Legal

Privacy Policy

Last updated: June 8, 2026 · Effective: June 8, 2026

This Privacy Policy describes how Ccyfer Technologies ("Ccyfer", "we", "our", "us") collects, uses, stores, and protects your personal data when you access or use the Ccyfer platform at ccyfer.in ("Platform"). By using the Platform, you agree to this Policy.
01

Who We Are and How to Contact Us

Ccyfer Technologies operates the Ccyfer AI-powered marketing intelligence platform. We act as the Data Controller for personal data collected through the Platform.

Data Controller

Ccyfer Technologies

Registered Address

Navi Mumbai, Maharashtra, India

Privacy Contact

privacy@ccyfer.in

Data Protection Officer

dpo@ccyfer.in

02

What Data We Collect

We collect only what is necessary to provide and improve the Platform:

CategoryData PointsSource
Account DataName, email, phone number, business name, role, profile pictureYou (registration)
Usage DataPages visited, tools used, AI outputs generated, timestamps, session durationAutomatically
Device & TechnicalIP address, browser type, OS, device type, referrer URLAutomatically
AI Tool InputsBusiness descriptions, product details, niche, target audience you enter into toolsYou (tool use)
Payment DataBilling name, address, invoice records (no card numbers — handled by payment processor)You / Processor
CommunicationsSupport tickets, feedback, bug reports, emails you send usYou
Client DataClient names, websites, social handles you enter into client workspacesYou (workspace use)

We do not collect sensitive personal data (health data, biometric data, political opinions, religious beliefs) and you should not enter such information into the Platform.

03

How We Use Your Data

PurposeLegal BasisRetention
Provide platform services and featuresContract performanceDuration of account
Process payments and invoicesContract performance / Legal obligation7 years (tax records)
Authenticate users and prevent fraudLegitimate interest / ContractDuration of account + 90 days
Improve AI models and tool qualityLegitimate interest2 years (anonymised after 6 months)
Send service notifications and updatesContract performance / ConsentUntil unsubscribe
Send marketing communicationsConsent (opt-in only)Until withdrawn
Comply with legal obligationsLegal obligationAs required by law
Respond to support requestsContract performance / Legitimate interest3 years
04

AI Tool Inputs and Outputs

When you use Ccyfer's AI tools, the content you input (business details, product descriptions, audience data) is processed to generate outputs. Specifically:

Your inputs are sent to third-party AI providers (see Section 6) via secure API calls for generation.
Inputs and outputs may be stored in your account history for up to 12 months for your reference.
We may use anonymised, aggregated patterns from tool inputs to improve prompt quality — never your specific business data in identifiable form.
You retain full ownership of any content you input and any AI-generated outputs produced through your account.
Client workspace data (your clients' details) is stored securely in your account and is never shared with other Ccyfer users.
05

Cookies and Tracking

We use minimal, essential cookies and similar technologies:

Cookie TypePurposeDuration
AuthenticationFirebase Auth session token — keeps you logged inSession / 30 days
PreferencesTheme, language, last-used client workspace1 year
AnalyticsAnonymised usage statistics to improve the Platform90 days
SecurityCSRF protection tokensSession

We do not use advertising cookies, behavioural tracking, or third-party remarketing pixels. You can disable non-essential cookies in your browser settings without affecting core functionality.

06

Third-Party Services and Data Sharing

We share data with trusted third parties only as necessary:

ProviderPurposeData SharedLocation
Google Firebase / FirestoreDatabase, authentication, hostingAll platform dataIndia (Mumbai)
AnthropicAI model (Claude) for tool outputsTool inputs onlyUSA (SCCs apply)
OpenRouterAI model routing and fallbackTool inputs onlyUSA (SCCs apply)
Stripe / RazorpayPayment processingBilling details onlyIndia / USA
Google Cloud StorageFile and image storageUploaded filesIndia (Mumbai)

We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes. Data is shared only to deliver the services you use.

07

International Data Transfers

Some of our AI providers (Anthropic, OpenRouter) are based in the United States. When we transfer your data outside India, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
Data Processing Agreements with all sub-processors
Only tool input data (not full personal profiles) is transferred to AI providers

For full details, see our Data Processing Agreement.

08

Data Security

We implement industry-standard security measures to protect your data:

All data in transit encrypted via TLS 1.3
All data at rest encrypted via AES-256 (Google Cloud default encryption)
Firebase Authentication with JWT tokens and automatic refresh
Role-based access control — users can only access their own data
Admin operations performed via server-side Cloud Functions, not directly by client
Regular security reviews and access audits
API keys stored as environment secrets, never in client-side code

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by applicable law.

09

Your Rights

Depending on your location, you have the following rights regarding your personal data:

RightWhat it meansHow to exercise
AccessGet a copy of all personal data we hold about youEmail privacy@ccyfer.in
CorrectionCorrect inaccurate or incomplete dataAccount settings or email us
DeletionRequest deletion of your personal dataData deletion page or email us
RestrictionRestrict how we process your data while a dispute is pendingEmail privacy@ccyfer.in
PortabilityReceive your data in a structured, machine-readable formatEmail privacy@ccyfer.in
ObjectionObject to processing based on legitimate interestsEmail privacy@ccyfer.in
Withdraw ConsentWithdraw consent for marketing or optional processingAccount settings / unsubscribe

We will acknowledge your request within 72 hours and respond fully within 30 days. There is no charge for exercising your rights. If you are unsatisfied with our response, you may lodge a complaint with the relevant data protection authority.

10

Data Retention

We retain your personal data for as long as necessary to provide services and comply with legal obligations:

Account data: retained for the duration of your account plus 90 days after deletion request
AI tool inputs and outputs: 12 months in your account; anonymised aggregates retained indefinitely
Billing records: 7 years (Indian tax law requirement)
Support communications: 3 years
Security logs: 1 year

After applicable retention periods, data is securely deleted or permanently anonymised.

11

Children's Privacy

The Platform is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact privacy@ccyfer.in immediately and we will delete it within 7 days.

12

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last updated" date at the top of this page
We will send an email notification to registered users
We will display a prominent notice on the Platform for 30 days

Your continued use of the Platform after the effective date of a revised Policy constitutes your acceptance. If you do not agree, you must stop using the Platform and may request account deletion.

Request Data DeletionTerms of ServiceData Processing Agreement

Questions? Email privacy@ccyfer.in