Ciphro.io

Ciphro.io, a project developed by Entropic Code, LLC, is committed to handling your information responsibly, ensuring your privacy, and keeping your data secure. This Privacy Notice explains the type of information we collect, why we collect it, how we use and share it, your rights over your information, and how to contact us with any concerns.

Privacy Notice Summary

This section provides a high-level overview of our Privacy Notice. For the complete details, please continue reading below.

What does this Privacy Notice cover?

This Privacy Notice describes:

• The types of Personal Information we collect and how we use it.
• When and with whom we share your Personal Information.
• Your choices regarding how we collect, use, and share your data.
• How you can access and update your Personal Information.

What is Personal Information?

In the context of providing our services, we collect certain information that may be used to identify you as an individual. “Personal Information” refers to any data that can be linked to a specific person. This Privacy Notice explains how we collect, store, use, and share such data, as well as your rights regarding this information.

What Personal Information do we collect and how do we collect it?

We collect Personal Information through the following means:

We receive it from third parties: Our business partners or service providers may provide us with relevant data to enhance our services, detect fraud, and ensure accurate records.

You provide it to us: When you create an account, sign up for notifications, or contact us for support, you share certain details with us.

We collect it automatically: When you use our services, we may gather information through cookies and similar technologies, including your device type, IP address, and browsing activity.

What are your rights and choices?

You have several rights regarding your Personal Information. For example, you can:

• Contact us directly to request modifications or deletions to your data, subject to legal or operational obligations.
• Opt out of marketing emails by clicking the “unsubscribe” link in our messages.
• Update your information through your account settings.

How to contact us

If you have any questions regarding this Privacy Notice or wish to make a request regarding your data, please reach out to us at info@entropiccode.com.

PRIVACY NOTICE

Introduction

This privacy notice explains the information we collect, how we use and share it, and how to exercise rights you may have in connection with our websites and related applications and services (collectively, the “Services”) operated by Entropic Code, LLC, doing business as Ciphro.io (“Ciphro”, “We”, “Us”, or “Our”), including our affiliated companies unless otherwise noted. Please also read our Terms of Service, which set out the terms governing the Services.

Ciphro processes your information both for our own business purposes (as a “controller”) and in connection with our Services offered to business customers (as a “processor”). This privacy notice applies when Ciphro is the controller of your personal data, unless otherwise noted. Where we provide our Services under contract with an organization (for example, your employer), that organization is the controller of your information processed by the Services. We refer to information processed in connection with our Services offered to organizations as “Customer Data.” For more information, please see the Notice to End Users, which explains our privacy practices when we act as a data processor. This Privacy Notice does not apply to the extent we process your information in the role of a processor on behalf of such organizations.

Sometimes, we work with other companies and affiliates to enhance our customers’ experience. This policy does not apply to products or services offered by third parties, each of which has its own terms and conditions and privacy policies. You should carefully review each third party’s privacy policies and any applicable terms before using their services.

Who We Are and Our Commitment to Privacy

Ciphro.io is a project developed by Entropic Code, LLC, a company based in Orlando, Florida, USA. As the controller of your information, we are committed to ensuring your privacy and data protection. If you have any questions or concerns about our privacy practices or this Privacy Notice, you can reach us using the information provided in the Contact Us section.

As the controller of your information, we are committed to ensuring your privacy and data protection. If you have any questions or concerns about our privacy practices or this Privacy Notice, you can reach us using the information provided in the Contact Us section.

Who are You

We collect personal information about three categories of people: Individuals, Business Account Owners, and Business End Users.

1. Business End Users. These are people who use the Services as provided to them via an organization’s Business account. If you are a Business End User, your use of the Services is subject to your organization’s privacy policy. Please review the Notice to End Users for further information.
2. Individuals. These are people who visit our site, interact with our content or marketing, or use our Services directly with an individual or family account. This Privacy Notice applies to your information.
3. Business Account Owners. These are people who represent an organization that uses Ciphro.io Services through Business accounts. We collect and use your contact information as described in this Privacy Notice.

