this website and its contact and security-report forms, we do so in accordance with Law No. 09-08 on the protection of individuals with regard to the processing of personal data, under the supervision of the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).

Data controller. The controller of personal data collected through this site is HackingByte S.A.R.L., [registered address as on the Legal Notice], contactable at privacy@hackingbyte.com.

What we process and why. We process only the data you choose to send us — your name, business email, company, role, website, and message — for the sole purpose of responding to your enquiry or security report. We do not sell personal data and do not use it for advertising.

Your rights under Law 09-08. If you are in Morocco, you have the right to be informed about the processing of your personal data; to access the data we hold about you; to obtain its rectification, completion, updating, locking or deletion; and to object, on legitimate grounds, to its processing — including the right to object, free of charge, to the use of your data for commercial prospecting. To exercise these rights, write to privacy@hackingbyte.com. You also have the right to refer a matter to the CNDP.

CNDP formalities. Under Law 09-08, processing of personal data in Morocco may be subject, depending on its nature, to prior declaration to — or authorization by — the CNDP. We limit the data processed through this website to what the purposes set out above require, and we are completing the CNDP formalities that apply to that processing. Any declaration reference will be added to this notice once the relevant filing is finalised.

Processors and international transfers. To run this site and respond to you, we rely on service providers that may process data outside Morocco — including Cloudflare (security and bot protection), Google Workspace (email), and Google Analytics (audience measurement, only with your consent). Where personal data is transferred outside Morocco, the transfer is made in accordance with the conditions of Law 09-08.

Which rules apply to you. If you are in the European Economic Area, the GDPR section above governs your rights. If you are in Morocco, this section and Law 09-08 govern. Where both could apply, we honour the protections most favourable to you.

Children

This site and our services are intended for businesses and professionals. They are not directed to children, and we do not knowingly collect information from children.

Changes to this notice

We may update this notice from time to time. The published version shows its date at the top of the page. Material changes will be highlighted before they take effect.

Contact

Privacy questions: privacy@hackingbyte.com.