\n Showing 1–8 of 24 policy updates
Critical 📅 June 15, 2025

Privacy Policy Update: Expanded Data Processing for AI Threat Intelligence

We've updated our Privacy Policy to reflect the expanded use of customer network telemetry data for training our AI-powered threat detection models. This change impacts all Professional and Enterprise plan subscribers and requires updated consent from data controllers.

Privacy GDPR AI

Summary of Changes

This update modifies Section 4.2 and Section 7.1 of our Privacy Policy to clarify how anonymized network traffic patterns, threat indicators, and behavioral telemetry are processed to improve our AI security models.

What's Changing

Section Change Type Description
Section 4.2 — Data Collection Modified Added language around AI training data derivation from anonymized security telemetry
Section 7.1 — Third-Party Sharing Added New disclosure about sharing aggregated threat intelligence with security research partners
Section 9.3 — User Rights Added New opt-out mechanism for AI training data contribution (does not affect core security functionality)

Effective Date

These changes take effect on July 15, 2025. Customers who do not wish to participate in AI training data collection can opt out before this date through their dashboard settings under Privacy Preferences.

Action Required

  • Review the updated Privacy Policy in your dashboard
  • Update consent preferences if needed by July 15, 2025
  • Contact your account manager for enterprise-specific questions
Important 📅 June 8, 2025

Terms of Service: Updated SLA Commitments and Service Credits

Our Terms of Service have been revised to include enhanced Service Level Agreement commitments for Professional and Enterprise customers, with clearer definitions of service credits for uptime and response time breaches.

Terms SLA

Summary of Changes

Section 12 of the Terms of Service has been significantly revised to provide more transparent and customer-favorable SLA terms.

Key Changes

Section Change Type Description
12.1 — Uptime Guarantee Modified Increased from 99.5% to 99.9% for Enterprise plans
12.3 — Service Credits Added 10% monthly credit for 99.0-99.9% uptime, 50% for below 99.0%
12.5 — Response Times Added Critical severity: 15-minute response for Enterprise; 1-hour for Professional

Effective Date

Effective immediately for new contracts. Existing contracts will be updated at the next renewal cycle or upon written request to your account manager.

Informational 📅 May 28, 2025

New Compliance Framework Support: SOC 3 and ISO 27701

CyberVault has achieved SOC 3 certification and ISO 27701 (Privacy Information Management) compliance. Our Compliance Policy has been updated to reflect these new certifications and their implications for customer data handling.

Compliance SOC 3 ISO 27701

Certification Details

Our SOC 3 report has been issued by Deloitte and is available publicly. The ISO 27701 certification has been awarded by BSI Group, confirming our Privacy Information Management System meets international standards.

Impact on Customers

  • Enhanced vendor due diligence documentation now available in the compliance portal
  • Privacy-specific controls added to our published security controls matrix
  • Updated data processing addendum (DPA) reflecting ISO 27701 requirements
  • New privacy impact assessment templates available for Enterprise customers

Effective Date

Certifications are effective as of May 28, 2025. Updated compliance documents are available in your Customer Portal under Compliance Resources.

Critical 📅 May 15, 2025

Acceptable Use Policy: Enhanced AI Model Training Restrictions

Our Acceptable Use Policy has been strengthened to explicitly prohibit using CyberVault's platform for training adversarial AI models, conducting unauthorized red team operations, or generating synthetic data for malicious purposes.

Acceptable Use AI Ethics

Summary of Changes

Section 3 of the Acceptable Use Policy has been expanded with new prohibited activities related to AI/ML misuse.

New Prohibited Activities

  • Using platform data to train AI models designed to evade security controls
  • Generating synthetic traffic to benchmark or test CyberVault's detection capabilities without prior written authorization
  • Using threat intelligence data for offensive security operations
  • Reverse engineering or decompiling any CyberVault software or APIs

Enforcement

Violations of the updated AUP may result in immediate service suspension, account termination, and referral to appropriate legal authorities. Customers with authorized research programs should contact our Trust & Safety team for formal approval.

Effective Date

Effective June 1, 2025. All existing customers are considered bound by the updated policy. Questions should be directed to legal@cybervault.io.

Informational 📅 May 2, 2025

Privacy Policy: Data Retention Period Adjustments

We've updated the data retention schedules in our Privacy Policy to align with new regulatory guidance from the EU Commission. Security event logs will now be retained for a maximum of 24 months instead of the previous 12 months for Enterprise customers.

Privacy Data Retention

Retention Schedule Updates

Data Type Previous New
Security Event Logs 12 months 24 months
Access Audit Trails 12 months 24 months
Threat Intelligence Feeds 6 months 6 months
Support Communications 24 months 36 months

Effective Date

Effective June 1, 2025. This change only increases retention periods and does not affect any other data processing activities.

Enhancement 📅 April 18, 2025

Security Policy: Mandatory MFA for All Customer Accounts

Our Security Policy has been updated to require Multi-Factor Authentication for all user accounts accessing the CyberVault platform. This change implements our commitment to zero-trust access management and aligns with NIST 800-63B recommendations.

Security MFA Zero Trust

Implementation Timeline

  • April 18, 2025: MFA requirement announced
  • May 1, 2025: MFA required for new accounts
  • June 1, 2025: MFA required for all existing accounts
  • July 1, 2025: Hard enforcement — accounts without MFA will be restricted to read-only access

Supported MFA Methods

  • TOTP authenticator apps (Google Authenticator, Authy, etc.)
  • WebAuthn / FIDO2 security keys (YubiKey, etc.)
  • Push-based authentication via CyberVault Mobile
  • Enterprise SSO with conditional access (for Enterprise customers)

Impact

All users will need to configure MFA before June 1, 2025. Setup takes less than 2 minutes. Detailed instructions are available in our Help Center.

Important 📅 April 5, 2025

Terms of Service: Updated Data Ownership and Export Rights

We've clarified customer data ownership rights in our Terms of Service and introduced new self-service data export capabilities. Customers now retain full ownership of all security data and can request complete data exports at any time.

Terms Data Rights

Key Changes

Section Change Type Description
Section 8 — Data Ownership Modified Explicitly states customers retain all rights to their security event data and configurations
Section 8.4 — Data Export Added New right to request full data export in machine-readable formats (JSON, CSV, STIX/TAXII)
Section 8.6 — Data Deletion Added Clear process for complete data deletion upon account termination (within 30 business days)

New Self-Service Features

  • Data export available via Dashboard → Settings → Data Management
  • Exports delivered within 48 hours for Standard and Professional plans
  • Enterprise customers get dedicated export support within 24 hours
  • Supports multiple formats: JSON, CSV, PDF, STIX 2.1
Informational 📅 March 20, 2025

Compliance Policy: New EU Data Residency Options

Our Compliance Policy has been updated to reflect the launch of our EU data residency option. European customers can now choose to have all data processed and stored within EU member states through our Frankfurt and Dublin regions.

Compliance EU Data Residency

EU Data Residency Features

  • All customer data stored exclusively in Frankfurt (DE) and Dublin (IE) regions
  • No cross-border data transfers to non-EU territories
  • EU-based SOC analysts for 24/7 monitoring
  • Full GDPR compliance with EU-specific data processing agreements
  • Available for Professional and Enterprise plans

How to Enable

Existing EU customers can enable EU data residency through the Customer Portal. New EU customers will be set up with EU residency by default. Contact your account manager for migration assistance — we provide zero-downtime migration support.

Effective Date

EU data residency is available effective March 20, 2025. The updated Compliance Policy documents the new regional processing options.