CyberDrain B.V. Privacy Policy
Last updated: May 21, 2026
This Privacy Policy explains how CyberDrain B.V. ("CyberDrain," "we," "us," or "our") collects, uses, shares, protects, and otherwise processes personal data when you use our websites, hosted products, applications, APIs, documentation, communities, support channels, professional services, trials, events, marketing pages, and other offerings that link to this Privacy Policy (collectively, the "Services").
1. Introduction and Scope
This Privacy Policy applies when CyberDrain acts as a controller of personal data, such as when we operate our websites, manage accounts, communicate with prospects or customers, process billing and support information, run events, or market our Services.
Some CyberDrain products and services may process personal data that our customers submit, configure, or make available through the Services ("Customer Data"). When CyberDrain processes Customer Data on behalf of a customer, the customer is generally the controller or business, and CyberDrain acts as a processor or service provider under the applicable customer agreement, order, data processing addendum, or similar document. In that role, we process Customer Data according to the customer’s instructions and applicable law.
This Privacy Policy does not replace a customer’s own privacy notices, internal policies, or legal obligations. If you use the Services through an organization, your organization may control the account, configure the Services, and determine how your personal data is processed within that environment.
2. Who We Are
The controller for personal data covered by this Privacy Policy is:
CyberDrain B.V.
Goede Verwachtinghof 15
3192 XZ Hoogvliet Rotterdam
The Netherlands
You can contact us about privacy matters by using the privacy, contact, support, or account channels made available on our website or within the relevant Service, or by writing to the postal address above.
3. Personal Data We Collect
The personal data we collect depends on how you interact with CyberDrain and which Services you use. We may collect the following categories of personal data:
|
Category |
Examples |
|
Identity and contact data |
Name, business email address, postal address, telephone number, organization, role, username, single sign-on identity, account identifiers, and similar details. |
|
Account and authentication data |
Login credentials, password hashes, security settings, multi-factor authentication status, access permissions, session tokens, and account activity. |
|
Customer, subscription, and billing data |
Company details, billing contact, billing address, tax or VAT information, purchase history, subscription details, order information, invoice records, payment status, and transaction identifiers. Payment card or bank details may be processed by payment providers rather than stored directly by CyberDrain. |
|
Service usage and configuration data |
Product settings, tenant or environment identifiers, audit logs, API usage, service logs, licensing or warranty information, device-related data, integration metadata, and other information generated when using the Services. |
|
Customer Data |
Data submitted to, uploaded to, connected with, or processed through the Services by or on behalf of a customer, including data relating to customer users, client tenants, devices, environments, tickets, or workflows. |
|
Support and communications data |
Support tickets, messages, chat records, emails, call notes, attachments, feedback, community posts, event registrations, and other communications with us. |
|
Technical and device data |
IP address, browser type and version, device type, operating system, language settings, pages viewed, timestamps, referring and exit pages, diagnostic logs, crash reports, and approximate location inferred from IP address. |
|
Marketing and preference data |
Marketing preferences, cookie choices, campaign engagement, webinar or event interest, lead source, and interactions with our marketing communications. |
|
Job applicant data |
Resume/CV, employment history, education, qualifications, references, interview notes, and other information provided in connection with recruitment, where applicable. |
|
Sensitive data |
We do not intentionally request sensitive personal data unless it is needed for a specific Service or required by law. You should not submit sensitive data unless necessary for your use of the Services or requested by CyberDrain for a lawful purpose. |
4. Sources of Personal Data
We may collect personal data via sources, including, but not limited to:
- Directly from you when you create an account, register for a trial, request information, submit forms, attend events, use the Services, contact support, or communicate with us.
- From your organization, employer, customer, administrator, or other account owner when they create accounts, assign roles, connect integrations, configure Services, or submit Customer Data.
- Automatically from your device, browser, account, integrations, APIs, logs, cookies, and similar technologies when you use the Services.
- From third-party services that you or your organization choose to connect to the Services, such as identity providers, cloud platforms, ticketing tools, security tools, billing systems, or other integrations.
- From business partners, referral sources, event sponsors, marketing providers, analytics providers, advertising networks, and publicly available sources, where permitted by law.
- From social media, community platforms, embedded content providers, and third-party websites when you interact with CyberDrain content through those services.
- Essential cookies. These are necessary for security, authentication, session management, account access, load balancing, fraud prevention, and other core functionality.
- Functional cookies. These remember preferences and improve convenience, such as language, region, saved settings, or interface choices.
- Analytics and performance cookies. These help us understand how users navigate and use the Services, identify errors, measure performance, and improve the user experience.
- Marketing or advertising cookies. Where used and legally permitted, these may help measure campaigns, limit repeated messaging, or show relevant information about CyberDrain Services.
