CyberOps Command – Privacy Policy
Privacy Policy for the CyberOps Command Mobile Application
Last Updated: January 2026
Scope and Applicability
This Privacy Policy applies exclusively to the CyberOps Command mobile application ("the App") distributed via the Apple App Store. It does not cover unrelated websites, services, or products. This comprehensive policy explains in detail how personal data is collected, used, stored, and protected when users interact with the App.
CyberOps Command follows the principles of privacy by design and by default, as required under GDPR Article 25. This means that privacy considerations are embedded into every aspect of the App's development and operation, from initial design through ongoing maintenance. We implement technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose is processed.
Our commitment to privacy extends beyond mere compliance. We believe that protecting user data is not just a legal obligation but a fundamental responsibility. The App has been designed with user privacy as a core principle, ensuring that data protection safeguards are integrated into all processing activities. This approach ensures that users can trust CyberOps Command with their information while receiving high-quality cybersecurity news and alerts.
Mobile App Only
Applies exclusively to the CyberOps Command iOS application
Privacy by Design
GDPR Article 25 compliance built into every feature
Legal Basis for Processing (GDPR Compliance)
Personal data is processed in accordance with GDPR Article 6 based on one or more of the following legal grounds. Understanding the legal basis for processing is essential for transparency and helps users understand why their data is necessary for the App's operation. Each processing activity conducted by CyberOps Command is carefully evaluated to ensure it meets at least one of these legal requirements.
Performance of a Contract
Processing necessary to provide app functionality, deliver cybersecurity news content, manage your subscription, and fulfill our obligations to you as a user of the CyberOps Command application.
Legitimate Interests
Processing necessary for our legitimate interests in maintaining app security, improving service quality, analyzing usage patterns, preventing fraud, and ensuring the App operates efficiently and reliably for all users.
Legal Obligations
Processing required to comply with applicable laws and regulations, respond to lawful requests from public authorities, maintain necessary records, and fulfill our legal responsibilities as a data controller.
User Consent
Processing based on your explicit, freely given consent for specific purposes such as marketing communications or optional features. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Only the minimum data necessary for the intended purpose is processed, in line with GDPR Article 5 (data minimization). This principle ensures that we collect and retain only what is absolutely required to deliver the App's services effectively. We regularly review our data processing activities to ensure continued compliance with this fundamental data protection principle.
Information Collected Through the App
A. Information You Provide
When you use CyberOps Command, you voluntarily provide certain information to enable core app functionality and communication. This information is collected only when you actively submit it through the App's interface.
  • Email address: Required for account creation, access management, sending important notifications about cybersecurity alerts, and enabling our support team to respond to your inquiries and assist with technical issues.
  • User-submitted content: Any information, feedback, comments, or content you choose to submit within the App, including but not limited to support requests, feature suggestions, or user preferences that enhance your experience.
We recognize that your email address is sensitive personal information and treat it with the highest level of protection. It is stored securely, encrypted both in transit and at rest, and accessed only by authorized personnel for legitimate purposes outlined in this policy.
B. Information Collected Automatically
To maintain app performance, security, and reliability, certain technical information is collected automatically when you use CyberOps Command. This data helps us identify and resolve issues, optimize features, and ensure the App functions properly across different devices.
  • Device type and operating system version: Technical specifications that help us ensure compatibility, optimize performance for different iOS versions, and prioritize support for the most commonly used devices.
  • App usage data: Information about which features you interact with, session duration, crash logs, diagnostic information, and performance metrics that help us understand how users engage with the App and identify areas for improvement.
  • Push notification tokens: Unique identifiers used solely for delivering breaking cybersecurity news and security alerts directly to your device. These tokens do not contain personal information and cannot be used to track you across other apps or websites.

What We Do NOT Collect
The App does not collect payment card or billing details, government-issued identification numbers, precise location data, biometric information, or any other sensitive personal data beyond what is explicitly stated above. All payments and subscriptions are processed securely by Apple via the App Store using Apple's secure payment infrastructure. CyberOps Command does not access, store, or process any payment information whatsoever.
Purpose of Data Processing
Data collected through the CyberOps Command app is used strictly for legitimate, well-defined purposes that directly support the App's functionality and your user experience. We do not use your data for any purpose that is incompatible with the original reason it was collected. Every processing activity serves a clear objective that benefits you as a user while maintaining the security and integrity of our service.
Providing and Maintaining App Functionality
Processing data to enable core features, manage your account, ensure the App operates smoothly, handle technical requests, and deliver the cybersecurity news and information you expect from CyberOps Command.
