Privacy Policy

Last Updated: 12/11/2024

1. Preliminary Provisions and Interpretations

1.1. This Privacy Policy ("Policy") is issued by Cifr.io Limited, a company registered in England and Wales ("we," "our," "us," or the "Company"), and sets forth our practices regarding the collection, utilisation, storage, sharing, and protection of personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and other applicable data protection legislation.

1.2. For the purposes of this Policy, capitalised terms shall have the following meanings:

  • "Personal Data" shall have the meaning ascribed to it in Article 4 of the UK GDPR
  • "Processing" shall encompass any operation performed on Personal Data
  • "Authentication Technology" refers to our proprietary authentication systems, including but not limited to the Cifr Chip
  • "Services" encompasses all products, applications, and technologies provided by the Company

2. Data Controller Information

2.1. The Data Controller is: Cifr.io Limited

2.2. Our Data Protection Officer can be contacted at:

Post: FAO Data Protection Officer,

3. Legal Basis for Processing

3.1. We process Personal Data on the following legal bases: a) Contractual necessity b) Legal obligation c) Legitimate interests d) Consent, where explicitly required

3.2. Our legitimate interests include:

  • Providing and improving our authentication services
  • Protecting against fraudulent activities
  • Ensuring network and information security
  • Business development and analytics

4. Categories of Personal Data Processed

4.1. We may collect and process the following categories of Personal Data:

4.1.1. Identity and Contact Information:

  • Name and title
  • Email address
  • Postal address
  • Telephone numbers
  • Business affiliation
  • Professional credentials

4.1.2. Technical Data:

  • IP addresses
  • Device identifiers
  • Browser type and version
  • Authentication interaction data
  • Location data (where permitted)
  • Operating system information

4.1.3. Usage Data:

  • Authentication attempts
  • Service utilisation patterns
  • Feature interaction metrics
  • Performance analytics
  • User preferences

4.1.4. Commercial Data:

  • Transaction history
  • Service subscriptions
  • Payment information
  • Business relationship details

5. Anti-Cloning Technology Disclaimer

5.1. Notwithstanding our implementation of sophisticated anti-cloning measures and proprietary authentication technology, we hereby explicitly disclaim any absolute guarantees regarding the prevention of cloning, replication, or unauthorised reproduction of our Authentication Technology.

5.2. The Company expressly disclaims: a) Any warranties, whether express or implied, regarding the infallibility of our anti-cloning measures b) Any representations concerning the impossibility of technological circumvention c) Any liability arising from successful cloning attempts d) Any consequential losses resulting from security breaches

5.3. Users acknowledge and accept that:

  • No security measure is entirely impenetrable
  • Technological advancement may create new vulnerabilities
  • Sophisticated actors may develop countermeasures
  • Perfect security cannot be guaranteed

6. Data Processing Activities

6.1. Processing Operations:

  • Collection and recording
  • Organisation and structuring
  • Storage and adaptation
  • Retrieval and consultation
  • Use and disclosure
  • Erasure and destruction

6.2. Processing Purposes:

  • Service provision and improvement
  • Authentication verification
  • Security and fraud prevention
  • Legal compliance
  • Business analytics
  • Customer support

7. International Data Transfers

7.1. We may transfer Personal Data to countries outside the UK and European Economic Area (EEA) subject to:

  • Adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules
  • Other appropriate safeguards

7.2. Recipients may include:

  • Cloud service providers
  • Authentication partners
  • Analytics providers
  • Professional advisers

8. Data Security Measures

8.1. Technical Measures:

  • Encryption at rest and in transit
  • Access controls and authentication
  • Firewalls and intrusion detection
  • Regular security assessments
  • Vulnerability scanning

8.2. Organisational Measures:

  • Staff training and awareness
  • Data protection policies
  • Access restriction protocols
  • Incident response procedures
  • Regular compliance audits

9. Data Retention

9.1. Retention Periods:

  • Active account data: Duration of service provision
  • Transaction records: 7 years
  • Authentication logs: 2 years
  • Marketing preferences: Until withdrawal

9.2. Retention Criteria:

  • Legal obligations
  • Business requirements
  • Technical necessity
  • Historical archiving

10. Data Subject Rights

10.1. Rights Available:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights regarding automated decision-making

10.2. Exercise of Rights:

  • Written requests to DPO
  • Identity verification required
  • Response within one month
  • Extensions where necessary

11. Liability Limitations

11.1. To the fullest extent permitted by law, we exclude all liability for:

  • Unauthorised access to Personal Data
  • Technology failures or vulnerabilities
  • Third-party actions or omissions
  • Force majeure events

11.2. Maximum Liability: Where liability cannot be excluded, our maximum aggregate liability shall not exceed: a) The amount paid for the relevant service, or b) £100, whichever is greater

12. Cookies and Tracking

12.1. We employ:

  • Essential cookies
  • Functional cookies
  • Analytical cookies
  • Marketing cookies (with consent)

12.2. Cookie Management:

  • Browser settings control
  • Consent management platform
  • Regular cookie audits
  • Policy updates

13. Third-Party Processing

13.1. Categories of Recipients:

  • Cloud service providers
  • Payment processors
  • Analytics providers
  • Professional advisers
  • Authentication partners

13.2. Safeguards:

  • Data processing agreements
  • Security assessments
  • Compliance monitoring
  • Regular audits

14. Changes to This Policy

14.1. We reserve the right to modify this Policy at any time:

  • Notice of material changes
  • Email notifications where appropriate
  • Grace period for implementation
  • Continued use implies acceptance

15. Governing Law and Jurisdiction

15.1. This Policy shall be governed by and construed in accordance with the laws of England and Wales.

15.2. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. Contact Information

For any queries regarding this Policy, please contact: Data Protection Officer Email: [email protected]

© Cifr.io 2025. All rights reserved.