Privacy Policy

Effective Date: April 30, 2026

Cyphir is operated by Veridian Software LLC, a Texas limited liability company. This policy explains what data we collect, why we collect it, and how we protect it.

1. Information We Collect

Account information. When you register, we collect your email address, display name, and a bcrypt-hashed version of your password. We never store your password in plain text.

Subscription and billing. Your subscription status, trial end date, and billing history are tracked by us and by Stripe, our payment processor. We never see or store your raw card number. Stripe handles all payment data under their own PCI-compliant infrastructure.

Session data. When you use Cyphir to control AI coding agents on your computer, the messages exchanged between your phone and your computer pass through our relay server. We store session history (messages and metadata) to enable the session history and search features.

Machine data. We store the name, fingerprint, and last-active timestamp of each computer you connect to Cyphir so we can show you your multi-machine dashboard.

Push notification tokens. If you enable push notifications, we store your device's push token to deliver session alerts and approval prompts to your phone.

Security and access logs. We log IP addresses, login timestamps, and authentication events to detect unauthorized access, rate-limit abuse, and enforce security policies.

2. How We Use Your Information

• To operate and deliver the Cyphir service
• To send transactional emails (verification, password reset, session invitations)
• To deliver push notifications for session events and tool approval prompts
• To enforce subscription status and billing
• To detect and prevent fraud, abuse, and unauthorized access
• To improve the reliability and performance of the service

We do not sell your data. We do not use your data for advertising.

3. Third-Party Services

• Stripe — payment processing. Stripe stores your card information and billing history under their privacy policy at stripe.com/privacy.
• Resend — transactional email delivery. We send your email address and message content to Resend solely to deliver emails you request.
• Expo / Apple Push Notification Service — push notification delivery. Your device token is routed through Expo and Apple's APNs infrastructure.
• Apple — App Store distribution and TestFlight. Apple's privacy practices are governed by their privacy policy at apple.com/legal/privacy.

4. Data Retention

We retain your account data and session history for as long as your account is active. You can delete your account at any time from the Settings tab in the Cyphir app. Account deletion removes your personal data, session history, machine records, and push tokens from our systems within 30 days. Stripe retains billing records in accordance with their own retention policies and applicable law.

5. Security

All data in transit is encrypted via TLS. Passwords are hashed using bcrypt before storage. Authentication tokens are short-lived JWTs with a token version invalidation system, meaning signing out immediately revokes all active sessions. Machine connections are authenticated before being granted relay access.

No system is perfectly secure. If you believe you have found a security vulnerability in Cyphir, please contact us at security@veridiansoftware.net.

6. Children

Cyphir is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

7. Your Rights

You may access, correct, or delete your personal data at any time. To delete your account and all associated data, use the Delete Account option in the Cyphir app. For other requests, contact us at the address below.

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR or UK GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the app. The effective date at the top of this page reflects the most recent revision.