Privacy Policy
Effective: June 5, 2026
This policy explains what Cyber+ collects about you, how we use it, who we share it with, and the choices you have. We've written it the way we'd want an infosec colleague to read it: short, specific, and without dark patterns.
1. Who runs Cyber+
Cyber+ is operated by [LEGAL ENTITY NAME], registered in [JURISDICTION], mailing address [MAILING ADDRESS]. Contact: privacy@gocyberplus.com.
2. What we collect
We collect only what we need to run the service:
- Account data — email address or phone number, display name, username, chosen role (reader or writer), password hash (we never see your password in plaintext).
- Content you publish — posts, comments, notes, likes, bookmarks, follows. This is the data you intend to be on Cyber+ in the first place.
- Activity logs — server-side request logs (URL, status code, timestamp, IP, user agent) for up to 30 days, used for security, abuse detection, and debugging.
- Reading events — which posts you opened, how far you scrolled, and when. Used to power your reading history and (later) recommendations. You can see this list yourself at /reading-history.
- Email delivery records — when we sent you an email and whether it delivered, bounced, or was opened (where supported by our provider). Used to manage deliverability and respect unsubscribes.
- Payment data — if you pay for a subscription or receive payouts as a writer, we use Stripe for payment processing. Cyber+ never sees full card numbers. We retain transaction metadata (amount, date, subscription state) as required by law.
We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers. We do not sell your personal data.
3. How we use it
- To operate the service and provide the features you signed up for.
- To send transactional email (welcome, new-post notifications you opted into, password reset).
- To detect, investigate, and prevent abuse, fraud, and security incidents.
- To comply with legal obligations.
- With your explicit opt-in, to send occasional product updates. You can turn this off at /settings.
4. Who we share with
We share personal data only with the following categories of subprocessors:
- Supabase — database and authentication hosting.
- Vercel — application hosting and edge CDN.
- Resend — transactional email delivery.
- Stripe — payment processing (only for paying users and writers receiving payouts).
- Cloudflare — DDoS protection, captcha (Turnstile) on signup.
- Sentry — error monitoring (server-side stack traces, no full request bodies).
A current subprocessor list is available at privacy@gocyberplus.com on request.
We may disclose data when legally required (subpoena, court order, lawful government request) and will notify the affected user unless prohibited by law.
5. Cookies and tracking
Cyber+ uses a small number of first-party cookies — strictly for authentication sessions, preferred theme, and CSRF protection. We use no third-party advertising cookies. See the Cookies page for the full list.
6. Your rights
Regardless of where you live, you can:
- Access a copy of your data — email privacy@gocyberplus.com.
- Correct inaccurate data — most fields are editable at /settings.
- Delete your account — at /settings. We soft-delete on request and purge within 30 days, except where retention is required by law.
- Export your posts and comments — email privacy@gocyberplus.com. We respond within 30 days.
- Object to processing or restrict processing for marketing-style emails — toggle in /settings or use the unsubscribe link in any email.
EU/UK users: under GDPR you may also lodge a complaint with your local data protection authority. California users: under CCPA you have the right to know, delete, and opt out of any "sale" of personal information — we do not sell personal information.
7. International transfers
Cyber+ is hosted in the United States. If you access the service from outside the US, you understand your data is processed in the US. Where required, we rely on Standard Contractual Clauses with our subprocessors.
8. Retention
- Account data: until you delete your account, then up to 30 days.
- Published posts: until you (or we, for a Terms violation) delete them.
- Request logs: 30 days.
- Payment records: 7 years (US tax/financial recordkeeping).
9. Children
Cyber+ is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, email privacy@gocyberplus.com and we will remove it.
10. Changes
We will announce material changes by email or in-product banner at least 14 days before they take effect.
11. Contact
privacy@gocyberplus.com or [MAILING ADDRESS].
Starting template. Have your privacy counsel review for your jurisdiction (especially GDPR/UK GDPR Article 13/14 requirements and CCPA disclosures) before launch.