Back to CyFun Compliance Assessment Tool

Privacy Policy

CyFun Compliance Assessment Tool — Asphalia Consulting SRL

1. Controller

Asphalia Consulting SRL
VAT: BE 0804.870.960
Email:

2. Data we process

This tool does not collect, transmit, or store any personal data on our servers. Specifically:

Assessment progress, scores, and notes are stored exclusively in your browser’s local storage. They never leave your device.
If you enter personal names or contact details in free-text fields (e.g. organisation notes), that information is stored only in your own browser and is never accessible to us.
All assets (fonts, scripts, stylesheets, framework data) are self-hosted. No requests are made to third-party servers.
No cookies are placed on your device.
No analytics data is collected or transmitted externally.

3. Legal basis — local storage

Since no personal data is transmitted to or processed by Asphalia Consulting SRL, no legal basis under GDPR Article 6 is required for the core tool functionality. The use of browser local storage to save your assessment progress is strictly necessary for the functionality you request (Article 5(3) of the ePrivacy Directive / Article 129 §1 of the Belgian Electronic Communications Act of 13 June 2005).

4. If you contact us by email

If you send us an email, we process your email address and the content of your message for the sole purpose of responding to your inquiry. The legal basis is our legitimate interest in answering user questions (GDPR Article 6(1)(f)). We retain email correspondence for a maximum of 3 years. We do not share this information with third parties.

5. Recipients

None. Assessment data never leaves your browser. Email correspondence is handled solely by Asphalia Consulting SRL.

6. International transfers

None. Assessment data is stored only on your device. No data transfer outside the European Economic Area takes place.

7. Retention

Assessment data stored in your browser’s local storage persists until you clear it. You can delete it at any time via your browser settings (typically: Settings → Privacy → Clear site data) or by using the Export / Import section of the tool to export and then delete individual organisations.

8. Your rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and to object to the processing of your personal data.

For assessment data: since this data is stored exclusively in your own browser, you exercise these rights directly by managing your browser’s local storage.
For email correspondence: contact us at to exercise any of these rights.

9. Right to lodge a complaint

You have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données / Gegevensbeschermingsautoriteit
www.dataprotectionauthority.be
Email:

10. Data Protection Officer

Asphalia Consulting SRL does not meet the thresholds requiring the designation of a Data Protection Officer under GDPR Article 37. For any privacy-related inquiry, please contact us directly at .

11. Pro plan & cloud features

The free version of the tool operates entirely in your browser — no data is transmitted to our servers. The optional Pro plan adds cloud synchronisation and additional features. When you activate Pro:

Account data: your email address and plan status are stored on our server (hosted by Infomaniak in Switzerland, within the EEA-equivalent framework).
Assessment data: organisation profiles, scores, evidence, and snapshots you choose to sync are transmitted to and stored on our server, encrypted in transit (HTTPS/TLS).
Billing data: payment is processed by Stripe. We do not store your credit card details. Stripe’s privacy policy applies to payment processing.
Legal basis: performance of a contract (GDPR Article 6(1)(b)) for the Pro subscription service.
Retention: synced data is retained as long as your Pro subscription is active. Upon account deletion, all synced data is permanently erased from our server.
Your rights: you can export all your data (JSON), delete individual organisations from the server, or delete your entire account at any time from the Account page in the tool.

Your explicit consent is sought before any data is transmitted. The free tool continues to function fully without an account.

12. Changes to this policy

This privacy policy may be updated to reflect changes in the tool or applicable law. The date below indicates the last revision. Continued use of the tool after a policy update constitutes acceptance of the revised policy.

Last updated: March 2026