Welcome to Cybrec. Cybrec is an IT Security learning platform focused on structured cybersecurity education, hands-on virtual laboratories, practical training environments, and related educational services.

We at Cybrec ("Cybrec," "we," "us," or "our") take the privacy and protection of personal data seriously. This Privacy Policy ("Policy") explains how we collect, use, store, process, and disclose data, as well as your choices and rights regarding your information.

This Privacy Policy applies when you visit or use Cybrec’s website accessible at https://www.cybrec.com ("Website"), any related subdomains, learning environments, APIs, virtual laboratory services, mobile applications, smart-device integrations, or other related services (collectively, the "Services").

By accessing or using our Services, you acknowledge and agree to the terms of this Privacy Policy.

Personal data processed by Cybrec may be subject to legal safeguards including the General Data Protection Regulation, Regulation (EU) 2016/679 ("GDPR"), and other applicable privacy and data-protection laws.

Cybrec collects information necessary to operate effectively, provide educational services, secure platform access, manage subscriptions, deliver virtual laboratory environments, and improve the overall user experience.

You provide certain information directly when using our Services, while additional information may be collected automatically through your interactions with the platform.

• Account Registration: When you create an account, we may collect your first name, last name, email address, username, and account credentials.
• Payment Processing: When purchasing a subscription, membership, bootcamp, or other paid service, payment and billing information may be collected through secure third-party payment processors. Payment data submitted through checkout forms is encrypted using Transport Layer Security (TLS) before transmission over the internet. Cybrec does not directly store full payment card information on its servers. Payment processing is handled by third-party providers such as Stripe, and the privacy practices of those providers apply to payment-related information.
• Course Enrollment and Participation: We may collect information related to course enrollments, learning progress, quiz completion, video playback activity, downloadable-resource usage, certifications, and other educational interactions within the platform.
• Virtual Laboratory Usage: When using Cybrec virtual laboratory services ("vLabs"), we may collect operational runtime information including user identifiers, course identifiers, runtime session timestamps, selected deployment regions, runtime duration, infrastructure session identifiers, virtual machine instance identifiers, public IP addresses assigned to runtime environments, and session lifecycle events. This information is used strictly for service operation, infrastructure orchestration, security monitoring, abuse prevention, troubleshooting, and enforcing runtime usage policies.
• Support Services: When you contact us for support, we may collect the content of your support requests together with any additional information you choose to provide, including screenshots, diagnostic details, or uploaded files.
• Data we receive from other sources: We may receive information about you from third parties that assist us in operating, securing, improving, promoting, or supporting our Services. These third parties may include payment processors, analytics providers, infrastructure providers, security providers, CDN providers, hosting providers, advertising networks, and search information providers.

Information we collect automatically:

• Usage Details: We may automatically collect details regarding your interactions with the Services, including the courses accessed, resources viewed or downloaded, time spent on pages, runtime laboratory usage, video playback activity, session duration, and general navigation patterns.
• Device Information: We may collect information about your computer, browser, or mobile device, including your IP address, operating system, browser type, device type, screen resolution, referring URLs, mobile network information, and approximate geographic location.
• Cookies and Tracking Technologies: We use cookies and similar technologies to maintain authentication sessions, personalize user experience, improve platform functionality, analyze platform usage, secure access to protected content, detect suspicious activity, and measure video playback performance. You may configure your browser to refuse certain cookies; however, some Services may not function properly without them.

Cybrec uses collected data to operate, secure, improve, and personalize the Services.

• Providing Services: We use personal data to create and manage accounts, deliver educational content, provide protected course access, authenticate subscriptions and memberships, deliver virtual laboratory environments, manage runtime orchestration and infrastructure sessions, process payments, and provide downloadable resources and related learning materials.
• Improvement and Development: We may use collected data to improve platform usability, analyze feature usage, develop new educational services, improve virtual laboratory stability and orchestration, optimize infrastructure performance, diagnose technical issues, and enhance the overall user experience.
• Communication: We may send account notifications, security alerts, subscription notices, service updates, support communications, and marketing communications where permitted by applicable law.
• Security and Abuse Prevention: We process data to detect fraud or abuse, prevent unauthorized access, protect infrastructure resources, enforce runtime limitations, monitor service integrity, investigate suspicious activity, and maintain the security of the platform and virtual laboratory infrastructure.

We share personal data only when necessary to operate the Services, comply with legal obligations, or protect our rights and infrastructure.