- Session replay or diagnostic technologies. Where enabled, these may help us understand technical issues and user experience problems. We configure these tools to avoid collecting unnecessary sensitive information where practicable.
- To provide, operate, maintain, secure, troubleshoot, and improve the Services.
- To create and manage accounts, authenticate users, administer permissions, and support single sign-on and other security features.
- To process orders, subscriptions, billing, payments, renewals, refunds where applicable, taxes, accounting, and related administration.
- To provide customer support, professional services, onboarding, training, maintenance, and service communications.
- To communicate with you about account activity, product updates, security notices, service changes, events, and other operational matters.
- To personalize the Services, remember preferences, analyze usage, measure performance, and develop new or improved features.
- To monitor, detect, investigate, prevent, and respond to security incidents, fraud, abuse, policy violations, illegal activity, or technical problems.
- To send newsletters or event invitations, manage campaigns, and measure marketing effectiveness, subject to consent and opt-out rights where required.
- To administer communities, forums, contests, events, training, feedback programs, and similar activities.
- To evaluate job applicants and manage recruitment processes, where applicable.
- To comply with legal obligations, respond to lawful requests, enforce agreements, resolve disputes, collect amounts owed, and protect the rights, property, and safety of CyberDrain, customers, users, and others.
- To create aggregated, anonymized, or de-identified data for statistics, benchmarking, product improvement, security, reporting, and lawful business purposes.
- Process Customer Data only to provide, secure, support, maintain, and improve the Services, and as otherwise instructed by the customer or permitted by the applicable agreement.
- Use appropriate technical and organizational measures designed to protect Customer Data against unauthorized access, use, disclosure, alteration, and destruction.
- Limit access to Customer Data to personnel and subprocessors who need access for authorized purposes and are subject to appropriate confidentiality obligations.
- Assist customers with data subject requests, security incidents, and compliance obligations as required by applicable agreements and law.
- Use aggregated, de-identified, or anonymized data for internal administration, usage statistics, benchmarking, product improvement, security, and similar lawful purposes, provided the data does not identify a customer or individual.
- Account and profile data may be retained while the account remains active and for a reasonable period afterward for security, dispute, and compliance purposes.
- Billing, accounting, tax, and transaction records may be retained for legally required retention periods.
- Support records may be retained for service history, troubleshooting, quality, security, and legal purposes.
- Security logs may be retained for a period appropriate to detect, investigate, and respond to security events.
- Customer Data is retained or deleted according to the relevant customer agreement, product functionality, customer instructions, and backup or disaster recovery practices.
- Aggregated, anonymized, or de-identified information may be retained for lawful business purposes.
- Access. Request confirmation of whether we process your personal data and receive a copy of personal data we hold about you.
- Correction. Request correction of inaccurate or incomplete personal data.
- Deletion. Request deletion of personal data, subject to legal and contractual limitations.
- Restriction. Request restriction of processing in certain circumstances.
- Objection. Object to processing based on legitimate interests or direct marketing.
- Portability. Request a copy of certain personal data in a structured, commonly used, machine-readable format, where applicable.
- Withdraw consent. Withdraw consent where processing is based on consent.
- Marketing opt-out. Opt out of marketing communications at any time.
- Targeted advertising, sale, or sharing opt-out. Where applicable, opt out of targeted advertising, sale, or sharing as those terms are defined by applicable privacy laws.
- Appeal. Appeal a decision we make about a privacy request where applicable law grants an appeal right.
- Complaint. Lodge a complaint with a data protection authority, such as the Dutch Autoriteit Persoonsgegevens, or another competent supervisory authority.
5. Cookies and Similar Technologies
CyberDrain may use cookies, pixels, beacons, local storage, log files, and similar technologies to operate, protect, analyze, and improve the Services. These technologies may collect or store identifiers and usage information such as IP address, device data, browser data, pages visited, timestamps, referring pages, and interactions with content.
Depending on the Service and your location, we may use the following types of cookies and similar technologies:
Blocking some cookies may affect the availability or functionality of the Services. Some browsers transmit "Do Not Track" signals; because there is no consistent industry standard for those signals, our Services may not respond to them unless required by applicable law. Where laws require recognition of opt-out preference signals, we will honor them as required.
