Privacy Policy

Last updated Jun 25, 2026.

This site is operated by Redbit S.r.l.s., Viale della Grande Muraglia 494, 00144 Roma, Italy (VAT IT15237911001) ("we", "us"). We are the data controller. BreachCostLab serves a US audience but is operated from the EU, so we apply the GDPR to all visitors regardless of location.

What we collect

The calculators run entirely in your browser. The figures you enter — records, turnover, revenue, security posture and any other inputs — are not sent to us or stored on our servers. We collect only standard technical data and, with your consent, analytics and advertising data:

  • Server logs (IP address, user agent, requested URL, timestamp) for security and abuse prevention — legitimate interest.
  • Analytics (e.g. Google Analytics 4) — only after you consent. Used in aggregate to understand which calculators and guides are useful.
  • Advertising (e.g. Google AdSense) — only after you consent. Ads may use cookies to limit repetition and measure performance.
  • Contact form — if you write to us, the name, email and message you provide, used solely to reply.

Legal bases

Technical operation and security: legitimate interest (Art. 6(1)(f)). Analytics and advertising cookies: your consent (Art. 6(1)(a)), which you can withdraw at any time via "Cookie preferences" in the footer. Responding to a contact-form message: our legitimate interest in answering you, or steps taken at your request.

Cookies & consent

We use a consent management platform and Google Consent Mode v2. Until you accept, advertising and analytics storage stay denied. See the cookie policy for the categories and how to change your preferences.

Third parties

Consent-gated analytics and advertising (Google) act as independent or joint controllers for the data they collect; see Google's policies. We do not sell personal data. US visitors can exercise "Do Not Sell or Share" via the consent banner where applicable.

Retention

Server logs are kept for a limited period for security, then deleted or anonymized. Contact-form messages are kept only as long as needed to handle your request. Analytics and advertising retention follows the respective provider's settings.

Your rights

You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to lodge a complaint with a supervisory authority. To exercise these rights contact [email protected] (DPO: [email protected]).