Effective Date: June 18, 2025

Last Updated: June 18, 2025

Cyware Labs, Inc. ("Cyware," "we," "us," or "our") operates the website at https://www.cyware.com (the "Site") and is committed to protecting your privacy. This Privacy Policy (the "Policy") explains how we collect, use, disclose, and protect your Personal Data when you use our Site, services, products, applications, software, or events (collectively, our "Data Sources"). By using our Data Sources, you agree to the practices described in this Policy.

If you have questions about this Policy or wish to exercise your privacy rights, please contact us at privacy@cyware.com.

1. Scope

This Policy applies to the following Data Sources:

  • Services: Our products, services, applications, software, and events offered through the Site, unless a separate privacy policy applies.
  • Websites: The Site and its subdomains, accessible via web or mobile browsers.
  • Events: Any online or in-person events we host, whether public or by invitation.

This Policy does not apply to third-party websites, applications, or services linked from our Data Sources, which are governed by their own privacy policies.

2. Types of Personal Data We Collect

We collect and process Personal Data, defined as information that identifies, relates to, or could reasonably be linked with an individual, either alone or in combination with other data. We collect the following categories of Personal Data through your use of our Data Sources, third-party interactions related to you, or direct interactions (e.g., newsletter subscriptions, job applications, or inquiries):

CategoryDescriptionStored?
Contact InformationFirst and last name, mailing address, email address, telephone number, mailing preferences, or other contact details you provide.Yes
Communication InformationContents of communications (e.g., emails, form submissions, or other correspondence).Yes
Recruitment Information(Employees and Applicants)Resume, employment history, qualifications, references, and other details submitted during job applications.Yes
Account InformationUsername, user identification number, or other details provided when creating a Cyware account.Yes
Application Security InformationPasswords, two-factor authentication data, security questions/answers, or security device identification numbers.Yes (as needed to provide access support)
Financial Transaction InformationPayment details (e.g., credit/debit card numbers, billing details, or other account information).Yes (for accounting purposes)
Usage DataInformation about your interaction with our Data Sources, such as IP address, browser type, pages viewed, time spent, and links clicked (collected via cookies or similar technologies, with consent).Yes (as applicable to cookie settings)
Inferred DataPreferences or profiles inferred from your interactions, used for analytics or marketing (with consent).Yes

We do not collect sensitive personal data (e.g., racial/ethnic origins, health data, or biometric data) unless explicitly required and consented to for specific purposes.

3. How We Collect Personal Data

We collect Personal Data through:

  • Direct Interactions: When you provide information by filling out forms, subscribing to newsletters, applying for jobs, attending events, or contacting us.
  • Automated Technologies: Through cookies, web beacons, or similar technologies that collect usage data when you interact with our Data Sources.
  • Third Parties: From service providers (e.g., HubSpot for marketing), partners, or other entities providing data related to you with your consent or as permitted by law.
  • Public Sources: From publicly available information, such as professional profiles, where lawful.
4. How We Use Your Personal Data

We process Personal Data for the following purposes, based on lawful grounds such as your consent, contractual necessity, legitimate interests, or legal obligations:

PurposeLegal Basis
Grant access to and deliver our Data Sources (e.g., account creation, event registration).Contractual necessity, consent
Maintain and improve security measures (e.g., detecting suspicious activity).Legitimate interests, legal obligation
Conduct internal operations (e.g., troubleshooting, data analysis, customer satisfaction surveys).Legitimate interests
Analyze usage to improve functionality, usability, and offerings of our Data Sources.Legitimate interests, consent
Develop new products, services, or features.Legitimate interests
Send marketing communications (e.g., newsletters, promotions, or event invitations).Consent
Fulfill contractual obligations (e.g., processing payments or delivering services).Contractual necessity
Comply with applicable laws, regulations, or legal processes.Legal obligation
Protect our rights, property, safety, or that of our customers, partners, or the public.Legitimate interests, legal obligation

We will not process your Personal Data for purposes incompatible with those listed above without notifying you and, where required, obtaining your consent.

5. How We Share Your Personal Data

We may share your Personal Data with the following recipients, subject to appropriate safeguards:

  • Service Providers: Third parties that process Personal Data on our behalf to deliver services, such as:
    • Payment processors (e.g., for transactions).
    • IT and hosting providers (e.g., website hosting).
    • Marketing platforms (e.g., HubSpot for email campaigns).
    • Identity verification or analytics providers.
  • Corporate Affiliates: Our subsidiaries or affiliates, for purposes consistent with this Policy.
  • Business Transfers: Third parties in connection with a merger, acquisition, restructuring, or sale of assets.
  • Legal and Regulatory Authorities: Government agencies, courts, or law enforcement, to comply with legal obligations, enforce our Terms of Use, or protect our rights, privacy, or safety.
  • Other Third Parties: With your consent, or as necessary to fulfill a contract or protect legitimate interests (e.g., event co-hosts).

