Last updated: April 2026. Plain language, no legal jargon.
All analysis runs entirely in your browser using JavaScript. Your password is never transmitted to any server. You can disconnect from the internet and the tool works identically.
Passwords are generated locally using your browser's crypto.getRandomValues() API. Nothing is sent over the network. Session history exists only in RAM and disappears when you close the tab.
Your email address is sent to the XposedOrNot public API to check against known breach databases. Cyberscan acts as a proxy and does not log, store, or process your email address beyond forwarding the request.
The URL you submit is sent to the VirusTotal API for threat analysis. Cyberscan proxies the request without logging the URL.
Cyberscan is served via a global CDN. The infrastructure provider may retain standard server logs (IP addresses, request timestamps) as part of normal operations. This is outside our control.
Contact information coming soon.