Privacy Policy | Ciphera

1. Our Commitment to Privacy

Ciphera is built on the principle that privacy is a fundamental right, not a feature. Every product we build uses zero-knowledge architecture: we cannot access your data even if we wanted to. We collect the absolute minimum data necessary to operate our services, we never sell or share your data with advertisers, and we give you full control over your information.

This policy explains in detail what data we collect, why we collect it, how we protect it, and what rights you have. It should be read alongside our Terms of Service, which governs your use of our services. We encourage you to read both in full.

2. Legal Framework

Ciphera is operated by Ciphera B.V., a company incorporated under Belgian law (KBO/BCE: 1013.721.660), with registered offices at De Kleetlaan 2, 1831 Diegem, Belgium. Our operations are governed by:

Belgian law — as our entity is incorporated in Belgium
EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, as we process data of individuals in the European Economic Area
Swiss Federal Act on Data Protection (FADP) — as our data infrastructure is located in Switzerland
ePrivacy Directive — Directive 2002/58/EC, as applicable to our electronic communications

Where these frameworks differ, we apply the standard that provides the strongest protection for your data. Belgian courts in Brussels hold exclusive jurisdiction for any disputes arising from this policy.

3. Data Controller

The data controller for all Ciphera services is:

Ciphera B.V.
KBO/BCE: 1013.721.660
De Kleetlaan 2
1831 Diegem, Belgium
Email: privacy@ciphera.net
Phone: +32 078 480 710

For privacy-specific inquiries, contact us at privacy@ciphera.net. For security concerns, contact security@ciphera.net.

Given the nature and scale of our current operations, a Data Protection Officer (DPO) has not been appointed under GDPR Article 37. All privacy inquiries are handled directly by our team at privacy@ciphera.net.

4. Data We Collect

We apply data minimization as a core design principle. Below is an exhaustive breakdown of every category of data we collect, organized by service.

4.1. Website (ciphera.net)

When you visit our website, we collect:

Analytics data — Page views, referrer sources, UTM parameters, device type, browser, operating system, and country-level geographic data. Collected via our own Pulse analytics platform, which uses no cookies, no fingerprinting, and no personal identifiers. Data is aggregated and cannot be traced to individual visitors.
Contact form submissions — Name, email address, subject, and message content, submitted voluntarily through our contact page.
Newsletter subscriptions — Email address only, submitted voluntarily with explicit consent.

Legal basis: Legitimate interest (analytics), consent (contact form, newsletter).

4.2. Ciphera Drop (Encrypted File Sharing)

Drop uses client-side encryption. All files are encrypted in your browser before upload. We collect:

Encrypted file data — Stored on our servers in encrypted form. We have no technical ability to decrypt, view, or access the contents of your files.
File metadata — File size, upload timestamp, and expiration settings. File names are encrypted and not visible to us.
Download counts — Number of times a file has been accessed, if download limits are configured by the uploader.
Password protection status — Whether a file is password-protected (the password itself is never stored in plaintext).

No account is required to use Drop. No personal information is collected from uploaders or recipients unless they choose to create an account.

Legal basis: Contract performance (providing the file sharing service).

4.3. Ciphera ID (Identity Provider)

When you create a Ciphera account, we collect:

Email address — Used for account identification, verification, security notifications, and password recovery. Encrypted at rest using AES-256-GCM. Lookups use an irreversible cryptographic hash — your email address is never stored in readable form.
Display name — Chosen by you, used for display and identification purposes. Encrypted at rest using AES-256-GCM.
Password — Double-hashed for maximum security. Your password is first hashed client-side using PBKDF2 (with 600,000 iterations) before transmission, then hashed again server-side using Argon2id. We never receive, transmit, or store your plaintext password.
Session metadata — Login timestamps, device type, and browser information for active session management.
Account verification data — CAPTCHA responses during registration, processed by our privacy-first Ciphera Captcha service (not Google reCAPTCHA or any third-party provider).

Legal basis: Contract performance (account management), legitimate interest (security).

