-

Learn why human risk is the next frontier in cybersecurity Read Now

Contact Us
Book a Demo

Privacy policy

Updated: June 25, 2025

Term Of This Privacy PolicyOur ServiceInformation We CollectHow Cymphony Uses the InformationHow to Opt-out?Specific Provisions for Users from the European Economic Area (EEA)Your Data Protection Rights under the GDPRSpecific Provisions for Users From California, United States Under California Data Protection Rights Laws. Duration of Information Retention and StoringSharing Information With Third PartiesThird Party Websites; Third Parties CookiesInformation SecurityChildren's PrivacyMiscellaneousContact Us

This Privacy Policy explains how Cymphony Inc. and its affiliates (“Cymphony”) collect, use, and protect personal information from individuals (“Users”) who visit, access, or use our website (the “Website”) and any related features, content, or services we offer through the Website (together with the Website, the “Service”). We are committed to protecting your privacy and safeguarding your personal information (as set forth below). Please read this policy carefully to understand how we handle your data and to help you make informed decisions. By visiting, accessing, or using the Service, you agree to the terms of this Privacy Policy.

Term Of This Privacy Policy

This Privacy Policy takes effect when you first access or use the Service and will remain in force for as long as you continue to use or have access to the Service, or for a longer period if required under this Privacy Policy.

By using the Service, you explicitly consent to the collection, storage, use, and sharing of your personal information as described in this Privacy Policy, including any updates made from time to time.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do, we will revise the “Last Updated” date at the bottom of the policy. If we make material changes, we will provide notice through the Service or by other means, as required by applicable law. Continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

Please note that the Service may occasionally contain unintentional errors or inaccuracies. Cymphony will make reasonable efforts to correct these as needed, at its sole discretion. While we regularly update and improve the content provided through the Service, some inaccuracies may occur during or between updates. Cymphony does not accept any responsibility or liability for such errors.

We also make reasonable efforts to keep the Service free of viruses, but we cannot guarantee complete protection. Users are responsible for taking appropriate precautions—such as using antivirus software—before downloading any content from the Service.

Our Service

Cymphony offers a Workforce Risk Management Platform.

Information We Collect

When you access or use the Service, Cymphony may collect certain types of personal information (the “Personal Data”) directly from you or through your interactions with the Service. This may include:

  • Contact and Identification Information/First-Party Data: Such as your full name, phone number, email address, job title, place of work, and any other details you may be asked to provide when registering for or using the Service.
  • Voluntary Information: Any information you choose to provide voluntarily when interacting with Cymphony—for example, when you respond to communications, request support, contact us via email, or submit information through the Service.
  • Usage and Transaction Data: Details about the Services you use, purchases you make, or transactions you carry out through the Service. This may also include messages you send to Cymphony and related metadata (such as timestamps and communication method), including responses to surveys or questionnaires.
  • Other Information: Any additional personal data you choose to share with us through the Service.

Before providing personal information about another individual, Users must ensure they have that person’s consent to share the information and to allow it to be processed in accordance with this Privacy Policy.

In addition to the Personal Data you provide directly, Cymphony may collect certain technical and usage-related data when you access or use the Service (collectively “Usage Data”). This may include:

  • Device Information. We may collect information related to your device and its connection, which may include online identifiers, unique device identifiers (such as UDID or MAC address), operating system details, IP address, browser type, and approximate geolocation data.
  • Cookies and Similar Technologies. Like many websites, Cymphony uses cookies to improve functionality, personalize your experience, and analyze usage patterns. Cookies are small data files stored on your device that help us recognize your browser, but do not identify you personally. You can disable cookies through your browser settings (see instructions below); however, doing so may limit your access to certain features of the Service. By accessing the Service, you expressly consent to our use of cookies as described in this policy. We may also use similar technologies—such as web beacons—to collect anonymous information such as IP address, referring website, pages visited, browser type, and interactions with emails sent by Cymphony (e.g., whether an email was opened).

You can manage cookie settings through your browser preferences. For convenience, you can review instructions on managing cookies at:

  • Ancillary Data. We may collect additional technical data related to your use of the Service, including, configuration and usage information; logs of user activities, login history, clickstream data, and session metadata; application performance data, bug and crash reports, and system diagnostics, which may include IP address, username, host name, and location at the time of the issue.

