// legal

Privacy Notice

Last updated: 30 May 2026

1. Who we are

This Privacy Notice explains how Cyberactive ("Cyberactive", "we", "us", "our"), trading as CyberActive AI, collects and uses your personal data when you use the CyberActive AI platform (the "Service"). For the personal data we collect from you directly through the Service, Cyberactive acts as the data controller.

Payment, billing, tax, and invoicing data is collected and processed by our reseller Paddle.com Market Limited ("Paddle"), which acts as the Merchant of Record and an independent controller for that data. See Paddle's privacy policy for details.

2. What we collect

  • Account data: name, email address, password hash, profile information you provide.
  • Career data: CV / resume content, target roles, experience, certifications, skills, and other career evidence you submit so the Service can score readiness and tailor guidance.
  • Usage data: pages viewed, actions taken, scores generated, sessions, and feature interactions.
  • AI inputs and outputs: prompts you send to AI features and the outputs generated, used to operate the Service and improve quality.
  • Support communications: messages you send us, including any attachments.
  • Technical data: IP address, browser type, device identifiers, approximate location derived from IP, and similar telemetry.
  • Cookies and similar technologies: as described in section 9.

3. Why we use it (and legal basis)

  • Provide the Service (account creation, readiness scoring, AI features) — performance of our contract with you.
  • Customer support — performance of our contract and our legitimate interest in helping users.
  • Security and fraud prevention — our legitimate interest, and legal obligation where applicable.
  • Product improvement and analytics — our legitimate interest in building a better product. We use aggregated or pseudonymised data wherever possible.
  • Marketing communications — consent where required, otherwise our legitimate interest. You can unsubscribe at any time.
  • Legal compliance — to comply with tax, accounting, and other legal obligations.

4. Who we share it with

We share personal data only with the following categories of recipients:

  • Paddle — our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
  • Infrastructure and hosting providers — to operate the Service (cloud database, file storage, edge compute).
  • AI model providers — to power AI features. Inputs are sent only as needed to generate the output and are not used by those providers to train their public models.
  • Email and communications providers — to deliver transactional and (where you have opted in) marketing emails.
  • Analytics and error monitoring providers — to understand usage and diagnose problems.
  • Professional advisers — legal, accounting, and audit advisers, where necessary.
  • Authorities — where required by law, court order, or to protect our or others' rights.

We do not sell your personal data.

5. International transfers

Some of our providers are based outside the UK and the EEA. Where personal data is transferred internationally we rely on appropriate safeguards, such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an applicable adequacy decision.

6. How long we keep it

We keep your personal data only as long as we need it for the purposes set out above. Account and career data is retained while your account is active and for a reasonable period afterwards to allow re-activation; we then delete or anonymise it. Billing records may be kept longer to comply with tax and accounting obligations. You can request earlier deletion at any time (see section 7).

7. Your rights

Depending on where you live, you have rights over your personal data. For users in the UK and EEA, these include the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • request deletion ("right to be forgotten") in certain circumstances;
  • request restriction of processing;
  • data portability;
  • object to processing based on our legitimate interests;
  • withdraw consent at any time where we rely on consent;
  • lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

You can exercise most of these rights from your account settings (including data export and account deletion), or by emailing us at privacy@cyberactiveai.com. We will respond within one month.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit, encrypted storage, access controls, and regular review of our security posture. No system is perfectly secure, so we cannot guarantee absolute security.

9. Cookies

We use cookies and similar technologies that are strictly necessary to run the Service (authentication, security, preference storage), and analytics cookies to understand how the Service is used so we can improve it. Where required by law we ask for your consent before setting non-essential cookies, and you can change your preferences at any time from your browser settings.

10. Contact

Questions about this Privacy Notice or your personal data? Email us at privacy@cyberactiveai.com.