• With Service Providers: We may share data with vendors and providers assisting with cloud infrastructure, website hosting, content delivery, payment processing, video delivery, email communications, analytics, security monitoring, and customer support.
• Infrastructure and Hosting Providers: Cybrec currently utilizes infrastructure and service providers including Bluehost for website hosting, Kinsta as a future or alternative hosting provider, Google Cloud Platform for virtual laboratory orchestration and runtime infrastructure, Google Firestore for runtime session state management, Cloudflare and Cloudflare Stream for content delivery and secure video streaming, and Stripe for payment processing. These providers may process limited personal or operational data as necessary to provide infrastructure and related services.
• Legal and Compliance: We may disclose information to comply with legal obligations, respond to lawful requests, enforce our agreements, protect users or infrastructure, investigate fraud or abuse, or respond to security incidents.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, user information may be transferred as part of the transaction.

Cybrec integrates with third-party infrastructure and technology providers to deliver portions of the Services.

• Video Delivery: Video content may be delivered through Cloudflare Stream and related Cloudflare services. Secure tokenized playback mechanisms may be used to protect video content and enforce subscription entitlements. Video playback analytics and delivery metadata may also be processed to improve performance, reliability, and security.
• Payment Processing: Payments are processed through third-party payment processors such as Stripe. Cybrec does not directly control or store complete payment card details.
• Virtual Laboratory Infrastructure: Virtual laboratory environments are provisioned dynamically using third-party cloud infrastructure providers including Google Cloud Platform. Operational metadata related to virtual laboratory sessions may be processed and stored for session orchestration, infrastructure provisioning, runtime synchronization, usage accounting, security monitoring, abuse prevention, and automated cleanup and reconciliation.
• Third-Party Privacy Practices: Third-party providers process data according to their own privacy policies and security practices. While Cybrec carefully selects infrastructure providers, we do not control the independent privacy practices of third-party providers.

Cybrec provides infrastructure-backed virtual laboratory environments designed for hands-on cybersecurity training.

• Runtime Sessions: Virtual laboratory environments are temporary, infrastructure-backed sessions dynamically provisioned for educational use.
• Session Limits: Virtual laboratory usage may be subject to limitations including maximum runtime duration per session, maximum yearly runtime allocation, concurrent session restrictions, and region-based availability constraints. Cybrec currently enforces a maximum annual runtime allocation of 500 hours per user together with a one-active-lab-per-user limitation.
• Temporary Infrastructure: Virtual laboratory environments are ephemeral and may be automatically terminated, reset, or deleted after expiration, inactivity, policy enforcement, infrastructure failures, or operational cleanup. Users are responsible for exporting or preserving any work they wish to retain.
• Availability: Virtual laboratory services are provided on a best-effort basis and availability may be affected by cloud provider availability, regional capacity limitations, infrastructure maintenance, networking conditions, security events, or service interruptions. Cybrec does not guarantee uninterrupted availability of virtual laboratory environments.

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access your data, correct inaccurate data, request deletion, restrict processing, object to processing, request data portability, and withdraw consent where applicable.

You may contact us to exercise your rights.

Certain data may be retained where required for legal compliance, financial recordkeeping, fraud prevention, infrastructure reconciliation, service integrity, or security-related purposes.

Cybrec implements technical and organizational safeguards designed to protect personal data and infrastructure resources.

Security measures may include Transport Layer Security (TLS) encryption, access-control restrictions, runtime authentication controls, infrastructure isolation, secure API authentication, monitoring and logging systems, abuse-detection systems, and cloud-provider security controls.

Despite these efforts, no security system can guarantee absolute security.

Your personal data may be transferred to and processed in countries other than your country of residence.

These transfers may occur through infrastructure providers, cloud platforms, content-delivery providers, payment processors, or support services.

Where required, Cybrec will implement appropriate safeguards for international data transfers.

Cybrec retains personal data only as long as reasonably necessary for providing Services, maintaining accounts, enforcing subscription and runtime policies, monitoring security, complying with legal obligations, resolving disputes, maintaining infrastructure integrity, and supporting operational requirements.

Operational runtime metadata and infrastructure logs may also be retained for security, reconciliation, auditing, and abuse-prevention purposes.

We may update this Privacy Policy periodically to reflect changes in Services, infrastructure updates, legal requirements, security improvements, or operational practices.

The most current version of this Privacy Policy will always be available on our Website.

Continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or Cybrec’s data practices, please contact us using the contact information provided on our Website.

We will make reasonable efforts to respond to privacy-related requests within applicable legal timeframes.