INFORMATION WE COLLECT ABOUT YOU

We collect information from you when you provide it to us, when you use our Services, and from trusted third parties, as described below.

Information You Provide to Us

We collect information that you input into the Services or make available directly to us.

• Contact Information. We collect your contact details and keep records of your interactions with us. This includes your name, email, phone number, job title, company name, company size, survey responses, event participation, and any inquiries about our products or services. 
• Secure Data. This is the information you choose to store within your Ciphro.io account. Secure Data is encrypted using advanced cryptographic techniques and remains fully under your control. We cannot access or decrypt it.
• Service Data. This includes:
  • Account Information. Data provided when creating your Ciphro.io account, such as your name, email, administrator contact details, and profile images.
  • Payment Information. We use a PCI-compliant third-party payment processor to securely handle payment details.
  • Support Data. Communications with our support team, including emails, chats, or calls, to help resolve issues.
  • Event Participation. Data shared when registering for webinars, contests, or conferences.

Information We Collect Automatically

We collect data when you use Ciphro.io, including:

• Diagnostic Data. Technical details such as device type, browser, IP address, operating system, and performance logs.
• Account Configurations. Information about how you set up your account, such as vault structures and access permissions.
• Product Usage Data. With your permission, we may collect anonymized usage data, such as feature interactions and session duration, to improve our Services.

Information We Receive from Other Sources

We may receive information about you from:

• Cookies and Tracking Technologies. Used for analytics, service improvements, and security. For more details, see our Cookie Policy.
• Partners and Affiliates. We may receive business-related data from trusted partners and service providers that assist in marketing or service delivery.

For any questions regarding our data collection practices, please refer to our Privacy Notice or contact us directly.

HOW WE USE INFORMATION

We use the information we collect for the following purposes:

To provide our Services. We use your information to create and manage your account, allowing you to securely store and manage your data. We also use your information to provide customer support, generate usage insights, and process payments for our Services.

To assist and communicate with you. We use your contact information to send important notifications, product updates. We may also use it for marketing purposes, in accordance with your preferences. Additionally, we analyze support requests to improve response quality and efficiency, using automation and AI tools when applicable.

To market our products and Services. We analyze usage patterns to optimize our marketing strategies and improve the relevance of our advertisements. For more details on our use of cookies and tracking technologies, please refer to our Cookie Policy.

To operate and improve our Services. We collect and analyze data to enhance our Services, conduct research, and evaluate the effectiveness of our training and support programs. We may work with third-party providers to help us process and analyze this information.

To secure our Services. We use collected data to prevent fraud, enforce our Terms of Service, detect security threats, and improve access controls.

To comply with legal obligations. We process information as required by law, including responding to legal authorities, ensuring compliance with security regulations, and protecting the rights and interests of our users and company.

Legal Bases for Processing

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing personal data include:

• Performance of a contract – To provide and maintain our Services.
• Legitimate interests – To enhance our technology, analyze usage data, and improve marketing efforts. You may object to this processing, though it may affect your ability to use our Services.
• Consent – When you permit us to use location data or cookies. You can withdraw consent at any time.
• Legal obligations – To comply with regulatory requirements, respond to legal requests, or protect our rights in legal proceedings.

For more details about the legal basis for a specific data processing activity, please contact us as outlined in our Privacy.

HOW WE SHARE INFORMATION

We share your personal information as described below and in this Privacy Notice, in compliance with applicable laws.

Affiliated Companies. We may share your information within Entropic Code and its affiliated entities to operate, improve, and market our services. Unless otherwise notified, any information shared with affiliates remains subject to this Privacy Notice.

Account Administrators. Our Services may allow the creation of accounts for other users. If you were invited to use an account created by someone else (e.g., an organization administrator), we may share certain details with the account organizer, such as login activity, device usage, number of stored items, and security settings (e.g., two-factor authentication status).