We do not sell your Personal Data, as defined under the CCPA/CPRA or similar U.S. state laws. However, we may share usage data with third-party advertisers or analytics providers for interest-based advertising, with your consent (see Section 7).

6. Cookies and Tracking Technologies

We and our third-party partners use cookies, web beacons, and similar technologies to collect usage data, such as IP addresses, browser types, and browsing behavior. These technologies support:

  • Functionality: Enabling core features of our Data Sources (e.g., account login).
  • Analytics: Understanding how users interact with our Data Sources to improve performance.
  • Advertising: Delivering tailored ads based on your interests, with your consent.

You can manage cookie preferences through our Cookie Consent on our website or your browser settings. For more information on interest-based ads, visit the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.

7. Third-Party Websites and Applications

Our Data Sources may contain links to third-party websites or applications not controlled by Cyware. We are not responsible for their privacy practices. Please review the privacy policies of those third parties before engaging with them.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

RightDescriptionApplicable Laws
AccessRequest a copy of your Personal Data and details about how we process it.GDPR, CCPA/CPRA, VCDPA, CPA
CorrectionRequest correction of inaccurate or incomplete Personal Data.GDPR, CCPA/CPRA, VCDPA, CPA
DeletionRequest deletion of your Personal Data, subject to exceptions (e.g., legal obligations).GDPR, CCPA/CPRA, VCDPA, CPA
Opt-Out of Sale/SharingOpt-out of the sale or sharing of Personal Data for targeted advertising.CCPA/CPRA, VCDPA, CPA
Restrict ProcessingRequest limitation of processing under certain conditions (e.g., disputed accuracy).GDPR
Object to ProcessingObject to processing based on legitimate interests, if it impacts your rights.GDPR
Data PortabilityReceive your Personal Data in a structured, machine-readable format.GDPR, CCPA/CPRA
Withdraw ConsentRevoke consent for processing at any time, without affecting prior processing.GDPR
Non-DiscriminationNot be discriminated against for exercising your privacy rights.CCPA/CPRA, VCDPA, CPA
Lodge a ComplaintFile a complaint with a supervisory authority (e.g., EU Data Protection Authority or state regulator).GDPR, CCPA/CPRA

To exercise your rights, contact us at privacy@cyware.com. We will verify your identity using:

  • Account information (if applicable).
  • Two forms of identification (for any requests to obtain data in any manner).

We will respond within 45 days (extendable to 90 days with notice) and will not discriminate against you for exercising your rights. You may designate an authorized agent to submit requests on your behalf, provided they provide proof of authorization.

9. International Data Transfers

We may transfer your Personal Data to countries outside your jurisdiction, including the United States, for processing. We ensure adequate protection through:

  • EU-U.S. Data Privacy Framework (DPF): We comply with the EU-U.S. DPF and UK Extension, certified by the U.S. Department of Commerce. Learn more at https://www.dataprivacyframework.gov/.
  • Standard Contractual Clauses (SCCs): For transfers to non-adequate jurisdictions, we use SCCs approved by the European Commission.
  • Binding Corporate Rules: Where applicable, for intra-group transfers.

For unresolved DPF-related complaints, we cooperate with EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO). You may also seek redress through the DPF arbitration process.

10. Data Retention

We retain Personal Data only as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, or resolve disputes. Retention periods vary by data type and purpose (e.g., account data is retained until account deletion, unless required by law). Upon request, we will provide specific retention details.

11. Marketing Communications

You may opt out of marketing communications by:

  • Clicking the “unsubscribe” link in our emails.
  • Contacting us at privacy@cyware.com.

Opting out of marketing does not affect administrative, legal, or transactional communications.

12. Children’s Privacy

Our Data Sources are not intended for children under 16 (or 18, where required by local law). We do not knowingly collect Personal Data from children without verifiable parental consent. If you believe we have collected such data, contact us at privacy@cyware.com, and we will take appropriate action.

13. Updates to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised “Last Updated” date. Continued use of our Data Sources after changes constitutes acceptance of the updated Policy. For significant changes, we will provide additional notice (e.g., via email or website banner).

14. Contact Us

For questions, complaints, or to exercise your privacy rights, contact us at:

Email: privacy@cyware.com

For EU/UK residents, our EU representative is the United States Council for International Business (“USCIB”). For DPF-related complaints, contact the U.S. Department of Commerce or relevant supervisory authority.

15. Compliance and Certifications

We adhere to the following frameworks:

  • ISO 27001: Information security management.
  • EU-U.S. DPF: For EU/UK data transfers.