Terms of Service

1. Acceptance of Terms

By accessing or using any Ciphera service — including Drop, Pulse, Ciphera ID, Ciphera Captcha, Ciphera Relay, and the ciphera.net website (collectively, the "Services") — you agree to be bound by these Terms of Service (the "Terms"). These Terms constitute a legally binding agreement between you and Ciphera B.V., a company incorporated under Belgian law (KBO/BCE: 1013.721.660), with registered offices at De Kleetlaan 2, 1831 Diegem, Belgium ("Ciphera," "we," "us," or "our").

If you do not agree to these Terms, you must not access or use the Services. If you are accepting these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization.

2. Eligibility

The Services are available to individuals who are at least 16 years of age. If you are between 16 and 18 years of age, you may only use the Services with the consent and supervision of a parent or legal guardian who agrees to be bound by these Terms.

Accounts registered by automated methods ("bots") are not authorized and will be terminated. Each individual may maintain one account. Creating multiple accounts to circumvent restrictions or abuse the Services is prohibited.

3. Description of Services

Ciphera provides privacy-first infrastructure and applications designed with zero-knowledge architecture:

• Drop: End-to-end encrypted file sharing. Files are encrypted client-side before upload, and Ciphera has no ability to access file contents.
• Pulse: Privacy-respecting website analytics that operates without cookies, fingerprinting, or personal data collection.
• Ciphera ID: Secure identity and authentication provider with zero-knowledge password handling.
• Ciphera Captcha: Privacy-first bot protection with ephemeral behavioral analysis. No cookies, no cross-site tracking, no third-party data collection.
• Ciphera Relay: Secure transactional email infrastructure for delivering encrypted communications.

Service features, capabilities, and availability may change over time. We will provide reasonable notice of material changes where possible.

4. User Accounts

4.1. Account Creation

Some Services require a Ciphera account. When creating an account, you must provide a working email address for verification and account recovery. We recommend using a privacy-focused email provider. Display names are optional and may be pseudonymous.

4.2. Account Security

You are solely responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must notify us immediately at security@ciphera.net if you suspect unauthorized access to your account. Ciphera is not liable for any loss resulting from unauthorized use of your account credentials.

4.3. Inactive Accounts

Free accounts that remain inactive for twelve (12) or more consecutive months may be suspended and eventually deleted. Activity is defined as any login to your account via web, desktop, or mobile applications. Before deletion, we will send advance notice to your registered email address at 30, 15, and 7 days prior. If you are unable to access your account due to exceptional circumstances, contact us at hello@ciphera.net.

5. Acceptable Use

You agree not to use the Services to:

• Upload, share, store, or distribute any content that is unlawful under applicable law, including but not limited to child sexual abuse material (CSAM)
• Distribute malware, viruses, ransomware, or any other harmful or malicious code
• Attempt to circumvent, disable, or interfere with security measures, access controls, or authentication mechanisms
• Access or attempt to access other users' accounts, data, or systems without authorization
• Use the Services for sending spam, phishing, or bulk unsolicited communications
• Engage in harassment, threats, defamation, or activities that violate the rights of others, including intellectual property rights
• Resell, sublicense, or redistribute the Services or any part thereof without prior written authorization
• Interfere with or disrupt the Services, servers, or networks connected to the Services
• Use the Services in any manner that could overload, impair, or compromise the infrastructure or performance of the Services for other users
• Use the Services to engage in or promote any illegal activity under applicable local, national, or international law

We reserve the right to act on reported violations and to suspend or terminate accounts that violate these Terms, with or without notice. Due to our zero-knowledge architecture, we cannot inspect encrypted file contents — but we can disable access to reported links and suspend accounts. In cases involving illegal activity, we may report violations to the appropriate authorities as required by law.

If you believe your account was suspended in error, you may contact us at hello@ciphera.net to request a review.

5.1. Reporting Illegal Content (EU Digital Services Act)

In accordance with the EU Digital Services Act (Regulation 2022/2065), we provide a mechanism for reporting illegal content hosted on or shared through our Services. If you become aware of content that you believe is illegal under applicable EU or national law, you may submit a report to abuse@ciphera.net.

Reports should include, where possible: a description of the content, the URL or file link, an explanation of why you consider the content illegal, and your contact information. We will review reports promptly and take appropriate action, which may include disabling access to the reported content. Due to our zero-knowledge encryption, we cannot inspect file contents — but we can disable access to specific file links identified in reports.

Our designated single point of contact for authorities under the DSA is reachable at abuse@ciphera.net.

6. Encryption & Zero-Knowledge Architecture

Our Services use client-side encryption and zero-knowledge architecture. This has important implications that you must understand:

• No data recovery: Encryption keys are generated in your browser and are never transmitted to our servers. If you lose access to a shared link, encryption key, or your account password, the associated data cannot be recovered by Ciphera or anyone else.
• No content inspection: We cannot view, read, or analyze the contents of encrypted files stored on our servers. Content moderation of encrypted data is technically impossible in a zero-knowledge system.
• Your responsibility: You are solely responsible for maintaining access to your encryption keys, shared links, and account credentials. We strongly recommend keeping backups of critical links and passwords in a secure location.
• Password limitations: Due to our double-hashing architecture (client-side PBKDF2 followed by server-side Argon2id), we have no ability to reset or recover your password. Password recovery requires a previously configured recovery email address.

