Privacy Policy

Effective Date: 21 December 2024

DarkForge Labs (Pty) Ltd (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with the Protection of Personal Information Act (POPIA) and other applicable laws.

By accessing or using our website, services, or participating in simulations, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We may collect personal information that identifies you as an individual, including:

Name
Email address
Phone number
Any other details you voluntarily provide via our contact form, chatbox, or service engagements

1.2 Non-Personal Information

We also collect data that does not directly identify you, such as:

IP address
Browser type and version
Operating system
Website usage data via analytics tools and cookies

2. How We Collect Information

We collect information:

Directly from you when you fill in forms, use the chatbox, email us, or engage our services
Automatically through cookies, log files, and third-party analytics tools when you visit our website
Where required, consent is obtained through website forms, opt-in mechanisms, or direct user interaction.

3. Purpose of Collection and Use of Information

We use your information to:

Respond to enquiries and provide services
Improve and optimise our website and service offerings
Conduct cybersecurity testing, simulations, and awareness campaigns
Comply with legal or regulatory obligations
Enforce our contractual and legal rights
We only collect and process personal information that is necessary for the specific purpose for which it was obtained

4. Legal Basis for Processing

We process personal information based on one or more of the following lawful grounds:

Your consent (where required)
Performance of a contract or service engagement
Compliance with legal obligations
Our legitimate interests, such as business operations and improving service quality

5. Sharing of Information

We do not sell or rent your personal information. We may share your information with:

Trusted service providers (e.g., cloud hosting, analytics)
Client organisations (where applicable for simulation reports)
Regulatory authorities, if legally required

All third-party processing is governed by appropriate confidentiality and data processing agreements.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your website experience and collect usage data. You may disable cookies via your browser settings, though this may affect functionality.

7. Data Retention

We retain personal data:

For the duration of client engagements and a reasonable period thereafter for legal, accounting, and operational purposes
Pentest and security assessment data is retained only for the duration necessary to complete the engagement and is securely deleted thereafter
Contact enquiries are retained for a limited period unless a business relationship is established

8. Data Security

We implement appropriate technical and organisational measures, including encryption, access controls, monitoring, and secure data handling practices aligned with recognised industry standards, to protect personal information.

9. Your Rights Under POPIA

You have the right to:

Request access to your personal information
Request correction or deletion of inaccurate data
Object to or restrict processing
Lodge a complaint with the Information Regulator

To exercise your rights, please contact our Information Officer (details below).

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. Please review their policies before sharing any information.

11. Children’s Privacy

Our website and services are not intended for children under 18. We do not knowingly collect personal information from minors.

12. Simulated Attacks and Awareness Testing

If you are a participant in a phishing simulation, red team engagement, or awareness campaign conducted by DarkForge Labs, we may collect:

Email interaction data (e.g., open rates, clicks)
Voluntary credential entries
MFA responses (where simulated)

This data is used solely to assess risk and improve security posture, and is processed on behalf of the client organisation under strict confidentiality.

13. Client Engagement Data

During the course of penetration testing or other cybersecurity services, we may process sensitive or client-provided information. This data is:

Used exclusively for the agreed engagement scope
Stored securely and only for the duration of the engagement
Deleted or returned upon completion, as contractually agreed
Processed strictly for authorised security testing purposes on behalf of the client organisation and is handled in accordance with contractual obligations and strict confidentiality requirements

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on our website with the updated effective date. Continued use of our site or services constitutes acceptance of any changes.

15. Cross-Border Data Transfers

Your personal information may be transferred to and processed in countries outside of South Africa, including where our service providers are located. We take reasonable steps to ensure that such transfers comply with applicable data protection laws and that your information remains protected to a standard consistent with POPIA.

16. Contact Information

Information Officer: Charlton Smith
Email: privacy@darkforge.io
Phone: +27 722343854
Address: 5th Floor, Bloukrans Building, Lynnwood Bridge, Pretoria, 0081, South Africa

If you have any questions about this Privacy Policy or how we handle your information, please contact us at the details above.