Privacy Policy

1. Introduction

Encypher ("we", "us", "our") provides independent content authenticity verification and measurement infrastructure. This Policy explains what information we collect, how we use it, how we share it, and your rights, across the Encypher platform, APIs, plugins, browser extensions, CLI, and websites (the "Service").

Our core privacy commitment. Encypher is a verification and measurement business, not a content repository, content marketplace, or AI-training data provider. We minimize retention of the content you sign, we operate on cryptographic derivatives of content wherever possible, and the data we analyze and commercialize is aggregated and anonymized so it cannot be used to reconstruct your content or identify a person.

Extension-specific data practices are detailed in our Chrome extension privacy policy.

2. Data Taxonomy

To make our practices precise, we classify everything we handle into four categories. Different rules apply to each.

Categories B and C are the basis of our analytics products. We commercialize them only in aggregated and anonymized form (Sections 4.3-4.4). Category A is never commercialized.

3. Information We Collect

3.1 Information You Provide

Account (D): organization name and type, email, billing identifiers (we do not store card numbers), optional contact name/phone.

Extension account signup (D): if you choose to create an optional, free account through our browser extension, we collect your email address either via Google sign-in, we verify the Google-issued token server-side and use only the verified email address; the token itself is never stored, or via email + one-time verification code, where the code is stored only as a cryptographic hash, expires within minutes, and is single-use. Signup proceeds only after you tick an explicit, unchecked-by-default consent checkbox linking to the Terms of Service and this Policy; we retain the timestamp of your Terms acceptance. Your email address appears in our server logs only in truncated, hashed form.

Content (A): content you submit to sign/verify, titles, URLs, publication dates, author fields, and the text segments you choose to sign.

Rights metadata (B): the AI-use, licensing, attribution, and term/territory values you attach to content.

Certificate info (B/D): certificate orders/status, public keys/certificates, expiration dates.

3.2 Information We Collect Automatically

API & usage (C): endpoints accessed, timestamps, status codes, request/response sizes, hashed API key.

Technical (C/D): IP address, user-agent, browser/OS, device identifiers.

Performance (C): latency, error rates, availability.

Content-spread/detection signals (B): where, when, and how frequently signed assets are detected, verified, or referenced across the open web and partner systems (collected via our verification endpoints, browser extension, and partner integrations). These signals describe the provenance footprint of an asset, not the content itself.

Browser-extension and end-user data: Where detection signals are generated by our browser extension, the relevant data subject is the extension user. The extension reads page content only to detect and verify provenance markers, accesses a page's content after the user installs the extension and consents (covering terminal-equipment access under ePrivacy/PECR), and reports only provenance-footprint events (asset identifier, URL, timestamp), not the user's browsing history or unrelated page content. We process this on the basis of the extension user's consent and/or our legitimate interest in operating the verification network (with its own balancing test). Extension users may object or withdraw consent at any time by disabling/uninstalling the extension or contacting privacy@encypher.com; doing so stops collection. Optional account creation: the extension also offers optional account creation (verification never requires an account); the data collected in that flow is described in Section 3.1, and the extension-specific data practices are detailed in the extension privacy policy at encypher.com/privacy/chrome-extension.

3.3 Information from Third Parties

Certificate authority (independent issuer of certificate validation/issuance/revocation status, not a processor acting on our instructions); payment processor (payment confirmation, billing status, transaction IDs). Partner platforms and CDNs may relay verification/detection events (Category B).

4. How We Use and Share Information

4.1 To Provide the Service

Process signing/verification, generate and store manifests, manage certificates, operate verification endpoints, render the minimal public verification record (ToS §6.6), and (only where you have opted in) list assets in the collective rights registry (ToS §6.7.3).

4.2 To Operate, Secure, and Improve

Monitor performance, fix defects, prevent fraud and abuse, enforce limits, develop features.

