Privacy Policy

Last updated: 15 January 2026

Introduction

CipherAdvisor B.V. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect information about you when you use our website, services, or interact with us. We are the data controller for the purposes of applicable data protection law, including the General Data Protection Regulation (GDPR).

Data Controller Information

The data controller responsible for your personal data is CipherAdvisor B.V., a company registered in Spain with registration number B96854713. Our registered office is located at Avenida del Puerto 177, 48398 Bilbao, Basque Country, Spain. You can contact us at privacy@cipheradvisor.pro or +34 944 718 244 for any privacy-related enquiries.

Data Collection

The data we collect includes personal information that you provide directly to us and information we collect automatically when you use our services. We collect the following types of personal data:

  • Contact Information: Name, email address, phone number, company name, and postal address when you contact us or request our services.
  • Communication Data: Information contained in communications you send to us, including enquiry details and support requests.
  • Technical Data: IP address, browser type, device information, operating system, and website usage data collected through cookies and similar technologies.
  • Analytics Data: Information about how you use our website, including pages visited, time spent, and interaction patterns.
  • Marketing Data: Your preferences for receiving marketing communications and information about your interests in our services.

How We Use Your Information

We use your personal data for various purposes based on different legal bases. How we use your information depends on the services you use and your relationship with us:

  • Service Provision: To provide our mobile commerce optimization services, respond to your enquiries, and fulfil our contractual obligations.
  • Communication: To communicate with you about our services, send updates, and respond to your requests or questions.
  • Website Improvement: To analyse website usage, improve our services, and enhance user experience through data analysis.
  • Marketing: To send you relevant marketing communications about our services (with your consent where required).
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.
  • Business Operations: To manage our business operations, maintain records, and ensure the security of our services.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

  • Consent: When you have given clear consent for us to process your data for specific purposes, such as marketing communications.
  • Contract: When processing is necessary for the performance of a contract with you or to take steps before entering into a contract.
  • Legal Obligation: When we need to process your data to comply with legal requirements.
  • Legitimate Interest: When we have a legitimate business interest that doesn't override your fundamental rights and freedoms.

Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party companies that provide services on our behalf, such as website hosting, analytics, and email marketing platforms.
  • Professional Advisors: Lawyers, accountants, and other professional advisors who assist us with business operations.
  • Legal Requirements: Government authorities, regulators, or other parties when required by law or to protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, or sale of business assets, your data may be transferred to the new entity.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Generally, we retain contact and communication data for up to 7 years after our last interaction, technical and analytics data for up to 2 years, and marketing data until you withdraw consent or unsubscribe. Some data may be retained longer if required by law or for legitimate business purposes such as dispute resolution.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You can request information about the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your personal data.
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) where our service providers are located. When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission. We take steps to ensure your data receives the same level of protection as it would within the EEA.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure hosting, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Children's Privacy

Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable data protection laws. In Spain, you can contact the Spanish Data Protection Agency (Agencia Española de Protección de Datos) at www.aepd.es.