Identity Privacy Policy

This Privacy Policy explains how CyberCradle Identity handles personal data on login.cybercradle.com. It applies only to CyberCradle Identity and login services. Public website use at cybercradle.com is governed by separate Public Website terms and privacy policy. Authenticated platform services are governed by separate Platform terms when available.

Who we are

CyberCradle Identity is operated by CyberCradle. Privacy contact: privacy@cybercradle.com.

Scope

This policy covers the login page and future identity-related functionality, including account authentication, password credentials, sessions, security cookies, anti-bot checks, rate limiting, device/browser/IP data, and security logs. At the MVP shell stage, login may be disabled and no real authentication may be available yet. This policy does not cover workspaces, applications, artifacts, integrations, billing, subscriptions, credits or authenticated platform content.

Data we may process

Depending on which identity features are available, we may process email address or login identifier, password credential material in protected form, account status and authentication metadata, session identifiers and security cookies, IP address, browser, device and User-Agent information, approximate region, failed login attempts, rate-limit events, anti-bot or abuse-prevention signals, timestamps, requested URLs, security logs, and selected language preference. We do not intend to expose raw access or refresh tokens to browser JavaScript.

Why we process this data

We process identity data to provide and protect login, verify account access, maintain sessions, prevent unauthorized access, detect abuse, apply rate limits, support account security, diagnose technical issues, and comply with legal obligations where applicable.

Legal bases

Where GDPR applies, we rely on contract or pre-contractual steps to provide login and account access where available; legitimate interests to secure accounts and prevent abuse; consent for optional features where required; and legal obligation where processing is required by law.

Cookies, security logs and anti-bot checks

Identity services may use strictly necessary cookies or local storage for sessions, security, anti-bot checks, rate limiting, CSRF protection, language preference and login operation. These are not advertising cookies. Login systems require security logging. We may process failed attempts, IP address, browser data, timestamps, rate-limit events and similar security data to protect accounts and the service.

Cloudflare and providers

We may use Cloudflare and infrastructure providers for DNS, CDN, TLS, DDoS protection, firewall, routing and related security services. These providers may process technical request and security data to provide those services. We do not sell personal data.

Retention and rights

Identity and security logs may be retained for as long as reasonably necessary for account security, abuse prevention, diagnostics and legal purposes. Depending on your location, you may have rights to access, correction, deletion, restriction, portability, objection, withdrawal of consent and complaint to a data protection authority. Contact privacy@cybercradle.com.

Changes

We may update this policy as CyberCradle Identity develops.