Effective Date: June 18, 2025
Last Updated: June 18, 2025
Cyware Labs, Inc. ("Cyware," "we," "us," or "our") operates the website at https://www.cyware.com (the "Site") and is committed to protecting your privacy. This Privacy Policy (the "Policy") explains how we collect, use, disclose, and protect your Personal Data when you use our Site, services, products, applications, software, or events (collectively, our "Data Sources"). By using our Data Sources, you agree to the practices described in this Policy.
If you have questions about this Policy or wish to exercise your privacy rights, please contact us at privacy@cyware.com.
1. Scope
This Policy applies to the following Data Sources:
- Services: Our products, services, applications, software, and events offered through the Site, unless a separate privacy policy applies.
- Websites: The Site and its subdomains, accessible via web or mobile browsers.
- Events: Any online or in-person events we host, whether public or by invitation.
This Policy does not apply to third-party websites, applications, or services linked from our Data Sources, which are governed by their own privacy policies.
2. Types of Personal Data We Collect
We collect and process Personal Data, defined as information that identifies, relates to, or could reasonably be linked with an individual, either alone or in combination with other data. We collect the following categories of Personal Data through your use of our Data Sources, third-party interactions related to you, or direct interactions (e.g., newsletter subscriptions, job applications, or inquiries):
| Category | Description | Stored? |
|---|---|---|
| Contact Information | First and last name, mailing address, email address, telephone number, mailing preferences, or other contact details you provide. | Yes |
| Communication Information | Contents of communications (e.g., emails, form submissions, or other correspondence). | Yes |
| Recruitment Information(Employees and Applicants) | Resume, employment history, qualifications, references, and other details submitted during job applications. | Yes |
| Account Information | Username, user identification number, or other details provided when creating a Cyware account. | Yes |
| Application Security Information | Passwords, two-factor authentication data, security questions/answers, or security device identification numbers. | Yes (as needed to provide access support) |
| Financial Transaction Information | Payment details (e.g., credit/debit card numbers, billing details, or other account information). | Yes (for accounting purposes) |
| Usage Data | Information about your interaction with our Data Sources, such as IP address, browser type, pages viewed, time spent, and links clicked (collected via cookies or similar technologies, with consent). | Yes (as applicable to cookie settings) |
| Inferred Data | Preferences or profiles inferred from your interactions, used for analytics or marketing (with consent). | Yes |
We do not collect sensitive personal data (e.g., racial/ethnic origins, health data, or biometric data) unless explicitly required and consented to for specific purposes.
3. How We Collect Personal Data
We collect Personal Data through:
- Direct Interactions: When you provide information by filling out forms, subscribing to newsletters, applying for jobs, attending events, or contacting us.
- Automated Technologies: Through cookies, web beacons, or similar technologies that collect usage data when you interact with our Data Sources.
- Third Parties: From service providers (e.g., HubSpot for marketing), partners, or other entities providing data related to you with your consent or as permitted by law.
- Public Sources: From publicly available information, such as professional profiles, where lawful.
4. How We Use Your Personal Data
We process Personal Data for the following purposes, based on lawful grounds such as your consent, contractual necessity, legitimate interests, or legal obligations:
| Purpose | Legal Basis |
|---|---|
| Grant access to and deliver our Data Sources (e.g., account creation, event registration). | Contractual necessity, consent |
| Maintain and improve security measures (e.g., detecting suspicious activity). | Legitimate interests, legal obligation |
| Conduct internal operations (e.g., troubleshooting, data analysis, customer satisfaction surveys). | Legitimate interests |
| Analyze usage to improve functionality, usability, and offerings of our Data Sources. | Legitimate interests, consent |
| Develop new products, services, or features. | Legitimate interests |
| Send marketing communications (e.g., newsletters, promotions, or event invitations). | Consent |
| Fulfill contractual obligations (e.g., processing payments or delivering services). | Contractual necessity |
| Comply with applicable laws, regulations, or legal processes. | Legal obligation |
| Protect our rights, property, safety, or that of our customers, partners, or the public. | Legitimate interests, legal obligation |
We will not process your Personal Data for purposes incompatible with those listed above without notifying you and, where required, obtaining your consent.
5. How We Share Your Personal Data
We may share your Personal Data with the following recipients, subject to appropriate safeguards:
- Service Providers: Third parties that process Personal Data on our behalf to deliver services, such as:
- Payment processors (e.g., for transactions).
- IT and hosting providers (e.g., website hosting).
- Marketing platforms (e.g., HubSpot for email campaigns).
- Identity verification or analytics providers.
- Corporate Affiliates: Our subsidiaries or affiliates, for purposes consistent with this Policy.
- Business Transfers: Third parties in connection with a merger, acquisition, restructuring, or sale of assets.
- Legal and Regulatory Authorities: Government agencies, courts, or law enforcement, to comply with legal obligations, enforce our Terms of Use, or protect our rights, privacy, or safety.
