Privacy Policy

1. Scope

This Privacy Policy explains how HybridCipher collects, uses, discloses, and protects personal information when you use our websites, applications, command line tools, and related services (collectively, the "Services").

This policy applies to:

• Our websites and documentation
• HybridCipher desktop applications
• HybridCipher command line interface tools
• Team and enterprise coordination services (if you use them)
• Support channels (email and other communications)

This policy does not apply to third-party services you use alongside HybridCipher (for example, your cloud storage provider). Their privacy policies govern their handling of your data.

2. Definitions

3. Information We Collect

3.1 Information you provide

• Account information: email address, display name (optional), organization name (optional)
• Team information: team name, membership invitations (email addresses), roles (for example, administrator or member)
• Support and communications: messages you send to support (and any information you include), including troubleshooting information you choose to share

3.2 Information collected automatically

• Device and application data (to run and secure the Services): device identifier(s), operating system version, application version, language/locale, time zone, and basic configuration flags
• Security and operational logs: authentication events, rate-limit signals, error logs, and system health metrics
• Website data: standard web server logs (for example, IP address, user agent, and request timestamps) and cookies or similar technologies (see "Cookies")

3.3 Encrypted file data

• File contents: HybridCipher is designed so we do not access your plaintext file contents.
• Encrypted file blobs: Your encrypted files are typically stored with your chosen storage provider (for example, inside a synced local folder). Depending on your deployment, encrypted blobs may also transit or be cached by components you control (for example, enterprise infrastructure).
• File metadata: Some file-related metadata may be visible to your operating system and storage provider (for example, filenames, sizes, timestamps) depending on how you configure your workflow. HybridCipher aims to minimize the metadata it must process.

4. How We Use Information

We use information to:

• Provide, operate, and maintain the Services
• Authenticate users and devices, and manage teams and memberships
• Provide customer support and respond to requests
• Improve reliability, performance, and usability (for example, debugging crashes and diagnosing sync issues)
• Detect, prevent, and respond to fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms

5. Legal Bases for Processing (EEA, UK, Switzerland)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal data based on:

6. How We Share Information

We may share information in limited circumstances:

• Service providers (processors): vendors who help us operate the Services (for example, hosting, analytics, support tooling). They are required to protect your data and use it only for providing services to us.
• Enterprise/organization administrators (if you use a team/enterprise plan): administrators may access certain team-level information (for example, membership lists, roles, audit events) as part of operating your team.
• Legal requirements: if required by law, regulation, legal process, or valid governmental request.
• Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction (subject to appropriate protections).

7. Data Location and International Transfers

• Encrypted files: stored wherever you choose—typically your selected cloud storage provider and your own devices.
• Service data / metadata: stored in managed data centers used to operate HybridCipher (regions may include the United States and the European Union, depending on your plan and configuration).
• Transfers: if we transfer personal data internationally, we use appropriate safeguards where required (for example, Standard Contractual Clauses).

8. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, including to:

• Provide the Services
• Meet legal, accounting, or reporting obligations
• Resolve disputes and enforce agreements

Retention examples (may vary by plan and configuration):

• Account and team records: retained while your account is active; removed or anonymized after deletion requests where feasible, subject to legal/operational requirements
• Security and operational logs: retained for a limited period to maintain security and reliability

9. Security

We use administrative, technical, and organizational measures designed to protect information, including:

• Encryption in transit for service communications (where applicable)
• Access controls and least-privilege practices for internal systems
• Monitoring and abuse prevention
• Secure development and release practices

10. Your Choices and Rights

10.1 Account controls

You can:

• Update certain account information
• Export certain service data (where available)
• Request account deletion (see "Contact us")

10.2 Privacy rights (depending on your location)

You may have rights to:

• Access, correct, or delete personal information
• Object to or restrict certain processing
• Request data portability
• Withdraw consent (where processing is based on consent)

If you are in the European Economic Area, United Kingdom, or Switzerland, you may also lodge a complaint with your local data protection authority.

If you are in certain United States jurisdictions, you may have additional rights under applicable state privacy laws (for example, rights to access, delete, or opt out of certain sharing).

We may need to verify your identity before fulfilling a request.

11. Cookies and Analytics

We use cookies and similar technologies to:

• Provide core site functionality
• Remember preferences
• Prevent abuse

Analytics

We use Plausible Analytics to collect anonymous usage data. Plausible is a privacy-first analytics tool that:

• Does not use cookies
• Does not collect personal data
• Does not track you across other sites
• Is fully compliant with GDPR, CCPA, and PECR

For more information, see the Plausible Data Policy.

Where required, we will request your consent for non-essential cookies. You can also control cookies through your browser settings.

12. Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under the age of 13 (or another age where required by local law). If you believe a child has provided personal information, contact us and we will take appropriate steps.

13. Third-Party Services You Choose

If you store encrypted data in a third-party cloud provider's synced folder (for example, Google Drive, Dropbox, OneDrive, Nextcloud, Syncthing), that provider's privacy policy governs how they handle data they receive (including metadata they may observe). HybridCipher does not control those providers.

14. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will provide notice by updating the "Last updated" date and, where appropriate, providing additional notice through the Services or our website.

15. Contact Us

For privacy questions or requests, contact: