Privacy Policy

Abyss Security ("we", "us", "our") is a cybersecurity company registered in Albania, providing penetration testing, vulnerability assessments, defensive security, and security integration services to organisations.

For any privacy-related enquiries, contact us at: info@abyss-security.al

We collect personal data only when you voluntarily submit it through our security enquiry form. This may include:

• Full name and job title
• Business email address and phone number
• Company name, size, and industry
• Country of operation
• Services of interest and a description of your security needs
• How you heard about us

We do not use cookies beyond those strictly necessary for the website to function, and we do not use tracking or analytics scripts that collect personal data.

We use the information you submit solely to:

• Respond to your security enquiry and schedule a follow-up call
• Understand your requirements and propose the appropriate service
• Fulfil the terms of any engagement or contract that follows

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Our legal basis for processing your data is your consent (provided when you submit the enquiry form) and our legitimate interest in responding to business enquiries. Where a contract is formed, we process data as necessary to fulfil that contract.

As Albania is aligned with the General Data Protection Regulation (GDPR) framework under the Law No. 9887 on Personal Data Protection, we apply GDPR-equivalent standards to all personal data we handle.

Enquiry data is retained for up to 24 months from the date of submission, or for the duration of any active engagement plus 12 months. If no engagement follows your enquiry, we will delete your data upon request or after the retention period elapses.

We use the following third-party services to operate this website and process enquiries:

• Vercel: website hosting and deployment (United States; covered by EU Standard Contractual Clauses)
• Resend: transactional email delivery for enquiry notifications

These providers process data only as necessary to deliver their services and are bound by their own privacy policies and data processing agreements.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent at any time without affecting the lawfulness of prior processing
• Lodge a complaint with the Albanian Information and Data Protection Commissioner (IDPC)

To exercise any of these rights, email us at info@abyss-security.al. We will respond within 30 days.

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Given the nature of our business, data security is taken seriously at every level of our operations.

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of our website after an update constitutes acceptance of the revised policy.