PRIVACY POLICY

1. Information We Collect

We are committed to minimal data collection. We only collect:

• Your email address when you sign up for the mailing list download the free version, activate a trial license or purchase a Pro license key
• Your name and email address when you submit a contact form inquiry

Additionally, we collect minimal anonymous analytics during update checks (see section 6 below). We do not collect any information about how you use ContextCypher or your threat modeling data.

2. How We Use Your Email Address

Your email address is used exclusively for:

• Sending your Trial License on activation or Pro license key after purchase
• Important security updates, critical announcements and software update advisories
• Responding to your support requests

We will never sell, share, or use your email for marketing purposes without your explicit consent.

3. Data Security & Privacy

ContextCypher is built with privacy as a core principle:

• With Local LLMs: All threat modeling data remains exclusively on your machine - nothing leaves your device
• With Public AI Providers: When you choose to use Public AI provider services, OpenAI, Claude, or Gemini etc. your diagram data is sent to their servers for analysis (subject to their privacy policies) For pro users there is optional Data Sanitization functionality that attempts to clean/redact sensitive data from the analysis but this is not guaranteed. Please ensure you are not including sensitive or confidential information in your diagrams and have read and understood the Terms of Service before using the software.
• The software does not track how you use the application or collect any of your project data
• Update checks occur automatically on startup to ensure you have the latest security patches
• Your email address (if provided for licensing) is stored securely and encrypted

Note: For maximum privacy, we recommend using local AI providers (Ollama) to keep all data on your device.

4. Third-Party Services

ContextCypher may interact with:

• Local AI providers (Ollama, LocalAI) - all data remains on your machine
• Public AI providers (OpenAI, Claude, Gemini) - only if you explicitly configure them
• Our license servers - for Trial and Pro license activation and validation
• Payment processor (Stripe) - for license subscription purchases and updgrades/downgrades (we never see your payment details)
• Our update server - automatically on app startup and when you click "Check for Updates" (collects anonymous analytics as described in section 6)

5. Your Rights & Data Requests

You have complete control over your data:

• Use ContextCypher entirely offline without any internet connection
• Use the application completely offline after installation (except for update checks)
• Request deletion of your email address from our records
• All your diagram and analysis data is stored locally - you have full control

GDPR Data Rights

Under GDPR and similar privacy laws, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Deletion: Request complete removal of your personal information
• Correction: Update any incorrect information we have
• Portability: Receive your data in a portable format

To exercise these rights, please submit a contact form with "Data Privacy Request" as the subject. Include the email address associated with your data and specify whether you want to export, delete, or update your information. We'll process your request within 30 days.

6. Anonymous Analytics

To improve ContextCypher and understand usage patterns, we collect minimal, anonymous analytics data:

What We Collect:

• Version Information: Which version of ContextCypher you're using
• Geographic Region: Country and general region (not precise location)
• Operating System: Windows version, macOS version, or Linux
• Language Preference: Your system's language setting
• Usage Timing: Time of day and day of week when the app starts

When It's Collected:

Only when ContextCypher automatically checks for updates on startup (once per app launch).

What We DON'T Collect (analytics):

• Your name, email, or any personal identifiers
• Your diagrams, threat models, or any project data
• How you use the application
• Your precise location or IP address

Why We Collect This:

This helps us understand which OS versions to support, what languages to prioritize, and when users typically work with the app. All data is aggregated and anonymous.

Privacy Note: This minimal analytics data helps us improve ContextCypher while respecting your privacy. The data is completely anonymous and cannot be traced back to you.

7. License Activation & Device Identification

To prevent license abuse and enable our 7-day trial system, we collect limited device information:

What We Collect:

• Machine ID: A unique identifier combining your device's hardware characteristics (network adapter MAC address and CPU information) with a random UUID
• IP Address: Collected temporarily during license validation to prevent license abuse
• Activation Details: When and which devices have activated a license

Why We Collect This:

• Enforce license terms (e.g., device limits for licenses)
• Provide one 7-day trial per device
• Prevent unauthorized sharing of licenses
• Enable device deactivation for license transfers

What We DON'T Do:

• Track your behavior or usage patterns
• Access any personal files or data
• Share this information with third parties
• Use this data for marketing or profiling

Privacy Note: The Machine ID cannot be used to identify you personally. It's a one-way hash that only confirms the same device is being used. IP addresses are retained for a maximum of 30 days for security purposes.

8. Contact Us

Developed by Threat Vector Security Pty Ltd.

For privacy-related questions or concerns:

• Use the contact form on our website
• Discord: Join our community
• For data privacy requests: Select "Data Privacy Request" in the contact form