Delivering Cybersecurity News and Breaking Alerts
Using your email address and push notification tokens to send timely, relevant cybersecurity news, critical security alerts, threat intelligence updates, and breaking news notifications that keep you informed about the latest developments in the cybersecurity landscape.
Managing Subscriptions and Access Levels
Coordinating with Apple's subscription system to verify your subscription status, manage access to premium features, handle subscription renewals, process upgrades or downgrades, and ensure you receive the appropriate level of service based on your subscription tier.
Ensuring App Security and Stability
Monitoring for suspicious activity, detecting and preventing fraud, identifying security vulnerabilities, responding to security incidents, maintaining system integrity, and protecting both the App and its users from malicious actors or unauthorized access.
Improving Performance and User Experience
Analyzing usage patterns to understand how users interact with features, identifying areas where the App can be enhanced, fixing bugs, optimizing performance, developing new features based on user needs, and ensuring the App continues to meet evolving user expectations.
Meeting Legal and Regulatory Obligations
Complying with applicable laws and regulations including GDPR, KVKK, and Apple App Store requirements, responding to lawful requests from authorities, maintaining required records, fulfilling tax obligations, and ensuring all operations meet necessary legal standards.
Personal data is never used for automated decision-making or profiling. We do not employ algorithms or automated systems that make decisions about you without human oversight. Your data is not used to create profiles for marketing purposes, assess your creditworthiness, or make any automated judgments that could significantly affect you.
Data Sharing and Third Parties
We Do NOT Sell Personal Data
Your data is never sold, rented, or traded to third parties for marketing or any other commercial purposes.
CyberOps Command takes data sharing seriously and limits the disclosure of personal information to only what is absolutely necessary. Your trust is paramount, and we maintain strict controls over how and when data is shared with external parties. Any sharing of personal data is conducted under legally binding agreements that ensure the same level of protection we provide.
Personal data may be shared only with the following categories of carefully vetted recipients:
Apple Inc.
For subscription management, billing operations, App Store services, and compliance with Apple's terms and policies. Apple acts as a data processor for subscription-related data and maintains its own privacy practices in accordance with applicable laws.
Cloud and Infrastructure Service Providers
Third-party providers that host the App's backend infrastructure, databases, and technical systems necessary for the App's operation. These providers are bound by strict data processing agreements and process data only on our instructions.
Public Authorities When Legally Required
In limited circumstances, we may be required to disclose personal data to law enforcement, regulatory bodies, or courts when legally obligated to do so, such as in response to valid legal requests, court orders, or to protect legal rights and comply with applicable laws.
All third parties process data under strict confidentiality and data protection agreements in compliance with GDPR Article 28. These agreements ensure that processors implement appropriate technical and organizational measures, process data only according to documented instructions, maintain confidentiality, and assist with data subject rights requests. We regularly review our processors to ensure continued compliance and adequate protection of your personal data.
Data Security Measures
We implement comprehensive, state-of-the-art technical and organizational measures in accordance with GDPR Article 32 to protect personal data against unauthorized access, accidental loss, destruction, or damage. Security is not a one-time implementation but an ongoing commitment that evolves with emerging threats and best practices. Our security framework is designed to ensure the confidentiality, integrity, and availability of all personal data processed through the CyberOps Command app.
Encryption in Transit and at Rest
All personal data is encrypted using industry-standard protocols when transmitted between your device and our servers (TLS 1.3 or higher). Data stored in our systems is encrypted at rest using strong encryption algorithms, ensuring that even in the unlikely event of unauthorized access to storage media, data remains protected and unreadable.
Access Control and Least-Privilege Principles
Access to personal data is strictly limited to authorized personnel who require it to perform their job functions. We implement role-based access controls, multi-factor authentication for administrative access, regular access reviews, and the principle of least privilege to ensure individuals have only the minimum access necessary.
Secure Infrastructure and Monitoring
Our infrastructure is hosted with reputable cloud providers that maintain certifications such as ISO 27001, SOC 2, and other recognized standards. We employ continuous monitoring, intrusion detection systems, automated security scanning, logging and audit trails, and incident response procedures to detect and respond to potential security threats.
Regular Security Reviews
We conduct periodic security assessments, vulnerability scanning, penetration testing, and code reviews to identify and remediate potential security weaknesses. Our security practices are regularly evaluated against evolving threats and industry best practices to ensure continued effectiveness and resilience.
