--------------------------------------
Cyzo Privacy Policy
Effective Date: November 28, 2025 (Updated: February 5, 2026)
This Privacy Policy applies to all Users of the Cyzo platform.
--------------------------------------
A. Compliance and User Rights
Compliance Framework
Cyzo is committed to data protection and adheres to the Australian Privacy Act 1988 (Australian Privacy Principles - APPs), the General Data Protection Regulation (GDPR) for EU/UK residents, and the California Consumer Privacy Act (CCPA).
GDPR Rights
For data subjects covered by GDPR, you have the right to access, rectification, erasure, restriction of processing, and data portability. Our legal basis for processing is Contractual Necessity (for subscription services) and Legitimate Interest (for security and fraud prevention).
CCPA Rights
California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information (Note: Cyzo does not sell personal information).
Privacy Commitment
We are committed to the protection of your personal information. Any data collected will be used solely for the purposes described herein and outlined in the User Agreement.
--------------------------------------
B. Data Collection and Usage
Data Collected
We collect the following categories of information:
Identity Data: Name, Email, Country of Residence, Organization.
Authentication Data: Unique identifiers provided by our identity management partner (Supabase) and third-party login providers.
Financial Data: We do not store or process your full payment details. Payment information, including card numbers, is processed and stored securely by our payment service providers.
Technical Data: IP address, device identifiers, browser type, and interaction logs with the authentication flow.
Authentication and Third-Party Providers
Cyzo uses Supabase to provide secure identity management and authentication services. By using our login services, your data is processed according to the following flows:
Email Magic Links (Link/Token Auth): When you request a passwordless login, a secure one-time token and/or a login link is sent to your email address. This process is managed by Supabase.
Social & Enterprise Authentication: You may choose to sign in using third-party providers. In these cases, the provider shares specific profile information with Cyzo to verify your identity.
Specific Provider Disclosures:
Google User Data Disclosure: If you choose to sign in with Google, Cyzo accesses your Google email address, name, and profile picture. We use this data solely to:
Authenticate your identity and secure your account.
Create and manage your user profile within the Cyzo platform.
Storage and Sharing: This data is stored securely in our database (managed by Supabase) for the duration of your account's existence. We do not share your Google user data with third-party tools (such as AI models) or use it for advertisements. We adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Facebook (Meta): Authentication follows the Meta Privacy Policy.
Microsoft Azure (Entra ID): Enterprise and personal account logins are governed by the Microsoft Privacy Statement.
Note: During the authentication process, you may see redirects to supabase.co. This is our trusted infrastructure provider facilitating the secure handshake between Cyzo and your chosen login method.
Security
We maintain technical and organizational measures to ensure the security of your data. However, you acknowledge that no system is 100% secure. You accept that Cyzo is not liable for unauthorized account access primarily due to user negligence or factors outside our control.
Funds, Limits & Fraud Prevention
We use collected identity and transaction data to implement Fraud Prevention measures and enforce transaction limits as required by our payment service providers.
Promotion and Advertising
We may use your email address to inform you of service Promotions or platform updates. We do not share your personal data with third parties for their independent Advertising purposes.
Feedback, Reputation and Reviews
Any personal data provided within Feedback or public Reputation and Reviews will be used for service improvement and public relations, and may be retained indefinitely.
Withdrawals and Refunds
Personal data related to transactions will be processed during Refunds or Withdrawals and retained for the legally mandated period for financial compliance.
Inactive Accounts
Data associated with Inactive Accounts will be retained for a period necessary for audit and legal compliance before being anonymized or deleted.
--------------------------------------
C. Data Attribution & Disclaimer
Sources of Vulnerability and Threat Information: This application uses publicly available cybersecurity data from multiple sources to enhance user awareness and protection including but not limited to the following:
CISA (Cybersecurity and Infrastructure Agency): Data and advisories are sourced from CISA, a U.S. government agency. This material is in the public domain under 17 U.S.C. § 105. No affiliation or endorsement by CISA or the U.S. Government is implied.
NVD (National Vulnerability Database, NIST): Vulnerability data is obtained from the NVD maintained by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce.
CVE (Common Vulnerabilities and Exposures, CVE.org): CVE identifiers are sourced from the CVE® Program, operated by The MITRE Corporation. No endorsement or partnership is implied.
General Disclaimer: All vulnerability and threat information provided through this application is for informational purposes only. Users are encouraged to verify all information with official sources before taking action.
--------------------------------------
D. Restricted Countries and Geographic Limitations
Use of the Service is subject to applicable export control laws, trade restrictions, and international sanctions. Accordingly, the Service may not be accessed or used by individuals or entities located in, ordinarily resident in, or otherwise affiliated with countries or regions that are subject to comprehensive embargoes, government restrictions, or security-related prohibitions applicable to our platform or to our data providers.
We currently restrict access from the following jurisdictions (“Restricted Countries”): Afghanistan, Belarus, Cuba, Iran, Iraq, North Korea, Russia, South Sudan, Sudan, Syria, Yemen, Somalia, Libya, and Eritrea.
This list may be updated at any time to reflect changes in international regulations, sanctions, or risk assessments. We may block, limit, or disable access to the Service based on your IP address, billing information, account activity, or other signals indicating that you are accessing the Service from a Restricted Country.
By using the Service, you represent and warrant that you are not located in, under the control of, or a resident of any Restricted Country and that you are not otherwise prohibited from using the Service under applicable export laws or regulatory frameworks.
--------------------------------------