Together, the Personal Data and Usage Data described in this Privacy Policy are referred to collectively as the “Information.”

How Cymphony Uses the Information

Cymphony uses the Information it collects in accordance with applicable laws and for the following purposes:

  • To Provide and Operate the Service: Including account setup, access management, and delivering requested features or content.
  • To Verify Identity: To confirm User identity and maintain accurate account details.
  • To Improve and Personalize the Service: Enhancing the design, functionality, performance, and overall user experience.
  • To Communicate with Users: Including responding to inquiries, providing technical or customer support, and sending service-related updates (such as payment confirmations, usage notices, or important service changes).
  • To Analyze and Monitor Use of the Service: To gather analytics, usage trends, and statistical insights that help improve performance and guide future development.
  • To Detect and Prevent Fraud or Security Threats: Including unauthorized access, potential misuse, illegal activities, and other violations.
  • For Cybersecurity and Insurance Purposes: Including managing insurance claims, technical diagnostics, and responding to incidents.
  • To Combine Data: We may link or combine the Information with other data received from third-party partners or platforms to better understand user needs and deliver improved services.
  • For Record-Keeping and Internal Management: Maintaining logs, audit trails, reports, and backups as needed for operational and legal compliance.
  • To Post Testimonials: If you submit a testimonial, you consent to us displaying your name alongside your comments on our Service or website.
  • To Comply with Legal Obligations: Where required by law or court order, or in connection with investigations, legal claims, or regulatory inquiries.
  • To Enforce Our Terms of Service or Other Agreements: We may use your information to ensure compliance with our terms and investigate any suspected violations.
  • To Support Business Transfers: If we undergo a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, in accordance with this Privacy Policy.

How to Opt-out?

If you no longer wish to receive communications from Cymphony, you may opt out at any time by:

  • Clicking the “unsubscribe” link included in any email communication you receive from us; or
  • Sending a request by email to privacy@cymphony.io.

Please note that even if you opt out of receiving marketing communications, we may still send you important service-related or transactional messages—for example, updates about your account, subscription, or order confirmations.

If you wish for Cymphony to stop collecting your Information, you may also email us at privacy@cymphony.io with your request. Please be aware that this request will not apply retroactively and will not affect Information already collected by Cymphony in accordance with your prior consent and this Privacy Policy.

We will process your request as soon as reasonably possible and confirm once completed.

If you are using a mobile device, your device may provide you with options to limit or reset your advertising ID, which is used to deliver personalized ads:

  • iOS: Go to Settings > Privacy & Security > Tracking and disable tracking or reset your IDFA under Settings > Privacy > Apple Advertising.
  • Android: Go to Settings > Google > Ads > Opt out of Ads Personalization or reset your AAID.

Please note that opting out does not disable ads entirely but limits the personalization of ads you may see.

Specific Provisions for Users from the European Economic Area (EEA)

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), Cymphony processes your Personal Data in accordance with the General Data Protection Regulation (GDPR). The legal basis for processing depends on the type of Personal Data collected and the context in which it is processed. Cymphony may process your data based on one or more of the following grounds:

  • Performance of a contract: Where processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
  • Consent: Where you have given Cymphony clear permission to process your Personal Data for a specific purpose.
  • Legitimate interests: Where the processing is necessary for Cymphony’s legitimate business interests and is not overridden by your rights and freedoms.
  • Legal obligation: Where Cymphony is required to process your data to comply with applicable legal obligations.

Your Data Protection Rights under the GDPR

As an EEA resident, you have the following rights regarding your Personal Data. Cymphony is committed to enabling you to exercise these rights effectively:

  • Right of access: You have the right to request access to the Personal Data Cymphony holds about you.
  • Right to rectification: You have the right to request that Cymphony correct any inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Under certain circumstances, you may request that Cymphony delete your Personal Data.
  • Right to restrict processing: You have the right to request that Cymphony limit the processing of your Personal Data in certain cases.
  • Right to object: You may object to Cymphony’s processing of your Personal Data when processing is based on legitimate interests.
  • Right to data portability: You may request a copy of your Personal Data in a structured, commonly used, and machine-readable format and request that it be transferred to another controller, where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at privacy@cymphony.io. Cymphony may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local Data Protection Authority if you believe your rights under GDPR have been violated. For more information, please contact the supervisory authority in your country within the EEA.

