Privacy Policy
Effective: May 17, 2026 · Last updated: May 17, 2026
Cyber Insurance Calculator ("we", "us", or "our") operates cyberinsurancecalc.com. This policy explains what data we collect when you use our cyber insurance risk assessment tool, how we use it, who we share it with, and your rights over it.
We are part of the CISO Marketplace partner network. Questions? Email us at contact@cyberinsurancecalc.com.
1. Data We Collect
a) Information you provide directly
- Organization profile: company name, industry, size, financial health status, recent incident history
- Contact email: collected in the organization form (optional) and/or at the results gate (required to unlock your report)
- Assessment answers: your responses across 11 security domains
- Voluntary fields: website URL, phone number, annual revenue (all optional)
b) Data we calculate from your answers
- Risk score (0–100) and risk level
- Estimated annual premium range
- Critical security gaps and remediation recommendations
- Policy tier eligibility and carrier match
- This data is stored in your assessment record as
results_json
c) Data collected automatically
- Google Analytics 4: page views, session data, events (assessment starts, completions, carrier clicks). This data is collected via cookies and is subject to Google's Privacy Policy.
- Browser storage: assessment progress, your email (after capture), and results are temporarily stored in
localStorageto support session continuity - IP address and user agent: logged by our hosting provider (Cloudflare Pages) for security and performance. Cloudflare's privacy policy applies.
2. How We Use Your Data
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Deliver your risk assessment and readiness report | Assessment answers, org profile | Contract / Legitimate interest |
| Email your personalized report | Email address | Consent (collected at gate) |
| Send relevant cyber insurance updates and tips | Email address | Consent (with opt-out in every email) |
| Match you with insurance carriers and referral links | Risk score, industry, company size | Legitimate interest |
| Improve our scoring model and recommendations | Anonymized/aggregated assessment data | Legitimate interest |
| Lead generation — share qualified lead data with insurance carriers or brokers | Email, org profile, risk score, premium estimate | Legitimate interest + disclosure below |
| Analytics and product improvement | GA4 events, session data | Legitimate interest |
| Legal compliance and fraud prevention | Any data as required | Legal obligation |
3. Lead Data & Insurance Carrier Sharing
Important disclosure: This site operates as a cyber insurance lead generation platform. By submitting your email and completing the assessment, you acknowledge that your contact information and assessment context (industry, company size, risk score, estimated premium) may be shared with or used to facilitate introductions to licensed insurance carriers, brokers, and MGAs for the purpose of obtaining cyber insurance quotes.
- We may share your data with insurance carriers including AIG, Chubb, Travelers, Beazley, Hiscox, Coalition, At-Bay, and their affiliated brokers
- We may also share with authorized insurance brokers or managing general agents (MGAs) who can provide quotes
- When you click a carrier link on the quotes page, you are leaving our site and that carrier's privacy policy governs your interaction with them
- We use UTM tracking parameters on carrier links to measure referral effectiveness; this data does not include personally identifiable information in the URL itself
- We do not sell your raw assessment answers to data brokers
- We do not share your data with unrelated advertisers; CyberAdX sponsorships are display-only and do not receive user data
4. Data Storage & Security
- Database: Lead data (email and company details you provide) is stored in Cloudflare D1, hosted on Cloudflare's global infrastructure
- Anonymized analytics: Completed assessments are stored in a separate anonymized analytics database containing only coarse attributes (industry, company-size band, revenue band, region, scores, and answers). This store never contains your email, name, organization name, or any account identifier, and cannot be linked back to you.
- Encryption: Data encrypted in transit (TLS 1.2+) and at rest
- Access controls: Public API endpoints can only insert data; reading lead data requires an internal administrative key and is restricted to our team
- Retention: Anonymized assessment analytics are retained indefinitely for benchmarking and product improvement. Lead data is retained until you request deletion or withdraw consent. localStorage data is cleared when you manually clear browser storage.
- No payment data: We do not collect or store payment card information on this site. Access purchases (membership, credits, one-time runs) are processed by CISO Marketplace (pay.cisomarketplace.com).
5. Cookies & Tracking
We use the following tracking technologies:
| Cookie / Storage | Purpose | Type |
|---|---|---|
| _ga, _ga_* | Google Analytics 4 — session tracking, event measurement | Analytics (opt-out at Google) |
| assessmentAnswers (localStorage) | Save assessment progress across browser sessions | Functional |
| organizationData (localStorage) | Save org profile for session continuity | Functional |
| leadEmail (localStorage) | Remember you provided your email (30-day cache, prevents re-gating) | Functional |
| assessmentResults (localStorage) | Store results for quotes page | Functional |
| cyberCalc_welcomeSeen (localStorage) | Track whether you have seen the welcome modal | Functional |
To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on. To clear localStorage data, clear your browser storage for this domain.
6. Your Rights
Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable law:
To exercise any of these rights, email contact@cyberinsurancecalc.com with the subject line "Privacy Request" and we will respond within 30 days.
7. Third-Party Services
We use the following third-party services that may process your data:
8. Children's Privacy
This site is intended for business use only and is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us immediately at contact@cyberinsurancecalc.com.
9. Changes to This Policy
We may update this policy as our practices change. Material changes will be indicated by the "Last updated" date at the top. Continued use of the site after changes constitutes acceptance. We recommend checking this page periodically.
10. Contact Us
For privacy inquiries, data requests, or to exercise your rights: