Privacy

Cyberun Cloud ("Cyberun", "we", "us") provides a controllable AI workflow platform operated from cyberun.cloud. This Privacy Policy explains what information we collect when you sign up for or use Cyberun Cloud, why we collect it, how long we keep it, and the rights you have over it.

1. Information we collect

Account information from Google sign-in: your Google account email address, full name as Google provides it, the OAuth subject identifier, and whether Google has verified the email. We do not receive or store your Google password. Service usage data: the team and workflow records you create, the credentials you upload (encrypted at rest with AES-256-GCM keys held only in our cluster), task execution events, and webhook delivery logs. Signup audit records: a timestamped record per signup that captures email, OAuth subject identifier, source IP, and user-agent string. This row is retained per Section 4 even after account deletion to meet anti-abuse and audit-defensibility requirements under GDPR Article 17(3)(e).

2. How we use information

We use the data above to authenticate you, operate the platform on your behalf, enforce free-tier quotas and rate limits, prevent abuse (duplicate account creation, signup flooding, credential reuse from compromised lists), and respond to your support requests. We do not sell personal data, share it with advertisers, or use it to train AI models.

3. Retention and deletion

When you delete your account, the bulk of your personal data — workflows, credentials, team memberships, webhook configurations, task history — is removed within 30 days. The signup_events audit row is pseudonymized but retained permanently (email hashed, OAuth subject hashed, plan-at-signup retained) as the legal-basis record for the account. Full personal identifiers in signup_events that have not been pseudonymized are auto-pseudonymized 24 months after the original signup, regardless of account status. We rely on GDPR Article 17(3)(e) (legal claims defense) to justify retaining the pseudonymized minimum.

4. Sharing and subprocessors

Google LLC processes the OAuth handshake when you sign in. Cloudflare, Inc. provides object storage (R2) for workflow assets and outputs you upload. Both subprocessors operate under data processing addenda compatible with GDPR and CCPA. Cyberun never sends personal data to third-party analytics or advertising networks. We will publish a complete subprocessor list, with notification of new processors before they go live, once the SaaS launches in production.

5. Your rights

Under GDPR (EEA / UK residents) and CCPA (California residents) you have the right to access, correct, export, and delete your personal data, to object to or restrict processing, and to lodge a complaint with a supervisory authority. Access, export and deletion are self-serve from the account settings page once available; in the interim, write to the address below and we will respond within 30 days. We never charge for these requests.

6. Security

All traffic to and from cyberun.cloud is encrypted in transit via TLS 1.3 with certificates issued by Let's Encrypt. Application secrets are sealed with the cluster's sealed-secrets controller and never leave the cluster in plaintext. User-uploaded credentials are encrypted at rest with per-tenant AES-256-GCM keys; database and object storage are encrypted at rest by the provider. We do not transmit sensitive data over email.

7. International transfers and children

Cyberun's primary compute infrastructure is located in Asia. If you access Cyberun from the EEA / UK, your data is transferred outside that region under Standard Contractual Clauses. Cyberun Cloud is not directed to children under 13 (under 16 in the EEA); we do not knowingly collect their information. If you believe a minor has signed up, contact the address below for prompt removal.

8. Changes and contact

Material changes to this Policy are announced by updating the date at the top of the page and, for currently-active users, by notice at next sign-in. Continued use after the effective date constitutes acceptance.

For privacy questions, data-rights requests, or anything else covered by these documents, write to sales@cyberun.cloud.