Product Privacy Data Sheet

Last Updated 13 May, 2025

At Cybera, we care about our customers’, employees’, and end-users’ privacy, and have implemented a series of processes, policies, and measures to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and all other applicable privacy regulations. This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by Cybera in the provision of such services to its enterprise customers.

‍

Overview of Cybera Scam Prevention

CYBERA delivers verified, non-probabilistic anti-scam intelligence, seamlessly integrating with existing fraud and anti-money laundering (AML) systems.

Our intelligence actively blocks outgoing payments to scammers, detects mule accounts with precision, and uncovers hidden fraud networks—enabling financial institutions to stay ahead of evolving threats.

Any data collected by Cybera as part of its services belongs to the customer and is considered to be Customer Data. Customer Data may or may not include Personal Data. Cybera only uses Customer Data for the purpose of providing the services as described in our agreements and product documentation.

The following paragraphs describe which personal data Cybera processes to deliver its services, the location of that data and how it is secured in accordance with privacy principles, laws and regulations.

‍

Personal Data Processing

Cybera Platform

The table below lists the personal data used by Cybera to carry out its services and describes why Cybera processes such data.

‍

Personal Data	Purpose of Processing
Customer Account Data (Customer contact info for product users)	Creating an account – Data collected are for product enablement, product use notifications, training and support only
Customer Scam Reporting Data (Name, email address, physical address, contact information, details of scam event, value of lost funds, information about transaction details)	Providing the service

‍

Customer Support Data

Cybera may receive and process PII that is provided by a Cybera customer when they make a support request to Cybera (“Customer Support Data”). Cybera only processes this data to assist the customer in resolving the issue and to improve Cybera’s services and support function.

Outside of the necessary requester contact information, Cybera does not intentionally collect or process PII via a customer support request. Cybera instructs customers to provide the minimum amount of personal data necessary to adequately provide the support request. Nonetheless, a customer may provide unsolicited personal data in the request or supporting attachments.

‍

Personal Data	Purpose of Processing
Customer Support Data. The below is representative though not exhaustive list of the information a customer may provide to Cybera in a support request that may contain PII: name, email address, phone number of employee making request, information regarding support issue, software and/or hardware configuration files provided to enable support request, error-tracking files	Provide customer support Review and improve the quality of support service Improve Cybera Services
Customer Support Case Attachment. The below is representative though not exhaustive list of the information a customer may provide to Cybera in a support request that may contain PII: device configuration, command line interface (i.e. show commands), product identification numbers, host names, IP addresses, operating system (OS) feature sets, OS software version, browser type and version	Provide customer support Review and improve the quality of support service Improve Cybera Services

‍

Cross Border Transfers

When a new customer purchases access to Cybera services, that customer’s Customer Account Data is always created, processed, and stored according to applicable privacy laws and if applicable a data processing agreement.

Cybera’s processing of personal data for customers whose employees are residents of US states is compliant with state-specific privacy laws as they apply to those states’ residents.

Cybera acts as a “processor” or “service provider” in relation to the data our EU, EEA, and UK customers submit, manage, use, or process according to the European Union’s (EU) General Data Protection Regulation 2016/679, the “EU GDPR” or, where applicable, the “United Kingdom (UK) GDPR.”

Cybera services are hosted on Microsoft Azure. For information regarding Microsoft Azure compliance/certification please refer to documentation online at https://learn.microsoft.com/en-us/azure/compliance/

For information regarding GDPR impacts to cross border data transfers, please see the section on GDPR.

‍

Access Control

Personal Data	Who has Access	Purpose of Access
Customer Account Data	Customers	Granting and managing access to their own account.
Customer Account Data	Cybera Employees – Licensing Operations, Engineering Operations and Support staff only	Creating an account and validating license entitlements and general product support and operations
Customer Identification Information	Cybera Employees – Engineering Operations and Support staff only	Providing the services and general product support and operations
Customer Support Data	Customers	Submitting customer support requests
Customer Support Data	Cybera Employees – Licensing Operations, Engineering Operations and Support staff only	Providing customer support

‍

Data Retention

Customer Account Data

Customer account data is retained for as long as the customer is an active customer of Cybera services. In the event that a customer terminates its subscription, Cybera will retain such Customer Account Data as necessary to fulfill the purpose(s) for which it was collected, provide our service, resolve disputes, support audits, pursue our legitimate interests, enforce agreements, and comply with laws, according to the terms of the Data Processing Agreement that we have executed with your company. When possible and contractually permitted, Cybera removes all stored contact information, including potential PII, from all instances of Cybera’s product and customer relationship management platforms. Cybera retains basic customer relationship management data information of a customer as necessary to ensure support of recurring issues and to comply with audit policies related to business records of services provided to customers.

