Dypher

1. Information We Collect

We collect information you provide directly, including account details (name, email, password), organization data (company details, registration numbers, jurisdiction information), governance records (directors, shareholders, officers, UBO data), and uploaded documents.

We also collect information automatically, including log data, device information, IP addresses, browser type, and usage analytics to improve our Services.

2. How We Use Information

We use your information to: operate and improve the Services; provide governance tracking, compliance monitoring, and document management features; provide customer support; communicate service updates; enforce our Terms of Service; and meet legal obligations.

3. High-Risk Personal Data

Important Notice

Dypher processes data that may be considered high-risk under data protection regulations, including: Ultimate Beneficial Ownership (UBO) information, shareholder ownership percentages, director and officer personal details, national identity numbers, and corporate governance records.

This data is processed solely for governance tracking and compliance purposes as instructed by the organization administrator. We apply enhanced security measures including encryption at rest (AES-256), row-level security isolation, and strict access controls to protect this data.

4. Data Sharing and Processors

We use third-party service providers (sub-processors) for hosting (Vercel), database and authentication (Supabase), analytics, and communications. These providers process data on our behalf under contractual obligations consistent with this Policy and applicable data protection laws.

We do not sell personal data. We may disclose information if required by law, regulation, or legal process.

5. Data Retention

We retain data for as long as your account is active or as needed to provide the Services. Organization data is retained for the duration of the organization's existence on the platform. When data is no longer required, we take steps to securely delete or anonymize it.

You may request deletion of your account and associated personal data at any time through the Profile settings. Organization data deletion is available through Entity Settings.

6. Your Rights (GDPR-Aligned)

Depending on your jurisdiction, you may have the right to:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your personal data
Restriction — request that we limit processing of your data
Portability — receive your data in a structured, machine-readable format (available via Data Export)
Objection — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent

To exercise these rights, contact us at privacy@dypher.app. We will respond within 30 days (or as required by applicable law).

7. Security Measures

We implement technical and organizational measures to protect your data, including: encryption at rest and in transit (TLS 1.3), row-level security for tenant isolation, audit logging of all data access and modifications, and regular security reviews.

No system is completely secure. If you become aware of a security vulnerability, please contact us immediately at security@dypher.app.

8. International Transfers

Your data may be processed in countries other than your country of residence, including the United States and the European Union, where our service providers operate.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or other mechanisms approved under applicable data protection law.

9. Changes to Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. Continued use after changes indicates acceptance of the updated policy.

10. Contact Information

For questions or requests about this Privacy Policy, contact Dypher at privacy@dypher.app.