City of Hats - Premium Navigation Header

Quick Contact

Privacy Note

Last Updated: April 2025

Privacy Policy - City of Hats

Privacy Policy

How we collect, use, and protect your personal information

At City of Hats, we respect your privacy and are committed to ensuring that your personal data is protected. This privacy policy sets out how City of Hats Inc. ("City of Hats", "we" or "us") uses and protects the information that you provide to us when you use our Cyber Intelligence System or City of Hats Platform services (the "Services"), as further described in our Terms of Use, and when you visit our website. This privacy policy governs your access to the Services (available through our website, APIs or third parties) regardless which part of the Services you are using.

City of Hats is the data controller of any processing of your personal data, unless otherwise stated in this privacy policy. For the general terms and conditions applicable to our Service, please see our Terms of Use.

Type of Data We Collect

We collect your personal data when (i) you register a user account, (ii) you use our Service, (iii) you register as a Freelancer, (iv) you interact with us, for example, on technical support matters, through marketing activities or events, and/or (v) you visit our website. Such personal data includes your name, company name, email address, phone number, payment data, IP address and other information you voluntarily provide to us. For more specific information about the type of personal data we collect in each processing activity, please see below.

Your use of the Services will generate reports, dashboards or files containing information about your web application, website, API endpoint, mobile application, source code, etc. (i.e., the target you choose to scan with our Services). All such information generated as part of the Service will be stored by City of Hats for the purpose of making the data available to you. The information may be deleted by you at any time. Such data may include personal data if the Service accesses such during security testing. In such cases, City of Hats acts as a data processor on your behalf (and thus not as a data controller).

Our Purposes, Legal Bases and Storage Periods

User Account

Purpose of processing: When you register a user account, we will process your personal data to provide and administer that user account. If you have a shared account, please note that the account administrator may, for example, access, disclose and change information connected to the account.

Categories of personal data: Name, company name, website domain, email address and company address.

Legal basis for processing: The processing is necessary for the performance of our contractual obligations towards you in relation to the user account (as we have agreed to provide you with this).

Storage period: We store and process the personal data for as long as your user account is active, unless applicable laws or regulations require us to continue processing for a longer period, for example, accounting legislation.

Use of Service

Purpose of processing: When you use the Service, we will process your personal data. Such personal data will to some extent be collected automatically based on your use of the Service, for the purpose that we can provide you with the Service in accordance with our agreement (including administration and customization of your use of the Service).

Categories of personal data: IP address, the website visited before arriving at City of Hats websites, information about your search for websites related to City of Hats, identification numbers associated with your devices, mobile carrier, browser type, local preferences, timestamps of your transactions, system configuration information, metadata about your files, and other interactions with the Service.

Legal basis for processing: The processing of your personal data for this purpose is necessary in order for us to provide you with the agreed functionality of the Service. If you have registered an account on behalf of your employer, the legal basis for the processing is our legitimate interest to do business with your employer.

Storage period: We store and process the personal data for the period necessary to fulfill our contractual obligations, unless applicable laws or regulations require us to continue processing. Thus, the storage period may vary depending on the duration of the agreement.

Sharing Your Personal Data and International Transfers

To fulfill the purposes described above, City of Hats may share personal data with our vendors when they perform services on our behalf. Such vendors primarily provide IT systems and communication, support, maintenance and/or storage services. These vendors act as data processors when accessing your personal data and we have entered into data processing agreements with each vendor in order to ensure that your data is well protected. We also share your personal data with certain trusted third-party companies who will act as controllers of your personal data. Such controllers primarily provide payment and/or billing services. When your personal data is shared with other controllers, they will be responsible for your personal data and we refer you to them for more information about how they process your data.

Your Rights

You have the right to the following under applicable data protection laws:

  • Right of access: You have the right to receive information about our processing of your personal data and to receive a copy thereof.
  • Right of rectification: You may obtain correction of inaccurate personal data and completion of incomplete data.
  • Right of erasure ("right to be forgotten"): You may request under certain circumstances that we delete your personal data.
  • Right to restriction of processing: You may request under certain circumstances that we restrict the processing of your personal data.
  • Right to data portability: You may receive your personal data (or have it transferred directly to another controller) in a structured, commonly used and machine-readable format.
  • Right to object: You may object to certain processing activities based on our legitimate interest, including direct marketing.

You may review, update, correct or delete the personal data in your account or profile at any time by changing your settings.

You also have the right to lodge a complaint with the applicable supervisory authority. In Canada, the Office of the Privacy Commissioner of Canada (OPC) is the authority responsible for privacy protection (https://www.priv.gc.ca/).

Changes to This Privacy Policy

If we change how we handle your personal data, we will update this privacy policy and post it on this website.

Company Information

If you have questions about the processing of your personal data, or wish to exercise your rights, you may contact us at:

admin@cityofhats.com