top of page

Privacy Policy

A legal disclaimer

Privacy Policy

​

Effective Date: 21 December 2024

DarkForge Labs (Pty) Ltd (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with the Protection of Personal Information Act (POPIA) and other applicable laws.

​

By accessing or using our website, services, or participating in simulations, you agree to the terms of this Privacy Policy.

​

1. Information We Collect
1.1 Personal Information

We may collect personal information that identifies you as an individual, including:

  • Name

  • Email address

  • Phone number

  • Any other details you voluntarily provide via our contact form, chatbox, or service engagements

​

1.2 Non-Personal Information

We also collect data that does not directly identify you, such as:

  • IP address

  • Browser type and version

  • Operating system

  • Website usage data via analytics tools and cookies

​

2. How We Collect Information

We collect information:

  • Directly from you when you fill in forms, use the chatbox, email us, or engage our services

  • Automatically through cookies, log files, and third-party analytics tools when you visit our website

 

3. Purpose of Collection and Use of Information

We use your information to:

  • Respond to enquiries and provide services

  • Improve and optimise our website and service offerings

  • Conduct cybersecurity testing, simulations, and awareness campaigns

  • Comply with legal or regulatory obligations

  • Enforce our contractual and legal rights

​

4. Legal Basis for Processing

We process personal information based on one or more of the following lawful grounds:

  • Your consent (where required)

  • Performance of a contract or service engagement

  • Compliance with legal obligations

  • Our legitimate interests, such as business operations and improving service quality

​

5. Sharing of Information

We do not sell or rent your personal information. We may share your information with:

  • Trusted service providers (e.g., cloud hosting, analytics)

  • Client organisations (where applicable for simulation reports)

  • Regulatory authorities, if legally required

All third-party processing is governed by appropriate confidentiality and data processing agreements.

​

6. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your website experience and collect usage data. You may disable cookies via your browser settings, though this may affect functionality.

​

7. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by legal, regulatory, or contractual obligations.

 

8. Data Security

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, or misuse. However, no method of transmission over the internet is 100% secure.

 

9. Your Rights Under POPIA

You have the right to:

  • Request access to your personal information

  • Request correction or deletion of inaccurate data

  • Object to or restrict processing

  • Lodge a complaint with the Information Regulator

To exercise your rights, please contact our Information Officer (details below).

​

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. Please review their policies before sharing any information.

 

11. Children’s Privacy

Our website and services are not intended for children under 18. We do not knowingly collect personal information from minors.

​

12. Simulated Attacks and Awareness Testing

If you are a participant in a phishing simulation, red team engagement, or awareness campaign conducted by DarkForge Labs, we may collect:

  • Email interaction data (e.g., open rates, clicks)

  • Voluntary credential entries

  • MFA responses (where simulated)

This data is used solely to assess risk and improve security posture, and is processed on behalf of the client organisation under strict confidentiality.

​

13. Client Engagement Data

During the course of penetration testing or other cybersecurity services, we may process sensitive or client-provided information. This data is:

  • Used exclusively for the agreed engagement scope

  • Stored securely and only for the duration of the engagement

  • Deleted or returned upon completion, as contractually agreed

​

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will be posted on our website with the updated effective date. Continued use of our site or services constitutes acceptance of any changes.

 

15. Contact Information

Information Officer: Charlton Smith
Email: privacy@darkforge.io
Phone: +27 722343854
Address: 5th Floor, Bloukrans Building, Lynnwood Bridge, Pretoria, 0081, South Africa

​

If you have any questions about this Privacy Policy or how we handle your information, please contact us at the details above.

bottom of page