4.3 To Build and Commercialize Analytics (Aggregated / Anonymized Only)

We create analytics, benchmarks, indices, dashboards, and industry-measurement products from Verification Data (B) and Usage & Technical Data (C). Before any such data is used for analytics that may be disclosed to or sold to third parties, we first aggregate and anonymize it to our Anonymization Standard (Section 4.4) so that it:

• does not reveal the substance of Customer Content;
• cannot reasonably be used to identify a natural person;
• cannot reasonably be used to single out an individual customer.

Examples of permitted commercialized analytics: counts and trends of signed/verified assets by media type, region, and time; provenance-footprint and content-spread statistics; ecosystem adoption indices; aggregate AI-use-permission distributions. We do not sell Customer Content, identifiable usage profiles, or personal information. We do not sell or disclose asset-level or customer-identifiable Verification/Usage Data without your separate, affirmative opt-in.

4.4 Anonymization Standard

"Anonymized" means processed so that re-identification is not reasonably likely, consistent with GDPR Recital 26 (data rendered anonymous such that the data subject is no longer identifiable) and the CCPA/CPRA standards for deidentified and aggregate consumer information. We:

• aggregate to cohorts and suppress small cells (we do not publish or sell figures below a minimum cohort threshold);
• remove or generalize direct and indirect identifiers;
• perform re-identification-risk assessment before external release;
• publicly commit not to attempt re-identification and contractually require recipients to (i) not re-identify, (ii) maintain deidentification, and (iii) bind their own downstream recipients to the same, meeting CPRA's deidentified-data conditions.

Pseudonymization is only an interim safeguard, not anonymization: pseudonymized data (including data keyed to a separated identifier we can reverse) remains personal data and stays subject to all privacy rights until it meets this Standard. Only data that meets this Standard is treated as outside "personal data"/"personal information"; Encypher's perpetual rights (ToS §6.5(2)) attach only to such anonymized Analytics Products and survive account deletion.

4.5 Sharing With Service Providers

We share information only with subprocessors that act on our behalf under written terms requiring confidentiality and restricting use to the purposes we specify; we do not authorize them to use your information for their own purposes. Our current subprocessors are:

• Railway (hosting / infrastructure, stores Service data);
• Cloudflare (CDN, DNS, network security / DDoS mitigation);
• Google Cloud (cloud infrastructure and key management (KMS), with key management engaged only where you enable personal-identity keys);
• Stripe (payment processing, billing identity; we do not store card numbers);
• Zoho (CRM, billing records, and transactional email/SMTP, including extension-signup verification codes and operational notifications: Account/Personal Data, Category D);
• Google Analytics (marketing website only, after cookie consent: Section 11).

SSL.com is our certificate authority, an independent issuer that receives organization/certificate data to issue certificates, rather than a processor acting on our instructions. The authoritative, current list is maintained at encypher.com/subprocessors; we give advance notice before adding a new subprocessor so you may object.

4.6 Public Verification Records

The default public verification record is minimal: a verification identifier, timestamp, certificate/validity status, and the non-reversible cryptographic commitments (hashes) needed to verify. Additional fields, document title, URL, publication date, publisher/organization name, full C2PA manifest, and the machine-readable rights you attach, are publisher-selected display fields that are OFF by default and can be removed or dissociated on request. Hashes are one-way and do not publish text; the substance of your Customer Content is never published. The minimal record may persist indefinitely because public verifiability is the purpose of the Service (Section 5); publisher-selected fields are removable at any time.

4.7 We Do Not Sell Personal Information

We do not sell, rent, or trade personal information for third-party marketing. Commercialized analytics (Section 4.3) are aggregated/anonymized and are not personal information.

4.8 Legal Requirements & Business Transfers

We may disclose information as required by law (court orders, subpoenas, government investigations) or to protect rights/safety/enforce the ToS. In a merger, acquisition, or asset sale, information (and our Verification/Usage Data rights) may transfer; we will notify you of any resulting change in this Policy.

4A. AI Assistant (Vera)

We operate an AI assistant called Vera on our authenticated dashboard (dashboard.encypher.com) and on this marketing website (encypher.com).

