Privacy Policy

Effective: May 17, 2026 · Last updated: May 17, 2026

Cyber Insurance Calculator ("we", "us", or "our") operates cyberinsurancecalc.com. This policy explains what data we collect when you use our cyber insurance risk assessment tool, how we use it, who we share it with, and your rights over it.

We are part of the CISO Marketplace partner network. Questions? Email us at contact@cyberinsurancecalc.com.


1. Data We Collect

a) Information you provide directly

  • Organization profile: company name, industry, size, financial health status, recent incident history
  • Contact email: collected in the organization form (optional) and/or at the results gate (required to unlock your report)
  • Assessment answers: your responses across 11 security domains
  • Voluntary fields: website URL, phone number, annual revenue (all optional)

b) Data we calculate from your answers

  • Risk score (0–100) and risk level
  • Estimated annual premium range
  • Critical security gaps and remediation recommendations
  • Policy tier eligibility and carrier match
  • This data is stored in your assessment record as results_json

c) Data collected automatically

  • Google Analytics 4: page views, session data, events (assessment starts, completions, carrier clicks). This data is collected via cookies and is subject to Google's Privacy Policy.
  • Browser storage: assessment progress, your email (after capture), and results are temporarily stored in localStorage to support session continuity
  • IP address and user agent: logged by our hosting provider (Cloudflare Pages) for security and performance. Cloudflare's privacy policy applies.

2. How We Use Your Data

PurposeData usedLegal basis (GDPR)
Deliver your risk assessment and readiness reportAssessment answers, org profileContract / Legitimate interest
Email your personalized reportEmail addressConsent (collected at gate)
Send relevant cyber insurance updates and tipsEmail addressConsent (with opt-out in every email)
Match you with insurance carriers and referral linksRisk score, industry, company sizeLegitimate interest
Improve our scoring model and recommendationsAnonymized/aggregated assessment dataLegitimate interest
Lead generation — share qualified lead data with insurance carriers or brokersEmail, org profile, risk score, premium estimateLegitimate interest + disclosure below
Analytics and product improvementGA4 events, session dataLegitimate interest
Legal compliance and fraud preventionAny data as requiredLegal obligation

3. Lead Data & Insurance Carrier Sharing

Important disclosure: This site operates as a cyber insurance lead generation platform. By submitting your email and completing the assessment, you acknowledge that your contact information and assessment context (industry, company size, risk score, estimated premium) may be shared with or used to facilitate introductions to licensed insurance carriers, brokers, and MGAs for the purpose of obtaining cyber insurance quotes.

  • We may share your data with insurance carriers including AIG, Chubb, Travelers, Beazley, Hiscox, Coalition, At-Bay, and their affiliated brokers
  • We may also share with authorized insurance brokers or managing general agents (MGAs) who can provide quotes
  • When you click a carrier link on the quotes page, you are leaving our site and that carrier's privacy policy governs your interaction with them
  • We use UTM tracking parameters on carrier links to measure referral effectiveness; this data does not include personally identifiable information in the URL itself
  • We do not sell your raw assessment answers to data brokers
  • We do not share your data with unrelated advertisers; CyberAdX sponsorships are display-only and do not receive user data

4. Data Storage & Security

  • Database: Lead data (email and company details you provide) is stored in Cloudflare D1, hosted on Cloudflare's global infrastructure
  • Anonymized analytics: Completed assessments are stored in a separate anonymized analytics database containing only coarse attributes (industry, company-size band, revenue band, region, scores, and answers). This store never contains your email, name, organization name, or any account identifier, and cannot be linked back to you.
  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest
  • Access controls: Public API endpoints can only insert data; reading lead data requires an internal administrative key and is restricted to our team
  • Retention: Anonymized assessment analytics are retained indefinitely for benchmarking and product improvement. Lead data is retained until you request deletion or withdraw consent. localStorage data is cleared when you manually clear browser storage.
  • No payment data: We do not collect or store payment card information on this site. Access purchases (membership, credits, one-time runs) are processed by CISO Marketplace (pay.cisomarketplace.com).

5. Cookies & Tracking

We use the following tracking technologies:

Cookie / StoragePurposeType
_ga, _ga_*Google Analytics 4 — session tracking, event measurementAnalytics (opt-out at Google)
assessmentAnswers (localStorage)Save assessment progress across browser sessionsFunctional
organizationData (localStorage)Save org profile for session continuityFunctional
leadEmail (localStorage)Remember you provided your email (30-day cache, prevents re-gating)Functional
assessmentResults (localStorage)Store results for quotes pageFunctional
cyberCalc_welcomeSeen (localStorage)Track whether you have seen the welcome modalFunctional

To opt out of Google Analytics, install the Google Analytics Opt-out Browser Add-on. To clear localStorage data, clear your browser storage for this domain.


6. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable law:

Access
Request a copy of the personal data we hold about you
Correction
Request correction of inaccurate or incomplete data
Deletion
Request deletion of your personal data ("right to be forgotten")
Portability
Receive your data in a machine-readable format
Objection
Object to processing based on legitimate interest (including lead sharing)
Withdraw consent
Unsubscribe from emails at any time via the link in any email we send
CCPA opt-out
California residents may opt out of sale/sharing of personal information
Restrict processing
Request we limit how we use your data while a dispute is resolved

To exercise any of these rights, email contact@cyberinsurancecalc.com with the subject line "Privacy Request" and we will respond within 30 days.


7. Third-Party Services

We use the following third-party services that may process your data:

Google Analytics 4Site analytics
Privacy Policy
CloudflareSite hosting (Workers), database (D1), CDN, and DDoS protection
Privacy Policy
CISO MarketplaceOptional member sign-in and saved reports (gate.cisomarketplace.com / id.cisomarketplace.com)
Privacy Policy

8. Children's Privacy

This site is intended for business use only and is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us immediately at contact@cyberinsurancecalc.com.


9. Changes to This Policy

We may update this policy as our practices change. Material changes will be indicated by the "Last updated" date at the top. Continued use of the site after changes constitutes acceptance. We recommend checking this page periodically.


10. Contact Us

For privacy inquiries, data requests, or to exercise your rights:

Cyber Insurance Calculator
Part of the CISO Marketplace network