Privacy Policy

Last updated: 15th January 2026

Introduction

cybernovae Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, services, or interact with us. We are the data controller for the purposes of applicable data protection legislation, including the General Data Protection Regulation (GDPR).

Data We Collect

We collect and process various types of personal data to provide our student behaviour analytics services effectively. The data we collect includes:

Information You Provide Directly

  • Contact information (name, email address, phone number)
  • Professional information (job title, institution, department)
  • Communication preferences and marketing consents
  • Messages and enquiries sent through our contact forms
  • Account registration information for our analytics platform

Information Collected Automatically

  • Website usage data (pages visited, time spent, click patterns)
  • Device and browser information (IP address, browser type, operating system)
  • Cookies and similar tracking technologies (see our Cookie Policy for details)
  • Analytics data about how you interact with our website and services

Student Data (For Educational Institution Clients)

When providing analytics services to educational institutions, we may process student data on behalf of our clients, including learning engagement metrics, course completion rates, and anonymised behavioural patterns. We act as a data processor in these circumstances, and our clients remain the data controllers.

How We Use Your Information

We use your personal data for legitimate business purposes in accordance with applicable data protection laws. The use of your data includes:

Service Provision

  • Providing our student behaviour analytics services and platform access
  • Processing and responding to your enquiries and support requests
  • Creating and managing user accounts for our analytics platform
  • Delivering technical support and customer service

Communication and Marketing

  • Sending service-related communications and important updates
  • Providing marketing communications (with your consent)
  • Sharing educational insights and industry updates (where consented)
  • Responding to your questions and feedback

Business Operations

  • Improving our website, services, and user experience
  • Conducting analytics to understand service usage and performance
  • Ensuring security and preventing fraud or misuse
  • Complying with legal obligations and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Legitimate Interest: For business communications, service improvement, and analytics
  • Contract Performance: To provide our analytics services and support
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

  • With service providers who assist in delivering our services (under strict data processing agreements)
  • With professional advisers (lawyers, accountants, auditors) when necessary
  • When required by law, court order, or regulatory authority
  • In connection with a business transaction (merger, acquisition, or sale)
  • With your explicit consent for specific purposes

International Data Transfers

As a Cyprus-based company operating within the European Union, we primarily process data within the EU/EEA. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms under GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our data retention periods are:

  • Contact enquiries and communications: 3 years from last contact
  • Client account data: Duration of service agreement plus 7 years for legal compliance
  • Marketing consent records: Until consent is withdrawn plus 1 year for compliance
  • Website analytics data: 26 months (in line with Google Analytics retention)
  • Student analytics data: As specified in client agreements, typically 1-5 years

Your Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training on data protection
  • Secure hosting and backup procedures
  • Incident response and breach notification procedures

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us about data protection matters, please reach out to us:

Data Protection Officer
cybernovae Ltd
Spyrou Kyprianou Street 19
Nicosia 1031, Cyprus

Email: privacy@cybernovae.world
Phone: +357 22315022

Supervisory Authority

If you believe that we have not handled your personal data in accordance with this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In Cyprus, this is the Commissioner for Personal Data Protection.

Cyprus Commissioner for Personal Data Protection
1 Iasonos Street, 1082 Nicosia, Cyprus
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818 456