PRIVACY
POLICY
Last Updated
January 2, 2026
01. Who We Are
This Privacy Policy explains how Adversary Holdings Private Limited (“Principle Breach”, “we”, “us”, or “our”), collects, uses, and protects personal data in connection with the Site and our Services.
02. Scope of This Privacy Policy
This Policy applies to:
- visitors to our public website at principlebreach.com and related sub-pages
- individuals who contact us via the Site’s contact form, email, or phone
- prospective or existing customers and partners relating to pre-sales or Services scoping
This Policy does not govern how we process client data as part of a specific security Engagement; that processing is governed by the applicable SOW, NDA, and/or data-processing or business-associate agreements agreed with the relevant client.
03. Data We Collect
3.1 Information you provide directly
When you contact us or request information, we may collect:
- Name
- Job title
- Company name
- Country
- Reason for contact (for example, engagements, partnership, general inquiry)
- Email address
- Free-form message or description of your needs
- Any additional information you choose to include
If you email or call us directly, we will also process the information contained in that communication.
3.2 Information collected automatically
When you visit the Site, our servers may automatically log:
- IP address
- browser type and version
- device and operating system details
- referring pages/URLs
- date and time of access
- basic interaction data (such as pages viewed, HTTP status codes)
We use Umami, a self-hosted, privacy-focused open-source web analytics solution, to analyze website performance and user engagement. Umami is designed to respect user privacy by default: it does not collect personally identifiable information (PII), does not use cookies, and does not track users across websites. All data collected is anonymized and stored on our own servers, ensuring we retain full ownership and control.
We do not use third-party marketing analytics pixels (such as Google Analytics or Meta Pixel) on the public Site.
3.3 Information processed during client engagements
During penetration tests, red team engagements, breach simulations, and other Services, we may access or temporarily store client data, including personal data. That processing is governed by the specific SOW and related legal documents, not by this public-site Privacy Policy. In general, such data is treated as highly sensitive and handled according to strict security and confidentiality controls.
04. How We Use Personal Data
We use personal data for the following purposes:
To respond to inquiries. Handling messages submitted via the contact form, email, or phone and following up on your questions or requests.
To evaluate and scope potential engagements. Understanding your environment, risk profile, and requirements so we can propose appropriate Services.
To operate, secure, and improve the Site. Using server logs and similar data to maintain availability, monitor for abuse, and improve performance.
To maintain business records. Keeping records of communications, proposals, and pre-contractual interactions in line with our legal and compliance obligations.
To comply with legal obligations and protect rights. Complying with applicable laws, responding to lawful requests from authorities, enforcing our agreements, and protecting our rights, clients, and the public.
We do not sell your personal data.
05. Legal Bases (for jurisdictions that require them)
Where data protection laws (such as the EU/UK GDPR) apply, we rely on the following legal bases:
- Performance of a contract or pre-contractual steps: When we process data to respond to your inquiries, prepare an SOW, or perform an Engagement.
- Legitimate interests: For example, to maintain Site security, defend our rights, manage business operations, and communicate with prospective B2B customers. We balance these interests against your rights.
- Legal obligations: When processing is necessary to comply with laws, regulations, or lawful requests.
Where consent is required (for example, for certain types of cookies or marketing in specific jurisdictions), we will seek it separately.
06. Cookies and Similar Technologies
Our Site uses:
- Server-side logging to protect against abuse, debug issues, and maintain service availability.
We use cookie-free analytics (Umami) to ensure visitor privacy is respected. Consequently, we do not currently use marketing, analytics, or advertising cookies on the public-facing Site. If we introduce cookies in the future, we will update this Policy and, where required, present a consent mechanism.
07. How We Share Data
We may share personal data with:
- Professional advisors — Such as lawyers, auditors, or consultants, where reasonably necessary for business, legal, or compliance reasons.
- Authorities and other third parties — Where required by law, regulation, court order, or where necessary to protect our rights, your safety, or the safety of others.
We do not sell personal data to third parties.
08. International Transfers
Depending on where you are located, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required by law, we implement appropriate safeguards for such transfers (for example, contractual protections) and take steps to ensure your data remains protected.
09. Data Security
We use reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include access controls, logging, and secure infrastructure practices.
However, no system or transmission over the internet can be guaranteed to be 100% secure. You are responsible for choosing secure communications channels and for the security of your own systems.
10. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this Policy, including:
- handling your inquiries and potential engagements
- maintaining business and legal records
- complying with applicable legal, tax, and regulatory requirements
When data is no longer required for these purposes, we will delete it or anonymize it in accordance with our internal retention practices, subject to any legal obligations that require longer retention.
11. Your Rights
Depending on your jurisdiction, you may have certain rights over your personal data, which can include:
- access to a copy of your personal data
- correction of inaccurate or incomplete data
- deletion of your data (subject to legal retention requirements)
- restriction or objection to certain processing
- data portability
- withdrawal of consent where processing is based on consent
To exercise these rights, contact us using the details in the Contact section below. We may need to verify your identity before fulfilling your request and may be unable to comply where legal obligations require us to retain certain data.
12. Children
The Site and our Services are not directed to children, and we do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us so we can take appropriate action.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. Your continued use of the Site after changes are posted will indicate your acceptance of the updated Policy.
14. Contact
If you have questions about this Privacy Policy or how we process personal data, contact us at:
Email: hello@principlebreach.com
Or use the contact form on this Site.