Ceburu Systems, Inc. ("Ceburu," "we," "us," or "our") respects your privacy and is committed to protecting the personal information we collect, use, share, and store. This Privacy Policy explains how we handle personal information in connection with our website at www.ceburu.com (the "Website"), our AI-driven Remote Monitoring and Management ("RMM") platform, customer portal, related applications, agents, APIs, and any other products or services we provide that link to this Policy (collectively, the "Service").
This Policy applies to personal information of website visitors, prospective customers, customer authorized users, and individuals whose information may be processed by us when our customers use the Service to monitor and manage their IT environments. By accessing or using the Service, you acknowledge you have read and understood this Policy.
If you have questions, you can contact us at legal@ceburu.com or at the address listed at the end of this Policy.
01Scope and Our Role
Ceburu as Controller. For information collected through our Website, marketing activities, and our direct relationship with our customers and users (such as account registration, billing, and support), Ceburu acts as a "controller" (under GDPR/UK GDPR) or "business" (under U.S. state privacy laws).
Ceburu as Processor / Service Provider. When our customers use the Service to monitor and manage their own IT infrastructure, devices, networks, and end users, our customers are the controllers/businesses with respect to data flowing through their tenant. Ceburu processes that data on their behalf as a processor or service provider, governed by our customer agreement and Data Processing Addendum ("DPA"). If you are an end user whose information is processed because your employer or service provider uses Ceburu, please contact that organization to exercise your rights with respect to that data; we will support them in responding to you.
02Information We Collect
We collect information in the categories below. Not every category applies to every individual.
2.1 Information You Provide Directly
- Account and contact information: name, business email, phone number, employer, job title, mailing address, and login credentials.
- Billing information: billing contact details and transaction records. Payment card details are processed by our payment processor; we do not store full card numbers on our systems.
- Customer content and configuration: inventory of monitored assets, alert rules, scripts, dashboards, tags, integrations, and other configuration you choose to enter.
- Communications: messages, support tickets, survey responses, sales inquiries, webinar registrations, and feedback you send us.
- Marketing preferences: subscription status and email preferences.
2.2 Information Collected Automatically (Website and Portal)
- Usage data: pages viewed, links clicked, features used, referring URL, session duration, and similar telemetry.
- Device and connection data: IP address, approximate location derived from IP, browser type and version, operating system, language, and device identifiers.
- Cookies and similar technologies: see Section 8 (Cookies and Tracking Technologies).
2.3 Information Collected Through the RMM Platform
When our customers deploy Ceburu agents, probes, or integrations across their IT environments, the Service collects technical and operational data necessary to monitor, secure, and manage those environments. This may include:
- Device and asset inventory data (hostname, serial number, manufacturer, model, OS version, installed software, hardware configuration, asset tags).
- Performance and availability telemetry (CPU, memory, disk, process, service, and uptime metrics).
- Network monitoring data (interface counters, traffic flow metadata, latency, SNMP data, network topology, and connected devices).
- Patch, vulnerability, and configuration management data.
- Backup status, job history, and storage usage metadata.
- Security event and log data ingested from endpoints, servers, firewalls, identity providers, and other sources connected to the platform (including SIEM and security log features).
- Remote session metadata (session start/end, initiating user, target device, session recordings or transcripts where the customer enables them).
- User account information for the customer's authorized users (e.g., admin and technician identities, role, login activity, IP address used to access the platform).
- Alarms, triggers, tickets, and remediation actions taken through the Service.
To the extent any of this data identifies or relates to an individual (for example, a username, an end user's device, or activity attributable to a person), it is treated as personal information under this Policy. Ceburu processes this data as a processor / service provider on behalf of the customer.
2.4 Information from Third Parties
- Single sign-on and identity providers (e.g., Microsoft, Google) when you choose to authenticate through them.
- Integrated systems your organization connects to the Service (e.g., ticketing, directory, cloud, backup, or email security tools).
- Marketing, sales intelligence, enrichment, and event partners (e.g., business contact data and firmographics).
- Service providers, resellers, and channel partners involved in delivering the Service.
- Public sources, such as professional networking sites, when permitted.
