Privacy Policy

Introduction
Toralya (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you interact with our website (toralya.io) or use our services. It is designed to comply with the EU General Data Protection Regulation (GDPR), the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).
This unified Policy applies to all users worldwide. We adhere to globally recognised privacy principles and legal requirements.
Who We Are: Toralya is a strategic cyber intelligence and forensic analysis brand in the process of establishing its operational base in Dubai, United Arab Emirates, under a DMCC licence. All data processing activities are conducted in accordance with internationally recognised standards, including GDPR, PDPL, and relevant U.S. privacy regulations.
By using our website or providing us with your information, you acknowledge this Policy. If you do not agree with any part of it, please refrain from using our services.

Personal Data We Collect
– Information You Provide: When you contact us via our website form or email, you may provide personal data such as your name, email address, organisation, job title, telephone number, and the content of your inquiry.
– Communication Data: Any correspondence with us (including emails and messages) will contain personal data that we process in order to respond and keep records of our communication.
– Automatic Data Collection: When you visit our site, we may automatically collect technical information such as your IP address, browser type, device identifiers, operating system, referring URL, pages visited, and time/date of access.
– Cookies & Similar Technologies: We use only essential cookies necessary for the operation and security of the site. We do not use marketing cookies, tracking pixels, or third-party behavioural analytics.
– Sensitive Data: We do not intentionally collect sensitive categories of personal data, nor do we knowingly collect personal data from children under 16.

How We Use Personal Data
We use personal data only for legitimate purposes, including:
– Responding to Inquiries: To answer your requests, provide information, and communicate with you.
– Service Delivery: To perform contracts or take pre-contractual steps at your request, including the provision of intelligence reports or forensic services.
– Business Administration & Legal Compliance: To meet legal obligations, manage accounts, billing, and record-keeping.
– Security & Fraud Prevention: To protect our website and systems, detect suspicious activity, and maintain cybersecurity integrity.
– Analytics & Service Improvement: To analyse aggregate data and improve the functionality and quality of our services.
We do not sell personal data or use it for unsolicited marketing.

Legal Basis for Processing
Depending on the context, we process personal data on the following legal grounds:
– Consent – when you expressly consent to processing (e.g., by submitting our contact form).
– Contract – when processing is necessary to perform or prepare for a contract with you.
– Legitimate Interests – when processing is necessary for our business operations (e.g., ensuring cybersecurity), balanced against your rights.
– Legal Obligation – when processing is required by law.