4.4. Ciphera Pulse (Privacy-First Analytics)

Pulse is our self-hosted analytics platform, designed as a privacy-first alternative to Google Analytics. For websites using Pulse, we collect:

Page views — Aggregated page view counts per URL, not tied to individual visitors.
Unique visitor estimates — Calculated using a privacy-safe hashing method that rotates daily. No persistent identifiers are stored.
Referrer sources — The website or search engine that directed visitors to the site.
UTM parameters — Campaign tracking parameters from URLs (utm_source, utm_medium, etc.).
Technical metadata — Device type (mobile, desktop, tablet), browser name, and operating system. Derived from the User-Agent string, which is not stored.
Country-level location — Determined from the IP address, which is then immediately discarded. We do not store IP addresses.

Pulse does not use cookies, does not use browser fingerprinting, does not track users across websites, and does not collect personally identifiable information by default. Custom event properties are defined by the website owner, who is responsible for ensuring they do not contain personal data. Pulse is fully GDPR-compliant and does not require a cookie consent banner.

When website owners use Pulse on their websites, Ciphera B.V. acts as a data processor under GDPR Article 28. A Data Processing Agreement (DPA) is available upon request at privacy@ciphera.net.

Legal basis: Legitimate interest (anonymous website analytics).

4.5. Ciphera Captcha (Bot Protection)

Our CAPTCHA service protects Ciphera services from automated abuse. We collect:

Challenge responses — Your interaction with the CAPTCHA challenge, used solely to verify you are human.
Verification tokens — Short-lived tokens that confirm successful CAPTCHA completion, automatically expired after use.
Behavioral insights — Mouse movement patterns, keystroke timing, scroll behavior, and touch input, collected solely to distinguish automated traffic from human visitors. This data is processed in-memory only, is never written to persistent storage, is automatically discarded within 15 minutes, and is not linked to user accounts.

Unlike third-party CAPTCHA services, Ciphera Captcha does not track users across pages or websites, does not set persistent cookies, and does not share data with advertising networks.

Legal basis: Legitimate interest (abuse prevention, service security).

4.6. Ciphera Relay (Email Infrastructure)

Relay handles transactional emails (account verification, security notifications, password resets) for Ciphera services. We collect:

Recipient email addresses — Required to deliver transactional emails.
Delivery metadata — Delivery status, bounce information, and timestamps for operational monitoring.

Relay does not send marketing emails, does not track email opens via tracking pixels, and does not share recipient data with third parties. Email content is transmitted over encrypted connections (TLS).

Legal basis: Contract performance (transactional communications).

5. Data We Do Not Collect

We believe it is equally important to state what we do not do:

We do not use tracking cookies of any kind
We do not use browser fingerprinting or cross-site device tracking
We do not engage in cross-site tracking or retargeting
We do not sell, trade, rent, or share your personal data with third parties for advertising or marketing purposes
We do not use third-party analytics services (Google Analytics, Meta Pixel, etc.)
We do not serve advertisements of any kind
We do not build user profiles or behavioral profiles
We do not use tracking pixels in emails
We do not collect location data beyond country-level (and that is derived, not stored)
We do not use any social media tracking widgets or embedded content that tracks visitors

6. IP Address Policy

IP addresses are inherently part of internet communications and are temporarily processed by our servers during request handling. Our policy regarding IP addresses is:

No IP address storage — We do not store raw IP addresses in any database. All IP addresses are cryptographically hashed using HMAC-SHA256 with user-specific salts before any persistence. The original IP address is irreversibly discarded and cannot be recovered — not by us, not by anyone.
Temporary processing — IP addresses may be temporarily held in server memory during active connections for rate limiting and abuse prevention. They are not written to persistent storage in their original form.
Pulse analytics — IP addresses are used solely to derive country-level location data, then immediately discarded. The IP address itself is never stored.
Security audit logs — Security events (logins, password changes, 2FA changes) are logged with a cryptographic hash of the IP address, not the IP itself. This allows detection of patterns (e.g., same device logging in repeatedly) without storing personally identifiable information. Audit logs are retained for 90 days, then archived for up to 1 year before permanent deletion.
Server logs — Operational server logs that may contain IP addresses are automatically purged after 30 days.

7. Cookies & Local Storage

We use the absolute minimum of browser storage necessary to operate our services:

Name	Type	Purpose	Duration
theme	Local storage	Stores your light/dark mode preference	Persistent
session	HTTP-only cookie	Maintains your login session (authenticated services only)	Session / 30 days

We do not use advertising cookies, tracking cookies, or third-party cookies. No cookie consent banner is required under GDPR because we only use strictly necessary cookies (Article 5(3) of the ePrivacy Directive).

