Privacy Policy
Last updated: March 1, 2026
1. Overview
syscyber is designed with privacy as a core architectural principle, not an afterthought. Your source code never leaves your servers. This policy explains exactly what data we collect, how we process it, and how we protect it.
2. Data We Collect
Account data: Email address, name, and organization name provided during registration.
Anonymized scan findings: Vulnerability findings from our scanning engines, processed through 6-stage anonymization before leaving your environment. This data contains no source code, IP addresses, hostnames, email addresses, API keys, or personally identifiable information.
Usage data: Basic service usage metrics (scan counts, feature usage) to improve the product. No tracking pixels or third-party analytics.
3. How We Use Your Data
Anonymized findings are processed by our AI engine to detect attack chains and generate security analysis. We use account data to provide the Service and communicate with you. We do not sell, rent, or share your data with third parties for marketing purposes.
4. Anonymization Process
Before any scan data leaves your environment, it passes through our 6-stage anonymization engine:
- IP addresses replaced with tokens
- Hostnames replaced with generic identifiers
- Email addresses stripped
- API keys and secrets redacted
- Custom patterns filtered (configurable per organization)
- PII scan — final validation pass before transmission
The anonymization engine is validated by 34 dedicated tests.
5. Third-Party Processors
Our AI analysis is performed by an enterprise AI processing provider. Only anonymized findings are sent for processing. That provider retains data for a maximum of 7 days, then permanently deletes it, and never uses customer data to train any model. Enterprise-grade data protections apply to all AI processing.
6. Data Retention
Account data is retained while your account is active. Scan findings and attack chain data are retained while your account is active plus 30 days after termination. After the retention period, all data is permanently deleted.
7. Data Security
All data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. Access to production systems is restricted and logged. We are working toward SOC 2 Type II certification.
8. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. You may export your scan data and attack chain analysis at any time through the dashboard. You may delete your account, which triggers permanent deletion of all associated data within 30 days.
9. Contact
For privacy-related questions, contact us at security@syscyber.in. For general support, contact support@syscyber.in.