Login

Login

Privacy Policy

1. Introduction

Cyvra (“Cyvra,” “we,” “our,” or “us”) provides AI-native managed IT, cybersecurity, automation, and advisory services to business and regulated organizations.

This Privacy Policy explains how we collect, use, process, store, and protect information in connection with:

  • Our website (cyvra.com)
  • CyvraCore™ Managed IT Services
  • CyvraShield™ Managed Security Services
  • CyvraElevate™ Advisory Services
  • CyvraFlow™ Automation & Monitoring
  • CyvraVision™ Monitoring Platform
  • CyvraScan™ Assessment Services

Cyvra primarily serves businesses and collects business-related contact and operational information

2. Categories of Information We Collect

A. Business Contact & Inquiry Information

When you interact with our website or request information, we may collect:

  • Name
  • Company name
  • Business email address
  • Business phone number
  • Job title
  • Inquiry details
  • IP address
  • Device and browser information
  • Website usage analytics

    We primarily collect business contact information rather than consumer personal data.

B. Client Operational & Infrastructure Data

When providing managed IT and cybersecurity services, Cyvra may process business-related technical data including:

  • Endpoint metadata
  • Authentication and access logs
  • Network configurations
  • Security event telemetry
  • Patch and update status
  • Device identifiers
  • Cloud infrastructure configurations
  • Compliance-related technical controls

Client data remains the property of the client organization.

In most service engagements, Cyvra acts as a Data Processor, and the client organization acts as the Data Controller.

C. AI-Assisted & Automated Analysis

We process information based on:

  • Contractual necessity
  • Legitimate business interests
  • Compliance with legal obligations
  • Consent (where applicable)

3. Legal Basis for Processing

Cyvra engagements are structured around accountability, not assumptions.

This means:

  • Defined ownership across systems and services
  • Measurable operational standards
  • Structured incident handling and review
  • Continuous improvement informed by real data


Accountability is not a slogan — it is embedded into how we operate.

4. How We Use Information

We use information to:

  • Deliver and support managed IT and cybersecurity services
  • Monitor infrastructure performance and security posture
  • Detect, investigate, and respond to security incidents
  • Provide reporting and analytics
  • Improve our services
  • Communicate with clients and prospective clients
  • Comply with applicable legal and regulatory requirements

    Cyvra does not sell personal information.

5. Data Sharing and Third-Party Providers

We may share information with trusted third-party providers necessary to deliver services,

  • Cloud infrastructure providers
  • Monitoring and security platforms
  • Payment processors
  • Professional advisors (legal, accounting)

All third-party providers are contractually obligated to implement appropriate safeguards and confidentiality protections.

Cyvra does not share personal information for cross-context behavioral advertising.

6. Data Security

Cyvra implements commercially reasonable administrative, technical, and organizational safeguards, including:

  • Encryption in transit
  • Role-based access controls
  • Multi-factor authentication
  • Logging and monitoring
  • Vendor risk assessments
  • Secure configuration standards

    However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

7. Data Retention

We retain information only as long as necessary to:

  • Fulfill contractual obligations
  • Maintain compliance and audit documentation
  • Satisfy accounting and tax requirements
  • Defend or establish legal claims

    Upon termination of services, client data is returned or securely deleted in accordance with applicable agreements.

8. Security Incident Notification

In the event of a confirmed security incident involving client data, Cyvra will notify affected clients in accordance with applicable law and contractual obligations.

9. International Data Transfers

Information may be processed in the United States or in jurisdictions where our service providers operate. We implement appropriate safeguards consistent with applicable law.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to:

  • Request access to personal information we maintain about you
  • Request correction of inaccurate information
  • Request deletion of personal information (subject to legal exceptions)
  • Request information about categories of data collected and disclosed

Cyvra does not sell personal information.

Requests may be submitted to: privacy@cyvra.com

We will verify requests as required by law.

11. Cookies & Analytics

Our website may use cookies and analytics tools to improve functionality and performance.

You may control cookie preferences through your browser settings. Disabling cookies may affect website functionality.

12. Children

Cyvra’s services are intended for business use and are not directed to individuals under 18 years of age.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updated versions will be posted with a revised effective date.

Continued use of our website or services after updates constitutes acceptance of the revised policy

14. Contact Information

Cyvra
A DBA of One River Consulting Inc.
Long Beach, CA
privacy@cyvra.com




Effective Date: February 25, 2025