03How We Use Information
We use personal information for the purposes below. Where the GDPR/UK GDPR applies, the legal basis for each purpose is indicated.
| Purpose | Legal Basis (GDPR/UK GDPR) |
|---|---|
| Provide, operate, secure, and maintain the Service, including authentication, account management, customer support, monitoring, alerting, automation, and remote access functions. | Performance of a contract; legitimate interests |
| Process payments, invoicing, and manage customer relationships. | Performance of a contract; legal obligation |
| Detect, prevent, investigate, and respond to fraud, abuse, security incidents, malware, and other threats to the Service or its users. | Legitimate interests; legal obligation |
| Improve, develop, and analyze the Service (including aggregated/de-identified analytics, performance benchmarks, and product research). | Legitimate interests |
| Train, evaluate, and improve AI/ML models that power features such as anomaly detection, AIOps, predictive alerting, and automated remediation. See Section 4. | Legitimate interests; consent where required |
| Communicate with you about the Service, including security notices, policy changes, and operational updates. | Performance of a contract; legal obligation |
| Send marketing communications about Ceburu products, events, and offers, where permitted. | Consent; legitimate interests |
| Comply with legal, regulatory, audit, and contractual obligations and to enforce our terms. | Legal obligation; legitimate interests |
| Carry out corporate transactions such as mergers, acquisitions, financing, or asset sales, including due diligence. | Legitimate interests |
We will not use personal information for materially different, unrelated, or incompatible purposes without providing notice or, where required, obtaining consent.
04Artificial Intelligence and Machine Learning
Our Service includes AI- and ML-powered features (for example, anomaly detection, AI monitoring, AIOps, predictive analytics, and automated remediation). We are committed to using AI responsibly. The following principles apply:
- Customer data: We do not use customer content (data processed by Ceburu on a customer's behalf through the Service) to train AI/ML models that are made available to other customers, except where the data has been aggregated and de-identified so that it cannot reasonably be linked to any individual or customer.
- Model improvement: We may use telemetry, model inputs/outputs, error data, and de-identified or aggregated data to monitor, evaluate, debug, secure, and improve the performance and accuracy of AI features within Ceburu's platform.
- Third-party AI providers: Where we use third-party large language models or AI services to power features, we contractually require those providers to act as processors/sub-processors, restrict their use of customer data to delivering the feature, and prohibit using customer data to train their general-purpose models, unless the customer has explicitly opted in.
- Human oversight: AI outputs (such as suggested remediations or risk scores) are designed to assist, not replace, human decision-making. Customers remain responsible for the actions they choose to take based on AI-generated suggestions.
- Automated decision-making: We do not use AI to make decisions producing legal or similarly significant effects on individuals without human involvement. If that ever changes, we will provide notice and meaningful information about the logic, significance, and consequences as required by law.
05How We Share Information
We share personal information only as described below. We do not sell personal information for money.
- Within Ceburu: with affiliated entities under common control, bound by confidentiality and data protection obligations consistent with this Policy.
- Service providers and sub-processors: including cloud hosting (e.g., infrastructure providers), data storage and backup, analytics, customer support tools, communications, payment processing, security, identity, marketing automation (e.g., HubSpot, Mailchimp), and AI service providers. They access information only to perform services for us under written contract.
- Customers and authorized users: data within a customer's tenant is accessible to that customer's authorized users in accordance with their internal permissions.
- Channel partners and resellers: where you purchased through, are supported by, or specifically authorize a partner.
- Professional advisors: such as auditors, accountants, and lawyers, under confidentiality obligations.
- Legal, safety, and compliance: when we believe in good faith that disclosure is necessary to comply with law, valid legal process, or government request; to enforce our terms; to protect the rights, property, or safety of Ceburu, our customers, users, or others; or to detect, prevent, or address fraud or security issues.
- Corporate transactions: in connection with a merger, acquisition, financing, reorganization, asset sale, or insolvency, in which case we will require the recipient to honor the commitments in this Policy or notify you of any changes.
- With your direction or consent: for any other purpose disclosed at the time we collect the information or with your consent.
We may disclose aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose.
06International Data Transfers
Ceburu is headquartered in the United States and uses service providers in multiple countries. When we transfer personal information out of the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions with cross-border transfer restrictions, we rely on legally recognized transfer mechanisms, which may include:
- European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, or the Swiss equivalent;
- Adequacy decisions issued by the relevant data protection authorities;
- Other approved transfer mechanisms, such as derogations expressly permitted by applicable law.
You may contact us at legal@ceburu.com to request information about the safeguards we use.
07Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account and customer relationship data is retained for the duration of the relationship and for a reasonable period thereafter for legal, audit, and tax purposes.
- Data within a customer tenant is retained according to the customer's configuration and contractual terms; on termination, we delete or return the data in accordance with the customer agreement and DPA.
- Telemetry, security logs, and backups are retained for limited periods consistent with the purpose for which they were collected and applicable law.
- Marketing data is retained until you unsubscribe or object, plus a short period to honor your preference.
08Cookies and Tracking Technologies
We and our service providers use cookies, pixels, web beacons, SDKs, local storage, and similar technologies to operate the Website and portal, remember preferences, analyze traffic, and (with consent where required) deliver marketing.
