Nexaguard Cyber Labs

Privacy Policy

Effective Date: May 1, 2026

Last Updated: May 1, 2026

Nexaguard Cyberlabs FZCO (“Nexaguard,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the personal data we collect from you. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, engage our services, or interact with us through any of our communication channels.

This Privacy Policy is designed to be consistent with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and applicable data protection principles in the Emirate of Dubai.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Nexaguard Cyberlabs FZCO is a cybersecurity consultancy registered in the IFZA Freezone, Dubai, United Arab Emirates. We provide penetration testing, compliance advisory, governance, risk and compliance (GRC) services, and managed security services to businesses across the UAE and the wider GCC region.

Registered Office

Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, UAE

Contact for Privacy Matters

info@nexaguardcyberlabs.com

2. Information We Collect

We collect personal information that you voluntarily provide to us, as well as certain technical information that is automatically collected when you interact with our website.

2.1 Information You Provide Directly

  • Contact information: Your name, email address, phone number, job title, and the company you represent — provided when you submit a contact form, request a consultation, download a resource, or engage with our services.
  • Communications: The content of messages you send to us via email, contact forms, WhatsApp, or other channels.
  • Engagement information: If you engage Nexaguard for services, we may collect additional business and technical information necessary for the engagement, such as scope details, contact persons within your organisation, and information about systems being assessed (only as required for the engagement and under appropriate confidentiality terms).

2.2 Information Collected Automatically

When you visit our website, certain technical information is automatically collected, including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on each page
  • Referring URL
  • Approximate location based on IP (country/city level)

2.3 Use of Cookies and Similar Technologies

We may use cookies and similar tracking technologies to enhance your experience on our website. We may use:

  • Strictly necessary cookies — required for the website to function correctly
  • Analytics cookies — to understand how visitors use the site (where deployed)
  • Functionality cookies — to remember preferences

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

3. How We Use Your Information

We use the personal information we collect for the following lawful purposes:

  • To respond to your enquiries and provide the information, services, or resources you request
  • To deliver requested resources such as PDF downloads, assessments, and consultation bookings
  • To communicate with you about your engagement, including sending invoices, reports, and operational updates
  • To send you information you have specifically opted in to receive, such as our newsletter (only where you have explicitly checked the relevant opt-in box)
  • To improve our website and services by understanding how visitors interact with our content
  • To comply with legal obligations, including financial record-keeping, regulatory reporting, and responses to lawful requests from regulators or law enforcement
  • To protect our legitimate business interests, including security monitoring, fraud prevention, and the establishment, exercise, or defence of legal claims

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Lawful Basis for Processing

Under the UAE PDPL, we process your personal data on the basis of:

  • Your consent — when you submit a form, opt into our newsletter, or download a resource
  • Performance of a contract — when you engage us for services, processing is necessary to deliver those services
  • Compliance with legal obligations — where applicable laws or regulations require us to process data
  • Legitimate interests — where processing is necessary for our legitimate business interests, balanced against your rights and interests

You may withdraw consent at any time by contacting us at info@nexaguardcyberlabs.com.

5. How We Share Your Information

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We may share your information only in the following limited circumstances:

  • Service providers: We work with carefully selected third-party service providers who help us operate our business — for example, email delivery providers (such as Resend), website hosting providers (such as Vercel), and analytics platforms. These providers are bound by confidentiality and data protection obligations.
  • Legal requirements: We may disclose information if required to do so by law, regulation, or valid legal process, or to protect the rights, property, or safety of Nexaguard, our clients, or others.
  • Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred as part of that transaction. We will notify affected users where required.
  • Engagement-specific data: Information shared with us during a client engagement may be processed by our authorised technical team strictly for the purposes of delivering the engaged services, under signed confidentiality terms.

6. International Data Transfers

Some of our service providers may be located outside the UAE. Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including:

  • Selection of providers in jurisdictions with adequate data protection standards
  • Contractual data protection commitments
  • Compliance with applicable UAE PDPL requirements regarding cross-border data transfer

7. How We Protect Your Information

As a cybersecurity firm, data protection is fundamental to our practice. We implement technical, administrative, and physical safeguards designed to protect personal data, including:

  • Encryption of data in transit (TLS 1.2 minimum)
  • Encryption of sensitive data at rest where applicable
  • Access controls limiting personal data access to authorised personnel
  • Regular security reviews of our infrastructure and providers
  • Confidentiality and data protection training for all team members
  • Incident response procedures in the event of any suspected data breach

While we apply strong protections, no method of transmission or storage is fully secure. We continually review and improve our security practices.

8. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Indicative retention periods:

Contact form submissions and general enquiriesUp to 24 months from last interaction
Lead magnet downloads and resource sign-upsUp to 36 months, or until you unsubscribe
Newsletter subscriber listsUntil you unsubscribe
Client engagement recordsAs required by applicable financial, tax, and regulatory recordkeeping obligations (typically 5–7 years)
Website analytics dataAggregated and retained for up to 26 months

When personal data is no longer required, it is deleted, anonymised, or securely destroyed.

9. Your Rights Under UAE PDPL

Under UAE Federal Decree-Law No. 45 of 2021, you have the following rights regarding your personal data:

Right of Access

Obtain confirmation of whether we hold personal data about you and access that data

Right of Correction

Request correction of inaccurate or incomplete personal data

Right of Deletion

Request deletion of your personal data, subject to legal retention obligations

Right to Restrict Processing

Request restriction of processing in certain circumstances

Right to Data Portability

Receive your personal data in a structured, commonly used format

Right to Object

Object to certain types of processing, including direct marketing

Right to Withdraw Consent

Withdraw your consent at any time, where consent is the basis for processing

To exercise any of these rights, please contact us at info@nexaguardcyberlabs.com. We will respond within 30 days, in line with UAE PDPL requirements.

You also have the right to lodge a complaint with the UAE Data Office or any competent regulatory authority if you believe your data protection rights have been infringed.

10. Children's Privacy

Our services and website are intended for business audiences and are not directed to children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, provide additional notice. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your rights, please contact us:

Nexaguard Cyberlabs FZCO

Building A1, Dubai Digital Park

Dubai Silicon Oasis, Dubai, UAE

Email: info@nexaguardcyberlabs.com

Website: nexaguardcyberlabs.com

This Privacy Policy is provided in English. In the event of any discrepancy with translations, the English version shall prevail.

WhatsApp