Contact

Security First

We protect what matters most: your data, your reputation and your business.

Contact

Language

Privacy
Policy

Legal

Transparent information about data processing, protection and security at Primitive.

Last Updated:

December, 2025

Controller:

Primitive Security Ops.

1. Security and Privacy Commitment

At Primitive, we understand that trust is the foundation of cybersecurity. We are committed to protecting our users' privacy and the critical confidentiality of our clients' technical information with the same rigorous standards we apply in our audit and defense services. This policy details how we collect, use, and shield your personal and corporate data in accordance with GDPR and current regulations.

2. Data We Collect

Depending on your interaction with us (web, audit, consultancy), we may process:

  • Contact Data: Name, corporate email, phone, and position, provided via forms or direct communication.
  • Technical Data (Clients): IP addresses, server logs, network topologies, and temporary credentials necessary for the execution of Pentesting or Hardening services. (These data are governed by specific confidentiality clauses in the service agreement).
  • Navigation Data: Technical cookies necessary for website security and anonymous traffic analysis.

3. Purpose of Processing

We use your data exclusively for:

  • Service Provision: Execution of audits, secure development, and contracted consultancy.
  • Operational Security: Identity verification and prevention of fraud or attacks against our infrastructure.
  • B2B Communications: Sending technical reports, quotes, and, if consented, news about critical threats or services (Newsletter).

4. Confidentiality and Recipients

We do not sell or trade your data to third parties. Given the sensitive nature of our work, we apply a Need-to-Know policy. Your data can only be shared with:

  • Competent legal authorities, solely under formal judicial requirement.
  • Critical infrastructure providers (e.g., Datacenters) that comply with ISO 27001 and GDPR regulations, strictly necessary for service operation.

5. Security Measures

We apply enterprise-grade security measures, including:

  • Data encryption in transit (TLS 1.3) and at rest (AES-256).
  • Two-Factor Authentication (2FA) for all internal access.
  • Network segmentation and strict access control.
  • Secure destruction of sensitive data upon completion of audit projects.

6. Your Rights

You can exercise your rights of Access, Rectification, Deletion, Limitation, Portability, and Opposition by contacting our Data Protection Officer (DPO):