Privacy Policy

Last updated: July 13, 2025 • v1.0

Cyberbase.ai ("we," "us," or "our") is committed to protecting the privacy and integrity of our users' data. This Privacy Policy explains how we collect, use, store, and share personal data and organizational information in connection with our services, including our AI-powered contract redlining, security posture automation, and due diligence response systems.

By accessing or using Cyberbase.ai, you consent to the practices described in this Privacy Policy.

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

We collect the following types of information when you use our services:

  • Account Information: Name, email address, company name, role, authentication credentials.
  • Customer Data: Contracts, policies, security documentation, due diligence responses, and other inputs provided by you through the Services.
  • Support Interactions: Information you send via support tickets, feedback, or inquiries.

1.2 Information We Collect Automatically

  • Usage Data: Log data, page views, query metadata, feature usage patterns.
  • Device Information: Browser type, IP address, operating system.
  • Cookies and Tracking: We use cookies and similar technologies to enhance user experience and monitor product usage.

2. HOW WE USE YOUR INFORMATION

We use your data strictly to provide and improve our services:

  • To authenticate and authorize user access;
  • To deliver AI-generated insights and redlines based on your submitted data;
  • To provide customer support and resolve issues;
  • To analyze service performance and improve functionality;
  • To communicate with you about feature updates and security alerts;
  • To comply with legal obligations.

3. CUSTOMER DATA AND PRIVACY COMMITMENTS

  • Confidentiality: Customer Data is considered confidential and treated as such under our Terms of Service.
  • Ownership: You retain ownership of your data. We do not claim ownership over Customer Data or Output.
  • No AI Model Training: We will never use Customer Data or Output to train, fine-tune, or validate AI or ML models, unless you provide explicit written consent.
  • Access Controls: Only authorized personnel with a legitimate business need may access Customer Data, and all such personnel are bound by confidentiality obligations.
  • Data Residency: Data is stored in secure cloud infrastructure located in the United States unless otherwise agreed.

4. USE OF AGGREGATED DATA

We may generate and use de-identified, anonymized, or aggregated data ("Aggregated Data") derived from Customer Data. This data:

  • Cannot reasonably be used to identify any individual or organization;
  • Is used only to improve service performance, enhance detection of emerging market security trends, and monitor aggregate system usage;
  • Will never be sold, licensed, or shared in a form that reveals Customer identity.

5. DISCLOSURE OF INFORMATION

We do not sell or rent personal data or Customer Data. We may share information only in the following circumstances:

  • With subprocessors that help us provide our Services, under strict confidentiality and security obligations;
  • As required by law, subpoena, or lawful request from law enforcement authorities;
  • In connection with a merger, acquisition, or corporate restructuring, provided we notify affected users.

6. DATA SECURITY

We maintain a robust security program designed to:

  • Protect against unauthorized access, disclosure, or destruction of data;
  • Encrypt data in transit and at rest;
  • Monitor access and usage patterns;
  • Conduct regular security assessments and audits.

We comply with industry standards, including SOC 2 Type II and ISO 27001.

7. YOUR RIGHTS AND CHOICES

Subject to applicable law, you may have the right to:

  • Access the personal data we hold about you;
  • Correct or update your data;
  • Request deletion of your data (subject to contractual and regulatory requirements);
  • Object to certain processing activities.

To exercise your rights, contact us at privacy@cyberbase.ai.

8. DATA RETENTION

We retain Customer Data for the duration of your contract and for up to 90 days after termination unless instructed otherwise. Aggregated Data may be retained indefinitely, in a non-identifiable form.

9. INTERNATIONAL DATA TRANSFERS

If you access the Services from outside the United States, your data may be transferred to and processed in the United States. We use appropriate safeguards, such as Standard Contractual Clauses (SCCs), to protect international transfers.

10. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will notify you of material changes through the Service or via email. Continued use constitutes acceptance.

11. CONTACT US

If you have any questions or concerns, contact us at: Cyberbase.ai Privacy Team privacy@cyberbase.ai San Francisco, CA, United States