1. Introduction
Michaelis Labs (“we”, “us”, “our”) is committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Mauritius Data Protection Act 2017.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access our website or engage our web application and API penetration testing services.
2. Data Controller
Michaelis Labs is the data controller responsible for your personal data.
Your data is available upon request at contact@michaelislabs.com
3. Personal Data We Collect
3.1 Data You Provide
We may collect:
- Full name
- Email address
- Company name
- Contact details
- Information submitted via forms, emails, or service requests
3.2 Technical Data
We automatically collect:
- IP address
- Browser type and version
- Device identifiers
- Usage data (pages visited, timestamps)
3.3 Client Security Data
When providing services, we may process:
- Application data and logs
- Authentication mechanisms
- System configurations
This data is processed strictly under contractual obligation and confidentiality.
4. Lawful Basis for Processing (GDPR Art. 6)
We process your personal data based on:
- Contractual necessity — to provide requested services
- Legitimate interests — to improve services and ensure security
- Consent — for optional communications or cookies
- Legal obligation — where required by law
5. Purpose of Processing
We use your data to:
- Deliver penetration testing and security services
- Respond to inquiries and support requests
- Improve website performance and security posture
- Detect and prevent fraud or cyber threats
- Comply with legal and regulatory obligations
6. Data Sharing and Processors
We do not sell personal data.
We may share data with:
- Legal authorities when required
All third-party processors are contractually bound to comply with GDPR standards (Art. 28).
7. Data Retention
We retain personal data only for as long as necessary to:
- Fulfill contractual obligations
- Meet legal, accounting, or regulatory requirements
Security testing data is retained only for the duration necessary to deliver services unless otherwise agreed.
8. Data Security
We implement appropriate technical and organizational measures, including:
- Encryption in transit (HTTPS)
- Access control and least privilege
- Secure handling of sensitive testing data
9. Your Rights Under GDPR
If you are located in the EU/EEA, you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (“right to be forgotten”) (Art. 17)
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent at any time
To exercise your rights, contact: [Insert Email]
You also have the right to lodge a complaint with a supervisory authority.
10. Cookies and Tracking
We use cookies to enhance user experience and analyze traffic.
Where required by law, we obtain your consent before placing non-essential cookies.
You can manage cookie preferences via your browser settings.
11. Confidentiality in Security Testing
Given the nature of our services, we treat all client systems, data, and findings as strictly confidential.
- No data is disclosed without authorization
- Findings are shared only with authorized stakeholders
- Sensitive vulnerabilities are handled responsibly
12. Changes to This Policy
We may update this Privacy Policy periodically. Updates will be posted on this page with a revised effective date.
13. Contact
Michaelis Labs
Email: contact@michaelislabs.com