Cyrenza, Inc. (“Cyrenza,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our website at cyrenza.com (“Website”), our AI Workforce Platform (“Platform”), APIs, or any related services (collectively, the “Services”).
1.1. This Privacy Policy covers personal data collected directly by Cyrenza (e.g., account registration, billing, support) and technical data collected through the operation of the Services.
1.2. When Cyrenza processes personal data on behalf of customers as part of Customer Data, Cyrenza acts as a Data Processor. Such processing is governed by our Data Processing Addendum. If your personal data has been submitted to the Platform by one of our customers, please direct your inquiry to that customer.
1.3. This Privacy Policy does not cover third-party websites, applications, or services linked from our Website or integrated with the Platform.
2.1. Cyrenza as Data Controller. Cyrenza is the Data Controller for personal data of Website visitors, account registration data, billing information, usage data, support communications, and marketing data.
2.2. Cyrenza as Data Processor. Cyrenza is the Data Processor for Customer Data containing personal data that customers upload to or process through the Platform. See our Data Processing Addendum for details.
We do not store full credit card numbers or CVV codes. Payment card data is processed and stored exclusively by our PCI DSS-certified payment processor.
You may opt out at any time via the unsubscribe link or by contacting privacy@cyrenza.com.
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance | Account creation, service delivery, billing, support |
| Legitimate Interests | Service improvement, security monitoring, fraud prevention, analytics |
| Legal Obligation | Tax reporting, regulatory compliance, audit log retention |
| Consent | Marketing communications, optional analytics |
Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override data subjects’ rights and freedoms.
6.1. We Do Not Sell Personal Data. Under the CCPA/CPRA definition of “sale,” no sale of personal information occurs.
6.2. Service Providers. We share personal data with service providers who assist in operating the Services, subject to confidentiality obligations and data processing agreements. Categories include: cloud infrastructure hosting, payment processing, identity and authentication, AI model inference, and incident management.
6.3. AI Model Providers. When Customer Data is processed by AI model providers for inference, it is transmitted securely, processed only for the requested purpose, and not retained by the provider beyond the request. AI model providers are contractually prohibited from using your data for model training.
6.4. Legal Disclosure. We may disclose personal data when required by valid legal process, to comply with applicable law, to protect rights and safety, or in connection with a corporate transaction (merger, acquisition, or sale of assets).
6.5. With Your Consent. We share data with third parties when you explicitly consent, such as when you enable a third-party integration.
7.1. The Services are primarily operated from the United States. For transfers of personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and other appropriate safeguards as described in our Data Transfers Addendum.
7.2. Enterprise customers may specify data residency requirements. See Section 13 of the Security Addendum.
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| Authentication logs | 12 months |
| Billing records | 7 years |
| Customer Data (active) | Duration of subscription |
| Customer Data (post-termination) | 30 days (export period) |
| Audit logs | 1–7 years (per compliance requirements) |
| Usage metering data | 24 months |
| Support tickets | 3 years post-resolution |
| Marketing consent records | Duration of consent + 5 years |
When retention periods expire, data is permanently deleted. Legal holds may extend retention as required by law.
Regardless of location, you may: access, correct, and delete your personal data; export your data in portable format; opt out of marketing; manage cookie preferences; revoke integrations; and close your Account.
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and rights related to automated decision-making (Art. 22). You may lodge a complaint with your local supervisory authority. We respond to requests within thirty (30) days, extendable by sixty (60) days for complex requests.
You have the right to know, delete, correct, and opt out of sale/sharing. Cyrenza does not sell or share personal information. We do not discriminate against you for exercising your rights. We respond within forty-five (45) days, extendable by forty-five (45) days.
You have the right to confirmation of processing, access, correction, anonymization or deletion of unnecessary data, portability, and revocation of consent. We respond within fifteen (15) days.
You have the right to access, challenge accuracy, and withdraw consent. You may file a complaint with the Office of the Privacy Commissioner of Canada. We respond within thirty (30) days.
For individuals subject to POPIA (South Africa), PDPA (Asia-Pacific), or other applicable data protection laws, we respect your rights as provided under your local legislation.
10.1. Submit requests via email to privacy@cyrenza.com or through your Account settings.
10.2. We will verify your identity before processing requests. For requests outside your authenticated Account, we may require additional identifying information.
10.3. For requests concerning Customer Data processed on behalf of a Cyrenza customer, please contact that customer directly. We will assist our customers in responding as required.
Our cookie practices are described in our Cookie Policy.
The Services are not intended for individuals under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete it. Parents or guardians may contact privacy@cyrenza.com.
13.1. The Platform does not perform cross-site tracking and does not respond to Do Not Track browser signals.
13.2. We honor Global Privacy Control (GPC) signals as an opt-out under the CCPA/CPRA. Since we do not sell or share personal information, no additional action is required, but the signal is recognized and logged.
We may update this Privacy Policy from time to time with at least thirty (30) days’ advance notice of material changes. Your continued use after changes take effect constitutes acceptance. Prior versions are available upon request.