This Privacy Policy is drafted specifically for CybroERP as a B2B SaaS platform. It aligns with modern data protection standards like the UAE Data Protection Law, India’s DPDP Act 2023, and GDPR principles, which are essential for an ERP handling sensitive corporate data.
Privacy Policy & Data Protection Agreement
Last Updated: February 2, 2026
Effective Date: Upon Account Creation
At CybroERP (operated by Cybros Infotech), we recognize that your business data is your most valuable asset. This Privacy Policy outlines how we collect, process, and protect information when you use our ERP services.
1. Roles and Responsibilities
In the context of our ERP services:
Data Controller: You (The Client) are the Controller of the data you upload (Employee records, Customer PII, Financials).
Data Processor: CybroERP is the Processor. We handle data only according to your instructions and to provide the service.
2. Information We Collect
To provide a functional ERP experience, we collect:
Account Information: Name, business email, phone number, and billing address.
Operational Data: Employee PII, payroll data, CRM contacts, inventory records, and financial transactions uploaded by you.
Technical Data: IP addresses, browser types, and device information used to access the portal (for security auditing).
Integration Data: API keys and authentication tokens if you connect CybroERP to third-party services (e.g., Payment Gateways, WhatsApp Business API).
3. How We Use Your Data
We strictly use your data for:
Providing, maintaining, and improving ERP modules.
Processing payroll, generating invoices, and managing CRM workflows.
Security Monitoring: Detecting unauthorized login attempts or system vulnerabilities.
Compliance: Meeting legal and tax obligations in the UAE and India.
4. Data Residency and Hosting
Your data is hosted in highly secure environments. Depending on your subscription and region:
Primary Hosting: We utilize high-performance AlmaLinux and CloudLinux environments secured by Imunify360.
Location: Data is stored in Tier-3 data centers (mention specific region, e.g., UAE or India) to ensure low latency and compliance with local data sovereignty laws.
Backups: Encrypted backups are managed via JetBackup and stored in separate, geographically redundant locations.
5. Security Measures (The CybroERP Standard)
We implement “Privacy by Design.” Our security stack includes:
Encryption: Data is encrypted at rest using AES-256 and in transit via TLS 1.3.
Access Control: We support Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) to ensure only authorized personnel see specific data.
Isolation: Using CloudLinux LVE technology, your data environment is logically isolated from other tenants to prevent cross-account leaks.
Proactive Defense: 24/7 monitoring for malware and brute-force attacks via Imunify360.
6. Data Sharing and Sub-Processors
CybroERP does not sell, rent, or trade your business data. We only share data with essential sub-processors, such as:
Cloud Infrastructure Providers (e.g., AWS/Google Cloud).
Payment Processors (for your subscription billing).
Transactional Email/SMS services (for system alerts).
7. Your Rights
Under UAE and Indian law, you and your data subjects have the right to:
Access & Portability: Export your ERP data in standard formats (CSV/XLS/JSON).
Rectification: Correct any inaccuracies in your records.
Erasure: Request the deletion of your account and associated data (subject to legal/tax retention requirements).
8. Data Retention
We retain your data only as long as your subscription is active. Upon termination, data is kept for a grace period of 30 days, after which it is permanently purged from our active databases and eventually from backup cycles.
9. Contact Our Data Protection Officer
For any privacy-related inquiries or to report a data breach, please contact:
Email: admin@cybroerp.com
Office: UAE / India