Skip to main content
How It WorksUse CasesPricingSecurityDevOpsDocs
Log InGet Started

Legal

Privacy Policy

Last updated: April 2026

CIPH4 Inc. ("CIPH4," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Secure Link Sharing platform at www.ciph4.com.

1. Data Collection

We collect the minimum amount of data necessary to provide our service:

  • Account Information: Name and email address when you create an account or authenticate via Google OAuth.
  • IP Addresses: Logged for audit trail purposes and abuse prevention. Retained for 90 days.
  • Encrypted Payloads: Ciphertext blobs stored on our servers. These are encrypted client-side before transmission and cannot be read by CIPH4.
  • Usage Metadata: Drop creation timestamps, view counts, and expiration settings for service operation.

2. Zero-Knowledge Architecture

CIPH4 uses a hybrid security architecture. All shared secrets are encrypted in your browser using AES-256-GCM encryption before they ever leave your device. The encryption key is embedded in the URL fragment (the part after the #), which is never sent to our servers per the HTTP specification.

CIPH4 provides zero-knowledge encryption for client-side secured sharing workflows. File collection workflows use customer-controlled encryption where organizations retain key ownership.

Operational Metadata We Collect

While your encrypted content is never accessible to us, we collect the following operational metadata for security monitoring, threat detection, and compliance:

  • File names and sizes (not contents)
  • Recipient email addresses (if provided by the sender)
  • IP addresses and approximate geolocation of viewers
  • Browser and device information
  • Access timestamps and event types (viewed, burned, expired)

This metadata enables audit trails and threat detection without compromising the confidentiality of your encrypted content.

3. Data Retention

  • Secure Links: Permanently and irrecoverably deleted after they are viewed by the recipient or when they reach their expiration time, whichever occurs first.
  • Account Data: Retained for the lifetime of your account. You may request deletion of your account and associated data at any time.
  • Audit Logs: Retained for 90 days for security and compliance purposes, then automatically purged.

4. Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes.

  • Google OAuth: If you sign in with Google, we receive your name and email address. We do not access any other Google account data.
  • Infrastructure Providers: We use industry-standard hosting providers with appropriate data processing agreements in place.
  • Law Enforcement: We may disclose metadata (not encrypted content, which we cannot access) if required by valid legal process.

5. Cookies

We use strictly necessary session cookies to maintain your authentication state. We do not use advertising cookies or third-party analytics cookies.

We may use server-side application monitoring tools (e.g., Application Insights, OpenTelemetry) for performance and reliability. These tools do not set browser cookies or track individual users across sites.

6. Your Rights (CCPA / GDPR)

Depending on your jurisdiction, you may have the following rights:

Right to access your personal data
Right to correct inaccurate data
Right to delete your data
Right to data portability
Right to opt out of data sale (we never sell data)
Right to non-discrimination

To exercise any of these rights, contact us at privacy@ciph4.com. We will respond within 30 days.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after any changes constitutes acceptance of the updated policy.

8. Contact

For privacy-related inquiries, contact us at:

CIPH4 Inc.

United States

Email: privacy@ciph4.com