Privacy Policy
Last modified: Wednesday March 04, 2026
This privacy policy describes how Reykja Cybersecurity AB ("Reykja") collects, processes and protects personal data in connection with our websites, products and services.
Reykja is committed to protecting the privacy and confidentiality of our visitors and customers. Our services are designed with privacy and minimal data collection in mind.
This policy applies to all services, systems and websites owned and operated by Reykja Cybersecurity AB.
Website Visitors
If you visit one of our websites as a normal visitor, we collect very limited information.
Reykja websites do not use:
advertising networks
tracking systems
third-party analytics
social media tracking
marketing cookies
Our websites are intentionally minimal and designed to respect visitor privacy.
JavaScript is generally not used unless required for a specific feature on a specific page.
Standard Web Logs
Like most online services, our infrastructure generates standard security and operational logs.
These may include:
IP address
timestamp
requested resource
network metadata
firewall or IDS events
These logs are used strictly for:
security monitoring
abuse detection
operational troubleshooting
Logs are automatically deleted after different retention periods depending on the security level of the system, typically between one and six months.
Security Monitoring and Abuse
If abnormal behaviour is detected, such as:
network scanning
abuse attempts
intrusion attempts
service misuse
Reykja may collect and retain relevant technical data as evidence for security investigation.
Where required by law, Reykja may share such information with relevant authorities.
Contact via Email
If you contact Reykja by email, we may retain your communication depending on the purpose:
General questions may be deleted after the conversation ends.
Business discussions may be retained as part of ongoing communication.
Security-related discussions may be retained as needed.
You may request deletion of your email communication where applicable.
Customer Data
If you are a customer using Reykja services, Reykja processes data necessary to operate and secure the service.
This may include:
account identifiers
login metadata
IP address
timestamps
service-related configuration data
cookies
This data is used solely for:
service operation
service security
troubleshooting
administration of the service
Reykja does not use customer data for advertising, profiling, or analytics purposes.
Support Systems
If you contact Reykja through our support system:
support requests may be stored in the support system
customers can normally view their support history
conversations may be deleted periodically or upon request where applicable
Backups
Some services may include backup solutions depending on the service agreement.
Backup policies, retention periods, and scope are defined in the customer contract or the service-specific documentation.
Data Retention
Reykja only retains personal data for as long as necessary for:
service operation
contractual obligations
legal requirements
security investigation
When a service contract ends and all obligations are fulfilled, customer-related operational data is normally deleted.
Certain information may be retained where required by accounting, taxation, or legal regulations.
Storage Media Sanitization
For systems handling customer data, Reykja applies strict data destruction procedures when storage devices are retired.
Depending on contractual requirements, one of the following methods may be used:
Encrypted volumes are wiped and destroyed.
Storage devices are sanitized according to RCMP TSSIT OPS-II (Security Level 8) media sanitization standards.
Physical destruction of storage media with documented evidence.
Data Sharing
Reykja does not sell, rent, or share customer data or metadata with third parties.
Exceptions may apply only in the following cases:
1. Statistical Information
number of attacks detected
attack categories
threat trends
Such statistics never contain data that can identify customers, organizations, users, or systems.
2. Security Intelligence and Service Improvement
Reykja may use aggregated and anonymized security telemetry generated by the services to improve detection capabilities and security analytics.
This may include statistical information such as:
attack patterns
blocked connection statistics
malware indicators
threat trends
network anomaly patterns
Such information may be processed centrally within Reykja infrastructure in order to:
improve threat detection
strengthen security analytics
enhance current and future services
This information never contains customer-identifiable data and cannot be used to identify a customer, organization, system, or user.
No customer traffic, payload data, or identifiable metadata is shared between customers.
3. Legal Obligations
If required by law or by legally authorized authorities, Reykja may provide relevant information in accordance with applicable legislation.
Legal Basis for Processing
Reykja processes personal data based on one or more of the following legal grounds:
contractual necessity for providing services
legitimate interest in securing and operating services
legal obligations under applicable law
Your Rights
Under applicable data protection laws, including the General Data Protection Regulation (GDPR), individuals may have the right to:
request access to personal data
request correction of inaccurate data
request deletion of personal data where applicable
request restriction of processing
object to certain processing activities
Requests will be handled in accordance with applicable law and contractual obligations.
Contact and Information
Reykja Cybersecurity AB
Cyber Defence and Investigation
Corporate identity: 559247-6708
GPG info:
ID: 0x38722307142DC43B
Fingerprint SHA256: 6ca0d9f4d78 d5627fc4e74 42e76a63905 74c770ec82f f0c5c6e75d9 276710ded
