Privacy Policy

Last Updated: March 28, 2026

Welcome to Cyberraxha. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices in accordance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

This policy covers all Cyberraxha products, including the Cyberraxha security analysis platform and the Agentic AI Connect mobile app (available on Google Play). Where practices differ between products, this is noted explicitly.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (for authentication and communication)
• Name (if provided through OAuth providers like Google or Apple)
• Profile photo (if provided through OAuth providers)
• Authentication provider (Google, Apple, or email link)

1.2 Usage and Analysis Data

When you use our security analysis features, we collect:

• Content submitted for analysis (text messages, URLs, images, phone numbers, email addresses)
• Analysis results (risk scores, threat classifications)
• Device information (operating system, app version, platform)
• Timestamps (when you use our services)
• Usage patterns (features used, frequency of analysis)

1.3 Learning Progress Data

• Module completion status
• Quiz and test results
• Simulation performance
• Learning streaks and achievements

1.4 Technical Data

• IP address (for security purposes and approximate city-level location detection)
• Device identifiers
• Browser type and version
• Error logs and crash reports

1.5 Agentic AI Connect Mobile App

The Agentic AI Connect mobile app collects the following additional data:

• Chat messages — sent to the AI endpoint you configure and stored on Cyberraxha servers for up to 365 days. We retain this data to protect the security and integrity of the service (e.g. detecting abuse, fraud, and policy violations) and to build and improve product features. This processing is based on our legitimate interests under GDPR Article 6(1)(f). Messages are automatically and permanently deleted after 365 days.
• Subscription status — to determine which features you have access to.
• Approximate location (IP-based, automatic) — your IP address is automatically used server-side to determine your approximate city-level location (e.g. "Berlin, Germany") to provide relevant, localised AI responses such as local weather or news. Only the city/region name is passed to the AI. Your source IP address is logged on Cyberraxha servers for up to 365 days for security purposes (e.g. abuse detection and fraud prevention) and to support product feature development. This processing is based on our legitimate interests under GDPR Article 6(1)(f).
• Approximate location (user-approved, consent-based) — in the Agentic AI Connect app, you may be asked to share your approximate location. This is entirely optional and only collected with your explicit consent (GDPR Article 6(1)(a)). Your approximate location is sent to your configured AI endpoint to enable location-aware responses and is not stored on Cyberraxha servers. You can withdraw consent and disable location sharing at any time in Settings → Privacy.
• Advertising data — broad topic context is used to show relevant ads via Google AdMob. Your message text is never shared with advertisers.

2. How We Use Your Information

2.1 Service Provision

• Authenticate your account and maintain session security
• Analyse submitted content for scam and security threats using AI and Google Web Risk API
• Display analysis results and history
• Track your learning progress and personalise your experience
• Provide customer support through our chat service
• Send your messages and (if enabled) location to the AI endpoint you configure in the Agentic AI Connect app
• Determine your approximate city-level location from your IP address to deliver localised AI responses
• Manage access to paid features based on your subscription status
• Show advertisements to free-tier users of the Agentic AI Connect app

2.2 Security, Service Improvement & Feature Development (365-Day Retention)

We retain chat messages, source IP addresses, and related data for up to 365 days based on our legitimate interests (GDPR Article 6(1)(f)) to:

• Detect and prevent abuse, fraud, and unauthorised access
• Investigate security incidents and policy violations
• Improve our AI models and detection algorithms
• Identify new scam patterns and trends
• Build and refine product features based on real usage patterns
• Debug and fix technical issues

After 365 days, all retained data is automatically and permanently deleted from our servers. You may object to processing based on legitimate interests at any time by contacting support@cyberraxha.com.

2.3 Marketing Communications

With your consent, we may use your email address to send you:

• Product updates and new feature announcements
• Educational content about cybersecurity and scam awareness
• Tips and best practices for online safety
• Promotional offers and special pricing

You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or updating your preferences in the app settings.

2.4 Legal and Security Purposes

• Comply with legal obligations and respond to lawful requests
• Prevent fraud, abuse, and unauthorised access
• Enforce our Terms of Service
• Protect the rights, safety, and security of our users and the public

3. Data Retention

Data Type	Retention Period
Account information	Until account deletion
Analysed content (messages, URLs, images)	365 days
Analysis results and history	Until account deletion
Learning progress	Until account deletion
Error logs and crash reports	90 days
Chat messages (Agentic AI Connect)	365 days
Source IP address and chat messages (Agentic AI Connect)	365 days (security purposes)