8. Encryption & Security Measures

Security is foundational to everything we build. Our technical measures include:

Client-Side Encryption

Algorithm: AES-256-GCM (authenticated encryption)
Key generation: Encryption keys are generated in your browser using the Web Crypto API and are never transmitted to our servers
Zero-knowledge architecture: Our servers store only encrypted data. We have no technical capability to decrypt, read, or access the content of your files

Password Security

Double hashing: Passwords are hashed client-side with PBKDF2 (600,000 iterations) before transmission, then hashed again server-side with Argon2id
No plaintext transmission: Your actual password never leaves your device

Account Data Encryption

At-rest encryption: Email addresses, display names, and two-factor authentication secrets are encrypted using AES-256-GCM before storage. A database breach cannot expose personal information.
Hash-based lookups: Email lookups use an irreversible HMAC-SHA256 hash. Your email is never stored in readable form — only an encrypted version and a keyed hash exist in the database.

Transport Security

TLS 1.3: All connections to our services use TLS 1.3 encryption
HSTS: HTTP Strict Transport Security is enforced with a minimum 1-year max-age
Security headers: X-Content-Type-Options, X-Frame-Options (DENY), Referrer-Policy (strict-origin-when-cross-origin), and Content Security Policy are enforced on all pages

Infrastructure Security

Data at rest is stored on encrypted volumes
Access to production systems requires multi-factor authentication
We follow the principle of least privilege for all internal access
Regular security reviews and dependency audits are performed

9. Data Storage & Retention

Storage Location

All primary data is stored on servers located in Switzerland, subject to the Swiss Federal Act on Data Protection (FADP). Switzerland has been recognized by the European Commission as providing an adequate level of data protection (adequacy decision under GDPR Article 45).

Retention Periods

We retain data only as long as necessary for the purpose it was collected:

Data Type	Retention Period	Basis
Encrypted files (Drop)	Until expiration (user-configured, 1 hour to 30 days)	User choice
Account data	While account is active + 30 days after deletion request	Contract
Session data	Until logout or 30 days (refresh token expiry)	Contract
Analytics data (Pulse)	Aggregated indefinitely (no personal data)	Legitimate interest
Contact form messages	12 months	Consent
Newsletter subscriptions	Until unsubscribe	Consent
Security audit logs (hashed IPs only)	90 days active + 1 year archive	Legitimate interest
Server logs	30 days (automatic purge)	Legitimate interest
CAPTCHA verification tokens	Expired immediately after use	Legitimate interest
Email delivery metadata (Relay)	30 days	Contract

10. Legal Bases for Processing

Under GDPR Article 6, we process personal data on the following legal bases:

Contract performance (Article 6(1)(b)): Processing necessary to provide the services you requested — account management, file sharing, session management, and transactional emails.
Legitimate interest (Article 6(1)(f)): Processing necessary for our legitimate interests, where those interests are not overridden by your rights — anonymous website analytics, abuse prevention, rate limiting, and service security. We conduct balancing tests for each legitimate interest processing activity.
Consent (Article 6(1)(a)): Processing based on your freely given, specific, informed consent — newsletter subscriptions, contact form submissions, and optional communications. You may withdraw consent at any time.
Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements — responding to valid law enforcement requests (see Section 14).

11. Third-Party Services & Data Processors

We minimize our reliance on third-party services. The services we use, and the data they may process, are listed below:

Service	Purpose	Data Processed	Location
Exoscale	Compute and object storage	Encrypted data at rest	Switzerland
Bunny	CDN, DNS, DDoS protection, edge routing	IP addresses (transient)	Global (edge network)
GitHub	Source code hosting	Source code	United States
Mollie	Payment processing	Billing and subscription data	Netherlands

All third-party processors are bound by Data Processing Agreements (DPAs) and are contractually required to process data only for the specified purpose. A complete list of sub-processor identities, including specific company names and registered addresses, is available upon request at privacy@ciphera.net. We do not use:

Google Analytics, Google Tag Manager, or any Google tracking service
Meta Pixel, Facebook SDK, or any Meta tracking service
Third-party CAPTCHA services (we use our own Ciphera Captcha)
Third-party email tracking services
Advertising networks of any kind
Customer data platforms (CDPs) or data brokers

12. International Data Transfers

Your data is primarily stored in Switzerland, which benefits from an EU adequacy decision. In limited cases, data may be processed in other jurisdictions:

CDN/DNS services — Your requests may be routed through global edge servers for performance and DDoS protection. Only transient connection data (IP addresses) passes through these servers.
GitHub — Public source code hosted in the United States. No personal user data is stored on GitHub.

