5 of 5 free uses remaining today
Privacy Policy
Last updated: 1 April 2026 Β· Effective date: 1 April 2026
Operated by Cyber121 Security Community Β· Australia
Table of Contents
1. Who We Are
Cyber121 Security Community ("Cyber121", "we", "us", or "our") operates the website at cyber121.com and all associated subdomains. We are an Australian-based cybersecurity community platform providing free security analysis tools, vulnerability intelligence, community blog content, and premium digital products including the Phishing Investigation Toolkit and the GRC Starter Kit for Small Businesses.
For privacy enquiries: [email protected]
2. Information We Collect
2.1 Information You Provide Directly
- Account registration: name, email address, username (via Manus OAuth)
- Lead magnet subscription: email address and name when downloading free resources
- Purchase information: name, email, billing address (processed by Stripe β we do not store card details)
- Blog comments and posts: any content you submit to the community blog
- Contact enquiries: name, email, message content
2.2 Information Collected Automatically
- Usage data: pages visited, features used, time on site, click patterns
- Technical data: IP address, browser type, operating system, device type
- Security tool inputs: email headers, URLs, and QR code data submitted for analysis (processed in real-time, not stored permanently)
- Session data: authentication tokens stored in secure HTTP-only cookies
2.3 Information from Third Parties
- Manus OAuth: basic profile information (name, email, user ID) when you log in
- Stripe: payment confirmation and customer ID (we receive confirmation of payment, not card details)
- Resend: email delivery status and open/click events for transactional and marketing emails
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide security analysis tools | Submitted content (real-time) | Legitimate interest / Contract |
| User account management and authentication | Name, email, user ID | Contract |
| Process digital product purchases and deliver downloads | Name, email, payment confirmation | Contract |
| Send purchased product download links | Email address | Contract |
| Send lead magnet (free resource) emails | Email address, name | Consent |
| Welcome email sequence (Day 1, Day 2, Day 7) | Email address, name | Consent |
| Marketing emails and product updates | Email address | Consent (opt-in) |
| Analytics and platform improvement | Usage data, technical data | Legitimate interest |
| Security, fraud prevention, and abuse detection | IP address, usage patterns | Legitimate interest |
| Legal compliance and record keeping | Transaction records | Legal obligation |
| Customer support | Name, email, enquiry content | Contract / Legitimate interest |
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:
- Contract performance: processing necessary to deliver services you have purchased or registered for
- Legitimate interests: analytics, security monitoring, fraud prevention, and platform improvement
- Consent: email marketing, welcome sequences, and non-essential cookies β you may withdraw consent at any time
- Legal obligation: tax records, compliance with Australian law, and responding to lawful requests from authorities
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We share data only with the following trusted service providers:
Payment processing β PCI-DSS Level 1 certified. Stripe stores your card details; we only receive a customer ID and payment confirmation.
Transactional and marketing email delivery. Resend processes your email address and tracks delivery, opens, and clicks.
Secure file storage for digital product downloads. Files are stored in encrypted S3 buckets.
6. Cookies & Tracking
| Cookie Type | Purpose | Required? |
|---|---|---|
| Session cookie (JWT) | Keeps you logged in securely. HTTP-only, not accessible to JavaScript. | Yes β essential |
| Analytics (Manus Analytics) | Anonymous page view and usage statistics. No cross-site tracking. | No β functional |
| Stripe cookies | Payment fraud prevention and checkout session management. | Yes β when purchasing |
7. Data Retention
| Data Type | Retention Period |
|---|---|
| User account data | Until account deletion request, plus 30 days |
| Purchase records and transaction history | 7 years (Australian tax law requirement) |
| Email subscriber data | Until unsubscribe request, plus 30 days |
| Security tool analysis inputs (email headers, URLs) | Not stored β processed in real-time and discarded |
| Blog posts and community content | Until deletion request or account closure |
| Server logs (IP addresses, access logs) | 90 days for security and debugging purposes |
| Analytics data | 24 months, anonymised after 12 months |
8. Your Rights
To exercise any of these rights, email [email protected]. We will respond within 30 days. For Australian users, you also have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
9. Digital Products & Downloads
When you purchase a digital product (such as the Phishing Investigation Toolkit or GRC Starter Kit for Small Businesses), we collect and process the following:
- Your name and email address for order confirmation and download delivery
- Payment confirmation from Stripe (we do not store card numbers, CVV, or expiry dates)
- Download activity logs (to enforce licence terms and detect abuse)
Digital products are delivered via secure, time-limited download links. Purchase records are retained for 7 years to comply with Australian tax law. You may request a copy of your purchase history at any time.
10. Security Tool Usage
Cyber121 provides free security analysis tools including the Email Phishing Analyser, QR Code Scanner, and CVE Lookup.
Important Notice
Content submitted to our security tools (email headers, URLs, QR codes) is processed in real-time by our AI analysis engine and is not stored permanently. We do not retain the content of emails or URLs you submit for analysis. Metadata such as your user ID, timestamp, and analysis result summary may be retained for up to 90 days for abuse prevention and service improvement.
11. Email Marketing
We send transactional emails (purchase confirmations, download links), lead magnet delivery, a 3-email welcome sequence (Day 1, Day 2, Day 7), and marketing emails. Every marketing email includes a one-click Unsubscribe link. We comply with the Australian Spam Act 2003, the CAN-SPAM Act, and GDPR Article 7.
To unsubscribe from all marketing communications, use the link in any email or contact [email protected].
12. Payments
All payments are processed by Stripe, Inc. β a PCI-DSS Level 1 certified payment processor. Cyber121 never receives, stores, or has access to your full card number, CVV, or expiry date. We store only your Stripe Customer ID for managing subscriptions and purchase history. See stripe.com/privacy.
13. Children's Privacy
Cyber121 is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Contact [email protected] if you believe a child has provided us with personal data.
14. International Data Transfers
Cyber121 is based in Australia. Your data may be processed by our service providers in the United States (Stripe, AWS, Resend). Where data is transferred outside Australia or the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data and compliance with the Australian Privacy Act's cross-border disclosure requirements (APP 8).
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and will update the "Last updated" date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.
16. Contact Us
We aim to respond to all privacy requests within 30 days.