Skip to main content

Legal

Privacy policy.

How we handle your data with a zero-knowledge architecture. Last updated May 2026.

CIPH4 Inc. (“CIPH4,” “we,” “us,” or “our”) protects your privacy through architecture, not policy: our zero-knowledge design means we cannot read what you share. This Privacy Policy explains the data we do collect, how we use it, and your rights regarding it when you use ciph4.com.

1. Data collection

We collect the minimum amount of data necessary to provide our service:

  • Account information: Name and email address when you create an account or authenticate via Google OAuth.
  • IP addresses: Operational request logs are retained for 90 days for abuse prevention and debugging. IP addresses recorded in tamper-evident security audit log entries (secure-link creation, view, burn, revoke) are retained for the lifetime of the account because the audit log is hash-chained and rows cannot be modified or removed without breaking the chain.
  • Encrypted payloads: Ciphertext blobs stored on our servers. These are encrypted client-side before transmission and cannot be read by CIPH4.
  • Usage metadata: Secure-link creation timestamps, view counts, and expiration settings for service operation.

2. Zero-knowledge architecture

CIPH4 uses a hybrid security architecture. All shared secrets are encrypted in your browser using AES-256-GCM encryption before they ever leave your device. The encryption key is embedded in the URL fragment (the part after the #), which is never sent to our servers per the HTTP specification.

For secure links you send, we cannot read what you share. The encryption key never reaches our servers. For files that recipients send back to you (File Requests — our inbound file-collection feature), your organization holds the decryption key, not CIPH4.

Operational metadata we collect

While your encrypted content is never accessible to us, we collect the following operational metadata for security monitoring, threat detection, and compliance:

  • File names and sizes (not contents)
  • Recipient email addresses (if provided by the sender)
  • IP addresses and approximate geolocation of viewers
  • Browser and device information
  • Access timestamps and event types (viewed, burned, and expired)

This metadata enables audit trails and threat detection without compromising the confidentiality of your encrypted content.

3. Data retention

  • Secure links: Permanently and irreversibly deleted after they hit any configured limit (expiration time, view count, or download count, whichever occurs first).
  • Account data: Retained for the lifetime of your account. You may request deletion of your account and associated data at any time by emailing privacy@ciph4.com or using the account-deletion flow in your settings. We will complete the deletion within thirty (30) days of the verified request, except where retention is required by law or by the tamper-evident audit log exception described below.
  • Audit logs: Our security audit log records every access event (secure-link created, viewed, burned, revoked) and links each entry cryptographically to the one before it, so any after-the-fact change to a row would be mathematically detectable. Because tampering with the audit trail is exactly the threat the log is designed to prevent, we retain these entries for the lifetime of the account under the right-to-erasure exception in GDPR Article 17(3)(b) (data needed for the establishment, exercise, or defense of legal claims). Separately, operational security-event records used for live monitoring (the feed that powers threat detection alerts) are retained for 180 days and then deleted.

4. Third parties

We do not sell, rent, or share your personal data with third parties for marketing purposes.

  • Google OAuth: If you sign in with Google, we receive your name and email address. We do not access any other Google account data.
  • Infrastructure providers: We use industry-standard hosting providers with appropriate data processing agreements in place.
  • Law enforcement: We may disclose metadata (not encrypted content, which we cannot access) if required by valid legal process.

5. Cookies

We use strictly necessary session cookies to maintain your authentication state. We do not use advertising cookies or third-party analytics cookies.

We may use server-side application monitoring tools (e.g., Application Insights, OpenTelemetry) for performance and reliability. These tools do not set browser cookies or track individual users across sites.

6. Your rights (CCPA / GDPR)

Depending on your jurisdiction, you may have the following rights:

Right to access your personal data
Right to correct inaccurate data
Right to delete your data
Right to data portability
Right to object to processing of your personal data
Right to withdraw consent at any time
Right to opt out of data sale (we never sell data)
Right to non-discrimination

To exercise any of these rights, contact us at privacy@ciph4.com. We will respond within 30 days.

7. Children’s privacy

CIPH4 is a business product intended for use by adults in a professional capacity. The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you believe that a child under 16 has provided us with personal information, please contact privacy@ciph4.com and we will delete that information promptly.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the service after any changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, contact us at:

CIPH4 Inc.

San Francisco, California, United States

privacy@ciph4.com