Categories typically used include:
- Strictly necessary: required for authentication, security, and core functionality.
- Functional: remember your choices and preferences.
- Analytics and performance: help us understand how the Website is used (e.g., Google Analytics).
- Marketing: help us measure campaigns and reach relevant audiences.
Where required by law, we ask for your consent through a cookie banner before setting non-essential cookies. You can withdraw or change your consent at any time using the cookie preferences link on the Website. You can also configure your browser to block or delete cookies; doing so may impact functionality.
We honor recognized opt-out signals, including the Global Privacy Control (GPC), where required by applicable law.
09Security
We maintain a written information security program with administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These include encryption in transit and at rest where appropriate, access controls and least-privilege permissions, network segmentation, vulnerability and patch management, secure development practices, monitoring and logging, employee training, vendor risk management, and incident response procedures.
No security program can guarantee absolute security. You are responsible for keeping your account credentials confidential and for promptly notifying us of any suspected unauthorized use.
10Your Privacy Rights
Depending on where you live, you may have some or all of the rights below in relation to personal information that Ceburu controls. We support our customers in honoring these rights for data within their tenants.
10.1 Rights Available to All Eligible Individuals
- Access a copy of the personal information we hold about you.
- Correct inaccurate or incomplete personal information.
- Delete personal information, subject to legal exceptions.
- Port your information to another provider in a structured, commonly used format.
- Object to or restrict certain processing, including direct marketing.
- Withdraw consent where processing is based on consent (without affecting prior processing).
- Opt out of "sales," "sharing," or targeted advertising as those terms are defined under applicable U.S. state laws.
- Limit use of sensitive personal information, where applicable.
- Not be discriminated or retaliated against for exercising your rights.
10.2 GDPR / UK GDPR Specifics
If you are in the European Economic Area, the United Kingdom, or Switzerland, you may also lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.
10.3 U.S. State Privacy Rights (California, Virginia, Colorado, Connecticut, Utah, Texas, and Other States)
Residents of U.S. states with comprehensive privacy laws have rights to know, access, delete, correct, and obtain a copy of their personal information, and to opt out of sales, sharing/targeted advertising, and certain profiling activities. To exercise these rights, see Section 10.5.
We do not knowingly sell or share for cross-context behavioral advertising the personal information of consumers we know to be under 16 without affirmative authorization.
California "Shine the Light" (Civil Code §1798.83): California residents may request information about disclosures of personal information for third parties' direct marketing purposes by contacting legal@ceburu.com.
10.4 Authorized Agents
You may use an authorized agent to submit a request on your behalf. We may require proof of authorization and verification of your identity.
10.5 How to Exercise Your Rights
- Email: legal@ceburu.com
- Web form: www.ceburu.com/contact-us
- Mail: see Section 17 (Contact Us).
We will verify your identity and respond within the time required by applicable law (generally 30 to 45 days), and may extend that period where permitted. There is no charge unless your request is manifestly unfounded or excessive.
If your data is held within a customer's tenant, we will route your request to that customer or instruct you to contact them directly.
11Children's Privacy
The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us at legal@ceburu.com and we will take appropriate steps to delete it.
12Marketing Communications
You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message or by emailing legal@ceburu.com. Even if you opt out of marketing, we may still send you transactional or service-related communications (e.g., billing, security, and policy updates).
13Third-Party Sites and Integrations
The Service may link to or interoperate with third-party sites, products, or integrations that we do not control. Their privacy practices are governed by their own policies. We encourage you to review them before providing personal information.
14Do Not Track
Our Website does not currently respond to "Do Not Track" browser signals because no common standard has been adopted. We do, however, honor the Global Privacy Control (GPC) signal where required by law.
15Profiling and Automated Decision-Making
We do not engage in profiling that produces legal or similarly significant effects on individuals without meaningful human involvement. Where applicable law gives you the right to opt out of certain profiling, you may exercise that right as described in Section 10.5.
16Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this Policy reflects the date of the most recent revision. If we make material changes, we will provide additional notice (such as posting a notice on the Website or sending an email). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
17Contact Us
If you have questions, comments, complaints, or wish to exercise your privacy rights, please contact us:
Pleasanton, CA 94588, USA
Email: legal@ceburu.com
Phone: +1 (954) 669-1143
Website: www.ceburu.com
17.1 EU and UK Representatives
If we are required to designate an EU and/or UK representative under Article 27 of the GDPR or UK GDPR, their contact details will be provided here. Until designated, EU and UK individuals may contact us directly using the details above.
17.2 Data Protection Officer
You can reach our privacy team at legal@ceburu.com.