Privacy Policy

CipherSentry · Last updated: 2026-07-02 · Pre-production version

CipherSentry ("CipherSentry", "we", "us") processes your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

CipherSentry — Spain (EU) (legal form and registration details to be confirmed upon tax registration, before commercial launch). Contact: privacidad@ciphersentry.yoire.com

2. Data we collect

We apply the principle of data minimisation. We only collect:

  • Email address — your account identifier and communication channel.
  • Password — always stored in hashed form (PBKDF2-SHA256 with a unique salt per user). Never in plaintext.
  • Name (optional) — to personalise your account.
  • Usage data — number of commands and sessions per month, used to enforce your plan limits.

We do not collect payment data in this phase (pre-production). We do not use tracking cookies or advertising profiling.

Data captured by your honeypots (from third-party attackers). The core of the service is recording the malicious activity received by your nodes: source IPs, usernames and passwords attempted by attackers, commands executed, and files they attempt to download. These are data belonging to third parties (the attackers), not to you; they are isolated per account (only you see data from your nodes) and processed under the legitimate interest basis for security purposes (see legal basis below).

3. Legal basis

  • Performance of a contract (Art. 6.1.b GDPR): processing your email and usage data is necessary to provide the service.
  • Consent (Art. 6.1.a GDPR): you accept this policy at registration. You may withdraw it by deleting your account.
  • Legitimate interest (Art. 6.1.f GDPR): processing the data captured by your honeypots (attacker IPs, credentials attempted, commands) serves the legitimate interest of threat detection and prevention — the core purpose of the service.

4. Purpose

  • Creating and managing your account and API key.
  • Enforcing the usage limits of your plan.
  • Service-related operational communications.
  • Founder Programme: if you register as a founder before launch, we process your email, company name, requested plan, reservation status and date. Legal basis: consent (Art. 6(1)(a) GDPR) granted when you sign the reservation form. You may withdraw consent at any time by writing to hello@ciphersentry.yoire.com.

We do not sell your data or use it for any purpose other than those described above.

5. Data processors

To deliver the service, we use the following sub-processors that process data on our behalf under contract:

  • Email delivery (e.g. password-recovery emails) — delivered via an SMTP relay provider (SMTP2GO). Only the recipient address and message content are transmitted; your password is never included.
  • Hosting — infrastructure located in the European Union.
  • IP geolocation — to display the country/city of origin of attackers in your statistics and reports, the IPs captured by your honeypots (third-party attacker data, not your personal data) are queried against an IP geolocation service (ip-api.com). Only the IP address is transmitted; this may involve a transfer outside the EEA. Basis: legitimate interest in security.

6. Retention

We retain your account data (email, name, API keys and usage data) for as long as your account is active.

The honeypot captures (attacker activity) are retained while your account is active, to provide you with the threat-intelligence service (legitimate security interest). Your plan's retention window (Free: 7 days · Starter: 90 days · Pro: 12 months; Enterprise: full history) determines the depth of history you can query and export from your dashboard — it is a visibility window, not an automatic deletion schedule.

Founder Programme data (email, company, plan, reservation status) is retained until you convert to an active paying customer (at which point it is covered by your plan retention) or for 3 months after the programme closes without conversion, unless you request erasure earlier.

If you delete your account, it is deactivated immediately (you lose access and it becomes invisible), and after verification by our team, all your data is permanently and cascadingly deleted: account, password, keys, usage records, enrolled nodes and their captures, any saved reports, and your founder record. You may also request erasure by writing to privacidad@ciphersentry.yoire.com.

7. Your rights

You may exercise at any time your rights of access, rectification, erasure, objection, restriction and data portability:

  • Erasure: directly from your account dashboard ("Delete my account") or by writing to privacidad@ciphersentry.yoire.com. Your account is deactivated instantly; permanent deletion is completed after verification by our team.
  • All other rights: privacidad@ciphersentry.yoire.com.

You have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or with the supervisory authority of your EU member state.

8. Security

Passwords are stored using PBKDF2-SHA256 with a unique salt per user. API keys are secrets; do not share them. You can regenerate them at any time from your dashboard.

This document corresponds to the pre-production phase. It will be reviewed before commercial launch. · Versión en español