Skip to content

Global Privacy Rights Framework

A jurisdiction aware framework for privacy rights, data transfers, learner records, career applications, payment metadata, AI assisted workflows, and credential verification. This page explains how CyberAI receives, verifies, evaluates, and responds to privacy requests across jurisdictions.

Last updated May 2026.

Jurisdiction specific rights. This framework does not claim that every global law applies to every user. It explains how CyberAI evaluates privacy rights, data protection duties, and request handling based on the person's location, relationship to CyberAI, the data involved, and applicable law.

Scope

CyberAI Innovations is headquartered in Georgia, United States and may offer training to learners, applicants, clients, partners, and website visitors in multiple jurisdictions. Privacy rights vary by location, relationship, data type, and applicable law. CyberAI will evaluate each request based on the requester location, the type of data involved, the applicable law, identity verification, security requirements, and any legal or contractual retention obligations.

Common privacy rights CyberAI supports where applicable

Depending on applicable law, individuals may have rights to be informed about data practices, access personal information, correct inaccurate information, request deletion, restrict or object to processing, request portability, withdraw consent, appeal or challenge a decision, opt out of certain sales, sharing, targeted advertising, or profiling, and lodge a complaint with a regulator. These rights are not identical in every jurisdiction and may be limited by law, security needs, training records, apprenticeship records, payment records, credential integrity, fraud prevention, or dispute preservation.

Compliance posture

This framework is a public privacy rights notice, not a claim that every privacy law in the world applies to every visitor or that one process is identical in every jurisdiction. CyberAI evaluates privacy requests based on the person's location, relationship to CyberAI, the data involved, identity verification, security needs, legal obligations, provider obligations, and the rights of other people. CyberAI applies jurisdiction specific requirements where they govern the request.

Data categories covered by this framework

This framework covers website inquiries, contact details, learner applications, career applications, resume files, GitHub or LinkedIn profile links submitted by applicants, LMS accounts, coursework records, assessment activity, apprenticeship hour records, support messages, payment status and transaction metadata, accessibility accommodation requests where applicable, AI assisted workflow logs, security logs, and credential verification records. CyberAI avoids collecting sensitive personal information unless it is necessary for a specific lawful purpose and appropriate safeguards are in place.

European Union and European Economic Area

The GDPR is the central EU data protection law and recognizes rights such as information, access, rectification, erasure, restriction, portability, objection, and rights related to automated decision making and profiling. The European Commission explains that GDPR can apply to organizations outside the EU when they offer goods or services to people in the EU or monitor behavior in the EU. CyberAI treats EU learner, applicant, and website data as requiring lawful basis review, transparent notices, data minimization, retention controls, processor contracts, transfer safeguards, and a response process for data subject requests where GDPR applies. Reference: European Commission data protection explained.

United Kingdom

UK GDPR and the UK Data Protection Act apply separately from EU GDPR where they govern a request. CyberAI evaluates lawful basis, individual rights requests, international transfers, and appropriate safeguards for United Kingdom data where applicable.

United States state privacy laws

U.S. state privacy laws vary and continue to change. California privacy law grants rights that include knowing what personal information is collected, used, shared, or sold, deletion, opt out rights, and non discrimination for exercising rights. CyberAI routes California and other state privacy requests through a central privacy request workflow, does not sell personal information, evaluates targeted advertising or sharing practices before using them, and provides an appeal or escalation process where required. Reference: California Attorney General CCPA page.

Canada

PIPEDA applies to many private sector organizations that collect, use, or disclose personal information in the course of commercial activities across Canada and is built around fair information principles such as accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, safeguards, openness, individual access, and challenging compliance. CyberAI evaluates Canadian applicability for marketing, enrollment, contracting, and learner data transfers involving Canada. Reference: Office of the Privacy Commissioner of Canada PIPEDA brief.

Brazil

Brazil LGPD recognizes data subject rights such as confirmation of processing, access, correction, anonymization or blocking of unnecessary or excessive data, deletion, portability where applicable, information about sharing, and consent revocation. CyberAI evaluates LGPD applicability for Brazilian learners, applicants, clients, and international transfers of Brazilian personal data. References: Brazil LGPD rights overview and ANPD international transfer information.

