LEGAL // CHIMERASCOPE

Privacy Policy

How we collect, process, and protect your data. GDPR-compliant. EU-hosted infrastructure.

1. Controller

Gexiro Global Enterprises Ltd, Eurotowers, Gibraltar ("Chimerascope", "we", "us") is the data controller for personal data processed through chimerascope.com and related services.

2. What Data We Process

2.1 Assessment Data

During security assessments, we process publicly accessible technical data only:

Domain names and subdomains
IP addresses and DNS records
TLS/SSL certificate information
HTTP headers and server responses
Email security configuration (SPF, DMARC, DKIM records)
Open ports and exposed services

We do not intentionally collect, access, or process personal data of our clients' customers, employees, or end users.

2.2 Contact Data

When you contact us via our website form or email, we process your name, email address, company name, and message content for the purpose of responding to your inquiry.

2.3 Website Analytics

We use privacy-respecting analytics to understand website usage. No personal data is shared with advertising networks. We do not use third-party tracking cookies.

3. Legal Basis

We process data based on:

Legitimate interest (Art. 6(1)(f) GDPR): Security assessments of publicly accessible infrastructure serve the legitimate interest of improving internet security.
Contract performance (Art. 6(1)(b) GDPR): Processing assessment data for contracted clients.
Consent (Art. 6(1)(a) GDPR): Contact form submissions.

4. Third-Party Services

Our methodology queries third-party intelligence services including public DNS resolvers, certificate transparency logs, and threat intelligence databases. Only domain names and IP addresses are shared with these services. No personal data, credentials, or proprietary information is transmitted to third parties.

5. Data Storage and Security

Assessment data is stored on our self-hosted infrastructure within European jurisdiction. All reports are encrypted (AES-128). Access is restricted to authorized personnel only. We implement industry-standard security measures including encrypted storage, access controls, and audit logging.

6. Data Retention

Assessment data: 90 days after final report delivery, then securely deleted.
Continuous monitoring: Preceding 12 months retained for trend analysis.
Contact inquiries: 24 months, then deleted.
Complimentary teasers: 30 days on CDN, then removed.

7. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

Access your personal data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Restriction of processing
Data portability
Object to processing
Lodge a complaint with a supervisory authority

8. International Transfers

We do not transfer personal data outside the European Economic Area. Our infrastructure is hosted within EU jurisdiction. Gibraltar maintains adequacy status under UK GDPR.

9. Contact

For privacy inquiries or to exercise your data protection rights, please use our contact form

Gexiro Global Enterprises Ltd
Eurotowers, Gibraltar

Privacy questions?

Contact our privacy team to exercise your data protection rights or ask questions about our data processing practices.