Skip to content

Privacy Policy

Last updated: March 2026

1. About Cyber Guard AI

Cyber Guard AI is operated by CyGuardAI. Cyber Guard AI is a cloud-based AI assistant designed to help parents identify potential incidents in their children's WhatsApp conversations. Our service analyzes message content to flag potential risks such as cyberbullying, aggressive behavior, and inappropriate content. Cyber Guard AI is an informational tool only and does not guarantee the physical safety or wellbeing of any person. This Privacy Policy explains how we collect, use, store, and protect information when you use our service.

2. How It Works

Cyber Guard AI connects to your child's WhatsApp account through a QR code-based linking process. Once connected, our cloud-based AI system analyzes messages as they are received to detect potential threats. Parents receive daily summary reports via email, as well as immediate alerts when content of particular concern is identified. All analysis is performed by our secure cloud infrastructure.

3. Information We Process

We process the following types of information:

  • Parent account information: email address, name, and contact details provided during registration
  • WhatsApp message content from monitored accounts for AI analysis purposes
  • Device and connection metadata necessary for the service to function
  • Usage data such as alert history and account settings

4. Information We Do NOT Collect or Misuse

We want to be transparent about what we do not do with your data:

  • We do NOT sell your personal data or your child's data to any third party
  • We do NOT use data for advertising or ad targeting purposes
  • We do NOT share message content with other users or third parties, except our designated AI safety analysis sub-processor which processes content solely for child safety analysis under strict data processing agreements
  • We do NOT retain message content beyond 7 days by default. Parents may configure a shorter retention period (minimum 1 day). An automated cleanup process permanently deletes expired data daily. When a parent removes a monitoring instance, all associated data is deleted immediately and irreversibly
  • We do NOT use your data or your child's data to train, fine-tune, or improve any AI or machine learning models — neither our own nor those of any third party

5. Legal Basis for Processing

We process personal data on the following legal bases:

  • Your explicit consent, provided when you create an account and connect a WhatsApp account for monitoring
  • The performance of our contract with you to provide the monitoring service
  • Parental authority under applicable law, which provides the legal basis for processing your minor child's communication data
  • Under the EU General Data Protection Regulation (GDPR), these correspond to Article 6(1)(a) (consent), Article 6(1)(b) (contractual necessity), and the parental consent provisions of Article 8
  • Under the Israeli Privacy Protection Law, 5741-1981, processing is based on the data subject's consent (provided through parental authority for minors)

6. Data Protection Officer & EU Representative

Our Data Protection Officer (DPO) can be reached at dpo@cyguardai.com for any questions or concerns regarding data protection. You may contact the DPO regarding any data protection matter, including exercising your rights under the GDPR.

7. Data Storage & Security

Your data is stored on secure cloud servers with commercially reasonable security measures. No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. Our security measures include:

  • Encryption for all data in transit
  • Encryption at rest for all stored data
  • Strict access controls limiting data access to authorized systems only
  • Periodic security reviews and vulnerability assessments
  • Isolated cloud instances — each monitored account runs in its own secure container

8. Your Rights

You have the following rights regarding your data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your account and all associated data. When you delete a monitoring instance, all data is immediately and irreversibly deleted
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent for data processing at any time by disconnecting the monitored account or deleting your account
  • Right to Lodge a Complaint: File a complaint with the Israeli Privacy Protection Authority (PPA) or, for EU residents, your local supervisory authority

9. Children's Privacy

Cyber Guard AI is a parental monitoring tool intended exclusively for use by parents or legal guardians to monitor their minor children (under 18). We do not directly collect data from children — all data is collected through the parent's account and under parental authority. The service is intended to be set up and managed exclusively by parents or legal guardians. We do not knowingly allow children under 18 to create accounts or directly interact with our service. The Service must NOT be used to monitor adults, elderly persons, or any individual who is not a minor child under the user's legal guardianship.

  • For children under 13: We comply with the U.S. Children's Online Privacy Protection Act (COPPA). Parents provide verifiable parental consent by creating an account and actively connecting their child's WhatsApp. No data from children under 13 is collected without this parental consent. If we discover that data from a child under 13 has been collected without proper parental consent, we will delete it promptly
  • For children aged 13–17: Parents provide consent under their parental authority as recognized by applicable law. The service processes their communication data solely for the purpose of child safety monitoring
  • We do not direct any part of our service toward children. All interactions are with the parent or legal guardian

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights
  • To exercise these rights, contact us at privacy@cyguardai.com. We will respond within 45 days as required by law

11. Data Sharing

We do not sell or rent personal data. We may share limited data with:

  • Cloud infrastructure providers (Amazon Web Services) who host our service under strict data processing agreements
  • Google Gemini AI, our AI sub-processor, which analyzes message content solely for child safety purposes. Google does not use this data for model training or any other purpose under our data processing agreement
  • Law enforcement agencies when required by law or to protect child safety

12. International Data Transfer

Your data may be processed on servers located outside your country of residence, including on Amazon Web Services and Google infrastructure. We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection laws, including standard contractual clauses where required.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach. We will also notify the relevant supervisory authority as required by applicable law, including the Israeli Privacy Protection Authority (PPA) and, where applicable, EU data protection authorities.

14. Cookies and Tracking Technologies

Our website uses the following cookies and tracking technologies:

  • Essential cookies required for website functionality
  • Google Analytics for understanding website usage patterns (anonymized) — loaded only after you provide consent via our cookie banner
  • Google reCAPTCHA for spam prevention on our contact form, which may set cookies and transmit data to Google (subject to Google's Privacy Policy)
  • We do not use advertising cookies or tracking pixels

15. Accessibility

Cyber Guard AI is committed to ensuring digital accessibility for people with disabilities. We strive to meet WCAG 2.1 Level AA standards and the accessibility requirements under Israeli Equal Rights for Persons with Disabilities Regulations. If you experience any accessibility issues with our website or service, please contact us at support@cyguardai.com so we can assist you and improve our accessibility.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

17. Contact Information

For questions or concerns about this Privacy Policy, our data practices, or to exercise any of your data protection rights, please contact our Privacy Team at privacy@cyguardai.com or reach out through our website's contact page. For Israeli residents, you may also contact the Israeli Privacy Protection Authority. For EU residents, you have the right to lodge a complaint with your local data protection supervisory authority. We will respond to all data rights requests within 30 days.