7. Service-Specific Terms

7.1. Drop (File Sharing)

• Files are encrypted client-side and stored on our servers in encrypted form. Ciphera cannot access file contents.
• Files are subject to the expiration settings you configure at the time of upload (ranging from 1 hour to 30 days). Once expired, files are permanently and irreversibly deleted from our servers.
• You are responsible for the content you upload and share. You represent that you have the legal right to share any files you upload.
• We may impose reasonable file size limits and storage quotas to ensure fair use of the platform.
• Drop may be used without an account. Anonymous uploads are treated as guest sessions with no persistent identity.

7.2. Pulse (Analytics)

• Pulse collects only aggregated, anonymous data. No personally identifiable information is collected from website visitors.
• Pulse does not use cookies, browser fingerprinting, or cross-site tracking. It does not require cookie consent banners.
• Analytics data belongs to the website owner who installed Pulse. Ciphera does not access, share, or sell analytics data collected by Pulse.
• You are responsible for ensuring that your use of Pulse on your website complies with applicable privacy laws and your own privacy policy.

7.3. Ciphera ID (Identity Provider)

• Auth provides centralized authentication across Ciphera services using JWT-based sessions.
• Access tokens expire after a short period and refresh tokens after a reasonable period, as specified in our technical documentation. You may be required to re-authenticate after token expiry.
• We implement bot protection during account creation using our own Ciphera Captcha — not third-party services like Google reCAPTCHA.

7.4. Ciphera Captcha (Bot Protection)

• Captcha verifies that interactions originate from humans, not automated systems.
• Captcha collects behavioral insights (mouse movement patterns, keystroke timing, scroll behavior, touch input) solely for bot detection. This data is processed in-memory only, never written to persistent storage, automatically discarded within 15 minutes, and not linked to user accounts.
• Captcha does not track users across pages or websites and does not use persistent cookies.
• Verification tokens are short-lived and automatically expired after use.

7.5. Ciphera Relay (Email Infrastructure)

• Relay handles transactional emails (account verification, security alerts, password resets) for Ciphera services.
• Relay does not send marketing or promotional emails.
• All emails are transmitted over encrypted connections (TLS). We do not use tracking pixels in any emails.

8. Intellectual Property

8.1. Ciphera's Intellectual Property

The Ciphera name, logos, trademarks, service marks, trade dress, and branding are the exclusive property of Ciphera. Nothing in these Terms grants you any right or license to use Ciphera trademarks without our prior written permission. All goodwill arising from the use of our trademarks inures exclusively to Ciphera.

8.2. Open-Source Software

Certain components of the Services are released as open-source software and are governed by the specific open-source license specified in each repository (available at github.com/ciphera-net). In the event of a conflict between these Terms and an applicable open-source license, the open-source license shall prevail with respect to the specific software component.

8.3. Your Content

You retain all rights to the content you upload, share, or transmit through our Services. Ciphera does not claim ownership of your content. Due to our zero-knowledge architecture, we cannot access or use your encrypted content for any purpose.

9. Privacy

Your privacy is governed by our Privacy Policy, which describes how we collect, use, and protect your personal data. By using the Services, you acknowledge that you have read and understood our Privacy Policy.

Where you use the Services to process personal data of third parties (for example, by using Pulse on your website to collect visitor analytics), you act as the data controller for that data under GDPR, and Ciphera B.V. acts as your data processor under GDPR Article 28. A Data Processing Agreement (DPA) is available upon request at privacy@ciphera.net. You are responsible for ensuring your use complies with applicable data protection laws, including maintaining an appropriate privacy policy for your own users.

10. Service Availability

We strive to maintain high availability of the Services but do not guarantee uninterrupted, timely, or error-free access. The Services may be temporarily unavailable due to:

• Scheduled maintenance (we will provide advance notice when possible)
• Unscheduled emergency maintenance to address security vulnerabilities or critical issues
• Circumstances beyond our reasonable control (see Section 16, Force Majeure)
• Third-party service disruptions (DNS providers, hosting infrastructure, internet backbone)

We are not liable for any interruption of the Services, whether planned or unplanned, or for any loss of data or functionality resulting from such interruptions.

11. Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY.

To the maximum extent permitted by applicable law, Ciphera disclaims all warranties, including but not limited to:

• Implied warranties of merchantability, fitness for a particular purpose, and non-infringement
• Any warranty that the Services will be uninterrupted, error-free, secure, or free of viruses or harmful components
• Any warranty regarding the accuracy, reliability, or completeness of any content or information provided through the Services
• Any warranty regarding the preservation or security of data (beyond the encryption measures described in our technical documentation)

Due to our zero-knowledge architecture, Ciphera has no obligation or ability to recover data from terminated accounts, expired files, or situations where encryption keys have been lost. You use the Services at your own risk.

