Privacy Policy | Cybernous Data Protection 2026

Frequently Asked Questions

What personal data does Cybernous collect during CISSP or CISM enrollment?

Cybernous collects contact information (name, email, phone number), professional details (current job role, years of experience, certification goals), payment information (processed via secure third-party gateways, not stored by Cybernous), and learning analytics (quiz scores, video engagement, practice question progress on 5,045+ CISSP and 3,000+ CISM question banks). Data is collected during website enrollment, live coaching sessions, appointment bookings, and platform interactions. All collection is purpose-limited to course delivery and certification support.

Is Cybernous compliant with India's data protection laws?

Yes. Cybernous complies with India's Digital Personal Data Protection Act 2023 (DPDP Act) as of 2026, including consent requirements, purpose limitation, data minimization, and security safeguards. For international students (60% of enrollment), Cybernous also follows GDPR standards including lawful basis for processing, cross-border transfer mechanisms, and data subject rights. Infrastructure uses ISO 27001-certified cloud providers with encryption at rest and in transit.

How long does Cybernous keep my personal information after I complete certification?

Cybernous retains student data for the active enrollment period plus 7 years post-certification. This extended retention supports ISC² endorsement verification (Cybernous has provided 400+ endorsements, highest in India), certificate authenticity validation for employers, and regulatory compliance. After 7 years, personal data is securely deleted unless you request earlier deletion or have ongoing program access. Corporate training records follow separate retention schedules per client agreements.

Can I request deletion of my data from Cybernous?

Yes. Under both India's DPDP Act and GDPR, you have the right to request deletion (right to be forgotten) of your personal data. Submit a written request to privacy@cybernous.com with your full name and enrollment details. Cybernous will process deletion within 30 business days, subject to legal retention requirements (e.g., tax records, endorsement verification for ISC²). Note that deletion may affect your ability to access course materials, receive future endorsements, or validate certification history.

Does Cybernous share my data with ISC², ISACA, or other third parties?

Cybernous shares minimal necessary data with certification bodies (ISC², ISACA) only for endorsement facilitation and exam registration support. For example, when providing ISC² endorsements (400+ provided as of 2026), Cybernous shares your name, certification date, and professional relationship details as required by ISC² policy. Payment processors, email service providers, and learning management system hosts access data under strict data processing agreements. Cybernous never sells student data or shares it for marketing purposes. Enterprise clients receive aggregated, anonymized progress reports only.

What cookies does Cybernous use and can I opt out?

Cybernous uses strictly necessary cookies for session management (keeping you logged in during course access) and anonymous analytics cookies to improve platform performance (e.g., tracking which video lectures have technical issues). No advertising or tracking cookies are used. You can disable analytics cookies via browser settings without affecting core course functionality. Cookie consent banner appears on first visit; preferences are stored locally per GDPR ePrivacy Directive requirements.

How does Cybernous protect data during live coaching sessions?

Live coaching sessions (6 hours/week during 100-day CISSP program, 60-day CISM program) use encrypted video conferencing platforms with password-protected access. Session recordings are stored on secure servers with access limited to enrolled students only. Chat transcripts and whiteboard content are retained for 180 days (standard program access duration) then deleted. Screen shares and case study discussions are anonymized in any reused training materials. Cybernous does not share session data with non-enrolled parties.

What are my data rights as an international student under GDPR?

International students (60% of Cybernous enrollment across 40+ countries) have full GDPR rights including: (1) Right to access — request a copy of all personal data Cybernous holds about you; (2) Right to rectification — correct inaccurate data; (3) Right to erasure — request deletion subject to legal retention; (4) Right to restriction — limit processing to storage only; (5) Right to data portability — receive your data in machine-readable format; (6) Right to object — opt out of direct marketing or automated decision-making. Contact privacy@cybernous.com to exercise any right; response within 30 days per GDPR Article 12.

How does Cybernous handle corporate client data differently?

Corporate training clients (Standard Chartered 150+ trained, HCL 125 trained, BSE 25+ trained) operate under separate Data Processing Agreements (DPAs) that define Cybernous as a data processor and the corporate client as data controller. Cybernous processes employee data only per client instructions, provides aggregated progress reports without individual identifiers unless approved, and deletes batch data per contract schedule (typically 1-3 years post-training). Individual employees retain direct data subject rights; corporate IT policies may impose additional restrictions. Contact corporate@cybernous.com for enterprise-specific privacy terms.

Who can I contact with privacy concerns or data subject requests?

Email privacy@cybernous.com for all data protection inquiries including access requests, deletion requests, correction requests, consent withdrawal, or complaints. Include your full name, enrollment details, and specific request. Cybernous will acknowledge within 5 business days and resolve within 30 business days per DPDP Act and GDPR SLA requirements. For urgent concerns, call +91-XXXXXXXXXX (business hours IST). You may also file complaints with India's Data Protection Board or your local GDPR supervisory authority if dissatisfied with Cybernous's response.