Privacy Policy

CyberBrief AI is a cybersecurity intelligence platform operated by SmartData Technologies Limited, a company registered in Bangladesh (“SmartData”, “we”, “us”, or “our”).

This Privacy Policy explains how we collect, use, store, and protect information when you use cyberbrief.online and associated services (collectively, the “Platform”).

By using CyberBrief AI, you agree to the collection and use of information in accordance with this policy.

Contact for privacy matters:
SmartData Technologies Limited, Dhaka, Bangladesh
Email: info@smartdataltd.com
WhatsApp: +88 01903903903

2.1 Account information. When you create an account, we collect:

• Name and work email address
• Organisation name and type
• Job title or designation
• Phone number (optional)

2.2 Security and threat data. To provide the Platform's services, we process:

• IP addresses and domain names you submit for monitoring
• Software inventory and asset information you enter or import
• Vulnerability scan results you upload
• Compliance assessment responses
• Security findings and incident records

This data belongs to your organisation and is processed solely to deliver the Platform's services to you.

2.3 Usage data. We automatically collect:

• Login timestamps and session duration
• Pages visited and features used
• Browser type and device information
• Actions taken within the Platform

2.4 Communication data.

• Email addresses for alerts and reports
• WhatsApp numbers for security notifications (if provided)
• Support messages and feedback

We use collected information to:

• Provide and maintain the CyberBrief AI Platform and its features
• Send security alerts, daily briefs, and compliance notifications you have requested
• Generate Bangladesh Bank examination evidence packages and reports
• Process payments and send invoices
• Respond to support requests
• Improve the Platform based on usage patterns
• Comply with applicable laws and regulations in Bangladesh

We do not sell your personal information to third parties. We do not use your security data for any purpose other than providing the Platform to you.

4.1 Where your data is stored. CyberBrief AI uses Supabase for data storage, which uses cloud infrastructure. Your data is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit).

4.2 Bangladesh data considerations. We understand that Bangladesh Bank-regulated institutions have data residency and localisation requirements. If your organisation has specific data residency requirements, please contact us at info@smartdataltd.com before subscribing so we can discuss your requirements.

4.3 Security measures. We implement appropriate technical and organisational measures including:

• Encryption at rest and in transit
• Role-based access controls
• Audit logging of all data access
• Regular security assessments

We share your information only in the following limited circumstances:

5.1 Service providers. We use trusted third-party services to operate the Platform:

• Supabase: database and authentication
• Resend: transactional email delivery
• WATI: WhatsApp notification delivery
• Anthropic: AI-generated content (Claude API — prompts and responses are not used to train Anthropic's models under our current agreement)

These providers process data only as necessary to provide their services and are bound by appropriate data processing agreements.

5.2 Threat intelligence enrichment. To provide threat intelligence, we query the following external services with technical data only (no personal data):

• NIST NVD: CVE vulnerability data
• CISA: Known Exploited Vulnerabilities
• AlienVault OTX: threat intelligence
• Abuse.ch ThreatFox: malware IOCs
• Shodan: internet exposure data
• Vulners: exploit data
• VirusTotal: IOC reputation
• Have I Been Pwned: breach data

Only technical identifiers (IP addresses, domain names, CVE IDs) are shared with these services. No personal information is transmitted.

5.3 Legal requirements. We may disclose your information if required by applicable law, court order, or lawful request from Bangladesh government authorities.

5.4 Business transfers. In the event of a merger or acquisition of SmartData Technologies Limited, your data may be transferred to the acquiring entity, subject to the same privacy protections.

We retain your data as follows:

• Account data: for the duration of your subscription plus 12 months after termination
• Security and compliance data: for the duration of your subscription plus 36 months (to support BB examination historical evidence requirements)
• Usage logs: 12 months
• Audit trail: 7 years (as required for Bangladesh Bank compliance records)
• Backup data: deleted within 90 days of account termination

You may request deletion of your data at any time by contacting info@smartdataltd.com. Deletion requests are processed within 30 days, except where retention is required by law.

As a user of CyberBrief AI, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing activities

To exercise any of these rights, contact info@smartdataltd.com. We will respond to all requests within 30 days.

CyberBrief AI uses minimal cookies:

• Authentication cookies: Required for login sessions. Cannot be disabled.
• Preference cookies: Remember your display preferences. Can be cleared by clearing browser data.

We do not use advertising cookies, tracking pixels, or third-party analytics that share data with advertisers. We do not use Google Analytics or similar advertising-linked analytics tools.

If you opt in to security notifications, we will send alerts via:

• Email (via Resend)
• WhatsApp (via WATI, if number provided)
• Browser push notifications (if enabled)
• Slack or Microsoft Teams (if integrated)

You can manage notification preferences in Settings → Notifications at any time.

CyberBrief AI is an enterprise platform intended for use by security professionals and organisations. It is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Send an email notification to all registered account holders
• Display a notice in the Platform for 30 days

Continued use of CyberBrief AI after changes constitutes acceptance of the updated policy.

For any privacy-related questions, concerns, or requests, please use the contact details in the box below.