Privacy Policy

1. Who We Are

KroeungCyber is a cybersecurity consultancy based in Phnom Penh, Cambodia. We operate the self-service compliance assessment tool at app.kroeungcyber.com. For any data-related requests, contact us at grc@kroeungcyber.com.

2. What Data We Collect

• Email address — collected at the payment step to deliver your report.
• Assessment responses — your answers to compliance framework questions.
• Payment transaction reference — NBC Bakong KHQR transaction ID. No card data is collected.

3. Why We Collect It

• To generate and deliver your compliance gap analysis report (contractual necessity).
• To process payment via NBC Bakong KHQR (contractual necessity).
• To comply with NBC merchant record-keeping obligations (legal obligation).

4. Who We Share Data With

We share your data only with the following sub-processors, under Data Processing Agreements:

5. Data Retention

• Incomplete assessments (never paid): deleted after 30 days.
• Completed assessments and reports: retained for 2 years, then anonymised.
• Payment transaction records: retained for 7 years per NBC merchant requirements.
• Report download links expire after 48 hours.

6. Your Rights

Under Cambodia's Personal Data Protection Law (PDPL) 2025 and applicable law, you may request access to, correction of, or deletion of your personal data. Send requests to grc@kroeungcyber.com. We will respond within 30 days.

7. Cross-Border Transfers

Data is transferred to Anthropic and Resend (United States) and Supabase (Singapore) for the purposes described above. These transfers are made under Data Processing Agreements incorporating appropriate safeguards.

8. Contact

Data Protection Contact: grc@kroeungcyber.com · KroeungCyber, Phnom Penh, Cambodia.