Privacy Policy for Enter The Breach

Last Updated: April 26, 2025

Welcome to Enter The Breach (the "Simulation", "Platform", "we", "us", or "our"). This Privacy Policy explains how HAKTOPUS ("Company") collects, uses, shares, and protects information in relation to our cybersecurity simulation platform and associated services (collectively, the "Services").

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

1. Information We Collect

We collect information to provide and improve our Services. The types of information we may collect include:

1.1. Information You Provide Directly

  • Account Information (if applicable): If you create an account, we may collect your username, email address, password (stored securely using hashing), and any other information you provide during registration.
  • Simulation Configuration: Details you input to configure a simulation scenario, such as intensity, duration, or specific parameters.
  • Communications: If you contact us directly (e.g., for support or feedback), we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

1.2. Information Collected Automatically During Simulation

  • Simulation Performance Data: This includes data generated during your use of the Simulation, such as decisions made, actions taken, time to complete tasks, scores, success/failure outcomes, and overall performance metrics within the simulated environment. This data is core to the simulation experience.
  • Interaction Data: How you interact with the simulation interface, features used, and paths taken.

1.3. Information Collected Automatically Through Use of Services

  • Log Data: When you use our Services, our servers automatically record information ("Log Data"), including your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interacted with our Services.
  • Device Information: We may collect information about the device you are using to access our Services, including what type of device it is, its operating system, device settings, application IDs, unique device identifiers, and crash data.
  • Usage Data: We collect information about your activity on our Services, such as access times, pages viewed, and the page you visited before navigating to our Services.
  • Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies (like web beacons and pixels) to collect information about your interaction with our Services, to remember your preferences, and for security purposes. You can control the use of cookies at the individual browser level. We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

  • Provide, operate, maintain, and improve our Services and the Simulation platform.
  • Personalize your experience within the Simulation.
  • Analyze how users interact with the Simulation to understand effectiveness and identify areas for enhancement.
  • Develop new products, services, features, and functionality.
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes (where permitted by law and with your consent where required).
  • Process your transactions (if any).
  • Send you technical notices, updates, security alerts, and support and administrative messages.
  • For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
  • For security purposes, to prevent fraud and abuse.

3. How We Share Your Information

We may share the information we collect in the following circumstances:

  • Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as hosting, data analysis, email delivery, customer service, and analytics (like Microsoft Clarity). These service providers will only have access to your information as necessary to perform their functions and are contractually obligated to protect your information.
  • Aggregated or De-Identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you, for research, benchmarking, or to improve our Services. For example, we might share aggregated statistics about simulation performance.
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
  • Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
  • With Your Consent: We may share your information with third parties when we have your consent to do so.

4. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

5. Data Retention

We will retain your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

For simulation performance data, we may retain this data in an aggregated or de-identified form for longer periods for research and service improvement purposes.

6. Your Data Protection Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include the right to:

  • Access: Request access to your personal information.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Erasure: Request deletion of your personal information.
  • Restrict Processing: Request restriction of processing of your personal information.
  • Object to Processing: Object to our processing of your personal information.
  • Data Portability: Request a copy of your personal information in a portable format.
  • Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.
  • Lodge a Complaint: Complain to a data protection authority about our collection and use of your personal information.

To exercise these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request in accordance with applicable data protection laws.

7. Cookies and Tracking Technologies

As mentioned, we use cookies and similar tracking technologies. For more detailed information about the cookies we use and your choices regarding cookies, please refer to a separate Cookie Policy (if you create one) or manage your preferences through your browser settings. Many web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Platform.

8. Children's Privacy

Our Services are not intended for use by children under the age of 13 (or 16 in certain jurisdictions), and we do not knowingly collect personal information from children under this age. If we learn that we have collected personal information from a child under the relevant age without parental consent, we will take steps to delete such information as soon as possible. If you believe we might have any information from or about a child under the relevant age, please contact us.

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

10. How Fortune 500 Companies Approach Privacy for Similar Platforms

Large organizations, including Fortune 500 companies, that offer simulation, training, or interactive platforms typically maintain comprehensive privacy policies. Common practices include:

  • Detailed Data Inventories: Clearly outlining all types of data collected, including granular details about interaction and performance data within their platforms.
  • Specific Use Cases: Explicitly stating how data is used for platform improvement, personalization, measuring training effectiveness, and potentially for internal talent development or assessment (with appropriate consents).
  • Robust Security Measures: Highlighting their commitment to data security, often referencing industry certifications or standards they adhere to.
  • Clear Data Sharing & Third-Party Disclosures: Transparently listing categories of third parties with whom data might be shared (e.g., LMS providers, analytics partners, cloud hosting).
  • User Rights & Control: Providing clear mechanisms for users to exercise their data protection rights, often through dedicated privacy portals or dashboards.
  • Role-Based Access: If the platform is used in an enterprise context, they often detail how access to user data is managed and restricted based on roles (e.g., employee vs. manager vs. administrator).
  • Data Processing Agreements (DPAs): For B2B offerings, they provide DPAs to their enterprise customers outlining responsibilities under laws like GDPR.
  • Regular Audits & Updates: Their policies are regularly reviewed and updated to reflect changes in legal requirements and business practices.

Our approach aims to align with these best practices by being transparent about our data handling for the "Enter The Breach" simulation platform.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: