Version

1.0

Sep 14, 2025

Legal

/

Privacy Policy

Privacy Policy (U.S. Region)

Effective Date: 14 September 2025

This Privacy Policy describes how CyberAGI collects, uses, and shares personal data when you use Excalibur and our related Services in the United States. We believe that great products can coexist with great privacy. We collect and process data solely to deliver and improve our Services and never sell or rent your personal information.

1. Scope and Applicability

This Policy applies to information we collect from users of Excalibur and related Services, including both enterprise customers and free‑plan users, within the United States. It does not apply to information collected by third‑party websites or services, even if accessed through our Services.

2. Information We Collect

We strive to minimize the data we collect and retain. The types of information we collect depend on how you interact with our Services:

  1. Account and Contact Information – When you register or place orders, we collect your name, company, job profile or title, email address, username, password, billing and mailing addresses, and phone number. Without this information, we may be unable to provide the Services.

  2. Payment Information – If you purchase a subscription, our third‑party payment processor collects your payment card details. We only receive a record of the transaction and do not store full payment card numbers.

  3. Usage and Telemetry Data – We collect data about how you interact with our Services, such as feature usage, system logs, device information (browser type, operating system, IP address), and crash reports. This telemetry helps us improve our Services and diagnose problems. We do not link telemetry to specific individuals unless necessary for security or fraud prevention.

  4. User Data and Content – Enterprise customers may process sensitive data (e.g., vulnerability details, source code, PII) within Excalibur. For enterprise deployments, this data remains on your infrastructure and is never transmitted to CyberAGI for model training or inference. For free or limited plans, data you upload (such as test targets, logs, or reports) may be processed on our cloud infrastructure but will not be used to train our models.

  5. Communications – We may collect the content of communications you send to us (e.g., support requests, feedback) and associated metadata.

We do not knowingly collect data from children or minors. If we learn that personal data of a minor has been collected inadvertently, we will delete it promptly.

3. How We Use Your Information

We use information we collect for the following purposes:

  1. Provide and Maintain the Services – We use account and usage data to operate, maintain, and improve Excalibur and related Services, fulfil orders, authenticate users, and provide customer support.

  2. Security and Fraud Prevention – To protect our Services, users, and infrastructure, we use telemetry and other data to detect, prevent, and respond to security incidents and abuse.

  3. Troubleshooting and Analytics – We analyze aggregated usage and telemetry to identify performance issues, develop new features, and improve the user experience. Data used for analytics is de‑identified or aggregated wherever possible.

  4. Communications – We may send you service‑related notices (e.g., transaction confirmations, technical alerts) that you cannot opt out of, as well as marketing emails that you can opt out of at any time.

  5. Legal and Compliance – To comply with legal obligations, enforce our Terms, resolve disputes, and protect CyberAGI’s rights and property.

We will not use enterprise User Data to train our AI models or improve RAG pipelines without your explicit consent. Similarly, for free or limited plans, data you provide is used solely to operate and maintain the Services and is never used to train or refine our models or algorithms. We do not sell or share your data without your approval.

4. How We Share Information

We do not sell or rent your personal data. We share information only as described below:

  1. Service Providers – We engage third parties to host our infrastructure, process payments, send emails, and provide analytics. They act as our service providers and are contractually obligated to handle personal data only for the purposes we specify and to adhere to security standards.

  2. Business Partners – For enterprise customers, we may share limited information with resellers, distributors, or integration partners solely to deliver and support the Services. We require such partners to protect your data.

  3. Legal Compliance and Safety – We may disclose information if we believe it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms; or to protect the rights, property, or safety of CyberAGI, our users, or the public.

  4. Corporate Transactions – In connection with a merger, sale, or acquisition of all or part of our business, your information may be transferred, but we will require the acquiring entity to honor this Privacy Policy.

  5. Aggregate and De‑Identified Data – We may share aggregated or de‑identified data that cannot reasonably be used to identify you.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to remember your preferences, maintain your session, and collect analytics information. Some cookies are necessary for the functioning of the Services (such as authentication cookies), while others help us improve performance. Most browsers allow you to control cookies through settings. Disabling cookies may limit the functionality of the Services. We treat cookies and similar identifiers as non‑personal data unless local law requires otherwise.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, comply with legal obligations, or resolve disputes. Our retention periods are as follows:

  • Account and Contact Information — We retain this information for as long as your account is active and for up to seven (7) years after closure to comply with tax, accounting, and other legal obligations.

  • Billing and Payment Details — We retain transactional records for seven (7) years or as required by law.

  • Usage Logs and Telemetry — We retain raw usage logs and telemetry for twelve (12) months for troubleshooting and security purposes. We may maintain aggregated or de‑identified usage data indefinitely for analytics and long‑term security trends.

  • User Data — Enterprise User Data remains under your control and is not retained by us. Data from free or limited plans stored on our infrastructure will be retained until you delete it or request deletion. We will delete or de‑identify such data within a reasonable time after your request, unless retention is necessary to comply with our legal obligations or resolve disputes.

If you wish to have your personal data deleted sooner, you may submit a request to legal@cyberagi.ai. We will honor verified requests unless we are legally obligated or have a legitimate business reason to retain the data.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal data. These measures include encryption of data at rest and in transit, access controls, and regular security assessments. Despite these measures, no security system is impenetrable, and we cannot guarantee absolute security.

8. Your Rights and Choices

Depending on where you reside, you may have certain rights regarding your personal information. In particular, residents of California have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  1. Right to Know — You can request that we disclose what personal information we collect, use, disclose, and share about you.

  2. Right to Delete — You can request that we delete personal information collected from you, subject to certain exceptions.

  3. Right to Correct — You can request that we correct inaccurate personal information that we maintain about you.

  4. Right to Opt Out of Sale/Sharing — You can direct us not to sell or share your personal information. We do not sell personal information but provide this right for completeness.

  5. Right to Non‑Discrimination — You have the right to receive equal service and pricing even if you exercise your privacy rights.

To exercise these rights, contact us at legal@cyberagi.ai or via any web form we provide for privacy requests. We will verify your identity before responding and aim to respond within the time required by law.

You may opt out of marketing communications at any time by following the unsubscribe instructions in the emails we send. Even if you opt out, we may still send you non‑promotional communications (e.g., service announcements, administrative messages).

9. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated Policy on our website and indicate the effective date. If we make material changes, we will provide notice (e.g., via email or prominent notice on our site). Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

CyberAGI Inc.

Email: legal@cyberagi.ai