Cyberou

Last updated 14 May 2026

Privacy Policy

This policy describes what information Cyberou collects, how we use it, and the choices and rights you have. If anything is unclear, email privacy@cyberou.com.

1. About this policy

Cyberou ("we", "us", "our") provides software for cybersecurity marketing and content workflows (the "Service"). This policy explains how we handle personal data when you use our websites, applications, or otherwise interact with us.

Where you use the Service as part of an organisation's account, that organisation is typically the controller of your data and you should refer to their privacy notice. Where you use the Service directly with us, Cyberou is the controller.

2. Information we collect

Information you provide

  • Account details (name, email, password)
  • Workspace content you create, upload, or share with us
  • Billing details when you subscribe to a paid plan
  • Messages you send us via support, sales, or feedback channels

Information we collect automatically

  • Device and browser information (type, operating system, language)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Cookies and similar technologies (see Section 6)
  • Product analytics describing how you use features

Information from third parties

  • Authentication providers when you sign in via SSO
  • Payment processors (transaction status, masked card details)
  • Service providers that help us run the Service

3. How we use information

  • To provide, maintain, and improve the Service
  • To authenticate you and secure your account
  • To process payments and manage subscriptions
  • To communicate with you about your account, security, and changes to the Service
  • To send marketing communications, where you've consented or where permitted under "soft opt-in" rules
  • To detect, prevent, and address fraud, abuse, and security incidents
  • To comply with legal obligations and enforce our terms

4. Legal bases

For users in the United Kingdom and the European Economic Area, we process personal data under the following legal bases:

  • Contract: to provide the Service you've signed up for
  • Legitimate interests: to improve and secure the Service and to communicate with you about it, balanced against your rights
  • Consent: for marketing communications and certain non-essential cookies
  • Legal obligation: to comply with applicable laws and respond to lawful requests

You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing and disclosure

We share personal data with:

  • Service providers we rely on for hosting, analytics, email delivery, payments, and customer support, under contracts that require them to protect your data
  • Authorities when required by law, court order, or to protect our rights, users, or the public
  • Other parties with your consent or at your direction
  • Successors in the event of a merger, acquisition, financing, or sale of business assets

We do not sell personal data.

6. Cookies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. You can manage non-essential cookies via your browser settings or any in-product cookie controls we offer. Disabling essential cookies may break parts of the Service.

7. International transfers

We may transfer personal data to countries outside the UK or EEA (for example, to service providers based in the United States). Where we do, we rely on appropriate safeguards, such as the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or adequacy decisions, and conduct transfer risk assessments where required.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymise it.

9. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data ("right to be forgotten")
  • Object to or restrict processing
  • Data portability
  • Withdraw consent for processing based on consent
  • Lodge a complaint with a supervisory authority. In the UK, that's the Information Commissioner's Office (ico.org.uk)

To exercise these rights, email privacy@cyberou.com. We may need to verify your identity before responding.

10. Security

We use technical and organisational measures to protect personal data, including encryption in transit, access controls, and regular security review. No system is perfectly secure; if we discover a breach affecting your data, we will notify you and the relevant authorities as required by law.

11. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Material changes will be highlighted in the Service or by email.

13. Contact

For questions about this policy or how we handle your personal data:

  • Email: privacy@cyberou.com
  • Post: Cyberou, [Registered address], United Kingdom
  • Company number: [Company number]