Privacy Policy

Last updated: March 29, 2026

1. Introduction
Cybenta (“Company,” “we,” “us,” or “our”) operates the Cybenta AI sales intelligence platform, accessible at app.cybenta.ai and via the Cybenta desktop application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service.

By using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect
2.1 Account Information
When you create an account, we collect your name, email address, and organisation name. Authentication credentials are managed securely using an enterprise-grade identity provider.

2.2 Meeting and Call Data
The core function of Cybenta involves joining your sales calls as a bot participant. When you enable this feature, we collect:
- Audio recordings of meetings you explicitly authorise the bot to join
- Real-time and post-call transcripts of those meetings
- Participant names and identifiers as provided by the conferencing platform
- Meeting metadata (title, duration, date, platform)
You are responsible for obtaining any legally required consent from all meeting participants before enabling this feature. Cybenta provides tools to help you notify participants, but compliance with applicable recording consent and privacy laws remains your responsibility.

2.3 Calendar Data
If you connect a Google Calendar or Microsoft Outlook calendar, we access:
- Event titles, times, locations, and attendee lists for events on your calendar
- Meeting links to enable automated bot joining
- Acceptance status of calendar invitations
We access only the minimum calendar data necessary to provide scheduling and auto-join features. We do not read, store, or analyse calendar events unrelated to meetings you have authorised.

2.4 Knowledge Base Content
If you upload documents or connect cloud storage or productivity integrations, we store and process the content of those files to power the AI knowledge search features. This may include proprietary business documents, sales materials, and competitive intelligence.

2.5 Usage Data
We collect information about how you use the Service, including:
- Features accessed and actions taken
- Session duration and frequency
- Error logs and diagnostic information

2.6 Billing Information
Payment processing is handled by a PCI-DSS compliant payment processor. We do not store full payment card numbers. We retain billing metadata such as subscription status, plan tier, and customer identifiers.

2.7 Desktop Application Data
If you use the Cybenta desktop application, it connects to our service over an encrypted connection. The application processes data locally and transmits only the data necessary for the AI features. We do not capture screen content outside of active, authorised meeting sessions.

2.8 Zoom Integration Data
When you connect Zoom through the Cybenta Zoom App, we collect your Zoom user ID, display name, and meeting identifier via the Zoom Apps SDK. We use this solely to authenticate your session and correlate real-time coaching data with the correct meeting. We do not store Zoom access tokens beyond the duration of the active session. Zoom OAuth refresh tokens are stored encrypted and used only to maintain your connected integration.

3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Transcribe and analyse sales calls using AI
- Generate MEDDPICC assessments, deal health scores, signal alerts, and coaching cards
- Enable automated meeting joining via calendar integration
- Answer questions using your uploaded knowledge base
- Send transactional emails (meeting summaries, invite notifications, billing receipts)
- Enforce subscription limits and billing
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your meeting content, transcripts, or uploaded documents to train AI models.

4. Third-Party Service Providers
We engage trusted third-party service providers to help us deliver the Service. These providers process data on our behalf under appropriate data processing agreements and are not permitted to use your data for their own purposes. The categories of providers we use include:
- Meeting infrastructure: Providers that facilitate bot joining of video calls and deliver real-time transcription.
- AI processing: Providers that run AI models for transcription analysis, signal detection, and content generation.
- Cloud infrastructure: Providers that host our servers, databases, and file storage.
- Email delivery: Providers used to send transactional and notification emails.
- Payment processing: Providers that handle subscription billing and payment data.
- Calendar and productivity integrations: Third-party platforms you choose to connect, including Google, Microsoft, and Zoom. Your use of these integrations is also governed by their respective privacy policies.
Where providers are located outside the UK or EEA, we ensure appropriate safeguards are in place (such as UK Addendum to Standard Contractual Clauses or equivalent mechanisms) to protect your data.

Legal Basis, Retention, Rights, & More

5. Legal Basis for Processing (UK GDPR)
We process your personal data on the following legal bases:
- Contract: Processing necessary to provide the Service you have subscribed to, including meeting analysis, transcription, and account management.
- Legitimate Interests: Improving the Service, preventing fraud, and sending relevant product communications, where these interests are not overridden by your rights.
- Legal Obligation: Retaining billing and financial records as required by law.
- Consent: Where you have provided explicit consent, such as connecting calendar or third-party integrations.

6. Data Retention
- Meeting transcripts and AI-generated content: Retained for the duration of your subscription plus 90 days after cancellation.
- Uploaded knowledge base documents: Deleted within 30 days of your removing them or cancelling your subscription.
- Account data: Retained for 90 days after account closure to allow for reactivation, then permanently deleted.
- Billing records: Retained for 7 years as required by UK financial regulations.
You may request deletion of your data at any time by contacting privacy@cybenta.ai.

7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data in certain circumstances.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Rights related to automated decision-making: Not be subject to solely automated decisions that produce significant effects.
To exercise any of these rights, contact privacy@cybenta.ai. We will respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

8. Cookies
Our web application uses essential cookies required for authentication and session management. We do not use third-party tracking or advertising cookies. By using the Service, you consent to our use of essential cookies.

9. Children’s Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, contact us at privacy@cybenta.ai.

10. International Data Transfers
Some of our service providers operate outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with UK data protection law, including Standard Contractual Clauses or equivalent transfer mechanisms.

11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission or storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR.

Changes, Contact, Controller

12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 14 days before the change takes effect. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact and Data Controller
Cybenta is the data controller for personal data processed through the Service.

For privacy-related questions, requests, or complaints:

Email: privacy@cybenta.ai
Website: https://cybenta.ai