4. How We Share Your Information

4.1 We DO Share With:

• Google Web Risk API — URLs submitted for analysis are checked against Google's threat database
• Anthropic (Claude AI) — Text content is analysed using Claude AI to detect scams and threats
• OpenAI — Text content may be analysed using OpenAI's language models for threat detection and content analysis
• Firebase/Google Cloud — For authentication, hosting, and infrastructure services
• Customer support platform (Crisp) — When you contact support, your messages and email are shared with our support system
• Payment processors (Stripe) — For processing credit purchases (only payment information, not analysis data)
• RevenueCat (Agentic AI Connect) — Manages in-app subscriptions. See RevenueCat Privacy Policy.
• Google AdMob (Agentic AI Connect) — Serves contextual ads to all users. EU/EEA users are shown a consent form; declining shows non-personalised ads only. See Google Privacy Policy.
• ip-api.com (Agentic AI Connect) — Your IP address is sent to ip-api.com solely to resolve your approximate city-level location. ip-api.com does not log or store queried IP addresses. Only the resulting city/region name is used by our AI.
• Your configured AI endpoint (Agentic AI Connect) — Your messages and (if enabled) location are sent to the endpoint you configure. Cyberraxha does not control these endpoints.

4.2 We DO NOT:

• Sell your personal data to any third parties
• Share your message content with advertisers — your actual messages are never shared with ad networks
• Build behavioural profiles for advertising
• Rent or lease your information to anyone
• Provide your data to data brokers

4.3 Legal Disclosures

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Cyberraxha, our users, or the public.

5. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

5.1 Right to Access

Request a copy of all personal data we hold about you.

5.2 Right to Rectification

Request correction of inaccurate or incomplete data.

5.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. You can delete your account at any time through the app settings.

5.4 Right to Data Portability

Request a machine-readable copy of your data to transfer to another service.

5.5 Right to Object

Object to processing of your data for marketing purposes or based on legitimate interests. For the Agentic AI Connect app, you can disable location sharing at any time in Settings → Privacy.

5.6 Right to Restrict Processing

Request limitation of how we process your data in certain circumstances.

5.7 Right to Withdraw Consent

Withdraw consent for data processing at any time (does not affect prior processing). For AdMob personalised ads, you can update your consent choice via the consent form which can be re-triggered from the app.

To exercise any of these rights, contact us at: privacy@cyberraxha.com

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit — All data is encrypted using TLS/SSL during transmission
• Encryption at rest — Sensitive data is encrypted in our databases
• Access controls — Strict authentication and authorisation for system access
• Regular security audits — Periodic reviews of our security practices
• Secure authentication — OAuth 2.0 and Firebase Authentication
• Automatic data deletion — Analysed content is automatically deleted after 365 days

Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and European Union. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Compliance with GDPR requirements for international transfers

8. Children's Privacy

Cyberraxha products are not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@cyberraxha.com.

9. Cookies, Tracking, and Advertising

We use minimal tracking technologies:

• Essential cookies — Required for authentication and app functionality
• Analytics — Anonymous usage statistics to improve the app (you can opt out in settings)

9.1 Advertising (Agentic AI Connect)

All users of the Agentic AI Connect mobile app are shown contextual advertisements served by Google AdMob.

• EU/EEA users — A consent form is shown before ads are served. You can choose non-personalised ads or decline. Your choice can be changed at any time in the app.
• All users — Ads are contextual, based on the general topic of your conversation. Your actual messages are never shared with advertisers.
• Premium subscribers — Ads are shown to all users. Premium provides a higher daily message quota.

We do NOT use:

• Third-party advertising cookies on our website
• Cross-site tracking
• Social media tracking pixels
• Behavioural advertising profiles built from your message history

10. Third-Party Services

Our products integrate with third-party services that have their own privacy policies:

• Google (Firebase, Web Risk API, AdMob) — Google Privacy Policy
• Apple (Sign in with Apple) — Apple Privacy Policy
• Anthropic (Claude AI) — Anthropic Privacy Policy
• OpenAI — OpenAI Privacy Policy
• Stripe (Payments) — Stripe Privacy Policy
• RevenueCat (Subscription management) — RevenueCat Privacy Policy
• ElevenLabs (Voice AI) — ElevenLabs Privacy Policy
• ip-api.com (IP Geolocation) — Used in Agentic AI Connect to resolve your IP address to an approximate city-level location. ip-api.com does not log queried IP addresses.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy in the app with an updated "Last Updated" date
• Sending an email notification to your registered email address
• Displaying an in-app notification

Your continued use of Cyberraxha after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@cyberraxha.com
Support: support@cyberraxha.com
Data Protection Officer: dpo@cyberraxha.com

13. Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.