- Other Third Parties: With your consent, or as necessary to fulfill a contract or protect legitimate interests (e.g., event co-hosts).
We do not sell your Personal Data, as defined under the CCPA/CPRA or similar U.S. state laws. However, we may share usage data with third-party advertisers or analytics providers for interest-based advertising, with your consent (see Section 7).
6. Cookies and Tracking Technologies
We and our third-party partners use cookies, web beacons, and similar technologies to collect usage data, such as IP addresses, browser types, and browsing behavior. These technologies support:
- Functionality: Enabling core features of our Data Sources (e.g., account login).
- Analytics: Understanding how users interact with our Data Sources to improve performance.
- Advertising: Delivering tailored ads based on your interests, with your consent.
You can manage cookie preferences through our Cookie Consent on our website or your browser settings. For more information on interest-based ads, visit the Digital Advertising Alliance at www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising.org/choices.
7. Third-Party Websites and Applications
Our Data Sources may contain links to third-party websites or applications not controlled by Cyware. We are not responsible for their privacy practices. Please review the privacy policies of those third parties before engaging with them.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
| Right | Description | Applicable Laws |
|---|---|---|
| Access | Request a copy of your Personal Data and details about how we process it. | GDPR, CCPA/CPRA, VCDPA, CPA |
| Correction | Request correction of inaccurate or incomplete Personal Data. | GDPR, CCPA/CPRA, VCDPA, CPA |
| Deletion | Request deletion of your Personal Data, subject to exceptions (e.g., legal obligations). | GDPR, CCPA/CPRA, VCDPA, CPA |
| Opt-Out of Sale/Sharing | Opt-out of the sale or sharing of Personal Data for targeted advertising. | CCPA/CPRA, VCDPA, CPA |
| Restrict Processing | Request limitation of processing under certain conditions (e.g., disputed accuracy). | GDPR |
| Object to Processing | Object to processing based on legitimate interests, if it impacts your rights. | GDPR |
| Data Portability | Receive your Personal Data in a structured, machine-readable format. | GDPR, CCPA/CPRA |
| Withdraw Consent | Revoke consent for processing at any time, without affecting prior processing. | GDPR |
| Non-Discrimination | Not be discriminated against for exercising your privacy rights. | CCPA/CPRA, VCDPA, CPA |
| Lodge a Complaint | File a complaint with a supervisory authority (e.g., EU Data Protection Authority or state regulator). | GDPR, CCPA/CPRA |
To exercise your rights, contact us at privacy@cyware.com. We will verify your identity using:
- Account information (if applicable).
- Two forms of identification (for any requests to obtain data in any manner).
We will respond within 45 days (extendable to 90 days with notice) and will not discriminate against you for exercising your rights. You may designate an authorized agent to submit requests on your behalf, provided they provide proof of authorization.
9. International Data Transfers
We may transfer your Personal Data to countries outside your jurisdiction, including the United States, for processing. We ensure adequate protection through:
- EU-U.S. Data Privacy Framework (DPF): We comply with the EU-U.S. DPF and UK Extension, certified by the U.S. Department of Commerce. Learn more at https://www.dataprivacyframework.gov/.
- Standard Contractual Clauses (SCCs): For transfers to non-adequate jurisdictions, we use SCCs approved by the European Commission.
- Binding Corporate Rules: Where applicable, for intra-group transfers.
For unresolved DPF-related complaints, we cooperate with EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO). You may also seek redress through the DPF arbitration process.
10. Data Retention
We retain Personal Data only as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, or resolve disputes. Retention periods vary by data type and purpose (e.g., account data is retained until account deletion, unless required by law). Upon request, we will provide specific retention details.
11. Marketing Communications
You may opt out of marketing communications by:
- Clicking the “unsubscribe” link in our emails.
- Contacting us at privacy@cyware.com.
Opting out of marketing does not affect administrative, legal, or transactional communications.
12. Children’s Privacy
Our Data Sources are not intended for children under 16 (or 18, where required by local law). We do not knowingly collect Personal Data from children without verifiable parental consent. If you believe we have collected such data, contact us at privacy@cyware.com, and we will take appropriate action.
13. Updates to This Policy
We may update this Policy to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised “Last Updated” date. Continued use of our Data Sources after changes constitutes acceptance of the updated Policy. For significant changes, we will provide additional notice (e.g., via email or website banner).
14. Contact Us
For questions, complaints, or to exercise your privacy rights, contact us at:
Email: privacy@cyware.com
For EU/UK residents, our EU representative is the United States Council for International Business (“USCIB”). For DPF-related complaints, contact the U.S. Department of Commerce or relevant supervisory authority.
15. Compliance and Certifications
We adhere to the following frameworks:
- ISO 27001: Information security management.
- EU-U.S. DPF: For EU/UK data transfers.