Privacy Policy

Last Updated: January 25, 2026

1. Introduction

Cybat AI ("we," "our," or "us") provides an autonomous security agent for Google Cloud Platform. This policy explains how we handle technical telemetry and log data. We are committed to "Privacy by Design," ensuring that your security data is used only for protection, never for profiling or secondary marketing.

2. Data We Process

Our agent processes the following data via your Google Cloud Pub/Sub integration:

  • Network Metadata: Source IP addresses, destination ports, and protocol types.
  • HTTP Metadata: User agents, request paths, and response codes (Layer 7 logs).
  • Security Events: Cloud Armor violations and Firewall hit counts.

We do not store the full payload of your application's database or private user content.

3. Use of AI and Machine Learning

Cybat AI utilizes the Google Gemini API (Vertex AI) to analyze log patterns. In accordance with the EU AI Act (2026):

  • No Training: We use "Zero-Retention" inference. Your data is not used to train the underlying Google Gemini models.
  • Automated Decisions: Our AI may trigger automated IP blocking. You maintain "Human-in-the-Loop" control through the Cybat AI dashboard settings.

4. Data Retention

Technical logs processed by Cybat AI are retained for the minimum period required for security analysis (typically 30 days) unless otherwise configured by your enterprise retention policy in Google Cloud Logging.

5. Compliance (GDPR/CCPA)

We act as a Data Processor under GDPR. All data remains within the Google Cloud region you specify during deployment (Data Sovereignty). Users have the right to request access to or deletion of telemetry tied to their identifiers.

For privacy inquiries, please contact our Data Protection Officer at privacy@cybat-ai.com.