6. How We Use Personal Data
We use personal data for the purposes described below:
7. Legal Bases for Processing Under European Privacy Laws
Where the General Data Protection Regulation (GDPR), or similar European privacy laws apply, our legal basis depends on the purpose of the processing:
|
Processing purpose |
Legal basis |
|
Provide and administer the Services |
Performance of a contract; legitimate interests in operating and improving the Services. |
|
Account creation, authentication, security, and access control |
Performance of a contract; legitimate interests in securing the Services and preventing misuse; legal obligation where applicable. |
|
Billing, payments, tax, accounting, and order administration |
Performance of a contract; legal obligation; legitimate interests in managing our business. |
|
Customer support, onboarding, professional services, and service communications |
Performance of a contract; legitimate interests in responding to requests and maintaining customer relationships. |
|
Product analytics, diagnostics, and improvements |
Legitimate interests in improving and protecting the Services; consent where required for non-essential cookies or similar technologies. |
|
Marketing communications and campaign measurement |
Consent where required; legitimate interests in business-to-business marketing where permitted; compliance with opt-out and unsubscribe choices. |
|
Security monitoring, fraud prevention, and incident response |
Legitimate interests in protecting systems, data, and users; legal obligation where applicable. |
|
Recruitment |
Steps prior to entering into a contract; legitimate interests in hiring; legal obligation where applicable; consent for optional information where required. |
|
Legal compliance, disputes, enforcement, and regulatory requests |
Legal obligation; legitimate interests in protecting rights and enforcing agreements. |
|
Processing Customer Data on behalf of customers |
CyberDrain usually acts as processor or service provider and processes Customer Data on the customer’s instructions. The customer determines the legal basis for its own processing. |
You may withdraw consent at any time where we rely on consent. Withdrawal does not affect processing that occurred before withdrawal. You may object to processing based on legitimate interests, and we will evaluate the objection as required by applicable law.
8. Customer Data and Processor Role
Customers may submit or connect Customer Data to CyberDrain products, APIs, workflows, integrations, support channels, or hosted environments. Customer Data may include personal data relating to customer personnel, end users, client tenants, devices, licenses, accounts, logs, tickets, or operational environments.
When CyberDrain processes Customer Data as a processor or service provider, we will:
If you believe your personal data is included in Customer Data controlled by a CyberDrain customer, please contact that customer directly. We may refer your request to the relevant customer where appropriate.
9. When We Share Personal Data
We may share personal data with the categories of recipients described below:
|
Recipient category |
Purpose |
|
Service providers and subprocessors |
Hosting providers, cloud infrastructure providers, identity and authentication services, payment processors, billing systems, CRM and marketing tools, analytics providers, support tools, security providers, communications providers, professional advisers, and other vendors that help us operate the Services. |
|
Customers and account administrators |
If you use the Services through an organization, information about your account, activity, permissions, support requests, and use of the Services may be visible to the customer or administrators responsible for that environment. |
|
Integration partners and Professional Services providers |
Third-party services that you or your organization choose to connect to CyberDrain may receive data as necessary to enable the integration or as configured by you or your organization. |
|
Payment processors and financial institutions |
Payment and billing data may be shared with payment processors, banks, fraud prevention providers, tax providers, and collections providers where necessary. |
|
Marketing, analytics, and advertising partners |
Where permitted and subject to your choices, we may share identifiers, usage data, and campaign data to measure marketing, understand engagement, or show relevant information about CyberDrain Services. |
|
Professional advisers and authorities |
Lawyers, auditors, insurers, accountants, regulators, courts, law enforcement, and government authorities where necessary for legal, compliance, security, or dispute-related purposes. |
|
Business transaction parties |
Potential or actual buyers, investors, lenders, advisers, or successors in connection with a merger, acquisition, financing, reorganization, sale of assets, insolvency, or similar transaction. |
|
Public or community areas |
Information you choose to post in public or community spaces, such as forums, repositories, events, chat communities, or feedback channels, may be visible to other participants. |
|
With consent or direction |
We may share personal data when you or your organization consents to or directs the sharing. |
CyberDrain does not sell Customer Data. CyberDrain does not sell personal data for money. Some privacy laws define "sale" or "sharing" broadly to include certain advertising, analytics, or cookie-based disclosures. Where those laws apply and such technologies are used, you may have the right to opt out of sale, sharing, or targeted advertising through our cookie controls, opt-out mechanisms, or by contacting us.
10. International Data Transfers
CyberDrain is based in the Netherlands, but we may process personal data in other countries where CyberDrain, its affiliates, customers, service providers, subprocessors, or integration partners operate. Those countries may have privacy laws that differ from the laws in your location.
Where required, we use appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum or UK-approved transfer mechanisms, data processing agreements, supplementary security measures, and other lawful transfer mechanisms. Customers may have additional transfer terms in their agreements with CyberDrain.
11. Security
CyberDrain uses technical and organizational measures designed to protect personal data and Customer Data against unauthorized access, disclosure, alteration, loss, misuse, and destruction. These measures may include encryption, access controls, authentication, multi-factor authentication, logging, monitoring, backup controls, least-privilege access, confidentiality obligations, security reviews, vulnerability management, and vendor controls.
