Privacy Policy
1. Data Controller
Swiss Cipher Group
Geneva, Switzerland
Email: hello@ciphergroup.ch
Website: https://ciphergroup.ch
2. Data We Collect
We collect the following categories of personal data:
2.1 Contact Information
When you submit a contact form or request a Cipher Audit, we collect your name, email address, company name, and domain. This data is processed solely for responding to your enquiry and providing our services.
2.2 Account Data
When you access the client dashboard, we process your domain name and API key for authentication purposes. We do not store passwords — authentication is handled through Supabase row-level security.
2.3 Asset Data
When you submit digital assets for sealing, we compute and store cryptographic hashes (SHA-256), perceptual hashes (pHash), and watermark identifiers. We do not store the original files. Only the mathematical fingerprints are retained in our Proof of Trust database.
2.4 Technical Data
Our servers automatically collect IP addresses, browser type, and access timestamps for security and performance monitoring. This data is retained for a maximum of 90 days.
2.5 Drag-and-Drop Verifier
When you use the file verifier on our landing page, the SHA-256 hash is computed entirely in your browser using the Web Crypto API. Your file never leaves your device. Only the computed hash is sent to our API to check verification status.
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Responding to enquiries | Legitimate interest (Art. 6(1)(f) GDPR / Art. 31 nDSG) |
| Providing verification services | Performance of contract (Art. 6(1)(b) GDPR) |
| Sealing and storing cryptographic hashes | Performance of contract (Art. 6(1)(b) GDPR) |
| Security and abuse prevention | Legitimate interest (Art. 6(1)(f) GDPR) |
4. Data Storage and Transfers
Asset fingerprints and metadata are stored in Supabase (hosted in EU data centres). Redis caching is provided by Upstash (EU region). No personal data is transferred outside the European Economic Area or Switzerland without adequate safeguards.
For blockchain-anchored assets (Tier IV), a cryptographic hash — not personal data — is written to a public blockchain. This hash cannot be reverse-engineered to identify any individual or reconstruct the original content.
5. Data Retention
Contact form data is retained for 24 months. Asset verification records are retained for the duration of the client's subscription plus 5 years for legal evidence purposes. Technical logs are retained for 90 days. You may request earlier deletion at any time.
6. Your Rights
Under the GDPR and nDSG, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Lodge a complaint with your supervisory authority
To exercise these rights, contact us at hello@ciphergroup.ch. We will respond within 30 days.
7. Cookies and Tracking
We use localStorage to remember your language preference (EN/FR). We do not use advertising cookies, tracking pixels, or third-party analytics. We do not use Google Analytics.
8. Third-Party Services
| Service | Purpose | Data Centre |
|---|---|---|
| Supabase | Database and authentication | EU |
| Upstash | Redis caching | EU |
| Infomaniak | Web hosting | Switzerland |
| Google Fonts | Typography | CDN |
9. Children's Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated via our website. The "Last updated" date at the top of this page indicates the most recent revision.
11. Contact
Swiss Cipher Group
Geneva, Switzerland
hello@ciphergroup.ch