CyberPolicify Inc. ("CyberPolicify," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Services").
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, and password when you register
- Organization Data: Industry, company size, compliance frameworks, and security posture information
- Assessment Data: Responses to compliance gap assessments and security questionnaires
- Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
- Communications: Messages you send to us through contact forms or support channels
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the platform
- Device Information: Browser type, operating system, IP address
- Cookies: Session cookies for authentication and preferences (see our Cookie Policy)
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve our Services
- Generate AI-powered compliance assessments, policy documents, and recommendations
- Process transactions and send related information
- Send technical notices, updates, and security alerts
- Respond to your comments, questions, and support requests
- Monitor and analyze trends, usage, and activities
- Detect, investigate, and prevent fraudulent transactions and unauthorized access
- Comply with legal obligations
3. AI and Machine Learning
Our Services use artificial intelligence to generate compliance documents, risk assessments, and recommendations. When using AI features:
- Your organization data is used as context to generate personalized outputs
- We use third-party AI providers (such as OpenAI) to process requests
- AI-generated content is based on your inputs and our compliance knowledge base
- We do not use your data to train external AI models without explicit consent
4. Information Sharing
We do not sell your personal information. We may share your information with:
- Service Providers: Third parties that perform services on our behalf (hosting, payment processing, analytics)
- AI Providers: To process AI-powered features (subject to their privacy policies)
- Legal Requirements: When required by law, legal process, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you have given us explicit permission
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS) and at rest
- Secure cloud infrastructure (AWS)
- Access controls and authentication (AWS Cognito)
- Regular security assessments and monitoring
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as your account is active or as needed to provide Services. We may retain certain information for legitimate business purposes or as required by law. You may request deletion of your account and associated data by contacting us.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information
- Object to or restrict certain processing
- Data portability
- Withdraw consent (where processing is based on consent)
To exercise these rights, please contact us at contact@cyberpolicify.com.
8. Third-Party Services
Our Services integrate with third-party services including:
- Google: For authentication (Google Sign-In)
- Stripe: For payment processing
- AWS: For cloud infrastructure and hosting
- OpenAI: For AI-powered features
These services have their own privacy policies, and we encourage you to review them.
9. Children's Privacy
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Services after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us: