Legal

Privacy Policy

Last Updated: December 8, 2025

CyWire, Inc. ("CyWire," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including Master Prompts, Knowledge Base, and AI processing features.

Key Principle: Your data belongs to you. We process it only to provide services and never sell it to third parties.

Information We Collect

Account Information

  • Email address, password (encrypted), and organization name
  • Billing information (processed by Stripe; we do not store credit card numbers)
  • Subscription tier, industry type, and account preferences

Content You Create

  • Master Prompts, sections, variables, schemas, and metadata
  • Knowledge Base documents (PDFs, Word, Excel files)
  • AI-generated content and test results
  • Version history and edit logs

Usage Information

  • API requests, feature usage, and AI credit consumption
  • Device information (browser, OS, IP address)
  • Session data and authentication tokens
  • Performance metrics and error logs

How We Use Your Information

We use your information to:

  • Provide platform services: Create Master Prompts, process AI requests, store Knowledge Base documents
  • Billing and payments: Process subscriptions, track credit usage, send invoices
  • Improve our services: Analyze usage patterns (anonymized), fix bugs, develop new features
  • Communication: Send service updates, security alerts, and billing notifications via platform notifications
  • Security and fraud prevention: Detect unauthorized access, prevent abuse, maintain platform integrity

What We DON'T Do

  • ❌ Sell your data to third parties
  • ❌ Use your Master Prompts or Knowledge Base content for our own purposes
  • ❌ Share your data with advertisers
  • ❌ Train AI models on your proprietary content

AI Processing & Third-Party Services

When you use AI features (Master Prompt generation, document analysis), your content is processed by third-party AI services (OpenAI, Anthropic, Google, etc.).

Third-Party AI Processing

  • • We use API access to third-party AI services (OpenAI, Anthropic, Google, etc.)
  • • According to third-party AI service terms, they do not train models on API customer data
  • • Data is encrypted in transit via HTTPS when sent to third-party AI services
  • • We only send data you explicitly choose to process (e.g., clicking "Generate" button)
  • • We do not control or guarantee third-party AI service security practices beyond their published terms

⚠️ Your Responsibility

When you use AI processing features, your content is sent to external third-party AI services. While these third-party services state they do not train on API customer data, we cannot verify or guarantee their practices. Do not submit:

  • • Passwords, API keys, or authentication credentials
  • • Highly sensitive personal information (SSN, credit card numbers, medical records)
  • • Trade secrets or confidential business information you're not comfortable being processed by third parties
  • • Content that violates third-party AI service terms of service

Review your organization's data handling policies and consult legal/compliance teams before processing sensitive content through AI features. By using AI features, you acknowledge the risks of third-party data processing.

Data Security Measures

We implement reasonable security practices to protect your data:

  • Encryption: Data encrypted in transit via HTTPS/TLS (industry-standard secure connections)
  • Database security: Enterprise-grade cloud database with row-level security policies and encrypted connections
  • Authentication: Secure password authentication with industry-standard password hashing
  • Access controls: Row-level security (RLS) policies limit data access based on user authentication
  • Infrastructure: Hosted on enterprise cloud infrastructure with SOC 2 Type II certification
  • Session management: Secure session tokens with automatic expiration

Important: No security system is impenetrable. We implement reasonable safeguards appropriate for a cloud-based SaaS platform, leveraging enterprise-grade infrastructure. However, we cannot guarantee absolute security against all threats. Report any suspected security vulnerabilities to support@cywire.com.

Data Breach Notification

In the event of a data breach that affects your personal information:

  • • We will make reasonable efforts to notify affected users within a reasonable timeframe (as required by applicable law)
  • • Notification may be via platform notification or public disclosure
  • • We will provide available information about the breach, affected data, and recommended steps
  • • We are not liable for damages resulting from data breaches, to the maximum extent permitted by law

Your Privacy Rights

Depending on your location (GDPR, CCPA, etc.), you may have the right to:

  • Access: Request a copy of your personal data we hold
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your Master Prompts and Knowledge Base content
  • Opt-out: Unsubscribe from marketing communications (service emails still sent)
  • Restrict processing: Limit how we use your data in certain circumstances

To exercise these rights, contact us at support@cywire.com. We will respond within 30 days (or as required by applicable law).

Limitations on Privacy Rights

Your privacy rights are subject to limitations:

  • Published content: Cannot be deleted once published to Global/Marketplace (ownership transferred to CyWire)
  • Legal obligations: We may retain data to comply with laws, regulations, legal processes, or investigations
  • Billing records: Tax and financial records retained for 7 years regardless of deletion requests
  • Technical limitations: Complete deletion may not be technically feasible due to backups and distributed systems
  • Fraud prevention: Data may be retained to prevent fraud, abuse, or Terms violations

Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Essential cookies: Authentication, session management, security (cannot be disabled)
  • Analytics cookies: Usage patterns, feature adoption, performance monitoring (anonymized)
  • Preference cookies: Theme settings, language preferences, UI customization

You can manage cookies through your browser settings, but disabling essential cookies may prevent you from using certain platform features.

Data Retention

We retain your data as follows:

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: 30-day grace period before permanent deletion begins
  • Private content: Permanently deleted after the 30-day grace period (subject to backup retention)
  • Published/Marketplace content: Ownership irrevocably transfers to CyWire upon publication - content remains available indefinitely
  • Global community prompts: Remain CyWire property permanently (authorship credited to "CyWire Community" after deletion)
  • Billing records: Retained for 7 years minimum (legal/tax compliance requirements)
  • Backups: Deleted content may persist in backup systems for up to 90 days
  • Anonymized analytics: Aggregated usage data retained indefinitely for platform improvement
  • Legal holds: Data may be retained longer if required by law, legal proceedings, or investigations

Account Deletion Process

  1. Request deletion from your profile settings or contact support@cywire.com
  2. 30-day grace period begins - you can cancel anytime during this period via your account settings
  3. After 30 days: Private data deletion begins; public content remains CyWire property

⚠️ No Guarantee of Complete Deletion

While we make reasonable efforts to delete your data, we cannot guarantee complete deletion due to:

  • • Backup systems (data may persist up to 90 days in archival backups)
  • • Third-party service caches (CDNs, third-party AI services, analytics services)
  • • Technical limitations of distributed database systems
  • • Legal requirements (subpoenas, investigations, regulatory compliance)
  • • Public content already distributed to users (Global/Marketplace prompts)

By using CyWire, you acknowledge these limitations and waive any claims related to incomplete data deletion.

Children's Privacy

CyWire is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately at support@cywire.com.

Changes to This Privacy Policy

CyWire reserves the right to modify this Privacy Policy at any time at our sole discretion. When we make material changes:

  • • We will update the "Last Updated" date at the top of this page
  • • We may notify you via platform notification (at our discretion, not required)
  • • Continued use of the platform after changes constitutes acceptance of the updated Privacy Policy
  • • If you do not agree, you must stop using the platform and may request account deletion

It is your responsibility to review this Privacy Policy periodically. We are not obligated to notify you of changes, and your continued use constitutes acceptance regardless of whether you read the updated policy.

Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

support@cywire.com

Related Policies:

Terms of ServiceMaster Prompt LicenseAcceptable Use PolicyService Level Agreement