Privacy Policy

Updated:  April 28th, 2021

  • At Ciphr, our mission is to empower people to protect and optimize their digital privacy. We create applications that allow people to communicate freely without compromising their privacy.
  • We do not have access to any of your communications. Our end-to-end encrypted infrastructure ensures that any communication passing through our network remains private, only you and your contacts have access.
  • We do not associate personal information such as email address or phone number to Ciphr accounts and will not collect any information without your consent.
  • We believe in transparency and want you to know how we handle the limited personal information we may collect. This data is collected in order to provide our secure communication services (Services) or to allow you to interact with our website located at https://ciphr.io/ (Website).
  • We prepared this privacy policy (Privacy Policy), which should be read together with our Terms of Use, to explain how Ciphr uses and protects your personal information. We have made every effort to ensure clarity in our Privacy Policy.
  • You can contact us at any time by email at legal@ciphr.io for any inquiries, questions, comments regarding your data and personal information or this Privacy Policy.
  • By using our Services, you confirm your acceptance of our Privacy Policy. If you do not agree to our Privacy Policy, you may not use our Services.

1. Security FOR COMMUNICATION DATA

Ciphr takes its commitment to protect the security and privacy of your personal information seriously. Our security measures aim to maintain data accuracy and to protect your personal information from losses, theft or unauthorized access, disclosure, copying, misuse or modification.

Keeping your information safe: We care about the security of your information and employ safeguards designed to preserve the integrity and security of all information transmitted through our Services. Our algorithmic process ensures that all communication data sent through our Services is end-to-end encrypted to ensure that your encoded communication is delivered to the recipient securely. Only the recipient has access to a unique decryption key to transform the coded information into a readable text.

The integrity of your communication is assured during its transit because Ciphr uses:

  • end-to-end encryption protocols that verify integrity, i.e. protect against modification by an attacker.
  • transport layer security with pinned certificates, such that it would be very challenging for a man-in-the-middle to inject malicious certificates into the device’s trust store and/or decrypt traffic or modify any data in transit.

Ciphr’s security measures also include:

  • ensuring server authentication and data encryption using Secure Sockets Layer technology (SSL) when Services are accessed via the Internet;
  • maintaining a strict control of the residual data retained on Ciphr’s servers;
  • limiting access to the actual data transmitted to only you and its intended recipient; and
  • locating Ciphr’s platform and servers in various data centers and deploying them at random. Ciphr may use, among other things, content delivery networks and proxies to mitigate threats.

To increase the privacy of your data, please keep in mind that:

  • the information (including documents and attachments) you send to your contacts may remain on their device(s) even after you deleted it from your own device(s), depending on the parameters selected for such transmission or whether, for example, the recipient(s) took a photo or otherwise recorded it;
  • when sending or receiving any information, you should validate the identity and trustworthiness of the recipients; and
  • you should take security measures to ensure that the confidentiality of the information you send or receive is preserved after the transmission.

2. PAYLOAD SECURITY

Our Services retain as little data as possible for as little time as possible. The communication data transmitted on the servers (Payload) using our Services is end-to-end encrypted before its transmission to Ciphr servers and relayed to the recipient’s device, such that Ciphr cannot have access to your conversations through our communication services. The Payload is automatically deleted as soon as it is successfully delivered to the recipient. In the event the Payload cannot be immediately delivered, it is only temporarily stored on Ciphr’s servers until the sooner of its successful delivery to the recipient or 14 days, after which it is automatically purged.

Temporary payload storage and transfer: Your encrypted communication information may be stored temporarily in any country in which Ciphr’s or its service providers’ servers are hosted, for the purposes of facilitating and securely completing your communication through the Services. Please note that we may transfer information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, including any country in which Ciphr or its affiliates or service providers maintain servers or facilities.

Security protocols: Your encrypted communications can only be decrypted with a private encryption key, which is only held by your intended recipient(s). In the unlikely event that personal information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other appropriate steps, in accordance with any applicable law.

3. AUTOMATICALLY COLLECTED INFORMATION

Automatic collection of limited information is required to ensure the reliability of access to the Service. When you download, access, or use the Services, we may automatically collect the following information depending on your Ciphr version:

Ciphr Lite (App Platforms)

  • Last login
  • Device model
  • App version
  • Operating system version

Ciphr (MDM)

Accessing Ciphr through our mobile device management (MDM) deployment provides you with additional security measures such as a virtual private network (VPN) and strict information technology (IT) policies to increase data protection. This requires additional information to facilitate access to the Services:

  • Crash logs
  • Device model
  • Network state
  • SIM#, IMEI#, IMSI#
  • Mobile network information

Ciphr’s applications leverage an on-premise crash reporting system in order to gather application performance and crash data, which does not contain any personal information. Additionally, Ciphr’s applications allow you to trigger a reporting feature which contains application stack traces and information regarding events that occurred prior to and after a crash. Such a report also contains a plain text comments string allowing you to report comments related to the issue.