Customer Identification Information

Customer Identification Information is retained for as long as the customer is an active customer of Cybera services. In the event that a customer terminates its subscription, Cybera will retain such Customer Identification Information Data as necessary to fulfill the purpose(s) for which it was collected, provide our service, resolve disputes, support audits, pursue our legitimate interests, enforce agreements, and comply with laws, according to the terms of the Data Processing Agreement that we have executed with your company. When possible and contractually permitted, Cybera removes all stored information, including potential PII, from all instances of Cybera’s product platforms.

Customer Support Data – Customer Support Data is retained for as long as the customer is an active Cybera Brand Protection customer. In the event a customer terminates their subscription, Cybera will retain Customer Support Data until the customer requests in writing that Cybera remove all Customer Support Data, including potential PII from Cybera systems and third-party customer support platforms. Cybera retains related support data as necessary to ensure support for recurring issues and to comply with audit policies related to business records of services provided to customers.

‍

Personal Data Security

Cybera has data governance processes in place and has built its processing practices around the principles of data protection by design and by default. This includes data minimization, pseudonymization (where possible), and enhanced and up-to-date security features, such as encryption, confidentiality, integrity, resilience of processing systems, and ability to restore personal data in a timely manner in the event of an incident. Cybera’s technical and organizational measures and risk mitigation plans are audited, tested, and re-evaluated on an annual basis to ensure the appropriateness of its systems, networks, and business practices on an ongoing basis.

Personal Data	Type of Encryption
Customer contact info for product admins and users	Encrypted in transit and encrypted at rest.
Customer Identification Information	Encrypted in transit and encrypted at rest.
Customer Support Data	Encrypted in transit and encrypted at rest.

Cybera will notify its customers without undue delay after learning of a data breach, if required by law, and has mechanisms by which it can detect and report data breaches.

‍

Third Party Service Providers

Cybera engages third parties to support the delivery and availability of the service. Some of these third parties are engaged as sub-processors to host or process Customer Data.

Cybera’s agreements with its sub-processors reflect the obligations and commitments it has and makes to its customers. Cybera conducts prior due diligence on sub-processors before contracting with them.

The table below lists Cybera’s third party sub-processors authorized to process Customer Data (which may or may not include Personal Data).

Sub-processor	Potential Customer Data Access	Activity
Microsoft Azure	Any Customer Data provided to Cybera	Data Center for all Services
Salesforce	Customer contact information	Sales account records
Recoveris Ltd.	Any Customer Data provided to Cybera	Reporting Services

‍

GDPR (General Data Protection Regulation)

‍

Cybera’s relationship with controllers

‍

In providing the Cybera services, Cybera only processes personal data upon the documented instructions of its customers. To that end, Cybera has template data processing agreements ready for use with its customers, which include the following provisions:

Subject matter and duration of processing
Nature and purpose of processing
Type of personal data and category of data subject in question
Obligations and rights of our customers (as data controllers).

Cybera imposes confidentiality obligations on its authorized personnel who process the personal data. Cybera has implemented measures to assist its customers in complying with data subjects’ rights and requests.

Data Transfers to countries outside the EEA

We share data both with our affiliated companies within the Cybera group and certain external third parties who are based outside the European Economic Area (“EEA”). Any such processing will involve an export of data outside of the EEA. We endeavor to ensure that parties to whom we provide personal data hold it subject to appropriate safeguards and controls. Whenever we transfer our customers’ employees’ personal data out of the EEA to countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:

We use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe known as the Standard Contractual Clauses (SCC) or Model Contracts. For further details, see EU: Standard Contractual Clauses for data transfers between EU and non-EU countries.

For example, our cloud storage provider is Amazon Web Services and we have entered into GDPR-compliant data processing terms, which incorporate by reference Model Contractual Clauses.

Based on Cybera’s understanding of GDPR, in consultation with other large, multinational organizations doing business in the EU, data containing personal data as defined by GDPR, including email addresses of individuals, may lawfully be transferred and reside outside the EEA for the purposes of processing such data to legitimately protect their organizations from cyberattacks.

It is Cybera’s belief and assumption that it meets all current applicable data protection requirements as laid out by the GDPR for the purposes of cross border transfers of personal data.

For further information on Cybera’s data protection practices, please contact dataprotection@cybera.io.

‍