Privacy Policy
We treat your data the way we wish every SaaS vendor would treat ours.
Last updated: June 1, 2026
1. Who we are
CYBEREYE is operated by Jonathan & Cyber Ltd. (“CYBEREYE”, “we”, “us”), an Israeli company headquartered in Tel Aviv. Our Data Protection Officer can be reached at dpo@cybereye.co.il.
2. What we collect
We collect three categories of data:
- Account data — name, work email, organisation, role, and authentication tokens for the platforms you connect.
- Connected platform data — read-only metadata from the security tools you connect (e.g. asset inventories, finding records, IAM metadata). We never ingest customer business data (e.g. emails, documents) unless explicitly required for a feature you have enabled.
- Usage data — queries submitted, features used, error logs, and basic device/browser fingerprints. Retained 90 days for security and product analytics.
3. How we use it
We use your data only to:
- Provide and improve the CYBEREYE service.
- Answer your queries by cross-referencing your connected platforms.
- Detect abuse, fraud, and security incidents against the platform.
- Communicate with you about your account, billing, and product updates.
We do not sell your data. We do not use your data to train machine-learning models. LLM inference runs under a zero-retention contract with Anthropic.
4. Data sharing
We share data only with our listed sub-processors (see Security) under strict contractual obligations. We may disclose data when required by law, with prior notice unless legally prohibited.
5. International transfers
You choose your data residency at signup: Israel (il-central-1) or EU (eu-central-1, Frankfurt). Transfers outside the chosen region only occur for LLM inference under Standard Contractual Clauses (EU) and equivalent Israeli safeguards.
6. Your rights
Under GDPR and Israeli Privacy Protection Law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request erasure (subject to legal retention obligations).
- Object to processing or request portability.
- Withdraw consent at any time.
To exercise these rights, email dpo@cybereye.co.il. We respond within 30 days.
7. Cookies
We use strictly-necessary cookies for authentication and a single first-party analytics cookie. No third-party advertising cookies. No cross-site tracking.
8. Retention
Account data is retained for the life of your contract plus 30 days for recovery. Connected platform data is retained according to your tier configuration (default: 12 months). Usage logs are retained 90 days.
9. Contact our DPO
Questions, complaints, or rights requests: dpo@cybereye.co.il.
You also have the right to lodge a complaint with your local supervisory authority (e.g. the Israeli Privacy Protection Authority or the EDPB member authority in your country).