This Privacy Policy describes how the Incident Response Cost Calculator ("we", "us", or "our") at ircost.breached.company collects, uses, and shares information about you and explains your privacy rights. This policy applies when you use our website and services. This site is part of the Breached.company network, operated by the CyberAdX Network.
All calculator inputs are processed entirely in your browser. The incident type, organization size, industry, compliance selections, and all other form fields you enter are used only to compute cost estimates client-side — they are never transmitted to or stored on our servers. No account is required and no input data is retained after you close your browser tab.
We do not collect the specific values you enter into the calculator. Form inputs (incident type, organization details, compliance requirements, etc.) exist solely in your browser session and are discarded when you leave the page.
When you access our website, we automatically collect certain information through standard web server logs and analytics, including:
We use automatically collected information to:
We use Google Analytics (GA4) to understand how visitors interact with our site. Google Analytics uses cookies stored on your device to collect anonymous usage data. This information is transmitted to and stored by Google in accordance with their privacy policy.
We do not use Google Analytics to track personally identifiable information. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
A first-visit preference (whether you have seen the welcome modal) is stored in your browser's localStorage. This data never leaves your device.
We may share information with:
We do not sell your personal information to third parties.
Server access logs are retained for up to 90 days for security and operational purposes. Google Analytics data is retained in accordance with Google's standard retention settings (14 months by default). localStorage preferences exist only in your browser and can be cleared at any time via your browser settings.
We implement appropriate technical and organizational security measures, including HTTPS encryption, HTTP security headers (Content Security Policy, X-Frame-Options, X-Content-Type-Options), and access controls. However, no security system is impenetrable, and we cannot guarantee the absolute security of information transmitted over the internet.
Depending on your location, you may have rights regarding your personal information under applicable laws including GDPR, CCPA/CPRA, and other state privacy laws. These rights may include:
Because we do not collect or store calculator inputs, most data subject requests will relate to analytics data. To exercise your rights, contact us using the information in the "Contact Us" section below.
Our service is directed to adults and business professionals. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will promptly delete it.
We are based in the United States. Analytics data collected via Google Analytics may be processed in the United States or other countries. If you are located in the EU/EEA or UK, you acknowledge that such transfers occur and are subject to appropriate safeguards (Google's Standard Contractual Clauses).
Our site links to third-party tools including Cyber Insurance Calculator, IR Maturity Assessment, Data Breach Cost Calculator, and others in the Breached.company network. Each linked site has its own privacy policy, and we are not responsible for their practices.
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy or to exercise your privacy rights, please contact us at support.cisomarketplace.com.