Exploit Forge Privacy Policy

1. Introduction

Who we are: Exploit Forge is an offensive cybersecurity firm registered and operating in the Federal Republic of Nigeria, with headquarters located in Lagos. We specialize in offensive security solutions including penetration testing, red teaming, secure coding, threat modelling and vulnerability assessments. This Privacy Policy outlines how we collect, use, and protect your personal data within the scope of the Nigeria Data Protection Regulation (NDPR), and other relevant data protection laws.

What this policy covers: This document explains how Exploit Forge, as an offensive security firm, processes your personal data when you visit our website, engage our services, participate in our campaigns, or communicate with us through our digital platforms.

Policy changes: This policy may be updated periodically to reflect changes in regulatory obligations, business operations, or technological advancements. We will provide notification via email or an update notice on our website.

Minors: Our services are targeted toward corporate entities and professionals. We do not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent. If we learn that such data has been collected unlawfully, we will promptly delete it.

2. Your Data and How We Use It

Types of Data We Collect:

  • Contact & Enquiry Data: Full name, email address, phone number, company details, and any additional data voluntarily submitted.
  • Account Data: Username, login credentials, profile metadata, session logs, IP addresses, and usage data.
  • Payment Data: Billing information, account or card details, transaction records.
  • Recruitment Data: Curriculum vitae (CV), employment history, certifications.
  • Event Participation Data: Information submitted when registering for webinars, workshops, or security exercises.
  • Analytics & Tracking Data: Device type, operating system, browser version, session timestamps, navigation flow.

Purpose of Processing:

  • To provide and enhance our cybersecurity services.
  • To respond to inquiries and manage customer support.
  • To facilitate billing and payment reconciliation.
  • To ensure recruitment integrity.
  • To analyze performance and user engagement across our services.
  • To comply with statutory obligations under NDPR, CBN Guidelines, and other regulatory standards.

Legal Basis:

  • Your consent
  • Performance of a contract
  • Legitimate business interest
  • Legal or regulatory obligation

Retention Period:

  • Inquiry and business data: 7 years
  • Payment records: 7 years
  • Analytics: 24 months
  • Recruitment data: 12 months (if not hired)
  • Marketing data: Until consent is withdrawn

3. Data Sharing and Recipients

We may share your data with:

  • Hosting and infrastructure partners (e.g., AWS Nigeria region)
  • Communication platforms (e.g., Intercom, WhatsApp Business API)
  • Local payment gateways (e.g., Paystack, Flutterwave)
  • CRM and analytics providers (e.g., Google Analytics)
  • Government agencies or regulators when legally required (e.g., NITDA, NCC)

4. Cross-Border Transfers

Where necessary, we may transfer your data to service providers outside Nigeria. In such cases, we ensure adequate data protection mechanisms are in place, consistent with NDPR Article 2.1(d), including the use of standard contractual clauses.

5. Your Rights Under NDPR

You have the right to:

  • Request access to your data
  • Request rectification or erasure
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC)

All such requests can be submitted to: privacy@exploit-forge.com

6. Data Security

We implement technical and administrative controls to secure personal data. These include endpoint protection, encrypted storage, access control, and continuous monitoring. However, we advise all users to implement good cybersecurity hygiene (e.g., use strong passwords, enable MFA).

7. Cookies

Our site utilizes cookies for performance tracking, user analytics, and session management. For more on cookie usage and preferences, please refer to our Cookie Policy.

8. Data Disclosure

We may disclose your personal data:

  • In compliance with Nigerian law or a court order
  • To regulatory bodies (e.g., NDPC, CBN)
  • To protect our legal rights and defend against claims
  • In the course of corporate transactions such as mergers or acquisitions

9. California Privacy Rights

While our primary operations are within Nigeria, we respect the rights of international users. For California residents, CPRA rights are respected as applicable:

  • Right to know what data is collected
  • Right to deletion
  • Right to opt-out of data sales (note: we do not sell data)
  • Right to equal service

Requests may be directed to: privacy@exploit-forge.com

Contact Us

For privacy inquiries or to exercise your data subject rights under NDPR:

Email: privacy@exploit-forge.com

We strive to respond to requests within 30 calendar days. Should there be a delay, you will be notified of the reason and progress.

“This policy is crafted in alignment with the Nigeria Data Protection Regulation (NDPR) and other applicable global standards to ensure data transparency, integrity, and trust.”