This policy explains what personal data Nullciphers ("we", "us", "our") collects when you use this website, why we collect it, how we handle it, and the rights you have over it under the EU/UK General Data Protection Regulation (GDPR).
We keep data collection to a minimum. This site has no analytics, no advertising, and no tracking cookies. We only process the information you choose to send us through the contact form or by email.
01Who we are (the data controller)
The data controller responsible for your personal data is:
- Nullciphers LTD
- Registered address: Feidiou 40, Limassol 3075, Cyprus
- Company registration number: HE123456
- Email: hello@nullciphers.com
For any questions about this policy or your personal data, contact us at the email address above.
02What data we collect
We collect the following categories of personal data:
a) Information you give us
When you submit the contact form or email us, we collect:
- Your name
- Your email address
- The topic you select (the service you're interested in)
- The contents of your message and any personal data you choose to include in it
b) Information collected automatically
When you visit the site, the following may be processed by the services we rely on (see Section 5):
- Your IP address — recorded by our hosting provider in standard server logs. We self-host our fonts, so no font request leaves our site.
- Technical request data — such as browser type and the time of your request, held in those same server logs for security and reliability.
We do not use cookies, analytics, fingerprinting, or any tracking technology of our own.
03Why we use it, and our legal basis
| Purpose | Data used | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Respond to your enquiry and discuss a potential engagement | Name, email, topic, message | Art. 6(1)(b) — steps taken at your request prior to entering a contract; and/or Art. 6(1)(f) — our legitimate interest in answering enquiries |
| Serve and secure the website, prevent abuse and spam | IP address, technical request data | Art. 6(1)(f) — our legitimate interest in keeping the site available and secure |
| Comply with legal obligations | Any of the above, where required | Art. 6(1)(c) — compliance with a legal obligation |
Providing your details through the contact form is voluntary, but we cannot respond to an enquiry without at least a way to reply to you.
04How long we keep it
We keep enquiry data only as long as needed for the purpose it was collected:
- Enquiries that do not lead to an engagement: deleted within 24 months of our last contact.
- Enquiries that lead to a client relationship: retained for the duration of the relationship and for any period required by law (for example, tax and accounting records).
- Server logs: retained for a short period for security and operational purposes in line with our hosting provider's standard logging practices, then deleted or anonymised.
05Who we share it with (processors & third parties)
We do not sell your personal data and we do not share it for advertising. We use a small number of service providers ("processors") that handle data on our behalf:
Web3Forms — contact form delivery
Our contact form is submitted to Web3Forms, which forwards your message to our inbox. The name, email, topic and message you enter pass through their service. See the Web3Forms Privacy Policy.
Hosting provider
This website is hosted on Cloudflare Pages (Cloudflare, Inc.), which processes IP addresses and request data in server logs in order to deliver the site securely. See the Cloudflare Privacy Policy.
06International data transfers
Some of the providers above (for example Web3Forms, and potentially our hosting provider) may process data on servers outside the European Economic Area, including in the United States. Where this happens, the transfer is protected by appropriate safeguards under GDPR — typically the European Commission's Standard Contractual Clauses and/or an adequacy decision such as the EU–US Data Privacy Framework.
07Your rights
Under the GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we use your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on our legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect processing already carried out).
To exercise any of these rights, email us at hello@nullciphers.com. We will respond within one month, as required by law.
08Right to complain
If you believe we have mishandled your personal data, you have the right to lodge a complaint with your local data protection supervisory authority. Our lead supervisory authority is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (dataprotection.gov.cy). You also have the right to complain to the authority in your own country of residence.
09Data security
Submissions are transmitted over encrypted HTTPS connections. We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. No method of transmission over the internet is completely secure, but we take security seriously — it is, after all, what we do.
10Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be reflected on this page.