This disclaimer does not affect any mandatory statutory rights that cannot be waived under applicable consumer protection law.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• Exclusion of consequential damages: Ciphera shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to loss of profits, data, use, goodwill, business interruption, or any other intangible losses, arising out of or in connection with your use of or inability to use the Services.
• Liability cap: Ciphera's total aggregate liability for all claims arising from or related to these Terms or the Services shall not exceed the greater of: (a) the total amount you paid to Ciphera in the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred euros (€100).
• Encryption limitation: You acknowledge that Ciphera cannot be held liable for data loss resulting from lost encryption keys, expired shared links, or the inability to decrypt data due to the inherent nature of zero-knowledge encryption.

The above limitations apply regardless of the legal theory of the claim (contract, tort, negligence, strict liability, or otherwise) and regardless of whether Ciphera has been advised of the possibility of such damages. These limitations do not apply to liability that cannot be excluded under applicable law, including liability for fraud, willful misconduct, or personal injury.

13. Indemnification

You agree to indemnify, defend, and hold harmless Ciphera, its officers, directors, employees, agents, and contractors from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your use of the Services
• Content you upload, share, or transmit through the Services
• Your violation of these Terms
• Your violation of any applicable law or regulation
• Your infringement of any third-party rights, including intellectual property rights

This section applies to the extent permitted by applicable law. It does not apply to consumers where prohibited by mandatory consumer protection legislation in their country of residence. This indemnification obligation survives termination of your account and these Terms.

14. Termination

14.1. Termination by You

You may stop using our Services at any time. You may delete your account through your account settings or by contacting us at hello@ciphera.net. Upon account deletion, your personal data will be removed in accordance with our Privacy Policy. Encrypted files associated with your account will be permanently deleted.

14.2. Termination by Ciphera

We may suspend or terminate your access to the Services if:

• You violate these Terms or our Acceptable Use policy
• We are required to do so by law or a valid legal order
• Your account has been inactive for 12+ consecutive months (free accounts only, with prior notice)
• Continuing to provide the Services to you would pose a security risk to other users or our infrastructure

Except in cases of serious violation of these Terms, legal compulsion, or immediate security risk, we will provide reasonable advance notice before terminating your account.

14.3. Effect of Termination

Upon termination, your right to use the Services ceases immediately. The following provisions survive termination: Sections 6 (Encryption), 8 (Intellectual Property), 11 (Disclaimer of Warranties), 12 (Limitation of Liability), 13 (Indemnification), 17 (Governing Law), and any other provisions that by their nature should survive.

15. Modifications to These Terms

We may update these Terms from time to time. When we make changes:

• The “Last updated” date at the top of this page will be revised.
• For material changes that affect your rights or obligations, we will provide at least 30 days' advance notice via email to your registered address or through a prominent notice on our website.
• Your continued use of the Services after the updated Terms take effect constitutes your acceptance of the changes.
• If you do not agree with the updated Terms, you must stop using the Services before the changes take effect.

Previous versions of these Terms will be archived and made available upon request.

16. Force Majeure

Ciphera shall not be liable for any failure or delay in performance resulting from causes beyond our reasonable control, including but not limited to: acts of God, natural disasters, pandemics, war, terrorism, government actions, power failures, internet or telecommunications outages, cyberattacks, fire, flood, or labor disputes. In such events, Ciphera's obligations will be suspended for the duration of the force majeure event.

17. Governing Law & Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of Belgium, without regard to conflict of law principles. Any disputes arising out of or in connection with these Terms or the Services shall be subject to the exclusive jurisdiction of the competent courts of Brussels, Belgium.

If you are a consumer residing in the European Union, you also have the right to bring proceedings in the courts of your country of residence. Nothing in these Terms affects your rights as a consumer under mandatory consumer protection legislation in your country of residence.

For EU consumers, the European Commission provides an online dispute resolution platform at ec.europa.eu/consumers/odr. We encourage you to contact us directly before initiating any formal dispute resolution process.

18. Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision shall be severed to the minimum extent necessary, and the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced with a valid provision that most closely reflects the original intent.

19. Assignment

You may not assign or transfer these Terms, or any rights or obligations hereunder, without our prior written consent. Ciphera may assign these Terms, in whole or in part, to any successor entity or in connection with a merger, acquisition, reorganization, or sale of substantially all of its assets, provided that the assignee agrees to be bound by these Terms. Any attempted assignment in violation of this section shall be void.

20. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and Ciphera regarding the Services and supersede all prior or contemporaneous communications, proposals, and agreements, whether oral or written. Section headings are for convenience only and do not affect the interpretation of these Terms.

No waiver of any provision of these Terms shall be deemed a further or continuing waiver of that provision or any other provision. Ciphera's failure to enforce any right or provision shall not constitute a waiver of that right or provision.

The English version of these Terms prevails in the event of any discrepancy with translations into other languages.

21. Contact

For questions about these Terms of Service, contact us: