This Privacy Policy explains how Cybörü ("Cybörü," "we," "us") handles personal information when you visit our website, request a demo, or use our autonomous offensive-security platform. Because the platform conducts authorized offensive operations against assets you explicitly define, this policy carefully distinguishes between data about you and your users and the data generated during an engagement. This text is a placeholder for illustration and should be reviewed and finalized by qualified counsel before publication.
1. Overview
Cybörü operates a continuous, autonomous offensive-security platform that performs recon, analysis, exploit-chain construction, and proof generation against assets you authorize. We process personal information lawfully, transparently, and only for the purposes described here. This policy applies to all Cybörü web properties and to the platform itself, and forms part of the agreement governing your use of our services.
2. Information We Collect
We collect information you provide directly, information generated through your use of the platform, and limited technical data collected automatically:
- Account and contact details — name, work email, company, role, and demo-request context.
- Engagement configuration — defined scope, in-scope domains and IP ranges, exclusions, and rules of engagement.
- Platform usage — authentication events, console actions, run history, and report access.
- Technical and device data — IP address, browser type, and diagnostic logs needed to operate the service.
- Billing data — processed by our payment provider; we do not store full payment-card numbers.
3. How We Use Information
We use personal information to provide, secure, and improve the platform, and to communicate with you about your account and engagements. Specifically, we use it to:
- Authenticate users, provision access, and enforce scope and authorization controls.
- Run authorized autonomous assessments and deliver proof-of-exploitability findings.
- Provide support, respond to inquiries, and send service and security notices.
- Monitor for abuse, detect threats, and meet our legal and contractual obligations.
- Analyze aggregated, de-identified usage to improve product quality.
4. Engagement & Target Data Handling
During an authorized engagement, the platform may observe data residing on or transmitted by in-scope systems, including information that constitutes evidence of an exploitable path. We treat all engagement output — discovered credentials, captured tokens, screenshots, and proof artifacts — as highly sensitive customer data. We process it solely to demonstrate exploitability and report findings to you, never to reach systems outside the scope you have authorized. Cybörü is scope-safe by design: actions are fail-closed against your declared scope, and we do not retain harvested secrets longer than necessary to support the corresponding finding. You remain the controller of all data within your environment.
5. Sharing & Subprocessors
We do not sell personal information. We share it only with vetted subprocessors who support our service under contractual confidentiality and data-protection obligations — for example, cloud infrastructure, error monitoring, and payment processing. We may also disclose information where required by law, to protect rights and safety, or in connection with a corporate transaction, subject to continued protection under this policy. A current list of subprocessors is available on request.
6. Data Retention
We retain personal information only for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Engagement findings and proof artifacts are retained per the retention term defined in your contract and may be purged on request or on engagement closure. Diagnostic logs are kept on a rolling basis and then deleted or anonymized. When information is no longer required, we delete or irreversibly de-identify it.
7. Security
We apply technical and organizational measures appropriate to the sensitivity of the data we handle, including encryption in transit and at rest, least-privilege access controls, isolation of engagement workloads, audit logging, and regular internal security review. No method of transmission or storage is perfectly secure; we work continuously to strengthen our safeguards and will notify affected parties of incidents as required by applicable law.
8. International Transfers
Cybörü may process and store information in countries other than where you are located. Where we transfer personal information across borders, we rely on appropriate safeguards — such as Standard Contractual Clauses or an adequacy determination — to ensure your information receives a level of protection consistent with this policy and applicable law.
9. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. California residents may request disclosure of information collected and request deletion, and will not be discriminated against for exercising these rights. To exercise any right, contact us using the details below; we will verify your request and respond within the timeframe required by law. Where we act as a processor on behalf of a customer, we will direct relevant requests to that customer.
10. Cookies
Our website uses strictly necessary cookies to operate and limited analytics cookies to understand site usage. We do not use cookies for cross-site advertising. You can control cookies through your browser settings; disabling some cookies may affect site functionality.
11. Changes to This Policy
We may update this policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will revise the "last updated" date above and, where appropriate, provide additional notice. Your continued use of the service after an update constitutes acceptance of the revised policy.
12. Contact (DPO)
Questions about this policy or about how we handle your data can be directed to our Data Protection Officer at privacy@cyboru.com. We will respond as promptly as the matter and applicable law allow.
Questions? Contact us.