CyberHeera

Privacy Policy

Last updated: 2026-04-26 · Effective: 2026-04-26

This policy explains how CyberHeera, Inc. ("CyberHeera", "we", "us", "our") collects, uses, stores, discloses, and protects information when you visit cyberheera.com or use the CyberHeera platform (the "Service"). By using the Service you agree to the practices described here.

1. Who we are

CyberHeera, Inc. is a Delaware C Corporation headquartered at 22730 East Briarwood Place, Aurora, CO 80016, United States. For privacy questions, write to privacy@cyberheera.com.

2. What we collect

  • Account data. Name, business email, organization name, role, hashed credentials, and authentication metadata for users you provision into the platform.
  • Customer telemetry and security events. Logs, alerts, asset inventory, configuration data, identity records, and other operational metadata generated by the agents and connectors you deploy. This is the operational data the platform exists to analyze.
  • Service usage data. Request logs, audit log entries for actions taken in the product, error reports, and aggregated usage metrics that help us run and improve the Service.
  • Support correspondence. Email, chat, and ticket content you send to us, plus any attachments.
  • Billing data. Company, billing contact, billing address, tax identifiers, and last-four payment metadata. We do not store full payment card numbers; that is handled by our payment processor.
  • Marketing site visits. Standard server access logs (IP address, user agent, requested URL, timestamp) for cyberheera.com. We do not run third-party advertising trackers on the marketing site.
  • Contact form submissions. Your name, work email, company, and message when you write to us through the contact form.

3. Why we collect it

  • To provide, operate, and improve the Service you signed up for.
  • To detect and respond to security events on your tenant.
  • To produce the audit and compliance evidence you ask the product to generate.
  • To respond to your support, sales, and contact-form inquiries.
  • To bill you and meet our tax, accounting, and other legal obligations.

4. Where it lives

Customer data is stored in our production environment hosted on third-party cloud infrastructure in the United States. Data is encrypted in transit using TLS and at rest using AES-256. Backups are encrypted at rest with the same standard. We do not knowingly transfer customer data outside the United States without notice to the account owner.

5. Sub-processors

We use a small set of third-party processors to operate the Service. The current list is:

  • Cloud infrastructure provider (US region) for compute, storage, and backups.
  • Resend for transactional email delivery (account verification, password reset, contact-form forwarding).
  • Stripe for payment processing, where applicable to your subscription.
  • Identity providers you choose to integrate (Microsoft Entra ID, Okta, Google Workspace, etc.) for SSO and SCIM. These see only the identity data your tenant configures them to.

We notify the account owner in advance of material changes to the sub-processor list. The current list is also available on request to privacy@cyberheera.com.

6. Retention

  • Account data: retained for the duration of your subscription plus 7 years after account closure, to satisfy tax, accounting, and dispute-resolution obligations.
  • Audit log entries: retained for 7 years from the date of the recorded event.
  • Operational telemetry and security events: retained for the windows configured in your tenant settings, with a default of 90 days for live storage and longer in cold backups.
  • Encrypted backups: retained for 90 days, then deleted on a rolling schedule.
  • Marketing form submissions: retained for 2 years from receipt, then deleted.

Retention windows can be adjusted on a per-tenant basis where contractually agreed and where adjustment does not violate applicable law.

7. Cookies

cyberheera.com does not use third-party advertising cookies, fingerprinting trackers, or behavioral advertising tags. The platform at app.cyberheera.com sets a small number of strictly-necessary cookies for authentication (a SameSite=Lax HttpOnly session cookie and a CSRF cookie). We do not use these cookies to track you across other sites.

8. Your rights

If you are a resident of the European Union, the United Kingdom, or another jurisdiction covered by the GDPR, you have the right to access, rectify, erase, restrict processing of, and port your personal data, and to object to processing. If you are a California resident covered by the CCPA, you have the right to know what personal information we collect, to delete it, to correct it, to opt out of any sale or sharing of personal information, and to non-discriminatory treatment when you exercise these rights. We do not sell personal information.

To exercise any of these rights, write to privacy@cyberheera.com. We will respond within the timeframes required by applicable law (typically 30 days for GDPR; 45 days for CCPA, extendable once by 45 days where allowed).

9. International transfers

If we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) and any equivalent UK or Swiss safeguards as the lawful transfer mechanism. A copy of the SCCs we use is available on request.

10. Children

The CyberHeera platform is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it.

11. Security

See our Security page for an overview of how we protect customer data. We will notify affected customers of a personal-data breach within the timeframes required by applicable law, including the 72-hour notification window required by the GDPR.

12. Changes to this policy

We will update this page when our practices change. Material changes will be communicated through the product or via email to the account owner at least 14 days before they take effect, except where a change is required by law to take effect sooner.

13. Contact

Privacy questions, data subject requests, or concerns: privacy@cyberheera.com. Mailing address: CyberHeera, Inc., 22730 East Briarwood Place, Aurora, CO 80016, United States.