Privacy Policy

iB49 Privacy Policy

Effective Date: Dec 1, 2025

iB49 (“iB49,” “we,” “us,” or “our”) is a cybersecurity and compliance advisory firm that helps organizations achieve and maintain trust-based frameworks such as ISO 27001, 9001, SOC 2, HIPAA, PCI DSS, and DORA. We are committed to protecting the privacy and security of your personal data, and this Privacy Policy outlines how we collect, use, store, disclose, and safeguard information through our websites, platforms, tools, and services (collectively, the “Services”).

  1. Scope of this Policy

This Privacy Policy applies to:

  • Visitors to our websites (including https://ib49.com/ and subdomains)
    • Users of our compliance and audit platforms
    • Clients and prospective clients
    • Individuals interacting with iB49 through events, support, or sales outreach

This Policy does not apply to personal data processed on behalf of our clients through third-party tools such as Drata or Vanta, where we act as a data processor or subprocessor. In such cases, the client’s own privacy policy governs how data is handled.

  1. What Personal Data We Collect

Depending on how you interact with iB49, we may collect the following information:

  1. Identification & Contact Information
  • Full name
    • Business email address
    • Phone number
    • Job title and company name
    • Location (city, country)
  1. Account & Authentication Information
  • Username and encrypted password
    • Role-based access assignments
    • Audit trail of logins and platform activity
  1. Professional & Compliance Information
  • Employment details and responsibilities
    • Information related to compliance training, certifications, and audit participation
    • Risk or control ownership (e.g., assigned controls in Drata)
  1. Technical & Device Data
  • IP address and device ID
    • Browser type and version
    • Operating system
    • Access times and pages viewed
  1. Communication Data
  • Emails, chat logs, or support tickets
    • Forms or feedback submitted through our website or platform
    • Webinar or event participation details
  1. Marketing & Engagement Data
  • Subscription preferences
    • Survey responses
    • Analytics data (clicks, open rates, navigation behaviour)
  1. How We Collect Personal Data
  • Directly from you – via contact forms, meetings, email, demos, webinars, or events
    Automatically – through cookies, device logs, and website usage
    From third parties such as:
    – Referrals or partners
    – Public sources like LinkedIn
    – Compliance platforms where we are invited as collaborators
  1. How We Use Personal Data
  2. Deliver and Manage Our Services
  • Manage client accounts and access controls
    • Support compliance activities, audits, and evidence collection
    • Provide technical and advisory support
    • Conduct vulnerability assessments and penetration testing
  1. Improve Our Website & Platforms
  • Analyse usage patterns
    • Maintain system integrity and prevent fraud
    • Conduct user experience testing and improvements
  1. Marketing & Business Development
  • Send newsletters, event invites, and product updates (with consent)
    • Personalise communication based on industry or role
  1. Legal & Regulatory Obligations
  • Respond to lawful data requests
    • Maintain records in line with legal and contractual requirements (e.g., ISO 27001 Clause 7.5)
  1. Legal Basis for Processing (EEA/UK Users)
  • Performance of a contract
    Legitimate interests
    Consent (e.g., non-essential cookies, marketing)
    Legal obligation
  1. Sharing of Personal Data

6.1 Subprocessors (Coprocessors)

To deliver our Services, iB49 engages trusted third parties who process personal data on our behalf.

Current Subprocessor

Category

Subprocessor

Purpose

Data Location

Productivity Suite

Microsoft 365 (Microsoft Corporation)

Email, document storage, collaboration, internal communication

Global (including EU & U.S.)

iB49 performs due diligence and continuous monitoring of all service providers to ensure they maintain appropriate data protection measures.

Future sub-processors will be added to this list through updates to this Privacy Policy.

  1. Service Providers

Examples include:

  • Cloud infrastructure (AWS, Azure)
    • Compliance automation tools (Drata, Vanta)
    • CRM tools (HubSpot, Salesforce)
    • Email marketing providers (Mailchimp, Brevo)

These providers process data strictly under iB49’s instructions.

  1. Auditors and Assessors

With client approval, we share relevant documentation with auditors such as:
A-LIGN, Insight Assurance, EY, BARR Advisory, Prescient Security.

  1. Legal Authorities

Only when required by law or necessary to protect rights and safety.

  1. Corporate Transactions

If iB49 undergoes a merger or acquisition, data may be transferred to the successor entity.

  1. Retention of Personal Data

Data Type

Retention Period

Client audit records

Duration of engagement + 3 years

Communication data (support, email)

3 years from last contact

Marketing contact details

Until unsubscribed or 2 years of inactivity

Anonymised data may be retained indefinitely.

  1. International Data Transfers

By using our Services, you acknowledge that your data may be transferred outside your home country. iB49 implements safeguards such as:

  • Standard Contractual Clauses (SCCs)
    • Data Processing Agreements (DPAs)
    • Vendor due diligence aligned with ISO and GDPR standards
  1. Your Privacy Rights

Your rights may include:

  • Access
    • Correction
    • Deletion
    • Restriction or objection
    • Withdrawal of consent
    • Complaint to a supervisory authority

To exercise any rights, contact us: info@ib49.com

  1. Security Measures

iB49 implements strong technical and organisational measures, including:

  • AES-256 encryption (data at rest) & TLS 1.2+ (data in transit)
    • Role-based access control & MFA
    • SOC 2–compliant cloud infrastructure
    • Quarterly vulnerability assessments & annual penetration testing
    • Mandatory security awareness training
  1. Cookies & Tracking

We use cookies for:

  • Analytics (e.g., Google Analytics)
    • Preferences
    • Marketing and retargeting (e.g., LinkedIn Ads, Meta Pixel)

You may opt out through browser settings or our cookie banner.

  1. Email & Communication Preferences

We may send:

  • Transactional messages
    • Marketing communications
    • Product updates

You can unsubscribe anytime via email link or by contacting info@ib49.com.

  1. Children’s Privacy

Our services are not intended for individuals under 16, and we do not knowingly collect data from minors.

  1. Changes to this Policy

This Policy may be updated periodically. Material changes will be communicated via email or by posting a notice on our website.

  1. Contact Us

For questions or requests:

Email: info@ib49.com
Website: https://ib49.com/