Third Parties Authorized by You. We may share your information with other Ciphro.io users, guests, or third parties you have authorized. For example, when you invite others to access shared data or collaborate on a vault, certain details may be shared with them.

Business Account Owners. If you signed up using a business email domain, we may share your contact information with the account administrator managing your organization’s use of our Services.

Service Providers. We collaborate with third-party service providers to operate and enhance our Services. These providers are contractually obligated to protect your data and may only use it to perform the services we have requested. They are not permitted to use your information for their own marketing purposes unless you have given explicit consent.

Marketing Partners. We may share your information with third-party marketing services to deliver relevant advertisements. Depending on applicable privacy laws, you may have the right to opt out of this data sharing. For more details on tracking technologies used for targeted advertising, please refer to our Cookie Policy.

Legal Compliance and Obligations. We may disclose your information to comply with legal requirements, enforce our Terms of Service, respond to regulatory obligations (e.g., tax reporting), or address legal requests such as subpoenas or court orders. If permitted by law, we will notify you of such requests.

Your encrypted data remains protected with cryptographic keys that we do not possess. Therefore, in cases where we are legally required to provide data, we can only share encrypted information without the ability to decrypt it.

Corporate Transactions. In the event of a business transaction such as a merger, acquisition, asset sale, or restructuring, your information may be transferred as part of that process. Any acquiring entity will be required to adhere to the terms outlined in this Privacy Notice.

KEEPING YOUR INFORMATION SAFE

We recognize our responsibility to protect your information and implement strict security measures to ensure its safety. Our security protocols include network isolation, encryption, and access control mechanisms that restrict data access to authorized personnel only.

RETENTION AND DELETION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, or you request its deletion. If we use data for analytical or trend analysis purposes over extended periods, we will deidentify, aggregate, or mask it to protect your privacy.

Please note that copies of updated, modified, or deleted information may persist in our systems for a limited time due to backups and operational records.

INTERNATIONAL DATA TRANSFERS

Ciphro.io hosts encrypted Secure Data in locations selected by the user. Other data, such as Service Data and Diagnostic Data, may be accessed, processed, or transferred across different countries, including locations where our team operates. These countries may have different data protection laws than your country of residence.

Our customer support and email services are primarily hosted in the United States. Any communications sent through our support system or via email may pass through various service providers before reaching us. If you prefer, you may encrypt email communications using our PGP public key.

We take appropriate measures to ensure that any data access, processing, or transfer is secure and complies with applicable data protection laws. These measures include:

• Ensuring third-party vendors, partners, and service providers have appropriate safeguards in place, such as data transfer agreements that include standard contractual clauses (SCCs) issued by the European Commission or equivalent protections.
• Compliance with approved privacy frameworks and, where applicable, reliance on Binding Corporate Rules (BCRs) for secure data transfers.
• Regular risk assessments and the implementation of technological and organizational controls to comply with relevant data transfer regulations.

Regardless of where your data is accessed or processed, we uphold a high standard of protection comparable to the privacy laws in your country.

YOUR RIGHTS AND CHOICES

You have certain rights and choices with respect to your information. We’ve explained your rights and how to exercise them below:

Access to Information. You can ask us to confirm if we are processing your personal information, provide you with details about our processing, and access much of the information you have provided us when you log into your account. To request access to information, contact us using the methods provided in the Contact Us section.

Correct Your Information. You can update your information within your settings and modify content you have provided from your account. To edit your personal information, visit your profile in your account settings. You may also contact us about correcting or updating your information using the methods provided in the Contact Us section.

Download Your Information. We want happy customers, not trapped ones. We will not lock you out of your own data. However, we are unable to decrypt your Secure Data; you will need your Account Password and Secret Key to decrypt it. You may export a copy of your Secure Data from your account.

Delete Your Information. Individuals and Family account owners have the right to instruct us to remove data permanently from our systems and backups. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, we will begin removing your information from our active systems. To request permanent deletion of your personal information, please contact us using the methods provided in the Contact Us section. Please note we may retain versions of your information in accordance with our retention policy or until they are overwritten.

