Last updated: 2026-04-09

Privacy Policy

This privacy policy describes how Morpheus Cyber, Inc., doing business as Variant Security (“we,” “us,” or “Variant Security”), collects, uses, and protects information when you visit variantsec.com (the “Site”). By using the Site, you acknowledge that you have read and understood this policy.

1. Information We Collect

Information You Provide Directly

When you book a briefing through our scheduling link or email us directly at info@variantsec.com, we collect:

  • Name — so we can address you personally.
  • Email address — so we can respond and send the meeting invitation.
  • Company name (optional) — so we can understand your organizational context.
  • Meeting notes — any context you choose to share when booking a call. Please do not include passwords, credentials, or classified information.

Information Collected Automatically

We use Cloudflare Web Analytics to understand aggregate traffic patterns. Cloudflare Web Analytics is a privacy-focused, cookieless analytics service. It does not:

  • Set cookies or use browser storage.
  • Track visitors across sites.
  • Collect or store personally identifiable information.

Your IP address is processed by Cloudflare for content delivery, DDoS protection, and network routing. We do not have access to individual IP addresses through Cloudflare Web Analytics—only aggregate, anonymized metrics such as page views, referrers, and browser types.

2. How We Use Your Information

We use the information we collect to:

  • Respond to your briefing request or inquiry.
  • Schedule meetings and follow-up conversations.
  • Send you relevant product information directly related to your inquiry. We do not add you to any marketing mailing list.
  • Understand aggregate site traffic and improve the Site.
  • Comply with applicable legal obligations.

3. Legal Bases for Processing

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data are:

  • Pre-contractual steps (Art. 6(1)(b)) — When you book a briefing or send us an inquiry, you are asking us to take steps prior to potentially entering into a contract. Processing your contact information is necessary to respond to that request.
  • Legitimate interest — We have a legitimate interest in collecting aggregate, anonymized analytics to operate and improve the Site, where this does not override your fundamental rights.

4. Data Sharing and Disclosure

We do not sell your personal information to third parties. We engage trusted third-party service providers to support the Site. These providers may have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for other purposes:

  • Cal.com: Meeting scheduling and calendar integration
  • Cloudflare: Website hosting, CDN, DDoS protection, and cookieless web analytics
  • Google Fonts: Web font delivery

We may share your information only in the following limited circumstances:

  • Service providers: With the providers listed above, who are bound by contractual obligations to keep your information confidential and use it only for providing services to us.
  • Legal requirements: When required by law, court order, subpoena, or other legal process; to establish or exercise our legal rights; or to defend against legal claims.
  • Protection of rights: When we believe disclosure is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to safety or violations of these terms.
  • Business transfers: In connection with any merger, sale of company assets, or acquisition. You will be notified of any such change in ownership or control.
  • With your consent: When you explicitly agree to share your information for a specific purpose.
  • Aggregated data: We may share aggregated, de-identified data that cannot reasonably be used to identify you.

5. Data Retention

  • Meeting booking data: Retained for up to 24 months from the date of your last interaction with us, then deleted.
  • Analytics data: Aggregate only. No personal data is retained by us through Cloudflare Web Analytics.
  • Email correspondence: If we correspond with you by email following a briefing booking or direct inquiry, those emails are retained for up to 5 years after your last interaction with us, then deleted, unless a longer retention period is required by law.

6. Your Rights

For EEA and UK Residents (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Request erasure (“right to be forgotten”).
  • Restrict processing of your data.
  • Data portability—receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with your local data protection supervisory authority.

For California Residents (CCPA / CPRA)

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email address, company name) and internet or other electronic network activity information (aggregate, anonymized page-view data via Cloudflare Web Analytics). You have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Non-discrimination for exercising your privacy rights.
  • Opt out of the sale of personal information. Note: we do not sell personal information.

We do not track you across third-party websites and therefore do not respond to Do Not Track (DNT) browser signals.

To exercise any of these rights, contact us at privacy@variantsec.com. We will respond within 30 days.

7. International Data Transfers

Your data is processed in the United States. If you are located in the EEA, UK, or another jurisdiction with data-transfer restrictions, please be aware that your information will be transferred to, stored, and processed in the US. Our service providers (Cal.com and Cloudflare) maintain Standard Contractual Clauses (SCCs) and other appropriate safeguards for lawful international data transfers. Our service providers may also process data at locations outside the United States (for example, Cloudflare processes requests at globally distributed edge nodes). All such transfers are subject to appropriate safeguards, including Standard Contractual Clauses where applicable.

8. Children’s Privacy

This Site is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at privacy@variantsec.com and we will delete the data promptly.

9. Security

We take reasonable measures to protect your personal data, including serving all traffic over HTTPS via Cloudflare, minimizing the data we collect, and using reputable service providers. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we may also post a notice on the Site. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

11. Contact

For privacy-related inquiries or to exercise your data rights:
privacy@variantsec.com

For general inquiries:
info@variantsec.com

For data-protection inquiries from the European Economic Area or the United Kingdom, you may also contact our EU establishment, Variant Security Germany GmbH, at privacy@variantsec.de.