For applicable hosted products, CyberDrain may use separated cloud resources, identity-based access controls, mandatory multi-factor authentication, encrypted communications, and restricted employee access models. Security measures may vary by Service, customer configuration, product type, and deployment model.
No method of transmission, storage, or processing can be guaranteed to be completely secure. You are responsible for using strong credentials, protecting your account, configuring integrations carefully, limiting user access, and promptly notifying CyberDrain or your organization of suspected unauthorized access or misuse.
12. Retention and Deletion
We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, security, backup, dispute resolution, accounting, tax, audit, or compliance requirements.
The retention period for a particular category of personal data depends on factors such as the nature and sensitivity of the data, the purposes for which it is processed, the duration of our relationship with you or the customer, customer instructions, legal requirements, the risk of harm from unauthorized use or disclosure, and whether the purpose can be achieved through deletion, de-identification, or aggregation.
Examples of retention practices include:
When personal data is no longer needed, we will delete, anonymize, de-identify, or isolate it from further processing as appropriate. Data stored in backups may remain until the backup is overwritten or deleted according to our normal backup cycle, subject to safeguards against active use.
13. Your Privacy Rights
Depending on your location and the nature of the processing, you may have rights over your personal data. These rights may include:
To exercise a privacy right, contact us through the privacy, contact, support, or account channels made available on our website or within the relevant Service, or write to us at the address listed in Section 2. We may need to verify your identity and authority before fulfilling a request. If your request relates to Customer Data controlled by a CyberDrain customer, we may direct you to that customer or work with the customer to respond as required.
We will not discriminate against you for exercising privacy rights. Some requests may limit our ability to provide certain Services, especially if the data is necessary to maintain an account, perform a contract, comply with law, or protect security.
14. Additional Notice for California and Other U.S. State Residents
Where U.S. state privacy laws apply, this section provides additional information. The categories of personal data we may collect are described in Section 3. The sources of personal data are described in Section 4. The purposes for collection, use, and disclosure are described in Sections 6 through 9. Retention is described in Section 12.
Depending on the applicable state law, residents may have rights to know, access, correct, delete, obtain a portable copy, opt out of targeted advertising, opt out of sale or sharing of personal data, limit certain uses of sensitive personal data, appeal a decision, and avoid discrimination for exercising rights.
We do not knowingly sell personal data for money. We do not knowingly sell or share personal data of children under 16. If advertising or analytics technologies used on our Services are considered a "sale," "sharing," or "targeted advertising" under applicable state law, you may opt out through cookie controls or other opt-out mechanisms we provide. We will honor legally required opt-out preference signals where applicable.
California residents may also request information about categories of personal data collected, disclosed, sold, or shared; categories of sources; business or commercial purposes; categories of recipients; and specific pieces of personal data, subject to exceptions. Authorized agents may submit requests where permitted by law, but we may require proof of authorization and identity verification.
15. Marketing Choices
You may unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing communications, we may still send non-marketing messages, such as security notices, service notices, account communications, billing messages, and responses to your requests.
You may manage cookie preferences through cookie controls, browser settings, or platform settings where available. Choices may be browser-specific or device-specific.
16. Third-Party Links, Communities, and Embedded Content
The Services may link to or integrate with third-party websites, platforms, communities, repositories, documentation tools, identity providers, payment processors, video platforms, social media networks, app marketplaces, and other services that CyberDrain does not control. Your use of those third-party services is governed by their terms and privacy policies, not this Privacy Policy.
If you interact with CyberDrain through a third-party community or social platform, the platform may process your personal data independently. Information you post publicly or share with other participants may be visible to others and may be copied, indexed, or retained outside CyberDrain’s control.
17. Children
The Services are not intended for children under 18 years old or under the age of majority in their jurisdiction, whichever is higher, unless the Service expressly states otherwise and appropriate consent is obtained. We do not knowingly collect personal data directly from children in a manner that would require parental consent without obtaining that consent. If you believe a child has provided personal data to CyberDrain, please contact us so we can take appropriate action.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, data practices, technologies, legal requirements, or business operations. The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. If we make material changes, we may provide additional notice where required by law or appropriate under the circumstances. Your continued use of the Services after an updated Privacy Policy becomes effective means that your personal data will be processed under the updated Privacy Policy, subject to applicable law.
19. Contact Us
For questions, requests, or complaints about this Privacy Policy or CyberDrain’s privacy practices, contact CyberDrain B.V. through the privacy, contact, support, or account channels made available on our website or within the relevant Service, or by mail at:
CyberDrain B.V.
Goede Verwachtinghof 15
3192 XZ Hoogvliet Rotterdam
The Netherlands