1) Scope
This policy covers CyberAI websites, courses & downloads, AI Tutor, CyberAI VPN (desktop app and Chrome extension), and any other services that link to it (collectively, the "Service"). It does not cover third-party sites we link to or embed; review their policies separately.
2) Data We Collect
| Category | Examples | Why |
|---|---|---|
| Account & Profile | Name, email, username, password hash, preferences (theme, language), plan tier. | Create/maintain your account, personalize your experience, provide support. |
| Usage & Device | IP address, browser/OS, pages viewed, time on page, crash logs, session IDs. | Security, analytics, fraud prevention, product improvement. |
| Payment | Billing name, address, last 4 of card (via processor), transaction IDs. | Process purchases and subscriptions. We do not store full card numbers. |
| Support & Comms | Messages, tickets, emails, survey responses. | Assist you, resolve issues, improve quality. |
| Learning Content | Assignments, code snippets, uploaded avatar, social/profile links. | Deliver course features, display your profile to you, and enable collaboration. |
| CyberAI VPN | Account ID, subscription tier, app version, optional crash diagnostics, aggregate bandwidth for billing, device registration count. | Authenticate the VPN app to your CyberAI account, enforce plan limits, operate and improve the service. |
3) Where Data Comes From
- Directly from you when you create an account, enroll, or contact support.
- Automatically via cookies, local storage, pixels, and server logs.
- From payment processors when you buy a plan (metadata only).
- From CyberAI VPN clients when you sign in or connect (account and operational metadata only — not browsing content).
- Optionally from OAuth/social sign-in if you connect an account.
4) How We Use Data
- Provide and personalize the Service, including courses, the AI Tutor, and CyberAI VPN.
- Authenticate, secure, and prevent abuse/fraud.
- Analyze performance and improve features and content.
- Communicate about updates, changes to terms, and relevant offers (you may opt out).
- Comply with legal obligations and enforce our Terms of Service.
5) AI Tutor & Model Providers
When you chat with the AI Tutor, we process your prompts, conversation history, and usage telemetry to deliver responses, safety-check content, and improve quality. Depending on your plan and settings, we may route requests through reputable AI providers as processors (e.g., model APIs). We minimize data shared and use secure transport. We do not sell your personal information.
Enterprise/workspace settings can restrict logging or retention; contact us for a DPA.
6) CyberAI VPN & No-Logs Policy
What we do not log
- Browsing history, DNS queries, or websites you visit through the VPN tunnel.
- Contents of your communications or files transferred over the VPN.
- Source IP addresses linked to your identity for the purpose of building activity profiles.
Minimal data we may process
- Account email, user ID, and subscription status to authenticate the app and enforce plan limits.
- Short-lived HMAC authentication tokens when you sign in from the website (expiry typically five minutes; used to link the desktop app to your account, not to log VPN sessions).
- Aggregate bandwidth or connection timestamps where needed for billing, capacity planning, or abuse prevention — not tied to the content of your traffic.
- App version and optional crash/diagnostic reports if you enable them, to fix bugs and improve reliability.
During development, some VPN features may operate in a simulated mode. Our no-logs commitment applies to production VPN infrastructure. See our Terms of Service — CyberAI VPN for acceptable use.
9) Data Retention
We keep personal data only as long as needed to provide the Service and for legitimate business or legal purposes (e.g., tax, security). VPN authentication tokens expire within minutes and are not retained as traffic logs. You can request deletion as described below.
10) Security
We use reasonable technical and organizational measures (TLS in transit, role-based access, least privilege, logging). No method is 100% secure; please use a strong unique password and enable device protections.
11) Children's Privacy
The Service is not directed to children under 13 (or the minimum age in your jurisdiction). If we learn we've collected data from a child without verifiable parental consent, we'll delete it.
12) International Data Transfers
We may process data in countries other than where you live. Where required, we use appropriate safeguards (e.g., SCCs/DPAs) for cross-border transfers.
13) Your Rights
You may have the following rights, subject to local laws:
- Access a copy of your personal data
- Correct inaccurate information
- Delete your data (erasure)
- Port data in a usable format
- Object to or restrict certain processing
- Withdraw consent where processing relies on consent
To exercise rights, email [email protected]. We may need to verify your identity. You may also contact your local data protection authority.
CCPA/CPRA (California)
- Right to know, delete, correct, and non-discrimination
- We do not "sell" personal information. We do not share PI for cross-context behavioral advertising.
14) Your Choices
- Update profile information in Profile Settings.
- Unsubscribe from emails via footer links or by contacting support.
- Control cookies in your browser; block analytics if desired.
- Request account deletion via Danger Zone or by emailing us.
15) Changes to this Policy
We may revise this policy as our services evolve. We'll post updates here and adjust the date below. Material changes may also be announced in-app or by email.
Last updated: 2026-07-03.
16) Contact Us
Email: [email protected]
Support: [email protected]
Address:
CyberAI
Edmonton, Alberta, Canada