Privacy Policy
Last updated: April 14, 2026
[cyphrs]™ ("we", "us", or "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect personal data when you visit www.cyphrs.ai (the "Site") and interact with our services.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.
1. Data Controller
The data controller responsible for your personal data is:
[cyphrs]™
Email: privacy@cyphrs.ai
If you have any questions about this policy or how we handle your data, please contact us at the address above.
2. What Data We Collect
We collect personal data in the following ways:
2.1 Contact Form Submissions
When you submit our contact form or request early access, we collect your name, work email address, area of interest, and any message you include. This data is processed by Netlify, which hosts the Site and handles form submissions on our behalf.
2.2 Analytics Data
We use Google Analytics 4 (measurement ID: G-B8PT0DKR36) to understand how visitors use the Site. This is only activated after you provide consent via our cookie banner. When enabled, Google Analytics collects anonymised usage data including pages visited, time on site, referral source, approximate geographic location (country/city level), device type, and browser. We do not use Google Analytics to identify individual visitors. Google's data processing terms apply; see Google's Privacy Policy.
2.3 Scanner Submissions
If you use the Scout certificate scanner on the Site, the domain or URL you submit is sent to our backend API for analysis. We process this data to return your scan results. We do not store scanned domains beyond what is necessary to deliver the result.
2.4 Automatically Collected Data
Our hosting provider (Netlify) automatically collects server access logs that may include your IP address, browser user-agent, and requested URLs. These logs are used for security monitoring and are retained in accordance with Netlify's privacy policy.
3. Legal Basis for Processing
Under the GDPR, we rely on the following legal bases:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Contact form / early access | Consent (you submit the form voluntarily) | Art. 6(1)(a) |
| Google Analytics cookies | Consent (via cookie banner) | Art. 6(1)(a) |
| Responding to your enquiry | Legitimate interest (to reply to you) | Art. 6(1)(f) |
| Server logs / security | Legitimate interest (site security) | Art. 6(1)(f) |
| Scanner submissions | Legitimate interest (to deliver the service) | Art. 6(1)(f) |
4. Cookies
We use a cookie consent banner that appears on your first visit. Analytics cookies are not loaded unless you click "Accept." If you click "Reject" or ignore the banner, no analytics cookies are set.
| Cookie / Storage | Purpose | Duration | Type |
|---|---|---|---|
| cookie-consent | Remembers your cookie choice | 12 months | Strictly necessary |
| cookie-consent-date | Timestamp of your consent choice | 12 months | Strictly necessary |
| _ga, _ga_* | Google Analytics (visitor distinction) | Up to 2 years | Analytics (consent required) |
You can withdraw your cookie consent at any time by clearing your browser's localStorage for this site, after which the cookie banner will reappear on your next visit. You can also block cookies through your browser settings.
5. How We Use Your Data
We use personal data for the following purposes only:
- –To respond to your contact form enquiries and early access requests
- –To understand how visitors use the Site so we can improve it
- –To deliver certificate scan results when you use Scout
- –To maintain the security and integrity of the Site
We do not sell, rent, or share your personal data with third parties for their marketing purposes. We do not engage in automated decision-making or profiling.
6. Third-Party Processors
We use the following third-party services that may process personal data on our behalf:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Netlify | Hosting, form processing | Form data, server logs | US (with DPA) |
| Google (Analytics) | Website analytics | Anonymised usage data | US (with DPA) |
Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and, where applicable, data processing agreements with each provider.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy:
- –Contact form data: Retained for up to 24 months after your last interaction, then deleted
- –Analytics data: Google Analytics data is automatically deleted after 14 months
- –Cookie consent preference: Stored locally in your browser for 12 months, then the banner reappears
- –Server logs: Managed by Netlify per their retention policy
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Request your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time. For cookies, clear your localStorage. For contact data, email us at privacy@cyphrs.ai.
To exercise any of these rights, contact us at privacy@cyphrs.ai. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). In the EU, contact your national supervisory authority.
9. Children's Privacy
This Site is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@cyphrs.ai and we will delete it promptly.
10. Security
We take appropriate technical and organisational measures to protect your personal data. The Site is served exclusively over HTTPS with modern TLS. Security headers including X-Frame-Options, X-Content-Type-Options, and X-XSS-Protection are enforced at the hosting level. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Material changes will be communicated through a notice on the Site.
12. Contact Us
If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, contact us:
Email: privacy@cyphrs.ai
General enquiries: Contact form