4A.1 What We Collect

When you use Vera we process the messages you send and Vera's replies (conversation content), message timestamps, the page or dashboard context, the model and prompt version used, and, for signed-in users, your account identity (name and verified email). Please do not enter sensitive personal information into the chat.

4A.2 How We Use It and Our Legal Basis

• Provide the assistant (generate replies, maintain the conversation, and for signed-in users let you revisit your own history): contract (Art. 6(1)(b)) for signed-in users; pre-contract steps or legitimate interest (Art. 6(1)(b)/(f)) for anonymous visitors.
• Improve the Service (understand what users ask, find gaps and defects, including reviewing low-quality answers to fix them): legitimate interest (Art. 6(1)(f)) for signed-in users, with a right to object; consent (Art. 6(1)(a)) for anonymous visitors, who are stored only with consent and otherwise recorded as non-identifying counts only. Answers kept for quality review are stored without your identity wherever feasible.

4A.3 No Model Training

We do not use your Vera conversations to train, fine-tune, or develop AI models, and we do not sell or rent them. Model providers act as subprocessors that process your messages only to return a response.

4A.4 Retention

Signed-in conversation content: up to 90 days in identifiable form, then deleted or anonymized. Anonymous conversation content (stored only with consent) and answers kept for quality review without identity: up to 30 days. Non-identifying counts and metadata may be retained longer in aggregate.

4A.5 Linking and Your Rights

If you use Vera anonymously and later sign in or create an account, we link your earlier anonymous conversations to your account only with your explicit, opt-in consent; we do not silently merge them. You may access, correct, export, erase, restrict, or object to processing of your conversations, and withdraw consent, by emailing privacy@encypher.com or dpo@encypher.com. Encypher is the data controller for Vera conversation data.

5. Data Retention

Aggregated/anonymized analytics (Section 4.3-4.4) are not subject to deletion because they no longer relate to an identified or identifiable person.

6. Data Security

• TLS 1.3 in transit; AES-256 at rest; encrypted key storage
• API-key auth, RBAC, MFA for admin, access audits
• Isolated databases, firewalling, DDoS mitigation
• 24/7 monitoring, IDS, incident response

You are responsible for credential security. No system is 100% secure.

7. Your Privacy Rights (All Users)

Access and portability (export in machine-readable format within 30 days); correction/update; deletion; objection/restriction; withdraw consent. Exercise via privacy@encypher.com.

Limitations: the minimal public verification record persists as necessary for the Service and may be retained per Section 5; legally required records cannot be deleted; anonymized Analytics Products cannot be deleted because they no longer identify you. Raw Verification Data and Usage Data that still constitute personal data remain subject to deletion, objection, and restriction , deleting your account does not retract Encypher's rights in already-created anonymized Analytics Products (ToS §6.5(2)), but we will delete or anonymize identifiable raw data on a valid request and will cease collecting new data tied to your account.

8. European / UK Privacy Rights (GDPR / UK GDPR)

8.1 Roles

Encypher is the data controller for Account/Personal Data and for the limited personal data within Usage/Verification Data that it processes for its own analytics purposes. For Customer Content that contains third-party personal data, you are the controller and Encypher is your processor, processing it only on your documented instructions to provide the Service. Encypher will not use personal data contained in Customer Content for its own analytics purposes unless and until that data has been anonymized to Section 4.4 (at which point it is no longer personal data), any other own-purpose use would require a separate lawful basis and notice. A Data Processing Addendum (DPA) meeting GDPR Art. 28, including subprocessor terms, breach assistance, and the breach-notification commitments below, is incorporated by reference for every account through which Encypher processes personal data on the customer's behalf, including free / self-serve accounts (not merely "available on request").

Breach notification: We will notify affected controllers/customers without undue delay (and, for processor breaches, in line with Art. 33 assistance obligations) upon becoming aware of a personal-data breach.

