Last updated: October 23, 2025
At Cyrenza, protecting your privacy and business data is fundamental to our AI workforce platform. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our Knowledge Workers across our 8 specialized industry verticals. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable international privacy laws.
We design our platform with privacy by design principles, implementing enterprise-grade security measures and maintaining strict data isolation to ensure your business information remains confidential and secure. Our commitment extends to zero-trust architecture, end-to-end encryption, and regular third-party security audits.
Data Controller Information: Cyrenza Inc. acts as the data controller for personal information processed through our platform. We maintain compliance with applicable data protection regulations in all jurisdictions where we operate.
Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, we must have a valid legal basis for processing your personal information. Our processing activities are founded on several complementary legal grounds that ensure both compliance and operational necessity.
Contractual Necessity forms the primary basis for most of our data processing activities. When you subscribe to our AI workforce platform, we enter into a legally binding agreement that requires us to process certain personal information to deliver our services effectively. This includes managing your account, deploying Knowledge Workers according to your specifications, processing business documents, generating reports, and providing technical support.
Legitimate Interests provide the legal foundation for processing activities that benefit both Cyrenza and our customers while respecting individual privacy rights. These interests include enhancing platform security through behavioral analysis and threat detection, preventing fraudulent activities, improving Knowledge Worker performance through aggregated usage analytics, and conducting research and development to advance our AI capabilities.
Legal Compliance necessitates certain data processing to meet our obligations under various regulatory frameworks. This includes maintaining records for tax authorities, responding to valid law enforcement requests, complying with financial regulations for payment processing, and fulfilling audit requirements for our security certifications.
Consent serves as the legal basis for optional processing activities, particularly marketing communications, advanced analytics features, and data processing that extends beyond our core service delivery. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To establish and maintain your Cyrenza account, we collect comprehensive business information that enables us to provide personalized AI workforce solutions tailored to your organizational needs. This includes detailed corporate registration information, authorized representative information, industry classification data, company size metrics, and operational requirement specifications.
Our platform continuously collects detailed usage analytics to optimize Knowledge Worker performance and provide valuable insights into your business operations. This includes Knowledge Worker deployment patterns, task assignment histories, performance optimization data, document upload patterns, and system interaction logs.
We collect and process various business data including documents, spreadsheets, and files uploaded for Knowledge Worker processing, custom instructions and business rules you provide, workflow specifications, integration data from connected business applications, and AI-generated outputs, reports, and analytical results.
We process your information exclusively to deliver our AI workforce platform services and maintain the highest standards of business operations. This includes deploying and managing your customized Knowledge Worker workforce, processing business documents and data through specialized Knowledge Workers, maintaining account security and preventing unauthorized access, and providing technical support and platform optimization services.
We also generate usage analytics and performance insights for your organization, facilitate integrations with your existing business systems, and process billing and subscription management. All processing activities are conducted with appropriate legal basis, including contractual necessity, legitimate business interests, and consent where required by applicable privacy laws.
Your business data is never used to train public AI models or shared between customer accounts. We maintain absolute data isolation with customer-specific Knowledge Worker instances that operate exclusively within your organizational boundary.
Our AI training approach includes custom Knowledge Worker training using only your organization's data and preferences, differential privacy techniques to protect sensitive information during processing, and federated learning approaches that keep raw data on secure, isolated infrastructure. We maintain separate model parameters and training data with encrypted storage.
Enterprise customers can request dedicated AI model instances with enhanced isolation, custom training protocols, and additional privacy controls.
We do not sell, trade, or otherwise transfer your personal information to third parties except in specific circumstances. We may share information with trusted third-party service providers who assist us in operating our platform, such as cloud hosting, payment processing, and customer support services. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
We may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to protect our rights or the safety of others. In such cases, we will provide the minimum information necessary to comply with the legal requirement and will notify you where legally permissible.
We implement comprehensive security measures to protect your information including end-to-end encryption for data transmission, AES-256 encryption for data at rest, multi-factor authentication for account access, regular security audits and penetration testing, and SOC 2 Type II compliance monitoring.
We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Account data is retained while your account is active plus 90 days for account recovery. Usage logs are kept for 24 months for security monitoring and service improvement. Billing records are maintained for 7 years to comply with tax and accounting regulations.
We automatically delete or anonymize data when retention periods expire. Enterprise customers can request custom retention schedules to meet their regulatory requirements.
Under GDPR, CCPA, and other privacy laws, you have comprehensive rights regarding your personal information. You have the right to access and request copies of your personal data, correct inaccurate or incomplete personal information, request deletion of your personal data (right to be forgotten), receive your data in a structured, machine-readable format, limit how we process your data in specific situations, and revoke consent for processing at any time.
To exercise these rights, submit requests through your account settings or email privacy@cyrenza.com with your request and proof of identity. We respond within 30 days for GDPR requests and 45 days for CCPA requests.
Our services are hosted in secure data centers across multiple jurisdictions including the United States, European Union, and other regions. We implement EU Commission-approved Standard Contractual Clauses (SCCs) for transfers outside the EEA, leverage adequacy decisions for transfers to countries like the UK and Switzerland, and maintain binding corporate rules with all processors.
EU data residency is available for GDPR compliance with data stored exclusively in EU data centers. All international transfers maintain the same level of protection as required by your local privacy laws.
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. Your continued use of our services after any changes indicates your acceptance of the updated policy.
For privacy-related inquiries, contact our Privacy Officer at privacy@cyrenza.com. You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal information appropriately.