Object to Certain Uses. You can object to any processing of your personal information that is done on the basis of our legitimate interests, unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process your information for the establishment, exercise, or defense of a legal claim. In some cases, if you object to our use, it may mean no longer using the Services. To exercise this right, contact us using the methods provided in the Contact Us section of this Privacy Notice.

Limit How We Use Information. You can ask us to restrict the processing of your personal information under certain circumstances (e.g., when you wish to contest the accuracy of your data). You can also ask us to freeze your account at any time by contacting us as described in the Contact Us section of this Privacy Notice. When your account is frozen, you will not be able to provide ongoing or future data to us that is associated with your account.

Withdraw Consent. You can withdraw your consent where our processing is based on a consent you have previously provided us. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so, or if your withdrawal of consent was limited to certain processing activities. For example, you may withdraw your consent to allow us to collect your Product Usage Information. Please note, withdrawal of your consent will not affect the lawfulness of any processing carried out before your withdrawal.

Complaints. If you would like to raise a concern about our use of your information, please contact us first as described in the Contact Us section. We respond to all requests we receive from individuals wishing to exercise their data protection or privacy rights in accordance with applicable data protection laws. Please note, we may also ask you to verify your identity in order to help us respond to your request securely and efficiently. Depending on the laws in your local jurisdiction, you may be able to appeal any decisions made regarding your rights. For individuals in Europe, the United Kingdom, and Switzerland, you may lodge a complaint about the collection and use of your personal data with a data protection authority in relation to the General Data Protection Regulation and other applicable laws. Should you have the right to appeal a decision to not take action on a request under applicable law, instructions on how to make that appeal will be included in our response to you.

CONSENT FOR UNDERAGE ENROLLMENT

Our Services are not intended for minors. Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers are responsible for that authorization when they add someone under the age of 16 to an account.

UPDATES TO OUR PRIVACY NOTICE

At our discretion, we may update this Notice and note the date of the last revision. For the latest updates, please check this page regularly. We will notify you of significant changes via email. Previous versions will remain available.

CONTACT US

If you have any questions about this Notice or our practices, you can contact us or our Data Protection Officer at info@entropiccode.com, or write to us by mail at: Entropic Code, LLC, 7345 W Sand Lake Rd, Ste 210 Office 4485, Orlando, FL 32819, USA.

SUPERVISORY AUTHORITY

If you have concerns or complaints about this Notice or our data practices that you do not feel you can resolve by contacting us, you should bring those concerns to your local regulatory authority.

NOTICE TO END USERS

This notice is designed to provide you with important information about your business-managed account. Ciphro is a processor of personal data that we process on behalf of our business customers. If you use Ciphro services with an account provided by your employer or an organization you are affiliated with, that organization is the controller of your information and the administrator of your account. We refer to personal data processed in connection with our Services offered to businesses as “Customer Data.” We only process Customer Data to fulfill our contractual obligations or as otherwise instructed by our business customers.

If you have questions about how your information is processed or wish to exercise your data protection rights, please contact your account administrator. Please note that the Ciphro Privacy Notice does not apply to business products or services.

As an end user of a Business product, your information is subject to the privacy policy provided by your organization. We recommend that you review your organization’s internal privacy policies before creating an account with us.

Your account administrator manages your Ciphro account and any information associated with it. This means that your administrator can access and process your data, including insights derived from your use and interaction with the Services, as well as any privacy controls associated with your account. Your administrator can also determine which services you may access and may disable specific features at their discretion. Additionally, they can delete your account, recover its contents, or restrict your access to any data associated with it.If you have created a free Family or Individual account provided by your administrator, your personal account is covered by Ciphro’s Terms and Privacy Notice, and your administrator will not have access to or be able to process your personal account data. If you lose access to the organization you are affiliated with (for example, if you change jobs), you may lose access to Ciphro’s Business products, including your work-related vaults and the information contained within them. However, your Individual or Family Ciphro account and the associated data will remain yours, subject to Ciphro’s Terms.