Privacy Policy
Last updated: 07 February 2026
This Privacy Policy explains how CISOAIA collects and uses personal data when you visit our websites, interact with us or use our services.
1. Data controller and contact
The data controller is CISOAIA, operated by Adrian Pojar, with registered address at Reutlingerstrasse 18, 8472 Seuzach, Switzerland. If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you can contact us at privacy@cisoaia.com.
2. Categories of personal data we process
At this stage of the project, we mainly process the following categories of personal
- Technical and usage IP address, device and browser information, operating system, access times, pages viewed and interactions with our website. This data is typically collected automatically through server logs and similar technologies.
- Communication information you provide when you contact us, such as your name, email address and the content of your message.
- Account and service data (future): if you create an account or use our training services in the future, we may process information such as your login details, profile information, usage of training modules, progress and results.
3. Purposes and legal bases of processing
We process personal data only to the extent necessary for specific, explicit and legitimate purposes:
- To operate and secure our websites and services, including monitoring performance, preventing abuse and troubleshooting issues.
- To respond to your inquiries and communicate with you at your request.
- In the future, to provide cybersecurity awareness and training services, manage user accounts and improve our content and features.
- To comply with legal obligations and to establish, exercise or defend legal claims.
For users in the EU/EEA and Switzerland, we rely in particular on the following legal bases under applicable data protection laws:
- Performance of a contract or pre-contractual measures when processing is necessary to provide requested services.
- Our legitimate interests in operating a secure, reliable and user-friendly service, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
- Your consent, where required by law (for example, for certain types of analytics or marketing communications). You can withdraw consent at any time with effect for the future.
4. Recipients and international transfers
We may share personal data with carefully selected service providers who process data on our behalf (for example, hosting providers, infrastructure providers or communication tools). These providers are bound by data processing agreements and may only process data in accordance with our instructions and applicable law.
As part of using modern cloud infrastructure, personal data may be processed in countries outside Switzerland and the EU/EEA. Where necessary, we take appropriate safeguards to protect your data, such as relying on adequacy decisions or standard contractual clauses approved by the European Commission or equivalent instruments under Swiss law.
5. Cookies, analytics and similar technologies
Our website may use cookies or similar technologies to ensure basic functionality and to understand how visitors use our pages. At this early stage, we do not rely on extensive tracking or marketing cookies. If we introduce additional analytics or marketing tools in the future, we will update this Privacy Policy and, where required, seek your consent.
You can configure your browser to block or delete cookies. However, this may affect the functionality of some parts of the website.
6. Retention periods
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable law. In particular, we generally:
- keep technical logs for a limited period to ensure security and troubleshoot issues;
- retain communication data for as long as needed to handle your request and for a reasonable period thereafter;
- retain any account or service data (once live) for the duration of the user relationship and for applicable limitation periods after its end.
When data is no longer needed, we will delete or anonymize it in accordance with our retention policies and legal obligations.
7. Your rights
Depending on your location and subject to applicable law, you may have the following rights in relation to your personal
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten") in certain circumstances.
- Right to restriction of processing in certain circumstances.
- Right to object to processing based on legitimate interests, and to object at any time to processing for direct marketing.
- Right to data portability, where applicable, for data you have provided to us.
- Right to withdraw consent at any time, where processing is based on your consent.
To exercise these rights, please contact us at privacy@cisoaia.com. We may need to verify your identity before responding to your request.
You also have the right to lodge a complaint with a competent data protection authority, in particular in your place of habitual residence, place of work or place of the alleged infringement. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).
8. Data security
We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse or alteration. These measures include the use of secure hosting providers, encryption in transit, access controls and regular updates to our systems. No system can be completely secure, but we strive to continuously improve our security posture.
9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example if we launch new features, start offering new services or use new service providers. The latest version will always be available on this page. If changes are material, we may provide additional notice, such as a banner on the website.