Privacy Policy & Data Handling Statement

CyberTax is built for controlled compliance workflows and emphasizes tenant isolation, auditable operations, and explicit role-scoped access.

• Account and organization metadata required for authentication and tenancy.
• Assessment records, control responses, and uploaded evidence artifacts.
• Operational logs for security, audit, and troubleshooting purposes.
• AI scoring outputs, rationale text, and related model execution metadata.

• Data is processed within organization-scoped access controls and role authorization boundaries.
• Evidence and assessment content are retained according to tenant governance policy and operational requirements.
• AI-scoring context and audit logs are stored for explainability, traceability, and quality assurance.
• Customers are responsible for classifying uploaded content and enforcing internal handling requirements.

Assessment and artifact retention is governed by organization policy. Administrators can archive or deactivate systems according to governance workflows.

Access to tenant data is restricted by organization membership and role authorization checks across API endpoints and administrative tooling.