Legal

Privacy Policy

Effective date: January 1, 2025 · Last updated: January 1, 2025

1. Introduction

Cipher Security, Inc. ("Cipher," "we," "us," or "our") operates the cipherapp.dev website and the Cipher application security platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (via OAuth providers such as Google or GitHub). We do not store passwords directly.

Repository Data

When you connect a repository for scanning, we access source code on a read-only basis for the duration of the scan. Code is processed in ephemeral containers and is not persisted after analysis is complete. Scan results (findings, severity levels, verification status) are stored in your account.

Usage Data

We automatically collect information about how you interact with our services, including pages visited, features used, scan frequency, browser type, IP address, and device information.

3. How We Use Your Information

  • To provide, maintain, and improve the Cipher platform
  • To perform security scans and deliver vulnerability reports
  • To communicate with you about your account, updates, and security alerts
  • To improve our vulnerability detection and verification models
  • To comply with legal obligations and enforce our terms

4. Data Retention

Source code is never persisted. It is processed in isolated, ephemeral containers that are destroyed after each scan completes. Scan results are retained for the duration of your account. You may delete your scan history at any time from your dashboard. Account data is retained until you request deletion.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers who assist in operating our platform (hosting, analytics, authentication)
  • Legal authorities when required by law, subpoena, or court order
  • Business transfers in connection with a merger, acquisition, or sale of assets

6. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), network isolation, role-based access controls, and regular security audits. For details, see our Security page.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@cipherapp.dev.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are used only with your consent where required by law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@cipherapp.dev.