Exploit-Forge
Legal

Privacy Policy

How we collect, use, and protect your data.

1. Introduction

Who we are: Exploit Forge is an offensive cybersecurity firm registered and operating in the Federal Republic of Nigeria, with headquarters located in Lagos. We specialize in offensive security solutions including penetration testing, red teaming, secure coding, threat modelling and vulnerability assessments. This Privacy Policy outlines how we collect, use, and protect your personal data within the scope of the Nigeria Data Protection Act (NDPA), and other relevant data protection laws.

What this policy covers: This Privacy and Data Collection Policy explains how Exploit Forge, as an offensive security firm, processes your personal data when you visit our website, engage our services, participate in our campaigns, or communicate with us through our digital platforms.

Trust and security are a significant part of what makes Exploit Forge your preferred platform for offensive security solutions. Your privacy is a priority to us, so this policy outlines how we keep your data safe and secure.

Policy changes: This policy may be updated periodically to reflect changes in regulatory obligations, business operations, or technological advancements. We will provide notification via email or an update notice on our website.

Minors: Our services are targeted toward corporate entities and professionals. We do not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent. If we learn that such data has been collected unlawfully, we will promptly delete it.

2. Your Data and How We Use It

Types of Data We Collect:

  • Contact & Enquiry Data: Full name, email address, phone number, company details, and any additional data voluntarily submitted.
  • Demographic Data: When linked to personally identifiable information.
  • Account Data: Username, login credentials, profile metadata, session logs, IP addresses, and usage data.
  • Payment Data: Billing information, account or card details, transaction records.
  • Recruitment Data: Curriculum vitae (CV), employment history, certifications.
  • Event Participation Data: Information submitted when registering for webinars, workshops, or security exercises.
  • Analytics & Tracking Data: Device type, operating system, browser version, session timestamps, navigation flow.
  • Transaction Data: Including products and services ordered, financial data and payment methods used.
  • Behavioral Data: Data about the behavior of a computer connected to the Internet or a device used to access websites, such as clicks on ads or their display, sites and their content, dates and times of activity or searches to locate and visit websites.

3. How Is Your Personal Data Collected

The Personal Data we have about you is directly made available to us when you:

  • Sign up or register to use any of our services
  • Contact our customer support team or correspond with us
  • Fill in our online forms or respond to surveys
  • Apply for employment opportunities we advertise
  • Register for and attend our webinars, events or online discussions
  • Contact us for other reasons

Third parties or publicly available sources:

We may receive personal data about you from various third parties and public sources, including:

  • Analytics providers
  • Advertising networks
  • Data, analytics, aggregation, or marketing companies
  • Open data sources
  • Other third party or government sources
  • Search information providers
  • Data brokers or aggregators
  • Publicly available sources

Purpose of Processing:

  • To provide and enhance our cybersecurity services.
  • To respond to inquiries and manage customer support.
  • To facilitate billing and payment reconciliation.
  • To ensure recruitment integrity.
  • To analyze performance and user engagement across our services.
  • To comply with statutory obligations under NDPA, CBN Guidelines, and other regulatory standards.
  • Fulfill the purposes for which you provided it.
  • Internal record keeping.
  • Provide and improve the Services, including to develop new features or services, take steps to secure the Services, and for technical and customer support.
  • Process and respond to your inquiries or to request your feedback.
  • Conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our Services.
  • Comply with the law and protect the safety, rights, property, or security of Exploit Forge, the Services, our users, and the public.
  • Enforce our Terms of Use, including to investigate potential violations thereof.
  • To send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • To manage the security of our sites, networks and systems.
  • To comply with applicable laws and to operate our business.
  • To run a promotion, contest, survey or other site features.
  • To improve our site through feedback you provide on our products and services.

Please note that we may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties and use such combined information in accordance with this Privacy and Data Collection Policy.

We may aggregate and/or de-identify information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.

Legal Basis:

  • Your consent
  • Performance of a contract and requests for customer service
  • Legitimate business interest
  • Legal or regulatory obligation

4. Data Retention

We retain the information we collect for as long as necessary to fulfill the purposes set forth in this Privacy and Data Collection Policy or if we are legally required or permitted to do so subject to the relevant requirements under the applicable law or regulations. Information may persist in copies made for backup and business continuity purposes for additional time.

