The "Data Controller" for the purposes of GDPR and other international privacy laws is the CCYPH Integral Project. Our operational philosophy is built on the principle of Privacy by Design. Unlike traditional cloud-based services, CCYPH is an offline-first encryption utility. We do not maintain a central user database that stores your personal communications, files, or sensitive metadata. Our contact for privacy-related inquiries is strictly via our official support channels.
We adhere to the principle of Data Minimization. We collect only two specific types of data: (A) Activation Identity: Your email address used during purchase to identify your license status. (B) Hardware Telemetry: A non-reversible cryptographic hash of your hardware components (Motherboard ID/CPU) to bind the license to a single device. We do not collect names, physical addresses, or phone numbers unless provided voluntarily for support purposes.
CCYPH utilizes Paddle.com as its exclusive Merchant of Record. When you initiate a purchase, you are entering into a financial transaction with Paddle, which acts as the legal reseller. Paddle collects and processes your billing information, including credit card details and VAT/Tax information. CCYPH never sees, handles, or stores your financial data. Paddle provides us only with a transaction ID and a confirmation of successful payment to trigger license issuance.
Our software utilizes a Zero-Knowledge Architecture. This means that all encryption and decryption processes occur strictly within your local machine's volatile memory (RAM). Your Master Passwords, Private Keys, and unencrypted texts are never transmitted to our servers. We have no technical means to "backdoor" your encrypted sessions or recover any data if your local keys are lost. You remain the sole owner of your cryptographic material.
Our licensing and update servers are hosted on high-security infrastructure provided by Hetzner Online GmbH in Germany (EU). This choice ensures that all data handling complies with the General Data Protection Regulation (GDPR). Germany provides one of the world’s strongest legal frameworks for data residency and physical server security, protecting your minimal activation data from unauthorized third-party access.
Most modern software includes background "telemetry" to track user behavior. CCYPH categorically rejects this practice. Our software does not contain tracking pixels, analytics engines (like Google Analytics), or behavioral monitoring tools. We do not know how often you use the software, what you encrypt, or who you communicate with. Your usage patterns remain completely anonymous and private.
We retain your activation email and hardware hash for the duration of your active subscription to facilitate software updates and license re-activations. Upon expiration of your license and a subsequent 12-month grace period, your data is scheduled for permanent deletion from our activation servers. Users may request manual deletion of their data at any time, acknowledging that this will immediately invalidate their software license.
Regardless of your geographic location, we grant all users the rights outlined in the GDPR: (1) The Right to Access your data; (2) The Right to Rectification; (3) The Right to Erasure; and (4) The Right to Data Portability. Since our data collection is minimal, these rights primarily apply to your activation email. To exercise these rights, you must verify your identity through the email address associated with your Paddle transaction.
During the license activation process, our servers may generate temporary logs containing your IP address and timestamp. These logs are used exclusively for security monitoring (preventing Brute Force or DDoS attacks) and are automatically purged every 30 days. These logs are not linked to your encrypted activity within the CCYPH software and are never sold to third-party marketing entities.
CCYPH does not engage in data brokerage. We do not sell, rent, or lease our user lists to third parties. Data is shared strictly with Paddle (to process your payment) and Hetzner (to host the activation infrastructure). These partners are contractually obligated to maintain the same high standards of confidentiality as outlined in this policy.
We will only disclose stored data (Email/Hash) if required by a valid, legally binding order from a court with jurisdiction over our operations (Montenegro/EU). Because of our Zero-Knowledge design, it is mathematically impossible for us to comply with requests for decrypted content, user passwords, or session keys, as we never possess them in the first place.
As privacy laws and encryption standards evolve, we may update this policy. All major changes will be announced within the CCYPH software interface or via our official website. Continued use of the software after such changes constitutes your explicit consent to the updated terms. This version is effective as of April 18, 2026.