Privacy Policy

CyberVantage ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

Information You Provide

• Account Information: Full name, email address, and password when you register.
• Profile Information: Professional title, bio, experience, skills, certifications, location, timezone, and social media links (for mentors).
• Booking Information: Session topics, notes, scheduling preferences, and meeting feedback.
• Communication Data: Messages, reviews, and support inquiries you submit through the Platform.

Information Collected Automatically

• Device Information: Browser type, operating system, and device identifiers.
• Usage Data: Pages visited, features used, session duration, and interaction patterns.
• IP Address: Used for security, rate limiting, and approximate geolocation.

2. How We Use Your Information

• Provide Services: Facilitate mentor-mentee connections, process bookings, and deliver session features.
• Process Payments: Handle subscription billing, session payments, and mentor payouts.
• Communications: Send booking confirmations, session reminders, payment receipts, and important account notifications.
• Platform Improvement: Analyze usage patterns to improve features, fix bugs, and enhance user experience.
• Security: Detect and prevent fraud, abuse, and unauthorized access to accounts.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. Payment Data

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. CyberVantage does not store your credit card numbers, bank account details, or other sensitive financial information on our servers. We only store Stripe customer IDs and transaction references necessary to manage your account and process refunds.

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

• Between Users: Mentor profiles are visible to other users. When a booking is made, relevant contact details are shared between the mentor and mentee for that session.
• Service Providers: We use trusted third-party services to operate the Platform (see Section 10).
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where retention is required for legal or compliance purposes (e.g., payment records retained for tax and accounting requirements). Anonymized usage data may be retained indefinitely for analytics.

6. Security Measures

We implement industry-standard security measures to protect your data:

• Password Hashing: Passwords are hashed using bcrypt with salt rounds; we never store plaintext passwords.
• Token-Based Authentication: Short-lived JWT access tokens (15 minutes) with secure refresh token rotation.
• HTTPS Encryption: All data transmitted between your browser and our servers is encrypted via TLS.
• Rate Limiting: API endpoints are rate-limited to prevent brute-force attacks and abuse.
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks.
• HttpOnly Cookies: Authentication tokens are stored in HttpOnly cookies to prevent XSS-based token theft.

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate personal information through your profile settings.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Withdrawal of Consent: Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at privacy@cybervantage.ca. We will respond within 30 days.

8. Cookies & Local Storage

CyberVantage uses the following browser storage mechanisms:

• Authentication Cookies: HttpOnly, secure cookies that store encrypted session tokens. These are essential for the Platform to function and cannot be disabled.
• Session Storage: Temporary data (such as form state) stored in your browser session that is cleared when you close your browser.

We do not use third-party tracking cookies or advertising cookies.

9. Third-Party Services

We use the following third-party services to operate the Platform:

• Stripe: Payment processing, subscription management, and mentor payouts. Subject to Stripe's Privacy Policy.
• Resend: Transactional email delivery (booking confirmations, password resets, session reminders). Subject to Resend's Privacy Policy.
• Jitsi Meet: Video conferencing for mentoring sessions. Jitsi Meet sessions are peer-to-peer where possible and are not recorded by default. Subject to Jitsi's Privacy Policy.
• Vercel: Platform hosting and content delivery.
• Supabase: Database hosting and management.

10. Children's Privacy

CyberVantage is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Platform, you consent to the transfer of your information to these locations. We ensure appropriate safeguards are in place for international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Platform. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@cybervantage.ca.