Privacy Policy

CyberNinja ("CyberNinja," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the getcyber.ninja website, use the CyberNinja mobile application, or interact with our related services.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

CyberNinja is the data controller for the Services. We are based in Ireland and can be reached at [email protected].

We collect the following categories of information:

• Account Data – name, email address, username, and authentication tokens when you create an account or sign in with Google or Apple.

• Learning Activity – lesson progress, quiz responses, achievement history, XP totals, streak data, and coin balances.

• Device & Technical Data – device type, operating system, app version, IP address (anonymized), unique device identifiers, and diagnostic information.

• Usage Data – interactions with our website and app, including page views, feature usage, session duration, and learning patterns.

• Crash & Performance Data – error logs, crash reports, and performance metrics to help us improve app stability.

• Advertising Data – with your consent, advertising identifiers for personalized ads. You can opt out via iOS App Tracking Transparency or in-app privacy settings.

We process your information to:

• Deliver and personalize cybersecurity lessons and recommendations.

• Track progress, award XP and coins, and power achievement dashboards.

• Authenticate logins, secure accounts, and detect suspicious activity.

• Diagnose and fix bugs, crashes, and performance issues.

• Display advertisements (non-personalized by default; personalized only with consent).

• Process in-app purchases and manage subscriptions.

• Provide customer support and improve existing features.

• Send important administrative messages and, with your consent, newsletters.

• Comply with legal obligations and enforce our Terms of Service.

The CyberNinja app integrates the following third-party services to provide and improve our Services:

• Supabase – Authentication, database, and backend services. Supabase processes account data and learning progress. Privacy: supabase.com/privacy

• Firebase Analytics (Google) – Usage analytics to understand how users interact with the app. We use anonymized data collection where possible. Privacy: firebase.google.com/support/privacy

• Sentry – Crash reporting and error monitoring to improve app stability. Sentry receives error logs, device information, and anonymized user identifiers. We have disabled PII collection. Privacy: sentry.io/privacy

• Google AdMob – Advertising services for free users. AdMob may collect advertising identifiers and serve personalized ads only with your explicit consent via App Tracking Transparency. Privacy: policies.google.com/privacy

• Superwall – Subscription and paywall management. Superwall processes purchase data and subscription status. Privacy: superwall.com/privacy

• Apple StoreKit / Google Play Billing – In-app purchase processing handled by Apple and Google respectively.

All third-party providers are contractually obligated to protect your data and process it only for the purposes we specify.

We do not sell your personal information. We may share data with:

• Service providers listed in Section 4 that support the Services.

• Law enforcement when required by law or to protect rights, safety, or property.

• In connection with a merger, acquisition, or sale of assets (you will be notified of any change in data controller).

All service providers are contractually obligated to safeguard your data appropriately and are prohibited from using your data for their own purposes.

Our website uses cookies and similar technologies to:

• Remember your preferences and settings.

• Analyze website traffic and usage patterns.

• Measure the effectiveness of our marketing efforts.

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

Our mobile app uses device identifiers and analytics SDKs as described in Section 4. You can manage tracking preferences through iOS Settings > Privacy > Tracking or in-app Privacy Choices.

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, and enforce agreements.

• Deletion requests are completed within 30 days. During that period, account access may be disabled while we process removal.

• After deletion is completed, most account data is removed or anonymized. Limited records may be retained for up to 12 months when required for legal compliance, fraud prevention, dispute resolution, or enforcement of our terms.

• Analytics data is retained in anonymized form for up to 26 months.

• Crash reports are retained for up to 90 days.

• Advertising data is deleted when you revoke consent or delete your account.

We implement administrative, technical, and physical safeguards to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest.

• Access controls and authentication requirements.

• Regular security audits and monitoring.

• IP address anonymization in analytics.

• Minimal data collection principles.

Despite these efforts, no method of transmission or storage is completely secure. Please protect your login credentials and report any suspicious activity.

CyberNinja is designed for general audiences and is not directed at children under 13 (or 16 in the EEA).

We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Depending on your jurisdiction, you may have the right to:

• Access – Request a copy of your personal data.

• Correction – Request correction of inaccurate data.

• Deletion – Request deletion of your data (available in Settings > Account Management).

• Data Portability – Request your data in a portable format.

• Withdraw Consent – Revoke consent for analytics and personalized ads at any time.

• Opt-Out of Tracking – Use iOS App Tracking Transparency or in-app Privacy Choices.

• Lodge a Complaint – File a complaint with a supervisory authority.

EU/EEA/UK residents may lodge a complaint with the Irish Data Protection Commission (dataprotection.ie). California residents have additional rights under the CCPA.

To exercise your rights, use the in-app settings or contact us at [email protected].

Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union.

We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, where required.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Effective Date."

Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

Email: [email protected]

For data protection inquiries in the EU, you may also contact the Irish Data Protection Commission.