Privacy Policy

Last Updated: December 17, 2024

Welcome to Cyberraxha. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices in accordance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address (for authentication and communication)
Name (if provided through OAuth providers like Google or Apple)
Profile photo (if provided through OAuth providers)
Authentication provider (Google, Apple, or email link)

1.2 Usage and Analysis Data

When you use our security analysis features, we collect:

Content submitted for analysis (text messages, URLs, images, phone numbers, email addresses)
Analysis results (risk scores, threat classifications)
Device information (operating system, app version, platform)
Timestamps (when you use our services)
Usage patterns (features used, frequency of analysis)

1.3 Learning Progress Data

Module completion status
Quiz and test results
Simulation performance
Learning streaks and achievements

1.4 Technical Data

IP address (for security purposes)
Device identifiers
Browser type and version
Error logs and crash reports

Important: We do NOT collect your contacts, location data, or any information not explicitly mentioned in this policy.

2. How We Use Your Information

2.1 Service Provision

Authenticate your account and maintain session security
Analyze submitted content for scam and security threats using AI and Google Web Risk API
Display analysis results and history
Track your learning progress and personalize your experience
Provide customer support through our chat service

2.2 Service Improvement (14-Day Retention)

We retain analyzed content and related data for 14 days to:

Improve our AI models and detection algorithms
Identify new scam patterns and trends
Enhance threat detection accuracy
Debug and fix technical issues
Train our machine learning systems

After 14 days, analyzed content is automatically and permanently deleted from our servers.

2.3 Marketing Communications

With your consent, we may use your email address to send you:

Product updates and new feature announcements
Educational content about cybersecurity and scam awareness
Tips and best practices for online safety
Promotional offers and special pricing

You can opt out of marketing emails at any time by clicking the unsubscribe link in any email or updating your preferences in the app settings.

2.4 Legal and Security Purposes

Comply with legal obligations and respond to lawful requests
Prevent fraud, abuse, and unauthorized access
Enforce our Terms of Service
Protect the rights, safety, and security of our users and the public

3. Data Retention

Data Type	Retention Period
Account information	Until account deletion
Analyzed content (messages, URLs, images)	14 days
Analysis results and history	Until account deletion
Learning progress	Until account deletion
Error logs and crash reports	90 days

4. How We Share Your Information

4.1 We DO Share With:

Google Web Risk API - URLs submitted for analysis are checked against Google's threat database
Anthropic (Claude AI) - Text content is analyzed using Claude AI to detect scams and threats
OpenAI - Text content may be analyzed using OpenAI's language models for threat detection and content analysis
Firebase/Google Cloud - For authentication, hosting, and infrastructure services
Customer support platform (Crisp) - When you contact support, your messages and email are shared with our support system
Payment processors (Stripe) - For processing credit purchases (only payment information, not analysis data)

4.2 We DO NOT:

Sell your personal data to any third parties
Share your data with advertisers for targeted advertising
Rent or lease your information to anyone
Provide your data to data brokers

4.3 Legal Disclosures

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of Cyberraxha, our users, or the public.

5. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

5.1 Right to Access

Request a copy of all personal data we hold about you.

5.2 Right to Rectification

Request correction of inaccurate or incomplete data.

5.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. You can delete your account at any time through the app settings.

5.4 Right to Data Portability

Request a machine-readable copy of your data to transfer to another service.

5.5 Right to Object

Object to processing of your data for marketing purposes or based on legitimate interests.

5.6 Right to Restrict Processing

Request limitation of how we process your data in certain circumstances.

5.7 Right to Withdraw Consent

Withdraw consent for data processing at any time (does not affect prior processing).

To exercise any of these rights, contact us at: privacy@cyberraxha.com

6. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit - All data is encrypted using TLS/SSL during transmission
Encryption at rest - Sensitive data is encrypted in our databases
Access controls - Strict authentication and authorization for system access
Regular security audits - Periodic reviews of our security practices
Secure authentication - OAuth 2.0 and Firebase Authentication
Automatic data deletion - Analyzed content is automatically deleted after 14 days

Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and European Union. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Compliance with GDPR requirements for international transfers

8. Children's Privacy

Cyberraxha is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@cyberraxha.com.

9. Cookies and Tracking

We use minimal tracking technologies:

Essential cookies - Required for authentication and app functionality
Analytics - Anonymous usage statistics to improve the app (you can opt out in settings)

We do NOT use:

Third-party advertising cookies
Cross-site tracking
Social media tracking pixels

10. Third-Party Services

Our app integrates with third-party services that have their own privacy policies:

Google (Firebase, Web Risk API) - Google Privacy Policy
Apple (Sign in with Apple) - Apple Privacy Policy
Anthropic (Claude AI) - Anthropic Privacy Policy
OpenAI - OpenAI Privacy Policy
Stripe (Payments) - Stripe Privacy Policy

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy in the app with an updated "Last Updated" date
Sending an email notification to your registered email address
Displaying an in-app notification

Your continued use of Cyberraxha after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@cyberraxha.com
Support: support@cyberraxha.com
Data Protection Officer: dpo@cyberraxha.com

13. Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.