--------------------------------------
Cyzo Privacy Policy
Effective Date: November 28, 2025 (Updated)
This Privacy Policy applies to all Users of the Cyzo platform.
--------------------------------------
A. Compliance and User Rights
1. Compliance Framework
Cyzo is committed to data protection and adheres to the Australian Privacy Act 1988 (Australian Privacy Principles - APPs), the General Data Protection Regulation (GDPR) for EU/UK residents, and the California Consumer Privacy Act (CCPA).
2. GDPR Rights
For data subjects covered by GDPR, you have the right to access, rectification, erasure, restriction of processing, and data portability. Our legal basis for processing is Contractual Necessity (for subscription services) and Legitimate Interest (for security and fraud prevention).
3. CCPA Rights
California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information (Note: Cyzo does not sell personal information).
4. Privacy
We are committed to the protection of your personal information. Any data collected will be used solely for the purposes described herein and outlined in the User Agreement.
--------------------------------------
B. Data Collection and Usage
5. Data Collected
We collect the following categories of information:
Identity Data: Name, Email, Country of Residence, Organization.
Financial Data: We do not store or process your full payment details. Payment information, including card numbers, is processed and stored securely by our payment service providers. We receive and retain non-sensitive payment tokens, billing address, and subscription history necessary for account management and reporting.
Technical Data: IP address, device identifiers, browser type, and interaction logs with the passwordless sign-in flow.
6. Security
We maintain technical and organizational measures to ensure the Security of your data. However, you acknowledge that no system is 100% secure. You accept that Cyzo is not liable for unauthorized account access primarily due to user negligence or factors outside our control.
7. Funds, Limits & Fraud Prevention
We use collected identity and transaction data to implement Fraud Prevention measures and enforce transaction limits as required by our payment service providers.
8. Promotion and Advertising
We may use your email address to inform you of service Promotions or platform updates. We do not share your personal data with third parties for their independent Advertising purposes.
9. Feedback, Reputation and Reviews
Any personal data provided within Feedback or public Reputation and Reviews will be used for service improvement and public relations, and may be retained indefinitely.
10. Withdrawals and Refunds
Personal data related to transactions will be processed during Refunds or Withdrawals and retained for the legally mandated period for financial compliance.
11. Inactive Accounts
Data associated with Inactive Accounts will be retained for a period necessary for audit and legal compliance before being anonymized or deleted.
12. Data Attribution & Disclaimer
Sources of Vulnerability and Threat Information: This application uses publicly available cybersecurity data from multiple sources to enhance user awareness and protection.
CISA (Cybersecurity and Infrastructure Security Agency) Data and advisories are sourced from CISA, a U.S. government agency. This material is in the public domain under 17 U.S.C. § 105 and may be freely used and redistributed. No affiliation or endorsement by CISA or the U.S. Government is implied.
NVD (National Vulnerability Database, NIST) Vulnerability data is obtained from the National Vulnerability Database maintained by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce. NVD data is in the public domain and may be used without restriction.
CVE (Common Vulnerabilities and Exposures, CVE.org) CVE identifiers and related information are sourced from the CVE® Program, operated by The MITRE Corporation and sponsored by the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). CVE data is publicly available and may be used under open terms. No endorsement or partnership with the CVE Program, MITRE, or its sponsors is implied.
General Disclaimer: All vulnerability and threat information provided through this application is for informational purposes only. While efforts are made to ensure accuracy and currency, no guarantee is made regarding completeness or reliability. Users are encouraged to verify all information with official sources before taking action.
13. Restricted Countries and Geographic Limitations
Use of the Service is subject to applicable export control laws, trade restrictions, and international sanctions. Accordingly, the Service may not be accessed or used by individuals or entities located in, ordinarily resident in, or otherwise affiliated with countries or regions that are subject to comprehensive embargoes, government restrictions, or security-related prohibitions applicable to our platform or to our data providers.
We currently restrict access from the following jurisdictions (“Restricted Countries”): Afghanistan, Belarus, Cuba, Iran, Iraq, North Korea, Russia, South Sudan, Sudan, Syria, Yemen, Somalia, Libya, and Eritrea.
This list may be updated at any time to reflect changes in international regulations, sanctions, or risk assessments. We may block, limit, or disable access to the Service based on your IP address, billing information, account activity, or other signals indicating that you are accessing the Service from a Restricted Country.
By using the Service, you represent and warrant that you are not located in, under the control of, or a resident of any Restricted Country and that you are not otherwise prohibited from using the Service under applicable export laws or regulatory frameworks.
--------------------------------------
