HomeServicesPricingAboutTrainingContact
📋Track Order🔑Sign In
Start Free Scan

Legal

Privacy Policy

Last Updated: April 2026·Effective: April 2026·PDPL · GDPR-aligned

Summary: We collect only what we need to deliver our services. We encrypt everything. We never sell your data. You can request deletion at any time by emailing [email protected].

1. Who We Are

SOC Root ("we", "us", "our") is a cybersecurity services provider operating internationally with a primary focus on the UAE and Jordan markets. We offer managed security services, vulnerability assessments, compliance consulting, and security awareness training.


For privacy inquiries, contact us at: [email protected]

2. Data We Collect

We collect the following categories of data:


Contact & Identity Data: Name, email address, company name, and phone number — collected when you submit a form, create an order, or contact us.


Technical Data: IP address, browser type, and domain names — collected automatically for security scanning and operational purposes.


Service Data: Domains, scan results, and vulnerability reports — collected as part of delivering our cybersecurity services to you.


Communication Data: Messages, emails, and support requests — retained to ensure quality and continuity of service.

3. How We Use Your Data

We use your data to:

  • Deliver contracted cybersecurity services and reports
  • Send order confirmations, status updates, and invoices
  • Respond to inquiries and provide technical support
  • Send security intelligence updates (only with your consent via newsletter subscription)
  • Comply with legal obligations under UAE, Jordanian, and international law
  • Improve our services through aggregated, anonymized analysis

    • We do NOT sell your data to third parties. We do NOT use your data for advertising purposes.

    4. Data Storage & Security

    All personal data is:

  • Encrypted at rest using AES-256 (Fernet)
  • Transmitted exclusively over TLS 1.3
  • Stored on servers hosted in the EU (Hetzner Cloud, Germany)
  • Access-controlled with role-based permissions and admin token authentication

    • Scan results and reports are retained for 12 months after service completion, then permanently deleted.

    5. Your Rights

    Depending on your jurisdiction, you have the right to:


  • Access: Request a copy of all personal data we hold about you
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request erasure of your personal data ("Right to be Forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests

    • To exercise any of these rights, contact: [email protected] with subject "Privacy Request — [Your Name]". We respond within 30 days.

    6. Cookies

    SOC Root does not use advertising or tracking cookies. We use only:


  • Essential cookies: Session management for the client portal
  • No third-party analytics: We do not embed Google Analytics, Meta Pixel, or equivalent tracking

    • You can disable cookies in your browser settings without affecting core website functionality.

    7. Third-Party Services

    We use the following sub-processors:


    | Service | Purpose | Data Shared |

    |---------|---------|-------------|

    | Hetzner Cloud (DE) | Server infrastructure | IP, logs |

    | Cloudflare Pages | Static site hosting & CDN | IP, request metadata |

    | Outlook / SMTP | Email delivery | Email address |

    | Telegram Bot API | Admin notifications | None (admin use only) |


    All sub-processors are contractually bound to equivalent data protection standards.

    8. Legal Basis

    We process personal data under the following legal bases:

  • Contract performance: When data is necessary to deliver services you have ordered
  • Legitimate interest: For security monitoring and fraud prevention
  • Consent: For newsletter subscriptions (withdrawable at any time)
  • Legal obligation: When required by UAE Federal Decree-Law No. 45/2021 (PDPL) or applicable law

    • 9. International Transfers

    Our servers are located in Germany (EU). If you are based in the UAE or Jordan, your data may be transferred to and processed in EU jurisdictions. We ensure such transfers comply with the UAE PDPL cross-border transfer requirements through appropriate safeguards.

    10. Policy Updates

    We may update this policy to reflect regulatory changes or service updates. The "Last Updated" date at the top of this page will reflect any changes. We will notify active clients via email for material changes. Continued use of our services after policy updates constitutes acceptance.

    Privacy Questions?

    We take your privacy seriously. Contact our data protection point of contact directly.

    Contact Data Controller →