South Africa

South Africa POPIA establishes conditions for lawful processing and is overseen by the Information Regulator. CyberAI evaluates POPIA where South African learner, applicant, or client data is involved, especially where learner records, application documents, identity information, apprenticeship records, or credential records are involved. Reference: Information Regulator South Africa POPIA overview.

Singapore

Singapore PDPA governs personal data protection obligations for organizations and is administered by the Personal Data Protection Commission. CyberAI evaluates consent, notification, purpose limitation, access, correction, protection, retention, transfer limitation, and breach management obligations where Singapore based learner or client data is involved. Reference: Singapore PDPC PDPA overview.

Other likely jurisdictions

CyberAI also evaluates privacy laws in jurisdictions with significant privacy frameworks, including Australia, New Zealand, Japan, South Korea, India, the Dubai International Financial Centre, the Abu Dhabi Global Market, the United Arab Emirates, Switzerland, Mexico, Argentina, Nigeria, Kenya, and other countries where learners, applicants, clients, or partners are located. If CyberAI targets a market, accepts paid enrollment from that market, stores learner records from that market, or engages a partner in that market, CyberAI applies a jurisdiction specific privacy review for that activity.

Artificial intelligence and automated processing

CyberAI may use AI assisted tools to help generate training materials, review curriculum structure, support learner state analysis, draft operational content, or assist internal administrative review. CyberAI discloses AI assisted processing where it materially affects learners, applicants, clients, or credential workflows. CyberAI keeps humans responsible for final decisions where fairness, eligibility, discipline, hiring, apprenticeship participation, payment disputes, accessibility accommodations, or legal rights are involved.

Blockchain credential privacy

Credential verification records are designed for privacy from the beginning. Public or immutable records do not contain unnecessary personal information, sensitive information, full learner files, payment details, identity documents, or private LMS activity. Where blockchain verification is used, CyberAI favors verification hashes, credential identifiers, issuer identifiers, timestamps, and off chain records protected by access controls.

Children and age restrictions

CyberAI does not knowingly collect information from children below the age required by applicable law without the necessary parent, guardian, school, or institutional authorization. If a program is designed for minors, CyberAI uses a separate child privacy review and authorization workflow before collecting minor data for that program.

Security and incident response

CyberAI maintains administrative, technical, and physical safeguards appropriate to the data involved, including access controls, least privilege, encryption where appropriate, secure backups, audit logs, vendor review, and incident response procedures. Breach notification obligations vary by jurisdiction, so CyberAI evaluates notification duties through an internal incident workflow.

Operational controls before global scale

  • CyberAI maintains a data inventory covering website forms, LMS records, apprenticeship hour records, payment status, credential records, AI features, support messages, logs, and career applications.
  • CyberAI maps a lawful basis or permitted purpose for major processing activities where applicable law requires it.
  • CyberAI uses data minimization so forms do not request sensitive information unless the workflow requires it.
  • CyberAI publishes privacy notices that explain categories of data, purposes, sharing, retention, international transfers, and rights.
  • CyberAI uses processor contracts or data processing addenda with hosting, LMS, payment, email, analytics, AI, and credential vendors where required.
  • CyberAI uses a privacy request workflow that verifies identity, logs deadlines, tracks exemptions, and records outcomes.
  • CyberAI applies retention schedules for inquiries, enrollment records, payment records, apprenticeship records, career applications, LMS activity, and credential records.
  • CyberAI reviews cross border transfers for applicable non U.S. learner, applicant, client, and provider data.
  • CyberAI documents human review for AI assisted decisions and avoids final automated decisions where law or fairness requires human involvement.
  • CyberAI limits public blockchain credential records to verification safe data and avoids unnecessary personal information on immutable public records.

How to make a privacy request

To make a privacy request, account deletion request, or data deletion request, contact data@cyber-ai.tech and include your name, email address, jurisdiction, relationship to CyberAI, and the request type. CyberAI may request additional information to verify your identity and protect records from unauthorized disclosure.

Important limits

Some requests may be denied or limited where CyberAI must keep records for security, accounting, tax, legal, contract, dispute, apprenticeship, training integrity, credential integrity, fraud prevention, or other lawful reasons. CyberAI explains the basis for any limitation where required by applicable law.