Privacy Policy
Effective date: 27 January 2026 · Last updated: 15 March 2026
IMIZI Cyber Consulting Ltd ("IMIZI Cyber", "we", "us", or "our") is committed to protecting
your privacy. This privacy policy explains how we collect, use, store, and protect personal
data when you visit imizicyber.com and use our services.
We operate under the laws of the Republic of Rwanda, including Law No. 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy. Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) and other international data protection standards.
1. Data Controller
The data controller responsible for your personal data is:
Kigali, Rwanda
Email: info@imizicyber.com
Data protection enquiries: dpo@imizicyber.com
2. What Data We Collect
We collect the minimum data necessary to operate our website and respond to your enquiries.
2.1 Data you provide directly
- Contact form submissions: Name, email address, organisation name, service interest, and message content, processed via Formspree
- Email correspondence: Your email address and message content when you contact us directly
2.2 Data collected automatically
- Aggregate analytics: We use Cloudflare Web Analytics, which is cookieless and measured at the edge. It records aggregate, non-identifying metrics such as page views, referrers, and approximate country-level location. It sets no cookies, uses no client-side tracking script, does not fingerprint visitors, and does not build cross-site profiles. No personal data is collected.
- Technical data: Our hosting and edge provider (Cloudflare) may log standard HTTP request data including IP addresses, user agent strings, and request timestamps for security and delivery purposes. We do not use these logs to identify or track individual visitors.
2.3 Data we do not collect
- We do not set any tracking, advertising, or analytics cookies
- We do not use advertising, remarketing, or social-media tracking pixels
- We do not sell, rent, or trade personal data to third parties
- We do not collect payment information through this website
- We do not use automated decision-making or profiling
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Responding to contact form submissions | Legitimate interest / Pre-contractual measures |
| Aggregate, cookieless website analytics | Legitimate interest (no personal data processed) |
| Security monitoring of our website | Legitimate interest |
| Legal compliance | Legal obligation |
4. Cookies and Tracking Technologies
This website is cookieless. We set no tracking, analytics, or advertising cookies, and there is no cookie consent banner because no consent is required. Our analytics (Cloudflare Web Analytics) is cookieless and processes no personal data.
4.1 Local storage
We use a single strictly necessary browser local storage item, which is not a cookie and is never transmitted to us or any third party:
-
imizi-theme: stores your light/dark mode preference. It contains no personal data and does not require consent.
4.2 Analytics
We use Cloudflare Web Analytics to understand aggregate site usage. It is cookieless, runs at the edge with no client-side tracking script, collects only non-identifying aggregate metrics, and does not track you across other websites. Because it sets no cookies and processes no personal data, no consent is required and there is nothing to opt out of.
5. Third-Party Services
We use a limited number of third-party services. Each is selected for its security posture and compliance:
| Service | Purpose | Data Shared |
|---|---|---|
| Formspree | Contact form processing | Form submission data (name, email, message) |
| Cloudflare | Website hosting, edge delivery, and cookieless analytics | Standard HTTP request data; aggregate, non-identifying analytics |
We do not share personal data with any other third parties. We do not transfer data for marketing or advertising purposes.
6. International Data Transfers
Some of our third-party service providers (Cloudflare, Formspree) are based in or operate from the United States. Where personal data is transferred outside Rwanda or the European Economic Area, these transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The service provider's compliance with applicable data protection frameworks
- Technical safeguards including encryption in transit (TLS/HTTPS)
7. Data Retention
- Contact form data: Retained for as long as necessary to respond to your enquiry and for up to 12 months thereafter for follow-up purposes, then deleted
- Analytics data: Cloudflare Web Analytics stores only aggregate, non-identifying metrics; no per-visitor analytics data is retained
- Theme preference: Your light/dark mode choice is stored in your browser's local storage until you clear it; it is never sent to us
8. Your Rights
Under Rwanda's Data Protection Law and, where applicable, the GDPR, you have the following rights:
- Right of access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of your personal data
- Right to restrict processing: request that we limit how we use your data
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to processing based on legitimate interest
- Right to withdraw consent: where we rely on your consent (for example, for email correspondence you initiate), you may withdraw it at any time by contacting us
To exercise any of these rights, contact us at dpo@imizicyber.com. We will respond within 30 days.
9. Data Security
As a cybersecurity company, we take data protection seriously. Our measures include:
- HTTPS/TLS encryption for all data in transit
- Content Security Policy (CSP) headers on all pages
- No server-side database: this is a static website with no stored user accounts
- Third-party services selected for their security certifications and compliance
- Regular security review of our own web properties
10. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at dpo@imizicyber.com and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
For EU residents, you may also contact your local data protection supervisory authority.
13. Contact Us
For any questions or requests regarding this privacy policy or your personal data:
General enquiries: info@imizicyber.com
Security issues: Responsible Disclosure Policy