Privacy Policy

Last updated: April 2026

Who We Are

Leadership in Cyber is operated by Assaf Keren (“we,” “us,” “our”), the data controller for personal data processed via leadershipincyber.com. This policy explains how we collect, use, and protect your information when you visit the site, subscribe to the newsletter, or purchase our products.

Information We Collect

  • Newsletter subscriptions: When you subscribe to our newsletter, we store your email address, the page you signed up from (the “source”), and timestamps for sign-up, confirmation, and unsubscribe. We use double opt-in: your address is not added to the list until you click the confirmation link.
  • Account information: When you sign in with Google, we receive your name, email address, and profile picture. We do not receive or store your Google password.
  • Payment information: Payments are processed by Stripe. We do not store credit card numbers. Stripe's privacy policy governs payment data.
  • Usage data: With your consent, we use Vercel Analytics, Google Tag Manager, and Google Ads to understand how visitors use the site and measure campaign effectiveness. This includes page views, referral sources, and general geographic location.

How We Use Your Information

  • To send the newsletter you subscribed to and track delivery, opens, bounces, and unsubscribes
  • To provide access to purchased content (masterclass videos)
  • To manage group/team seat allocations
  • To communicate about your purchase or account
  • With your consent, to measure site usage and ad effectiveness

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

Legal Bases for Processing (GDPR)

  • Consent — for newsletter subscriptions and analytics/advertising cookies. You may withdraw consent at any time.
  • Contract — to provide access to purchased content and process payments.
  • Legitimate interests — to keep the site secure and prevent abuse.

Cookies and Tracking

We use a small number of cookies and similar technologies. We split them into two categories:

  • Necessary — sign-in sessions (NextAuth), security tokens, and theme/locale preferences. Always on; the site cannot function without them.
  • Analytics & advertising— Vercel Analytics, Google Tag Manager (GT-T9WP95PR), and Google Ads (AW-17577976875). Loaded only after you click “Accept” on the cookie banner.

We honor the Global Privacy Control signal: if your browser sends GPC, we treat that as a rejection of analytics and advertising cookies and do not show the banner.

You can change your choice at any time: .

Third-Party Services

  • Vercel: Website hosting and analytics (US, with EU sub-processors).
  • Neon: Postgres database hosting (subscriber list and email send records).
  • Resend: Transactional and newsletter email delivery.
  • Google OAuth: Authentication provider for masterclass sign-in.
  • Google Tag Manager / Google Ads: Advertising and conversion tracking (only with consent).
  • Stripe: Payment processing.
  • Vimeo: Video hosting for masterclass content.

Each service has its own privacy policy governing how they handle your data.

Data Retention

  • Newsletter: Until you unsubscribe. Unsubscribe records are retained to honor your choice and to suppress future sends.
  • Account & purchase data: For as long as your account is active or as needed to provide access to purchased content; longer where required for tax or legal reasons.
  • Analytics data: Per Vercel and Google retention defaults.

Your Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure (“right to be forgotten”) — ask us to delete your data.
  • Restriction — ask us to stop processing your data while a dispute is resolved.
  • Portability — receive a machine-readable copy of the data you provided.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — for newsletter (use the unsubscribe link in any email) or for cookies (use Cookie preferences in the footer).
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email us at contact@leadershipincyber.com. We'll respond within 30 days.

International Data Transfers

Some of our service providers are located in the United States. Where we transfer personal data outside the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards offered by the provider.

Contact

For privacy-related questions, contact us at contact@leadershipincyber.com.