Depending on what purpose your data is used for, the length of time we keep it may vary. Either way, we will only hold your data as long as necessary to serve the purpose it is used for.

  • Inquiry and business data: 7 years
  • Payment records: 7 years
  • Analytics: 24 months
  • Recruitment data: 12 months (if not hired)
  • Marketing data: Until consent is withdrawn

5. Data Sharing and Recipients

We may share your data with:

  • Hosting and infrastructure partners (e.g., AWS Nigeria region)
  • Communication platforms (e.g., Intercom, WhatsApp Business API)
  • Local payment gateways (e.g., Paystack, Flutterwave)
  • CRM and analytics providers (e.g., Google Analytics)
  • Government agencies or regulators when legally required (e.g., NITDA, NCC)
  • Other third parties only when it is necessary for the fulfilment of the Service or to comply with applicable laws.

6. Cross‑Border Transfers

Where necessary, we may transfer your data to service providers outside Nigeria. In such cases, we ensure adequate data protection mechanisms are in place, consistent with NDPA including the use of standard contractual clauses.

7. Your Rights Under NDPA

At Exploit Forge we respect the rights of our customers and users, and we allow you to exercise them under the applicable data protection laws and regulations. Individuals who have Personal Information held by Exploit Forge are entitled to reach out to Exploit Forge to exercise the following rights:

  • You have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form.
  • You have the right to ask us to correct your Personal Data if it is inaccurate, or update outdated or incomplete Personal Data without undue delay.
  • You have the right to ask us to erase your Personal Data.
  • You have the right to object at any time to the processing of your Personal Data provided we do not have any other lawful basis to process it.
  • You have the right to ask us to restrict the processing of your Personal Data.
  • You can exercise your right to portability by requesting us to provide your data to a third party.
  • You may request at any time that we halt further dissemination of your data or cease to use your personal information.
  • You have the right to be informed regarding the use of your personal information.
  • In the unlikely event of an infringement on any of your rights, you are at liberty to lodge a complaint to the Nigeria Data Protection Commission (NDPC) or any other regulatory agency for redress.

All such requests can be submitted to: privacy@exploit-forge.com

8. Data Security

We implement technical and administrative controls to secure personal data. These include endpoint protection, encrypted storage, access control, and continuous monitoring. However, we advise all users to implement good cybersecurity hygiene (e.g., use strong passwords, enable MFA).

9. Cookies

We use cookies to identify you as a user and make your user experience easier, customise our services, content and advertising; help you ensure that your account security is not compromised, mitigate risk and prevent fraud; and to promote trust and safety on our website. Cookies allow our servers to remember your account log-in information when you visit our website, IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities.

If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may limit your ability to use our website. Our cookies never store personal or sensitive information; they simply hold a unique random reference to you so that once you visit the site we can recognize who you are and provide certain content to you.

10. Data Disclosure

We may disclose your personal data:

  • In compliance with Nigerian law or a court order
  • To regulatory bodies (e.g., NDPC, CBN)
  • To protect our legal rights and defend against claims
  • In the course of corporate transactions such as mergers or acquisitions

11. California Privacy Rights

While our primary operations are within Nigeria, we respect the rights of international users. For California residents, CPRA rights are respected as applicable:

  • Right to know what data is collected
  • Right to deletion
  • Right to opt‑out of data sales (note: we do not sell data)
  • Right to equal service

Requests may be directed to: privacy@exploit-forge.com

12. Remedies

Where we notice personal data breach or where you report any personal data breach to us, we will as soon as possible investigate same and notify you of the security or correctional measures to be taken including without limitation to reporting same to relevant government authorities.

13. Contact Us

For privacy inquiries or to exercise your data subject rights under NDPA:

Email: privacy@exploit-forge.com

We strive to respond to requests within 30 calendar days. Should there be a delay, you will be notified of the reason and progress.

“This policy is crafted in alignment with the Nigeria Data Protection Act (NDPA) and other applicable global standards to ensure data transparency, integrity, and trust.”