If any bug or error occurs, we may collect diagnostic information about your device. We use this additional information to enhance the security controls around the access to the Services and to resolve the bugs and errors that may exist. Diagnostic information includes:

  • Last login
  • Device model
  • App version
  • Operating system version
  • Time zone
  • Language
  • Battery level
  • Free memory
  • Screen resolution

4. USER-PROVIDED INFORMATION FOR ACCESS TO SERVICES

We do not associate personal information such as email address or phone number to Ciphr accounts. No user information is required for account creation and Services access. Should we have access to any personal information about you from third-party sources, such as online application stores and platforms, we will not correlate such information with any account you create to use and access the Services.

Ciphr account information: To provide you with access to the Service and to facilitate communication between Ciphr contacts, Ciphr stores your randomly generated Ciphr Identification Number (CID), Alias information, and/or Ciphr Mail email address. Since we do not collect personal information for account creation, Ciphr Identification Number (CID), Alias information, and/or Ciphr Mail email address is not associated with any personally identifiable information. Ciphr will also request your password for entry to the application. We do not store passwords on our servers.

Payment information: Only if and when purchasing any fee-based feature of the Services, you may provide payment information to us or a third-party payment provider. We do not store your payment information.

5. USER-PROVIDED INFORMATION FOR COMMUNICATING WITH CIPHR

User-provided information for communication with Ciphr: You may voluntarily provide Ciphr with any suggestions, ideas, comments, questions or other feedback relating to your use of the Services, typically through our Website. We will handle the information received to (i) categorize the communication, (ii) respond to your feedback, (iii) send any information requested and/or (iv) ensure compliance with the Terms of Use.

Data storage and transfer: Any information which you submitted for the purposes of communicating with Ciphr may be stored in any country in which Ciphr’s or its service providers’ servers are hosted. Please note that we may transfer information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, including any country in which Ciphr or its affiliates or service providers maintain servers or facilities.

Retention of your information. We will only retain voluntarily submitted personal information for as long as necessary to fulfil the purposes for which we received it, for the purposes of our legitimate business interests and for satisfying any legal requirement.

6. INFORMATION PROVIDED BY OUR Ciphr reseller PARTNERS

Our reseller partners (Ciphr Reseller Partners) may share Ciphr account details like Ciphr ID (CID), Ciphr Mail email address, or subscription details, with us so that we can deliver support services, update, upgrade or otherwise improve the Services, or to develop new services. Ciphr Reseller Partners are not required to disclose personally identifiable information with us unless otherwise required by applicable law. Please note that our Ciphr Reseller Partners are required to comply with applicable privacy and data collection laws.

7. WEBSITE

Process and security cookies: Our Website uses process cookies that allow it to work properly in keeping track of the sequence of orders or requests or when browsing from one page to the other, as well as security cookies that are used each time the Website is used for authentication, security, network management, and accessibility purposes. Through the use of cookies, Ciphr may collect your browser information, Internet Protocol addresses, the interactions taking place with the Website and similar general information. While cookies cannot be blocked as they are essential for ensuring that the Website functions properly, they are of a temporary nature and will disappear when the browser software is closed, the device is turned off or restarted or if you manually delete them. Further, cookies are almost always assigned a validity period after which they are automatically purged from a browser’s local storage.

Privacy policies of third-party partners: We also engage with certain third-party partners, who share our profound dedication to the protection of privacy, to help us improving our Services. We use an email marketing platform on the Website to create and manage mailing lists, newsletters and automated marketing campaigns. We also use an open source, self-hosted web analytics application that tracks online visits to websites and displays reports.

Our Website may collect information only in connection with your browsing activity, as opposed to your use of our Services. We may collect for internal evaluation of the performance of our Services information about your device, browsing actions, and patterns such as: (i) usage details (including but not limited to traffic data, and the resources you access and use through our Website); and (ii) device information (including IP address, operating system and browser type).

8. LIMITING COLLECTION OF ALL USER DATA

We have made it a priority to retain as little data as possible. The very limited information obtained about you, as detailed in this Privacy Policy, is always retained in a highly secure manner for the shortest possible period of time, only as long as it is necessary to provide you with the Services or to comply with applicable law.

9. DO WE DISCLOSE YOUR DATA TO THIRD PARTIES?

We do not sell any data and we do not disclose your personal information to any third parties, unless required to provide you with the Services or by applicable law.

If you obtained our Services through any of our Ciphr Reseller Partners, please note that we may disclose limited information to the extent necessary with our Ciphr Reseller Partners that facilitate the provision of the Services (e.g. by providing assistance with respect to the maintenance and development of our Services).

