Privacy Policy

We collect three categories of information:

• Information you provide. Account details (name, work email, company), billing information, support requests, and any content you upload to the workspace (assessment responses, evidence files, vendor records).
• Information collected automatically. Device and browser metadata, IP address, pages visited, feature usage, and crash diagnostics. We use cookies and similar technologies as described in our Cookie Policy.
• Information from third parties. Identity verification providers, single sign-on directories you connect (such as Okta or Google Workspace), and publicly available business information used to enrich vendor profiles.

We use personal information to:

• Provide, maintain, and improve the Service;
• Authenticate users, prevent fraud, and protect account security;
• Generate aggregated, de-identified insights about questionnaire performance;
• Communicate with you about your account, billing, and product updates;
• Comply with our legal obligations and enforce our Terms of Service.

We do not sell personal information, and we do not use Customer Data to train third-party AI models without your prior agreement.

We share personal information only as described below:

• Service providers. Vetted sub-processors that help us run the platform (cloud hosting, monitoring, email, customer support). A current list is available on request.
• Within your workspace. Workspace administrators can see member activity and content. Vendors you invite can see the assessment requests addressed to them.
• Corporate transactions. In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
• Legal obligations. Where required by law, court order, or to protect our rights and the safety of users.
• With your consent. Any other sharing is done only with your instructions.

CyberRank operates globally. Where we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or your explicit consent, depending on the jurisdiction.

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained according to your workspace settings; when you cancel your account, we will delete or return Customer Data within a reasonable period unless retention is legally required.

Depending on where you live, you may have rights to access, correct, delete, port, or object to processing of your personal information. To exercise these rights, contact us at privacy@cyberrank.example. If you are using CyberRank through your employer, please contact them first, as they control your workspace data.

We maintain a layered information security program aligned with ISO/IEC 27001 and SOC 2. Controls include encryption in transit and at rest, least-privilege access, continuous monitoring, and regular penetration testing. No system can be guaranteed perfectly secure; you can read more about our controls on our Compliance page.

CyberRank is intended for business users and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can remove it.

If you have questions about this Privacy Policy or how we handle your information, please contact our privacy team at privacy@cyberrank.example. Customers in the EU/UK may also contact our designated representative through the same address.