CyroloCyrolo
Features
Platform capabilities & tools
Pricing
$299/mo security subscription
Security Scanning
150+ automated vulnerability checks
Penetration Testing
Elite red team services
Free Tools
Free security scanners
About
Our mission & team
Contact
Get in touch
Sign InGet Started
Cyber Security
All systems operational

Privacy Policy

Your privacy matters. Learn how Cyrolo collects, uses, and protects your personal data.

Effective date: March 1, 2026

1

Introduction

Cyrolo LLC (“Cyrolo,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered brand protection platform and related services (collectively, the “Services”).

Cyrolo LLC acts as the data controller for the personal data processed through the Services. We are located at 30 N Gould St Ste N, Sheridan, WY 82801, United States. You can contact us at [email protected].

This policy applies to all users of the Services, including website visitors, registered users, and API consumers. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2

Information We Collect

Information You Provide

  • Account information: name, email address, company name, job title
  • Billing information: payment method details (processed securely by Stripe)
  • Brand data: trademarks, logos, product identifiers, and brand rules
  • Communications: support requests, feedback, and correspondence
  • Team information: names and email addresses of invited team members

Information Collected Automatically

  • Device and browser information: IP address, browser type, operating system, device identifiers
  • Usage data: pages visited, features used, actions taken, timestamps, session duration
  • Log data: server logs, error reports, API request metadata
  • Cookies and similar technologies: session cookies, preference cookies, and analytics trackers (see our Cookie Policy)

Information from Third Parties

  • Marketplace data: publicly available product listings, seller profiles, and pricing data from e-commerce platforms
  • Trademark databases: publicly available trademark registrations and filings
  • Payment processor: transaction confirmations and billing events from Stripe
3

How We Use Your Information

  • Provide and operate the Services: process your brand data, run marketplace scans, generate detection reports, and manage enforcement workflows
  • Account management: create and maintain your account, authenticate users, and manage team access
  • Billing and payments: process subscription payments, send invoices, and manage billing cycles
  • Communications: send service notifications, security alerts, product updates, and respond to support requests
  • Improvement and analytics: analyze usage patterns to improve the Services, develop new features, and optimize performance
  • Security: detect and prevent fraud, abuse, and security threats
  • Legal compliance: comply with applicable laws, regulations, and legal processes
4

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Performance of a contract: processing necessary to provide the Services you have subscribed to
  • Legitimate interests: improving our Services, preventing fraud, ensuring security, and marketing our Services to existing customers
  • Consent: where you have given explicit consent, such as for marketing communications or non-essential cookies
  • Legal obligation: processing required to comply with applicable laws and regulations
5

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service providers: third-party vendors who assist us in operating the Services, including cloud hosting (infrastructure providers), payment processing (Stripe), email delivery (Resend), and analytics
  • Third-Party Marketplaces: when submitting takedown requests or enforcement actions on your behalf, limited information may be shared with marketplace operators as required by their processes
  • Legal requirements: when required by law, regulation, or legal process, or to protect the rights, property, or safety of Cyrolo, our users, or others
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction
  • With your consent: when you have given explicit consent to share your information with specific third parties

All service providers are bound by data processing agreements and are required to protect your data in accordance with applicable laws.

6

International Data Transfers

Cyrolo is based in the United States. If you are accessing the Services from the EEA, UK, or other regions with data protection laws, your personal data may be transferred to and processed in the United States or other countries where our service providers operate.

We ensure that international transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party processors
  • Technical and organizational measures to protect data in transit and at rest
7

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account data: retained for the duration of your Subscription plus 30 days after termination to allow data export
  • Billing records: retained for 7 years as required by tax and accounting regulations
  • Usage and log data: retained for up to 24 months for analytics and security purposes
  • Marketing communications: until you unsubscribe or withdraw consent
  • Support communications: retained for up to 3 years to provide ongoing support and improve our Services

When data is no longer needed, we securely delete or anonymize it in accordance with industry best practices.

8

Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and role-based permissions
  • Secure development practices and code review processes
  • Incident response procedures and breach notification protocols
  • Employee security training and background checks

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable multi-factor authentication on your Account.

9

Your Rights

GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (“right to be forgotten”)
  • Right to restriction: request restriction of processing of your personal data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the CCPA:

  • Right to know: request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to delete: request deletion of your personal information
  • Right to opt-out: opt out of the sale of your personal information (we do not sell personal information)
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

10

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate the Services, remember your preferences, and analyze usage. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings or through our cookie consent banner. Disabling certain cookies may affect the functionality of the Services.

11

Children's Privacy

The Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child, please contact us at [email protected].

12

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. We will notify you of material changes by email or by posting a prominent notice on the Platform at least 30 days before the changes take effect. The “Effective date” at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.

13

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: [email protected]
  • Address: Cyrolo LLC, 30 N Gould St Ste N, Sheridan, WY 82801, United States

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.