While we generally do not disclose personal information to third parties, for full transparency we note that the suppliers we use in connection with the Services include our Website suppliers which create and manage mailing lists, newsletters and automated marketing campaigns, and website analytics platforms may have access to information provided voluntarily by a user through the Website or when communicating with Ciphr, as detailed in the “Website” section of this Privacy Policy.

Ciphr always makes reasonable efforts to ensure that suppliers and third parties use the limited personal information they may have access to in a manner that is consistent with this Privacy Policy.

10. TERMINATION OF YOUR ACCOUNT

You can decide to cease using the Services and delete Ciphr’s applications from your device at any time, or we can terminate your account in accordance with our Terms of Use. After your account is deleted, the data contained on your devices will be irrevocably erased and you will not be able to retrieve your information.

11. law enforcement

Our Services must be used solely for lawful purposes, in full compliance with applicable laws. While Ciphr is committed to protecting your privacy and security, we may be required by applicable law to disclose personal information to law enforcement authorities. However, we will only release the information requested by law enforcement authorities when compelled to do so by court order, warrant, subpoena or other legal authority issued by a court or competent authority, in compliance with applicable laws.

12. miNimum age

We recognize the importance of protecting the privacy and safety of children. The Services are not intended for minors, who should not use the Services.

13. YOUR DATA RIGHTS

We are committed to respecting the highest standards on data protection and privacy and, as such, this section applies to all users of our Services around the world, and not only to users in the European Union.

Data Controller: Ciphr is the data controller for the processing of your Personal Information (as defined in the European Union General Data Protection Regulation (GDPR)).

Legal Bases for Processing. This Privacy Policy describes the legal bases we rely on for the processing of your Personal Information. Please contact us if you have any questions about such specific legal basis. As used in this Privacy Policy, “legitimate interests” means our interests in conducting our business and developing a business relationship with you. This Privacy Policy describes when we process your Personal Information for our legitimate interests, what these interests are and your rights. We will not use your Personal Information for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

Your Rights. You have the following rights in relation to your Personal Information, under certain circumstances:

  • Right of access: If you ask us, we will confirm whether we are in possession of Personal Information about you and, if so, provide you with a copy of that Personal Information along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Information with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Information, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Information in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal information so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Information, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Information -- unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims; and
    • If we are processing your Personal Information for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above).
  • Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Information, you can report it to the data protection authority of the country in which you are located.

Please see the “Contacting Ciphr” section below for information on how to exercise your rights.

14. AccessING, correcting and updating PERSONAL information

Requests for access to, or for necessary corrections, additions or deletions of, personal information in accordance with applicable laws may be made by contacting Ciphr by email at legal@ciphr.io. We will respond to your request as quickly as possible and will need to verify your identity before providing you with access to the personal information we hold about you. In some cases, we may be unable to accommodate your request if we are unable to verify your identity, if we are prohibited by law, if disclosure would result in the disclosure of the personal information of others, or if the request is unreasonable or impractical. If we are unable to process your request for these or any other reasons, we will provide you with an explanation of the reason for denial, and you will be permitted to request a review.

15. notifications AND WITHDRAWING OF CONSENT

Ciphr may communicate with you to inform you about changes, important information with regard to the Services, information we believe may interest you, or with your consent. Ciphr will generally use the same means of communication you chose to contact Ciphr or the preferred means specified by you. You can always unsubscribe from any promotional e-mails.

If you are a registered user of our messaging service, you may receive notifications in the notifications section within the applications. With your consent, we may send push notifications or alerts to your mobile device even when you are not logged in. At any time, you can manage your push notification preferences or deactivate these notifications at any time by turning off the notifications settings in the device settings of your mobile device.

16. CHANGES TO THIS PRIVACY POLICY

Ciphr reserves the right, in its sole discretion, to modify, replace or otherwise update this Privacy Policy at any time, so please be sure to check back periodically. You can tell if this Privacy Policy has changed by checking the last updated date that appears at the beginning of this Privacy Policy. Ciphr may notify you of any material change to this Privacy Policy by sending you a notification to your mobile device, or by other appropriate communication means. Ciphr strongly encourages you to review this Privacy Policy periodically, as your continued use of the Services will constitute acceptance of any updated, modified or replaced Privacy Policy. Should you disagree with any updates or amendments made to this Privacy Policy, you must immediately stop accessing or using the Services.

17. Contacting CIPHR

All questions, comments or requests regarding this Privacy Policy should be directed to Ciphr by email at legal@ciphr.io. Ciphr will respond to questions and requests as soon as possible.

This website uses cookies to ensure you get the best experience on our website. Learn More
Learn More