Logo
Home
Services
  • Offensive Engineering
  • Defensive Engineering
  • Managed Security
  • Specialty
Products
  • HackerFlow
  • 7Hunter
Resources
  • Blog
  • Research Reports
  • Webinars & Events
Company
  • About Us
  • Careers
Contact
Logo
Home
Services
  • Offensive Engineering
  • Defensive Engineering
  • Managed Security
  • Specialty
Products
  • HackerFlow
  • 7Hunter
Resources
  • Blog
  • Research Reports
  • Webinars & Events
Company
  • About Us
  • Careers
Contact
Back to overview

Privacy Policy

Last updated: 16 March 2026

We are an offensive security company. How we handle data is not a legal formality for us — it is a reflection of how we operate. This policy explains what we collect, why we collect it, and exactly what we do with it.

Who we are

Crimson7 BV is an offensive security company based in Belgium, specialising in red teaming, purple teaming, detection engineering, and managed threat simulation. Our website is crimson7.io.

  • Company registration (KBO): 1014.908.624
  • Registered address: Keibergstraat 35, 1930 Zaventem, Belgium
  • VAT: BE1014.908.624

What data we collect

We collect only what is necessary for the interaction you initiate.

Contact and discovery call forms

  • Name
  • Email address
  • Company name (if provided)
  • Your message or enquiry

Resource downloads (whitepapers, datasheets, reports)

  • Email address
  • Name (if provided)

Newsletter subscription

  • Email address

We do not collect payment information, government identification, or any special category personal data. We do not fingerprint browsers or build behavioural profiles of visitors to this website.

How we use your data

To respond to your enquiry. If you contact us or request a discovery call, we use your contact details to respond. That is the only purpose.

To deliver requested resources. If you provide your email to download content, we use it to fulfil that request. You may also receive occasional related content from us — you can opt out at any time.

To send updates. If you subscribe to our newsletter, we send security research updates, threat intelligence briefings, and event announcements. Every email includes an unsubscribe link.

To protect our forms. Form submissions are verified using Cloudflare Turnstile to prevent bot abuse. See Third Parties below.

We do not use your data for advertising. We do not sell, rent, or trade your data. We do not pass it to data brokers or marketing platforms.

Third parties

We work with the following infrastructure providers:

Google Firebase — Google Cloud (USA) This website is hosted on Firebase Hosting. Form submissions and resource download records are stored in Firestore, a Google Cloud database. Google is certified under the EU–US Data Privacy Framework. Google Privacy Policy

Cloudflare (USA) We use Cloudflare for CDN, DDoS protection, and Cloudflare Turnstile on our forms. Turnstile verifies human interaction without tracking cookies and without building user profiles. Cloudflare may process request metadata (IP address, browser signals) as part of its security infrastructure. Cloudflare Privacy Policy

No other third parties receive your personal data.

Cookies

We use a minimal set of functional cookies. We do not use advertising cookies, analytics tracking cookies, or cross-site tracking of any kind. For full details, see our Cookie Policy.

Your rights under GDPR

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation:

  • Access — obtain a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request that we delete your data
  • Restriction — request that we limit how we use your data while a dispute is resolved
  • Objection — object to processing based on legitimate interests
  • Portability — receive your data in a structured, machine-readable format

Submit requests to our Data Protection Officer: compliance@crimson7.io

We will respond within 30 days.

If you believe your data has been mishandled, you have the right to file a complaint with the Belgian data protection authority: Gegevensbeschermingsautoriteit (GBA) dataprotectionauthority.be

Data retention

Contact enquiries and discovery call requests are retained for up to 12 months following the conclusion of the relevant conversation or engagement. Resource download records are retained for up to 24 months. Newsletter subscribers are retained until they unsubscribe. We do not keep data longer than necessary.

Changes to this policy

Material changes will be reflected in the updated date at the top of this page. We recommend reviewing this page periodically.

Data Protection Officer

Email: compliance@crimson7.io

Questions

Contact us via our contact page or email compliance@crimson7.io.

Back to overview
Crimson7

Elite offensive security services that expose and close the gaps before real attackers find them.

Stay Ahead
Get monthly threat intelligence and detection updates straight to your inbox.
Services
Offensive EngineeringDefensive EngineeringManaged SecuritySpecialty
Products
HackerFlow7Hunter
Resources
BlogResearch ReportsWebinars & Events
Company
About UsCareersContact
© 2026 Crimson7. All rights reserved.
Privacy PolicyCookie PolicyTerms of Service