Effective Date: June 18, 2025 Last Updated: June 18, 2025

Cyware Labs, Inc. ("Cyware," "we," "us," or "our") operates the website at https://www.cyware.com (the "Site") and is committed to protecting your privacy. This Privacy Policy (the "Policy") explains how we collect, use, disclose, and protect your Personal Data when you use our Site, services, products, applications, software, or events (collectively, our "Data Sources"). By using our Data Sources, you agree to the practices described in this Policy.

If you have questions about this Policy or wish to exercise your privacy rights, please contact us at privacy@cyware.com.

1. Scope

This Policy applies to the following Data Sources:

  • Services: Our products, services, applications, software, and events offered through the Site, unless a separate privacy policy applies.
  • Websites: The Site and its subdomains, accessible via web or mobile browsers.
  • Events: Any online or in-person events we host, whether public or by invitation.

This Policy does not apply to third-party websites, applications, or services linked from our Data Sources, which are governed by their own privacy policies.

2. Types of Personal Data We Collect

We collect and process "Personal Data," defined as information that identifies, relates to, or could reasonably be linked with an individual, either alone or in combination with other data.

We collect the following categories of Personal Data through your use of our Data Sources, third-party interactions related to you, or direct interactions (e.g., newsletter subscriptions, job applications, or inquiries).

We do not collect sensitive personal data (e.g., racial/ethnic origins, health data, or biometric data) unless explicitly required and consented to for specific purposes.

3. How We Collect Personal Data

We collect Personal Data through:

  • Direct Interactions: When you provide information by filling out forms, subscribing to newsletters, applying for jobs, attending events, or contacting us.
  • Automated Technologies: Through cookies, web beacons, or similar technologies that collect usage data when you interact with our Data Sources.
  • Third Parties: From service providers (e.g., HubSpot for marketing), partners, or other entities providing data related to you with your consent or as permitted by law.
  • Public Sources: From publicly available information, such as professional profiles, where lawful.

4. How We Use Your Personal Data

We process Personal Data for the following purposes, based on lawful grounds such as your consent, contractual necessity, legitimate interests, or legal obligations:

  • To provide, operate, and improve our Data Sources.
  • To personalize your experience and deliver relevant content.
  • To respond to inquiries and provide customer support.
  • To conduct analytics and monitor usage patterns.
  • To ensure security and prevent fraud.
  • To send marketing communications (with your consent).
  • To comply with applicable legal and regulatory requirements.

We will not process your Personal Data for purposes incompatible with those listed above without notifying you and, where required, obtaining your consent.

5. How We Share Your Personal Data

We may share your Personal Data with the following recipients, subject to appropriate safeguards:

  • Service Providers: Third parties that process Personal Data on our behalf to deliver services, such as:
    • Payment processors
    • IT and hosting providers
    • Marketing platforms (e.g., HubSpot)
    • Identity verification or analytics providers
  • Corporate Affiliates: Our subsidiaries or affiliates, for purposes consistent with this Policy.
  • Business Transfers: In connection with a merger, acquisition, restructuring, or sale of assets.
  • Legal and Regulatory Authorities: Government agencies, courts, or law enforcement, to comply with legal obligations or protect our rights, privacy, or safety.
  • Other Third Parties: With your consent, or as necessary to fulfill a contract or protect legitimate interests (e.g., event co-hosts).

We do not sell your Personal Data as defined under the CCPA/CPRA or similar laws. We may share usage data with third-party advertisers or analytics providers for interest-based advertising, with your consent (see Section 6).

6. Cookies and Tracking Technologies

We and our third-party partners use cookies, web beacons, and similar technologies to collect usage data such as IP addresses, browser types, and browsing behavior. These support:

  • Functionality: Enabling key features (e.g., account login).
  • Analytics: Understanding interaction with our Data Sources.
  • Advertising: Delivering personalized ads (with your consent).

You can manage cookie preferences via our Cookie Consent tool or browser settings. Learn more at www.aboutads.info/choices or www.networkadvertising.org/choices.

7. Third-Party Websites and Applications

Our Data Sources may contain links to third-party websites or apps not controlled by Cyware. We are not responsible for their privacy practices. Please review their privacy policies before engaging with them.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

  • Access
  • Correction
  • Deletion
  • Restriction
  • Objection
  • Data portability
  • Withdraw consent
  • Non-discrimination for exercising rights

To exercise your rights, contact us at privacy@cyware.com. We will verify your identity using:

  • Account information (if applicable), and
  • Two forms of identification (for data access requests).

We will respond within 45 days (extendable to 90 days with notice). You may designate an authorized agent with proof of authorization.

9. International Data Transfers

We may transfer your Personal Data to countries outside your jurisdiction, including the U.S. We ensure adequate protection through:

  • EU-U.S. Data Privacy Framework (DPF): Certified by the U.S. Department of Commerce (learn more).
  • Standard Contractual Clauses (SCCs): For non-adequate jurisdictions.
  • Binding Corporate Rules: Where applicable.

We cooperate with EU Data Protection Authorities (DPAs) and the UK Information Commissioner’s Office (ICO) for unresolved DPF complaints. You may also seek arbitration under the DPF.

10. Data Retention

We retain Personal Data as long as needed to fulfill the purposes in this Policy, comply with legal obligations, or resolve disputes. Retention duration depends on data type and purpose (e.g., account data is retained until deletion, unless required by law). Specific retention details are available upon request.

11. Marketing Communications

You may opt out of marketing communications by:

Opting out does not affect transactional, legal, or administrative communications.

12. Children’s Privacy

Our Data Sources are not intended for children under 16 (or 18 where required by law). We do not knowingly collect data from children without verified parental consent. If you believe we’ve collected such data, contact privacy@cyware.com and we will act accordingly.

13. Updates to This Policy

We may update this Policy to reflect legal or operational changes. Updates will be posted here with the revised “Last Updated” date. Continued use of our Data Sources constitutes acceptance of the updated Policy. For significant updates, we may provide additional notice (e.g., banner or email).

14. Contact Us

For questions, complaints, or to exercise your privacy rights:

Email: privacy@cyware.com Mail: Cyware Labs, Inc. 111 Town Square Place, Suite 1203, #4 Jersey City, NJ 07310 United States

For EU/UK residents: Our EU representative is the United States Council for International Business (USCIB). For DPF-related issues, contact the U.S. Department of Commerce or your supervisory authority.

15. Compliance and Certifications

We adhere to the following frameworks:

  • ISO 27001: Information security management
  • EU-U.S. Data Privacy Framework (DPF): For data transfers from the EU and UK