Legal

Privacy Policy

Effective date: 2026-03-31

Introduction

Drillber ("we", "us", "our") provides a marketing website and a SaaS product for running cybersecurity tabletop exercises. This Privacy Policy describes how we collect, use, and share information from visitors to our marketing site and users of our platform.

Identity and Contact: Drillber is the trading name of Eli Hazan, an Israeli licensed business (Esek Pator) registered under Business Reg. No. 025639493. For any data privacy inquiries, please contact us at hello@drillber.io.

Information We Collect

  • Contact information you provide voluntarily: email address when you register, request a demo, or contact us.
  • Technical information automatically collected: IP address, browser type and version, device information, and anonymized usage data.
  • Cookies and analytics: We may use cookies to understand site usage. No personally identifiable information is stored in analytics by default.

Payment Information: We do not collect, store, or process your credit card details or financial information. All payment processing is handled by our Merchant of Record, Paddle. Paddle collects your billing information and transaction data in accordance with their own Privacy Policy, and acts as the data controller for payment-related data.

How We Use Information

  • Respond to inquiries and manage account access.
  • Operate, maintain, and improve the platform.
  • Communicate product updates and security notices.
  • Send marketing communications only where you have opted in.

Sharing and Third Parties

We use third-party services (cloud infrastructure, analytics, email delivery) to operate the platform. We share only the minimum necessary data with those providers and do not sell personal data to any party.

AI Facilitator Services: Our platform uses Anthropic's Claude API to generate exercise scenarios and facilitation guidance. When you interact with the AI Facilitator, your input and the scenario data are transmitted to Anthropic for processing. We use enterprise-grade APIs, meaning that your data is not used by Anthropic to train their underlying models.

Data Retention and Your Rights

Account data is retained while your account is active. You may request access, correction, or deletion at any time by contacting hello@drillber.io. Requests are handled within 30 days.

International Data Transfers: As our servers are hosted on Google Cloud Platform in Belgium, and our business is based in Israel, your personal data may be transferred to and stored in these jurisdictions. Israel is recognized by the European Commission as providing an adequate level of data protection, ensuring your data remains secure.

Security

We apply AES-256-GCM field-level encryption for PII, TLS 1.2+ in transit, bcrypt password hashing, and multi-tenant data isolation. See our Security page for a full summary.

Contact

Questions about this policy or your data: hello@drillber.io