Privacy Policy

Last updated: November 13, 2025

This Privacy Policy describes how Cifral Solutions LLC ("we", "us", or "our"), operating as Cifral at cifral.io, collects, uses, protects, and shares your personal information.

Data Controller

Company: Cifral Solutions LLC

Website: cifral.io

Contact: info@cifral.io

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide when you:

  • Contact us: Name, email address, company name, role/title, message content
  • Join our waitlist: Name, email address, company name
  • Use our services: Business information, project requirements, technical specifications
  • Create an account: Email, password, company details (if applicable)

1.2 Automatically Collected Information

When you visit our website, we automatically collect:

  • Technical data: IP address, browser type, device information, operating system
  • Usage data: Pages visited, time spent, referral source, click patterns
  • Cookies: See our Cookie Policy for details

2. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: When you submit forms, subscribe to communications, or accept cookies
  • Contract performance: To provide services you've engaged us for
  • Legitimate interests: Website analytics, security, fraud prevention, business development
  • Legal obligations: Tax records, compliance with applicable laws

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service delivery: Provide sales automation services, customer support, project management
  • Communication: Respond to inquiries, send updates about our services, send transactional emails
  • Product development: Improve our services, develop new features, understand user needs
  • Marketing: Send promotional materials (only with your consent; you can opt-out anytime)
  • Legal compliance: Meet tax, accounting, and legal requirements
  • Security: Protect against fraud, abuse, and security threats

4. Data Retention

We retain your personal data only as long as necessary for the purposes set out in this policy:

  • Contact form submissions: 2 years from submission
  • Waitlist signups: Until product launch or 2 years, whichever comes first
  • Service contracts: Duration of contract + 7 years for legal/tax purposes
  • Marketing data: Until you unsubscribe or withdraw consent
  • Website analytics: 26 months maximum

5. Data Sharing and Recipients

We do not sell your personal information. We may share data with:

  • Service providers: Resend (email), Notion (CRM/database), Vercel (hosting)
  • Professional advisors: Lawyers, accountants, auditors (under confidentiality obligations)
  • Legal authorities: When required by law or to protect our rights

All third parties are contractually obligated to protect your data and use it only for specified purposes.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers certified under EU-US Data Privacy Framework (if applicable)
  • Adequate data protection measures as required by GDPR Article 46

7. Your Rights (GDPR & Privacy Laws)

Depending on your location, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations).

Right to Restriction

Request limitation on how we process your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent).

Right to Lodge a Complaint

File a complaint with your local data protection authority (e.g., EU Data Protection Authorities).

To exercise your rights, email us at info@cifral.io with your request. We will respond within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will provide prominent notice or seek your consent as required by law.

12. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email: info@cifral.io

Company: Cifral Solutions LLC

Website: https://cifral.io