Ciphrix
Legal

Data Processing Agreement

Last updated: April 2025

  1. Scope

    This DPA forms part of the Terms of Service and any applicable master subscription agreement. For data processing matters, this DPA prevails in case of conflict.

  2. Roles

    Customer acts as controller and determines data purpose. Ciphrix acts as processor and handles personal data only on documented customer instructions.

  3. Data Processed

    Ciphrix processes personal data customers place in the platform, typically names, business emails, and organisational user details.

    Sensitive personal data is not requested and should not be uploaded.

  4. Processing Rules

    • Only to provide, maintain, and support the platform.
    • Not for Ciphrix profiling, advertising, or unrelated internal purposes.
    • In line with applicable privacy laws, including Australian Privacy Act principles.

  5. Hosting and Transfers

    Customer data is hosted in the United States unless otherwise agreed in writing. AI-enabled features may involve U.S.-based providers for feature delivery.

  6. Security

    Ciphrix maintains appropriate technical and organisational safeguards. Security posture and controls are available at trust.ciphrix.com.

  7. Breach Notification

    For confirmed personal-data breaches, Ciphrix notifies the customer without undue delay and within 72 hours of breach confirmation.

  8. Subprocessors

    Subprocessors are listed at trust.ciphrix.com. Material changes are notified with reasonable notice; continued use constitutes acceptance.

  9. Retention and Deletion

    Personal data is retained during subscription and deleted within 60 days of termination unless legal retention applies. Deletion requests can be sent to support@ciphrix.com.

  10. Data Subject Rights and Law

    Ciphrix provides reasonable assistance for access, correction, deletion, and portability requests. This DPA is governed by Victoria, Australia law and aligns with GDPR Article 28 intent for EU/UK customers.

  11. Contact