Privacy Policy

1. Introduction

Cyble (“Cyble,” “Cyble Saratoga,” or the “Company”) respects your privacy and is committed to protecting it in accordance with this Privacy Policy. 

This Privacy Policy describes the types of information that Cyble may collect from you or that you may provide when you access or use the Cyble Saratoga software-as-a-service platform (the “Software”), and Cyble’s practices for collecting, using, storing, protecting, and disclosing that information. 

This Privacy Policy applies to information collected: (i) from customer-provided user access details (name and email address); (ii) through manual data entry by customers within the Software; and (iii) through authorized API-based integrations with customer security tools. 

BY ACCESSING OR USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY. 

2. Corporate and Government Customers Only

The Software is intended solely for use by authorized corporate customers and government entities that have entered into a contractual agreement with Cyble. Access to the Software is limited to authorized users whose credentials (name and email address) are provided by a customer-designated administrator and governed by the applicable End User License Agreement (EULA) or such agreement authorizing the use. 

3. Children Under the Age of 13

The Software is not intended for use by children under the age of 13. Cyble does not knowingly collect Personal Data from children under 13. If such data is identified, Cyble will take reasonable steps to delete it. 

4. Information We Collect

Personal Data 

Cyble collects a limited set of Personal Data, consisting of: 

• Name and email address of authorized users for platform access. 
• User identifiers that may appear in alerts or incident records received from integrated security tools. 

Cyble does not intentionally collect additional personal information such as residential addresses, phone numbers, or government identifiers. 

Non-Personal and Operational Data 

Cyble also processes non-personal and organizational data provided or generated through use of the Software, including: 

• Cybersecurity controls and maturity information. 
• Organizational structure data. 
• Financial information such as annual revenue and cost of security controls. 
• General company information such as headcount, geography, company name, and logo. 
• IT asset inventory data. 
• Cloud asset data, security posture, configurations, vulnerabilities, and compliance status. 
• Threat intelligence, alerts, and incident metadata. 

5. How We Collect Information

Cyble collects information only in the following ways: 

1. User Access Information

Customer administrators provide the name and email address of users who require credentials to access the Software. 

2. Manual Data Entry

Customers may manually enter organizational, financial, cybersecurity maturity, and IT asset inventory data directly into the Software or upload such data using supported Excel templates. 

3. IT Asset Inventory Data

IT asset data may be entered manually or uploaded using Excel templates. For cloud environments, asset data may also be obtained through authorized integrations with Cloud Security Posture Management (CSPM) tools. 

4. Automated Collection via Authorized API Integrations

Cyble collects technical and security-related data through secure, customer-authorized API integrations with tools such as CSPM, SIEM, SOAR, vulnerability management, and threat intelligence platforms. 

Cyble does not use cookies, tracking pixels, or behavioral tracking technologies for end-user monitoring. 

6. How We Use Information

Cyble uses the information collected solely for the following purposes: 

• To operate and maintain the Software. 
• To run analytical models that calculate inherent risk, residual risk, and Return on Security Investment (RoSI). 
• To correlate alerts and incidents received from integrated security tools. 
• To generate operational metrics, dashboards, reports, and analytics. 
• To verify compliance with contractual terms, including the EULA. 
• To meet legal and regulatory obligations. 

Cyble does not use customer information for advertising, marketing, or unrelated profiling purposes. 

7. Lawful Bases for Processing Personal Data

Cyble processes Personal Data based on one or more of the following lawful bases, as applicable: 

• Performance of a contract with the customer. 
• Compliance with legal obligations. 
• Legitimate interests related to providing cybersecurity analytics and risk management services. 
• Consent, where required by applicable law. 

8. Disclosure of Information

Cyble may disclose information: 

• To affiliates, contractors, and service providers supporting the operation of the Software. 
• In connection with a merger, acquisition, restructuring, or sale of assets. 
• To comply with applicable laws, legal processes, or regulatory requests. 
• With customer consent. 

Cyble does not sell or rent Personal Data. 

9. Cross-Border Data Transfers

Personal Data may be transferred to and processed in countries outside the customer’s jurisdiction for the purpose of providing the Software and related support services. 

Cyble implements appropriate safeguards in accordance with applicable data protection laws to protect Personal Data transferred across borders. 

10. Data Security

Cyble maintains reasonable administrative, technical, and organizational safeguards designed to protect Personal Data, including: 

• Secure infrastructure and firewalls. 
• Encryption of data in transit using TLS/SSL protocols. 
• Access controls based on role and necessity. 

Customers are responsible for maintaining the confidentiality of their user credentials. 

While Cyble takes reasonable steps to protect Personal Data, no method of transmission over the internet is completely secure. 

11. Data Retention

The only Personal Data processed by Cyble consists of: 

• Names and email addresses used for user credentials. 
• User identifiers that may appear in alerts or incident data from integrated tools. 

Personal Data is retained only for the duration of the customer’s contractual relationship with Cyble, unless a longer retention period is required by law. 

Upon contract termination or expiration, Personal Data is securely deleted or permanently de-identified in accordance with contractual and legal obligations. 

12. Your Privacy Rights

Depending on applicable law, individuals may have the right to: 

• Access their Personal Data. 
• Request correction of inaccurate or incomplete data. 
• Request deletion of Personal Data. 
• Object to or restrict processing. 
• Withdraw consent where processing is based on consent. 
• Not be subject to automated individual decision-making. 

Requests to exercise these rights may be submitted using the contact details below. 

13. Changes to This Privacy Policy

Cyble may update this Privacy Policy from time to time at its sole discretion. Updates will be posted on the applicable policy page, and the “Last Updated” date will be revised accordingly. Continued use of the Software constitutes acceptance of the updated Privacy Policy. 

14. Contact Information

For privacy-related questions, concerns, or requests, contact: DPO 

Email: [email protected]