8.2 Lawful Bases

• Contract (Art. 6(1)(b)): to provide signing/verification you requested.
• Legitimate interests (Art. 6(1)(f)): to secure and improve the Service and to operate and develop our verification-network analytics. We rely on this basis only where a documented Legitimate Interests Assessment (LIA), purpose, necessity, and a balancing test against your rights and reasonable expectations, supports it, and we maintain a DPIA where required. You may object at any time to analytics processing of identifiable data about you (before anonymization); on objection we will stop processing your identifiable data for that purpose unless we can demonstrate compelling legitimate grounds that override your interests. Aggregation/anonymization is applied to minimize impact, and once data is anonymized (Section 4.4) this basis is no longer needed.
• Consent (Art. 6(1)(a)): for non-essential cookies/marketing and any processing that requires consent.
• Legal obligation (Art. 6(1)(c)): to comply with law.

8.3 Anonymization & Scope

Once data is anonymized to our Anonymization Standard (Section 4.4), GDPR no longer applies to it (Recital 26), and our continued use, including commercialization, does not require a separate lawful basis. Our re-identification-risk assessment under Section 4.4 expressly treats Encypher's own public verification records and any publisher-selected display fields as auxiliary data that could re-link a cohort to an asset or organization; we do not release analytics that can be re-linked through those records.

8.4 Your GDPR Rights

Access, rectification, erasure, restriction, portability, objection (including to legitimate-interest processing), and the right to withdraw consent. We respond within one month. Contact dpo@encypher.com. You may lodge a complaint with your supervisory authority.

8.5 International Transfers

Primary processing is in the United States. For EEA/UK/Swiss data we use Standard Contractual Clauses (and the UK IDTA/Addendum) plus supplementary measures. Regional data residency (e.g., EU storage) is available only where we have provisioned the corresponding region; we will confirm availability before committing it in an order rather than promise a control we may not yet operate.

9. California Privacy Rights (CCPA / CPRA)

Rights to know, delete, correct, and opt out of "sale"/"sharing." We do not sell personal information, and we do not "share" it for cross-context behavioral advertising in the operation of the Service. Our commercialized analytics are deidentified and/or aggregate consumer information excluded from those definitions. The one third-party tag that could constitute "sharing" under the CPRA is Google Analytics on our marketing website; it loads only after consent, runs with advertising features and Google Signals disabled and IP truncation enabled, and is disabled by a Global Privacy Control (GPC) signal. We do not use sensitive personal information to infer characteristics. Right to non-discrimination applies; authorized agents permitted. Submit requests to privacy@encypher.com; we respond within 45 days.

10. Children's Privacy

The Service is not intended for individuals under 18, and we do not knowingly collect their personal information.

11. Cookies and Tracking

The signing/verification Service uses only essential cookies (session/auth/security) and preference cookies. Our marketing website additionally uses Google Analytics, which loads only after you consent via our cookie banner, with advertising features/Google Signals disabled and IP truncation on. No analytics or advertising cookies are set on the authenticated Service. Control cookies via the banner or your browser; disabling essential cookies may impair the Service. We honor Global Privacy Control (GPC) as an opt-out of "sale"/"sharing," which disables Google Analytics where the signal is present.

12. Changes to This Policy

We notify of material changes by email, prominent website notice, and/or in-app notice; changes take effect 30 days after notice.

13. Contact

Privacy: privacy@encypher.com · DPO (GDPR): dpo@encypher.com · Legal: legal@encypher.com · Website: https://encypher.com

14. Definitions

• Personal Information / Personal Data: information that identifies, relates to, or could reasonably be linked with an identified or identifiable person.
• Customer Content: content you submit to sign or verify (Category A).
• Verification Data / Usage Data: as defined in ToS §6.5 (Categories B and C).
• Anonymized / Aggregated: processed per Section 4.4 such that re-identification is not reasonably likely; treated as outside "personal data"/"personal information."
• Processing: any operation on personal data.

By using the Encypher Service, you acknowledge that you have read and understood this Privacy Policy.