Skip to content

Privacy Policy

Privacy Policy

This Privacy Policy explains how TheCyberPicks (“we,” “us,” or “our”) collects, uses, and protects your personal information when you visit thecyberpicks.com (the “Site”). We’re committed to respecting your privacy and being transparent about our data practices.

Effective date: [SET ON PUBLISH]
Last updated: [SET ON PUBLISH]

1. Who We Are

TheCyberPicks is an independent cybersecurity review website operated by Amine Megh. We publish reviews, comparisons, and guides about VPNs, antivirus software, and password managers. Our Site is primarily targeted at users in the United States, United Kingdom, Canada, and Australia.

Contact for privacy inquiries:
Email: editorial@thecyberpicks.com
Page: thecyberpicks.com/contact

2. What Data We Collect

2.1 Data you provide directly

  • Contact form submissions: When you use our contact form, we collect your name, email address, and message content.
  • Newsletter signups: When you subscribe to our email list, we collect your email address. Newsletter services are provided by our email platform (MailerLite or ConvertKit). We use double opt-in to confirm your subscription.

2.2 Data collected automatically

  • Analytics data: We use Google Analytics 4 (GA4) to understand how visitors use our Site. GA4 collects anonymized data including pages visited, time on site, referral source, device type, browser, and approximate geographic location. IP addresses are anonymized. We do not enable Google Signals or User-ID features.
  • Cookies: We use essential cookies for site functionality and analytics cookies for measuring site performance. See our Cookie Policy for a full list of cookies and how to manage them.
  • Server logs: Our hosting provider automatically logs IP addresses, browser type, referring URLs, and timestamps. These logs are retained for security purposes and are deleted after 30 days.

2.3 Data from third-party services

  • Affiliate tracking: When you click an affiliate link on our Site (links to /go/ or /recommends/ paths), the destination website may set cookies to track whether you make a purchase. These cookies are set by the affiliate program (e.g., NordVPN, ExpressVPN), not by us. We receive anonymized conversion data (that a sale occurred) but not your personal information from these transactions.

3. How We Use Your Data

We use the data we collect for the following purposes:

  • To respond to your inquiries — contact form submissions are used solely to reply to your message.
  • To send newsletters — if you opted in, we send periodic emails about new reviews, guides, and cybersecurity news. Every email includes an unsubscribe link.
  • To improve our Site — analytics data helps us understand which content is most useful and where we can improve.
  • To track affiliate performance — we monitor which pages generate affiliate clicks so we can invest in the most helpful content.
  • To maintain security — server logs help us detect and prevent abuse.

We do not:

  • Sell your personal data to third parties.
  • Use your data for targeted advertising.
  • Build user profiles for marketing purposes.
  • Share your email address with affiliate partners.

4. Legal Basis for Processing (GDPR)

For visitors in the European Economic Area (EEA) and United Kingdom, we process your data under the following legal bases:

  • Consent — for analytics cookies (collected via our cookie consent banner) and newsletter subscriptions (double opt-in).
  • Legitimate interest — for essential site functionality, security logging, and basic site analytics after consent is granted.
  • Contractual necessity — for responding to your contact form submissions.

You may withdraw consent at any time by adjusting your cookie preferences via our cookie consent banner or by unsubscribing from our newsletter.

5. Cookies

Our Site uses cookies. We categorize them as:

  • Essential cookies — required for the site to function (e.g., cookie consent preferences, WordPress session cookies). These are set without requiring consent.
  • Analytics cookies — Google Analytics 4 cookies used to measure site performance. Set only after you consent via our cookie banner.
  • Affiliate cookies — set by third-party affiliate programs when you click an outbound affiliate link. These are governed by the respective program’s privacy policy.

For a detailed list of cookies, their purposes, and durations, see our Cookie Policy.

We use CookieYes for cookie consent management. On your first visit, a banner asks for your consent before any non-essential cookies are set.

6. Third-Party Services

We use the following third-party services that may process your data:

Service Purpose Data processed Privacy policy
Google Analytics 4 Site analytics Anonymized page views, device info, location Google Privacy Policy
MailerLite / ConvertKit Email newsletter Email address See provider’s privacy policy
CookieYes Cookie consent Consent preferences CookieYes Privacy Policy
Affiliate networks Commission tracking Click/conversion data (anonymized) Varies by program

7. Data Retention

  • Contact form messages: Retained for up to 12 months, then deleted.
  • Newsletter subscriber data: Retained until you unsubscribe, then deleted within 30 days.
  • Analytics data: Google Analytics data is retained for 14 months (GA4 default).
  • Server logs: Deleted after 30 days.
  • Cookie consent records: Retained for 12 months as required for compliance documentation.

8. Your Rights

8.1 Rights under GDPR (EEA and UK residents)

If you are located in the EEA or United Kingdom, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Restriction — request that we limit processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — withdraw previously given consent at any time.

To exercise any of these rights, email us at editorial@thecyberpicks.com with the subject line “Privacy Request.” We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, the CNIL in France).

8.2 Rights under CCPA (California residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Delete your personal information.
  • Opt out of the sale of personal information. We do not sell personal information, so this right does not apply in practice.
  • Non-discrimination — we will not discriminate against you for exercising your rights.

To submit a request, email editorial@thecyberpicks.com with “CCPA Request” in the subject line.

8.3 Rights under the Australian Privacy Act

If you are an Australian resident, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of any inaccurate information.
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we’ve breached the Australian Privacy Principles.

8.4 Rights under Canadian privacy law (PIPEDA)

If you are a Canadian resident, you have the right to access, correct, and challenge the accuracy of your personal information. Contact us at editorial@thecyberpicks.com to make a request.

9. Children’s Privacy

Our Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. International Data Transfers

Our hosting infrastructure and third-party services may process data in the United States and other countries. Where data is transferred outside the EEA/UK, we rely on adequacy decisions or standard contractual clauses as appropriate.

11. Security

We take reasonable technical and organizational measures to protect your data, including:

  • SSL/TLS encryption site-wide (HTTPS)
  • HSTS headers enforced
  • Web application firewall (WAF) active
  • Regular security scans and plugin updates
  • Strong password policies and two-factor authentication on all admin accounts

No system is 100% secure. If we discover a breach that affects your personal data, we will notify affected individuals and relevant authorities as required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we’ll update the “Last updated” date at the top of this page. For significant changes, we’ll post a notice on our homepage or notify newsletter subscribers.

We encourage you to review this page periodically.

13. Contact Us

For any questions or requests related to this Privacy Policy:

Email: editorial@thecyberpicks.com
Contact page: thecyberpicks.com/contact

Last updated: [SET ON PUBLISH]