Where personal data is transferred outside the EEA or Switzerland, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission under GDPR Article 46(2)(c), or transfers to countries with an adequacy decision under GDPR Article 45.

13. Open Source & Transparency

We believe transparency is essential to trust. Several of our products are open source, allowing independent verification of our privacy claims:

Drop — The frontend application is open source, so anyone can verify that encryption happens client-side before data leaves your device.
Pulse — The frontend is open source, enabling independent audit of our analytics approach.
Ciphera UI — Our shared component library is open source.
This website — The marketing website source code is publicly available.

Our open-source repositories are available at github.com/ciphera-net.

14. Data Disclosure & Law Enforcement

We will only disclose user data if legally compelled to do so by a valid and binding request from competent Belgian or Swiss authorities, in full compliance with applicable law.

Our disclosure policy:

Challenge first: We will challenge any request that we believe is overbroad, legally insufficient, or not in the public interest.
Minimum disclosure: If legally required to comply, we will disclose only the minimum data necessary to satisfy the specific request.
Encrypted data limitation: Due to our zero-knowledge architecture, we cannot decrypt or provide access to the contents of encrypted files, even under legal compulsion. We can only provide metadata and encrypted data.
User notification: Where legally permitted, we will notify affected users of data requests.
No voluntary disclosure: We do not voluntarily share user data with any government, intelligence agency, or law enforcement body.

We do not comply with requests from foreign authorities unless they are processed through appropriate international legal assistance channels recognized by Belgian or Swiss law.

15. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@ciphera.net and we will promptly delete the data.

16. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined under GDPR Article 22. Our automated systems are limited to:

Rate limiting — Automated throttling of excessive requests to protect service availability.
CAPTCHA challenges — Automated bot detection during registration and certain interactions.
File expiration — Automated deletion of files after user-configured expiration periods.

None of these automated processes result in decisions that produce legal effects or significantly affect any individual.

17. Data Breach Notification

In the event of a personal data breach, we will:

Notify the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.
Document the breach, its effects, and the remedial actions taken.

Due to our zero-knowledge architecture, a breach of our servers would not expose the content of encrypted files, as we do not possess the decryption keys.

18. Your Rights Under GDPR & FADP

Under the EU General Data Protection Regulation and the Swiss Federal Act on Data Protection, you have the following rights regarding your personal data:

Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data in a commonly used, machine-readable format.
Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and completion of incomplete data.
Right to Erasure (Article 17): You have the right to request deletion of your personal data. Account data will be deleted within 30 days of a verified request. Note that encrypted files cannot be individually identified as belonging to a specific user.
Right to Restriction of Processing (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object (Article 21): You have the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The relevant authority for Ciphera is the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels, Belgium — www.dataprotectionauthority.be.

To exercise any of these rights, contact us at privacy@ciphera.net. We will respond to verified requests within 30 days, as required by law. We may ask you to verify your identity before processing your request.

19. Social Media & External Links

Our website and blog may contain links to external websites, including our GitHub repositories and social media profiles. We do not embed social media tracking widgets on our website. When you follow a link to an external site, you leave our services, and the external site's privacy policy governs your interaction with that site. We are not responsible for the privacy practices of external websites.

20. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or best practices. When we make changes:

The “Last updated” date at the top of this page will be revised.
For material changes that affect your rights, we will provide prominent notice (such as a banner on our website or an email notification to account holders).
Previous versions of this policy will be archived and available upon request.

We encourage you to review this policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy. The English version of this policy prevails in case of any discrepancy with translations.

21. Contact Us

If you have any questions about this privacy policy, our data practices, or wish to exercise your rights, you can reach us through:

Privacy inquiries: privacy@ciphera.net
Security concerns: security@ciphera.net
General inquiries: hello@ciphera.net
Phone: +32 078 480 710
Address: Ciphera, De Kleetlaan 2, 1831 Diegem, Belgium

We aim to respond to all inquiries within 5 business days, and to formal data rights requests within 30 days.