We're building this for the cybersecurity community — so we take data handling seriously. Here's exactly what we collect, how we use it, and how we protect it.
Last updated: February 2026
When you submit your salary data, we collect: job title, seniority level, company name, company size, location, country, work arrangement (remote/hybrid/onsite), base salary, currency, total compensation (optional), years of experience (optional), industry (optional), and LinkedIn profile URL (required for accountability — we use this to verify contributors are real cybersecurity professionals).
We use Manus OAuth for authentication. We store your display name, email address, and a unique identifier. We do not store passwords — authentication is handled entirely by the OAuth provider.
We don't collect your exact street address, phone number, date of birth, government ID, bank details, or any biometric data. We don't use tracking cookies beyond what's needed for your login session.
Your salary data is aggregated with other submissions to produce the bi-annual CyberSec Salary Guide report. Reports are shared every 6 months and are only accessible to people who have contributed their own data.
Your company name is never shown in reports. Report data includes job title, seniority level, company size, location, work arrangement, salary, and experience — but not your name, email, company name, or any other personally identifying information. We deliberately exclude data that could be used to identify individual respondents.
After you submit, we show you an instant comparison of where your salary sits relative to others at the same seniority level. This comparison is calculated in real-time and only shows percentile rankings — not individual data points.
We display anonymised activity on the submission page (e.g., "A Senior in Australia submitted 2 hours ago") to show community engagement. This only includes seniority level and country — never names, companies, or specific locations.
All data is transmitted over HTTPS/TLS. Data at rest is stored in a managed database with encryption enabled. Session tokens are signed with HMAC and transmitted via secure, HttpOnly cookies.
Only authenticated users can submit data. Only contributors who have submitted their own salary data can access the report. Admin access is restricted to the platform owner (Ricki Burke, CyberSec People).
All user inputs are validated and sanitised server-side. We use security headers (via Helmet) including X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security. Rate limiting is applied to submission endpoints to prevent abuse.
Report data is protected against bulk extraction. We don't offer raw CSV exports to regular users, and the report interface includes measures to discourage automated scraping.
You can edit or delete your salary submissions at any time through the "My Submissions" page. Deleting a submission permanently removes it from our database and any future reports.
You can view all your submissions through the "My Submissions" page. If you need a full export of your personal data, contact us and we'll provide it within 30 days.
If you want your account and all associated data permanently deleted, contact us. We'll remove everything within 30 days.
This platform is operated by CyberSec People, founded by Ricki Burke. If you have any questions about this privacy policy or how your data is handled, reach out via LinkedIn or through the CyberSec People website.