Privacy Policy

1. Introduction

Cipher Labs Inc. ("Cipher Labs," "Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal data of our website visitors, clients, and prospective clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at thecipherlabs.com ("Site"), use our services, or otherwise interact with us.

By accessing the Site or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Site or provide us with your personal information.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Identity Data: First name, last name, job title, company name;
• Contact Data: Email address, telephone number, mailing address;
• Project Data: Information submitted through our contact forms or Project Wizard, including project requirements, budgets, timelines, and technical specifications;
• Communications Data: Content of emails, messages, or other communications you send to us;
• Payment Data: Billing address and payment method details (processed through secure third-party payment processors; we do not store full payment card numbers).

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain technical information, including:

• Technical Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences;
• Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, and navigation paths;
• Location Data: Approximate geographic location derived from your IP address;
• Cookie Data: Information collected through cookies and similar tracking technologies (see Section 7 below).

2.3 Information from Third Parties

We may receive information about you from third-party sources, including analytics providers, advertising networks, and publicly available sources, which we may combine with other information we collect about you.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our services, and to fulfill our contractual obligations;
• Communication: To respond to your inquiries, send project updates, and provide customer support;
• Business Operations: To process payments, manage accounts, and maintain business records;
• Marketing: To send you information about our services, case studies, or industry insights (with your consent where required by law);
• Analytics: To understand how our Site is used, monitor traffic patterns, and improve user experience;
• Security: To detect, prevent, and address fraud, unauthorized access, and other illegal activities;
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract;
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, marketing, and fraud prevention, provided your rights and interests do not override those interests;
• Consent: Where you have given clear consent for us to process your personal data for specific purposes;
• Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject.

5. Third-Party Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of third parties:

• Service Providers: Trusted vendors who assist us in operating our business, including cloud hosting (Firebase/Google Cloud), email services, payment processors, and analytics providers. These providers are contractually obligated to protect your data;
• Professional Advisors: Attorneys, accountants, and auditors as necessary for business operations;
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others;
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity;
• With Your Consent: When you have given explicit consent to share your data with a specified third party.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Specific retention periods include:

• Client engagement data: For the duration of the client relationship and for seven (7) years thereafter for legal and accounting purposes;
• Contact form submissions: For up to two (2) years from the date of submission, unless an engagement is initiated;
• Website analytics data: For up to twenty-six (26) months;
• Marketing communication records: Until you unsubscribe, plus a suppression record retained indefinitely to honor your preference.

When personal data is no longer required, we securely delete or anonymize it in accordance with our data management procedures.

7. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience and collect usage information. The types of cookies we use include:

7.1 Strictly Necessary Cookies

These cookies are essential for the Site to function properly. They enable core functionality such as security, session management, and accessibility. You cannot opt out of these cookies.

7.2 Analytics Cookies

We use analytics cookies (including those set by Firebase and Google Analytics) to understand how visitors interact with our Site. These cookies collect information such as pages visited, time on site, and traffic sources. This data is aggregated and anonymized where possible.

7.3 Functional Cookies

These cookies remember your preferences and settings to provide a more personalized experience, such as language preferences and form auto-fill data.

7.4 Managing Cookies

You can manage your cookie preferences through the cookie consent banner displayed when you first visit our Site, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of the Site. Most browsers allow you to refuse or delete cookies. The methods for doing so vary by browser; please consult your browser's help documentation for instructions.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you;
• Right to Rectification: Request correction of inaccurate or incomplete personal data;
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements;
• Right to Restrict Processing: Request that we limit how we use your data;
• Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format;
• Right to Object: Object to processing of your personal data for direct marketing or based on legitimate interests;
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@thecipherlabs.com. We will respond to verified requests within thirty (30) days or as required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA") provide you with specific rights regarding your personal information:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it;
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions;
• Right to Correct: You have the right to request correction of inaccurate personal information;
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, contact us at hello@thecipherlabs.com or call 213-999-9746. We will verify your identity before processing your request and respond within forty-five (45) days.

10. International Data Transfers

Cipher Labs is based in the United States. If you access our Site or services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data internationally, we implement appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, including standard contractual clauses and other legally recognized transfer mechanisms.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols;
• Encryption of sensitive data at rest;
• Access controls limiting data access to authorized personnel on a need-to-know basis;
• Regular security assessments and monitoring;
• Secure development practices for our software and systems.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected individuals without undue delay and in accordance with applicable law;
• Notify the relevant supervisory authorities as required by law;
• Take immediate steps to contain and remediate the breach;
• Provide information about the nature of the breach, the data affected, and the measures taken to address it.

13. Children's Privacy

Our Site and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

14. Third-Party Links

Our Site may contain links to third-party websites, services, or platforms. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. Clicking on a third-party link or enabling a third-party connection does not signify our endorsement of that third party.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our Site. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please contact us:

We aim to respond to all privacy-related inquiries within thirty (30) days.