Our security practices align with recognized international standards such as ISO/IEC 27001 (Information Security Management) and the NIST Cybersecurity Framework. These frameworks provide structured approaches to managing cybersecurity risks and demonstrate our commitment to maintaining the highest standards of data protection. We stay informed about emerging security threats and continuously improve our security posture to protect against evolving risks.

Security Incident Response: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within the timeframes required by applicable law, typically within 72 hours of becoming aware of the breach.
Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory obligations. We do not keep your data indefinitely. Our retention practices are guided by principles of data minimization and storage limitation as outlined in GDPR Article 5.
Data is securely deleted or anonymized when no longer required for its original purpose. Deletion involves making data irrecoverable using secure erasure methods, while anonymization transforms data so that it can no longer be attributed to a specific individual, even with additional information.
1
Active Account
Data retained while you actively use the App to provide services
2
Account Deletion
Most data deleted within 30 days of account closure
3
Legal Retention
Some data retained longer to comply with legal obligations
4
Secure Disposal
All data securely and permanently erased after retention period
Specific retention periods vary based on data type and purpose. For example, account information is retained while your account is active and for a limited period thereafter. Technical logs and diagnostic data may be retained for shorter periods necessary for troubleshooting and security monitoring. Data required for legal, accounting, or regulatory purposes may be retained for longer periods as mandated by applicable laws.
Your Data Protection Rights
Depending on your jurisdiction, including the European Union under GDPR and Turkey under KVKK, you have comprehensive rights regarding your personal data. These rights empower you to control how your information is used and ensure transparency in data processing activities. CyberOps Command is committed to facilitating the exercise of these rights and will respond to requests within legally required timeframes.
Access Your Personal Data
You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, along with information about how it is processed.
Request Correction or Deletion
You may request that we correct inaccurate personal data or delete data when it is no longer necessary for the purposes for which it was collected, or if processing is based solely on consent that you have withdrawn.
Restrict or Object to Processing
You can request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data, or object to processing based on legitimate interests.
Request Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.
Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of alleged infringement if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us using the information provided in the Contact Information section below. We will respond to your request within one month of receipt, as required by GDPR. In complex cases, this period may be extended by up to two additional months, and we will inform you of any such extension. Requests will be handled without undue delay and free of charge, unless requests are manifestly unfounded, excessive, or repetitive.

Identity Verification: To protect your privacy and security, we may need to verify your identity before processing requests related to your personal data. This verification process helps ensure that personal data is disclosed only to the individual to whom it relates.
Children's Privacy
Age Restriction
CyberOps Command is not intended for users under the age of 16. We do not knowingly collect personal data from children.
Protecting children's privacy is of utmost importance. The App's content, features, and services are designed for and directed toward adults and young adults aged 16 and over who have an interest in cybersecurity news and information. We do not knowingly collect, use, or disclose personal information from individuals under 16 years of age.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such information from our systems as quickly as possible. If you are a parent or guardian and believe that your child under 16 has provided personal data to CyberOps Command, please contact us immediately using the information provided in the Contact Information section, and we will promptly investigate and take appropriate action.
Changes to This Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in our data processing practices, legal requirements, or app functionality. We reserve the right to modify this policy at our discretion, and any changes will be effective immediately upon posting the revised policy on this page with an updated "Last Updated" date at the top of the document.
Policy Review
We regularly review and update this policy to ensure accuracy and compliance
Change Notification
Material changes will be communicated through the App or via email when appropriate
Effective Date
Changes become effective upon posting with a new "Last Updated" date
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the App after changes are posted constitutes your acknowledgment and acceptance of the revised policy. If you do not agree with any changes, you should discontinue use of the App and contact us to request deletion of your account and associated personal data.
Contact Information
For privacy-related inquiries, questions about this Privacy Policy, requests to exercise your data protection rights, or any concerns about how your personal data is processed, please contact us at:
We are committed to addressing your privacy concerns promptly and transparently. Our privacy team will review your inquiry and respond within the timeframes required by applicable law. When contacting us, please provide sufficient detail to allow us to understand and respond to your request effectively. We may need to verify your identity before processing certain requests to protect your personal data from unauthorized access.
If you are not satisfied with our response to your privacy inquiry or believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
GDPR Compliant
App Store Ready
KVKK Compliant
This Privacy Policy has been prepared to meet the requirements of GDPR (EU 2016/679), Turkey's Law on the Protection of Personal Data (KVKK), and Apple App Store Review Guidelines. CyberOps Command is committed to protecting your privacy and maintaining the highest standards of data protection.