Privacy Policy (v2)

Operator-only deliverable. Pre-execution legal review required before sending to a counterparty.

1. What we collect

Account data (name, email, billing). Usage data (logs, audit events). Communication content where the Service processes communications. Cookies (see Cookie Policy).

2. How we collect

Directly from you, automatically through use of the Service, from connected integrations under your authorisation.

3. Why we process

To deliver the Service, to bill, to comply with legal obligations, and (with consent) to send product updates.

4. Lawful basis (GDPR)

Contract performance for service delivery. Legitimate interest for security and fraud prevention. Consent for marketing communications.

5. Data subject rights

Access, rectification, erasure, restriction, portability, objection. Requests to privacy@cipheros.ai. Response within 30 days.

6. Retention

Account data: duration of account plus 7 years for tax / accounting records. Operational data: per the retention policy in your Order Form. Audit logs: 12 months minimum.

7. International transfers

Standard Contractual Clauses where required. Sub-processor list at cipheros.ai/sub-processors.

8. Security

Encryption at rest and in transit. Role-based access. Annual penetration testing. Breach notification within 72 hours where required.

9. Cookies

See the Cookie Policy.

10. Contact

DPO: privacy@cipheros.ai.