Privacy Policy
Last updated: 25 March 2026
This Privacy Policy explains what personal information we collect, how we use it, and what choices you have when you access or use the website, tools, training materials, and related services (collectively, the “Services”) operated by itbit.cc (“itbit”, “we”, “us”, or “our”).
By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy forms part of our Terms of Service.
1. Information We Collect
We collect information in the following ways.
1.1 Information You Provide to Us
When you create an account, purchase a Subscription, contact us, or otherwise interact with the Services, you may provide us with:
Identity information, such as your name, job title, and company or organisation name.
Contact information, such as your email address, telephone number, and postal address.
Account credentials, such as your username and password.
Payment information, such as your credit or debit card details, billing address, and VAT number. Payment card details are processed by our third-party payment processor and are not stored on our servers.
Website information, such as the URLs, hosting details, and access credentials for Covered Websites you register with the Services.
Communications, such as the content of emails, support tickets, or messages you send to us.
1.2 Information We Collect Automatically
When you access or use the Services, we automatically collect certain technical and usage information, including:
Device and browser information, such as your IP address, browser type and version, operating system, device type, and screen resolution.
Usage data, such as the pages you visit, the features you use, the time and date of your visits, the duration of your sessions, and referring URLs.
Log data, such as server logs recording requests made to our systems, including timestamps, request parameters, and response codes.
1.3 Information from Security Scans
When you use the Services to scan a Covered Website, we collect and process data related to that scan, including:
Publicly accessible information about the website, such as HTTP headers, software versions, installed plugins and themes, and page content;
Vulnerability and security findings identified during the scan;
Configuration data relevant to the security assessment; and
Scan metadata, such as timestamps, scan duration, and scan status.
This data is collected solely for the purpose of providing the security scanning and reporting Services to you. We do not access, collect, or store the personal data of your website visitors or customers unless that data is incidentally included in publicly accessible page content examined during a scan.
1.4 Cookies and Similar Technologies
We use cookies and similar tracking technologies to collect information about your browsing activity on our website. Cookies are small text files placed on your device by your web browser.
We use the following types of cookies:
Strictly necessary
Required for the website to function properly, such as session management and authentication. These cannot be disabled.
Functional
Remember your preferences and settings to provide a more personalised experience.
Analytics
Help us understand how visitors interact with our website so we can improve it. We use privacy-respecting analytics tools that do not track you across other websites.
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, but doing so may affect the functionality of the Services. We do not use advertising or tracking cookies.
2. How We Use Your Information
We use the information we collect for the following purposes:
To provide and operate the Services.
This includes creating and managing your Account, processing security scans, generating reports, delivering training materials, and providing customer support.
To process payments.
We use your payment information to process Subscription Fees and other transactions. Payment processing is handled by third-party payment processors who operate under their own privacy policies.
To communicate with you.
We may send you service-related communications, such as account notifications, scan results, security alerts, and responses to your enquiries. We may also send you occasional updates about new features, services, or training materials, from which you can opt out at any time.
To improve the Services.
We use aggregated and anonymised usage data to analyse trends, monitor performance, diagnose technical issues, and improve the functionality and user experience of the Services.
To ensure security and prevent abuse.
We use technical and log data to detect and prevent fraud, abuse, and unauthorised access to the Services.
To comply with legal obligations.
We may process your information where necessary to comply with applicable laws, regulations, or legal processes.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:
Performance of a contract
When processing is necessary to provide the Services you have requested, including account management, security scanning, and delivering training materials.
Legitimate interests
When processing is necessary for our legitimate business interests, such as improving the Services, ensuring security, and communicating with you, provided these interests are not overridden by your rights.
Consent
When you have given us explicit consent, such as opting in to receive marketing communications. You may withdraw consent at any time.
Legal obligation
When processing is necessary to comply with a legal obligation to which we are subject.
4. How We Share Your Information
We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:
Service providers. We engage trusted third-party companies and individuals to perform functions on our behalf, such as payment processing, email delivery, hosting, and analytics. These service providers have access to your personal information only to the extent necessary to perform their functions and are obligated to protect it.
Legal requirements. We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or safety, investigate fraud, or respond to a government request.
Business transfers. If itbit.cc is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and of any choices you may have regarding your information.
With your consent. We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain your personal information for as long as your Account is active or as needed to provide the Services to you. After you close your Account or your Subscription expires, we will retain your information for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Scan results and security reports are retained for the duration of your Subscription and for a period of up to twelve (12) months after termination, after which they are deleted.
Aggregated and anonymised data that cannot be used to identify you may be retained indefinitely for analytical and statistical purposes.
6. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:
• encryption of data in transit using TLS/SSL;
• encryption of sensitive data at rest;
• access controls and authentication mechanisms;
• regular security assessments and monitoring; and
• staff training on data protection and security practices.
However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
7. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal data outside the EEA or the United Kingdom, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access
You have the right to request a copy of the personal data we hold about you.
Rectification
You have the right to request that we correct any inaccurate or incomplete personal data.
Erasure
You have the right to request that we delete your personal data, subject to certain legal exceptions.
Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances.
Data portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Objection
You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis.
Withdraw consent
Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
Complaint
You have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner’s Office (ICO).
To exercise any of these rights, please contact us at help@itbit.cc.
We will respond to your request within thirty (30) days, or within the timeframe required by applicable law.
9. Children’s Privacy
The Services are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe that a child has provided us with personal information, please contact us at help@itbit.cc.
10. Third-Party Links
The Services may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.
We encourage you to review the privacy policies of any third-party websites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Privacy Policy on our website and, where reasonably practicable, by sending you an email. Your continued use of the Services after such changes constitutes your acceptance of the revised Privacy Policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: help@itbit.cc
Website: https://itbit.cc
For general enquiries, you may also reach us at info@itbit.cc.