Specific Provisions for Users From California, United States Under California Data Protection Rights Laws.

If you are a California resident, you may have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights apply to Personal Data collected by Cymphony in connection with providing products or services for personal, family, or household use.

Your Rights

You may exercise the following rights:

  • Right to Know what Personal Data we collect, use, disclose, or share.
  • Right to Delete Personal Data we have collected from you, subject to legal exceptions.
  • Right to Correct inaccurate Personal Data.
  • Right to Opt Out of the Sale or Sharing of Personal Data for cross-context behavioral advertising.
  • Right to Limit the Use of Sensitive Personal Data, if collected.
  • Right to Non-Discrimination for exercising any of your privacy rights.

Sale or Sharing of Personal Data

Cymphony does not sell Personal Data for monetary compensation. However, we may share Personal Data—such as IP addresses, online identifiers, and device/browser data—with third-party analytics or advertising platforms (e.g., Google Analytics, Meta Pixel, LinkedIn Insights) to help us understand how users interact with the Service and to improve our marketing efforts. Under the CPRA, this may be considered "sharing" for cross-context behavioral advertising purposes.

If you wish to opt out of such sharing, you may email us at privacy@cymphony.io with the subject line: “California Privacy Request.”

We also honor Global Privacy Control (GPC) signals, which are browser-based privacy preferences indicating your choice to opt out of the sale or sharing of your Personal Data. When a GPC signal is received, we treat it as a valid opt-out request.

Requests for Direct Marketing Disclosures

Under California’s "Shine the Light" law, you may also request—up to twice per calendar year—details about whether we have shared Personal Data with third parties for their own direct marketing purposes. If applicable, we will provide:

  • A list of the categories of Personal Data disclosed; and
  • The names and addresses of third parties who received such information in the prior calendar year.

To make this request, email us at privacy@cymphony.io with the subject line: “Request for California Privacy Data.”

Please note that some Personal Data may not be subject to CCPA/CPRA disclosure requirements. We will respond in accordance with applicable law.

Duration of Information Retention and Storing

Cymphony retains Users’ Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

We may retain Personal Data to comply with legal obligations (e.g., tax, audit, or regulatory requirements), resolve disputes, enforce our agreements and policies, or protect our legitimate business interests.

Usage Data (such as analytics and technical logs) is typically retained for shorter periods, unless it is needed to improve the performance or security of the Service, or if we are legally required to retain it for longer durations.

The Service is hosted on servers located in North America/Europe/Australia. Some Personal Data may be transferred and stored outside of your jurisdiction, including in countries that may not provide the same level of data protection as your home country.

We store data on servers managed by trusted third-party service providers, including, without limitations, Amazon Web Services, with mailing address at 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal, Amazon Web Services, Inc. You can review their privacy practices by visiting: https://aws.amazon.com/privacy/.

Cymphony ensures that any cross-border data transfers are made in compliance with applicable data protection laws, including the use of adequate safeguards where required.

Sharing Information With Third Parties

Cymphony may share Users’ Personal Data with third parties, but only as necessary and in accordance with the purposes set out in this Privacy Policy. Such sharing is limited to what is reasonably required and subject to appropriate confidentiality and data protection safeguards.

We may disclose Personal Data to:

  • Employees, contractors, service providers, and advisors. Cymphony may share Personal Data with employees, managers, security personnel, legal or financial advisors, consultants, agents, suppliers, or subcontractors, as reasonably necessary for operating, supporting, or improving the Service.
  • Authorized service providers. We may share information with third-party vendors that support the Service (such as cloud hosting providers, payment facilitators, CRM platforms, email distribution services, and analytics providers).
  • Affiliates and subsidiaries. Cymphony may share Personal Data with its affiliated companies and subsidiaries, where such sharing supports our internal operations or service delivery.
  • Legal and regulatory purposes: Cymphony may disclose Personal Data where required by law, regulation, court order, or legal process, or where necessary to enforce our legal rights, comply with applicable law or respond to lawful government requests, detect, prevent, or address fraud or other illegal activity, or ensure the safety and security of the Service and its Users.
  • Business transfers. In the event of a merger, acquisition, reorganization, or sale of all or part of Cymphony’s assets, Personal Data may be transferred to the acquiring entity or third party involved in the transaction, subject to the protections outlined in this Privacy Policy.
  • Aggregated and anonymized data: Cymphony may share de-identified or aggregated information that cannot reasonably be used to identify an individual. This type of data may be disclosed to business partners, investors, or the public for analytics, research, or marketing purposes.

Third Party Websites; Third Parties Cookies

Cymphony’s Service uses cookies and similar technologies, including third-party cookies such as Google Analytics, to help us understand how Users interact with our Service and to improve performance.

Please note that the use of cookies by these third parties is not covered by this Privacy Policy, and Cymphony does not have control over how such cookies operate. For more information, we encourage Users to review the privacy and cookie policies of the relevant third-party services. For example, to learn how Google uses data collected through its services, you can visit: https://policies.google.com/technologies/partner-sites.

Users can manage their cookie preferences by adjusting their browser settings. Most browsers allow Users to:

  • Receive a warning when a cookie is being set;
  • Block all cookies or only third-party cookies;
  • Delete existing cookies manually or automatically when the browser is closed.

Please be aware that disabling cookies may affect the functionality of the Service. Additionally, even if third-party marketing cookies are disabled, Cymphony may still share personal information with third parties for non-marketing purposes, such as:

  • Fulfilling User requests or transactions;
  • Responding to inquiries or providing customer support;
  • Ensuring system functionality or security.

Information Security

Cymphony implements industry-standard technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include internal reviews of our data collection, storage, and processing procedures, as well as the security technologies used to safeguard information.

While we take reasonable steps to secure your information, please note that no method of transmission over the internet or method of electronic storage is completely secure. Therefore, Cymphony cannot guarantee the absolute security of any information transmitted or stored. Access to Personal Data is strictly limited to Cymphony employees, contractors, and service providers who need the information to operate, develop, or improve the Service. All such individuals are bound by contractual confidentiality obligations and are required to process information solely in accordance with this Privacy Policy and for the purposes for which it was originally collected.

Children's Privacy

Users must be at least eighteen (18) of age to access Cymphony’s Service. Cymphony’s Service must not be used by individuals who are under the age of eighteen (18) (collectively, "Children").

Cymphony does not knowingly collect personally identifiable information from anyone under the age of eighteen (18). If a parent or guardian is aware that his/her Children have provided Cymphony with any Personal Data, he/she is requested to contact Cymphony. If Cymphony becomes aware that it has collected Personal Data from Children without verification of parental consent, Cymphony will take steps to remove that information from its servers.

Cymphony will obtain prior parental consent if any changes Cymphony makes to this Privacy Policy affect users under the age of 18 in a way that requires such consent under the applicable law including the Children's Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505.

Miscellaneous

For any question, concern, comments or suggestions regarding this Privacy Policy, please contact Cymphony at privacy@cymphony.io.

Cymphony reserves the right at any time to modify this Privacy Policy. Any such modification will be effective immediately upon posting the amended Privacy Policy on the Service and/or by sending a notification to the Users. The User’s continued use of the Service after the effective date of any such modification will be deemed acceptance of such modified Privacy Policy.

All disputes arising out of this Privacy Policy will be subject to the governing laws of Delaware and the exclusive jurisdiction of the competent local and federal courts located in Delaware, United States. The User and Cymphony agree and submit to the personal and exclusive jurisdiction and venue of these courts, except that nothing will prohibit either party from instituting an action in any court of competent jurisdiction to obtain injunctive relief or protect or enforce its intellectual property rights. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to the Terms.

Copyright. The copyrights in this publication are owned by Cymphony Ltd. and its subsidiaries.

Trademarks. "Cymphony" is a trademark of Cymphony and may be a registered or unregistered trademark in certain jurisdictions. No license to use any Cymphony trademarks is granted or implied. These trademarks may not be copied, downloaded, reproduced, used, modified, or distributed in any way (except as part of an authorized use of material from the Service) without Cymphony’s prior written consent. All other trademarks, service marks, or trade names appearing in the Service are the property of their respective owners.

Contact Us

If you have questions or comments about the Privacy Policy or Cymphony's data collection in general, please send us an email at privacy@cymphony.io.