Privacy Policy

01Who We Are; Scope

This Privacy Policy explains how Cipher Audio LLC ("Cipher," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit cipheraudio.io, purchase or activate Obelisk, use installers or update checks, request a free email-gated demo download, contact support, participate in promotions or influencer-code programs, interact with advertising or conversion-measurement technologies, or use related services.

Controller/business: Cipher Audio LLC. Legal notices may be sent to Cipher Audio LLC, c/o ZenBusiness Inc., Registered Agent, 336 E. College Ave., Suite 301, Tallahassee, FL 32301. Privacy requests: privacy@cipheraudio.io. Support: support@cipheraudio.io. Order communications may come from orders@cipheraudio.io.

This Policy applies globally, subject to mandatory privacy, consumer, cookie, electronic-communications, and data-protection laws that may provide additional rights based on your location.

02Personal Information We Collect

Current Activation Data. At launch, activation transmits purchase email, License Key or activation token, a hardware-derived machine/device fingerprint or hash, and product name. The server logs request IP address and activation timestamp. The plugin does not transmit a separate operating-system identifier, CPU architecture, DAW/host identifier, plug-in format, plug-in version, usage analytics, crash logs, audio, MIDI, presets, or DAW project/session content during activation. Optional update checks transmit the activation receipt when checking for updates.

No Biometric or Sensitive Profiling at Launch. Cipher does not intentionally use the Software to collect biometric identifiers, precise geolocation, health data, hearing data, neurological data, psychiatric data, sexual information, religious information, union membership, political affiliation, or sensitive profiling data. Do not submit sensitive information unless necessary for support and authorized.

We may collect identifiers such as email address, name if provided, billing country, order ID, License Key, activation token, support identifiers, IP address, and device or Machine identifiers; commercial information such as products purchased, price, currency, refund status, transaction references, coupon or influencer code, tax information, and Stripe payment metadata; internet/electronic activity such as website logs, download logs, installer requests, update-check metadata, referral parameters, strictly necessary cookies, consent records, cookieless analytics events, advertising event data where enabled, and security logs; support information such as support communications, screenshots, DAW/OS/plugin versions, audio examples, presets, crash logs, diagnostics, or files only when you choose to submit them; and approximate location such as country, region, or city inferred from IP address for tax, fraud prevention, localization, consent routing, and compliance.

Advertising, Pixel, and Conversion-Measurement Data. If you consent where required, or where permitted by applicable law subject to your opt-out rights, Cipher may collect or disclose advertising and conversion-measurement data through TikTok Pixel, TikTok Events API, Meta Pixel, Meta Conversions API, and similar advertising technologies. This may include cookie identifiers, pixel identifiers, click identifiers, event identifiers, browser identifiers, device and connection information, IP address, user agent, referral URL, page URL, landing page, demo-download event, checkout event, purchase event, product viewed, product purchased, price, currency, order status, timestamp, approximate location derived from IP address, and hashed customer information such as email address or other identifiers you provide. Cipher does not intentionally disclose payment-card numbers, CVV, DAW project files, audio files, MIDI files, presets, Software activation hardware fingerprints, or Software-generated content to advertising platforms for advertising purposes.

03Data We Do Not Intentionally Collect Automatically

Cipher does not collect crash logs automatically at launch. Cipher does not intentionally collect your DAW session files, private audio recordings, MIDI compositions, project files, or user presets automatically. Cipher may receive such materials only if you voluntarily provide them for support, beta testing, diagnostics, feedback, or other interactions. Cipher does not seek sensitive personal information, and you should not send it unless necessary for support.

Support Submissions. If you voluntarily send support emails, screenshots, presets, audio examples, crash logs, project excerpts, system details, or other materials, Cipher may process them to provide support, troubleshoot, enforce rights, preserve records, prevent abuse, and improve products. Do not send sensitive personal information, confidential client material, unreleased recordings, protected health information, biometric information, or third-party confidential content unless necessary and authorized.

04Sources of Personal Information

We collect personal information directly from you, from the website and Software, from Stripe and Stripe Tax, email systems including order and support communications, GoDaddy, Cloudflare, the Render-hosted app, storage, download, and CDN providers used to deliver installers, consent-management tools, fraud-prevention or security tools, support communications, influencer/referral code records, advertising platforms when you interact with our ads or where permitted by law, and publicly available or lawfully obtained sources when needed to protect rights, comply with law, or prevent abuse.

05Purposes of Processing

We use personal information to process purchases; calculate taxes; deliver License Keys and gated installer/download access; provide demo downloads; activate licenses; support local license validation; reset, revoke future entitlements, and enforce licenses; provide update checks and installers; provide support; respond to inquiries; process refunds; prevent fraud, piracy, abuse, chargebacks, security incidents, unlawful activity, and influencer-code abuse; maintain logs and backups; improve products and services; send transactional emails; manage promotions and manual influencer payouts; comply with tax, accounting, legal, and regulatory obligations; and establish, exercise, or defend legal claims.

If you consent where required, or where permitted by applicable law subject to your opt-out rights, we may also use advertising technologies to measure ad performance, attribute visits, purchases, demo downloads, checkout activity, and other conversion events to advertising campaigns, build or refine advertising audiences, suppress ads to existing purchasers, deliver or support retargeting, optimize advertising, detect duplicate or fraudulent events, and understand whether TikTok, Meta, or other advertising campaigns are effective.

06Legal Bases for EEA/UK Users

Where GDPR or UK GDPR applies, our legal bases include contract performance for purchases, delivery, activation, update checks, demo delivery, refunds, and support; legitimate interests for security, fraud prevention, anti-piracy, service improvement, legal claims, and business administration; consent for non-essential cookies, pixels, advertising technologies, retargeting, marketing measurement, and marketing communications where required; and legal obligation for tax, accounting, compliance, and lawful requests.

Cipher does not rely on legitimate interests to place or read non-essential advertising cookies, pixels, or similar technologies in the EEA or UK. Where consent is required, those technologies will not be activated until consent is obtained. You may withdraw consent at any time without affecting prior lawful processing.

07Cookies, Pixels, and Similar Technologies

Cipher uses strictly necessary cookies and similar technologies for checkout, payment, security, fraud prevention, preferences, consent management, and site operation, including necessary technologies used by Stripe hosted checkout. Cipher also uses cookieless analytics, including Cloudflare Web Analytics, which does not place analytics cookies.

Cipher may use non-essential advertising cookies, pixels, tags, server-side event APIs, and similar technologies, including TikTok Pixel, TikTok Events API, Meta Pixel, and Meta Conversions API, for advertising measurement, conversion attribution, campaign optimization, audience creation, ad delivery, ad suppression, and retargeting. These technologies may allow Cipher and the relevant advertising platform to recognize browsers or devices, connect site activity with advertising interactions, measure purchases and demo downloads, and improve advertising performance.

Where required by law, including in the EEA and UK, Cipher will not activate non-essential advertising cookies, pixels, or similar technologies unless and until you provide prior consent through Cipher consent mechanism. You may reject non-essential advertising technologies, customize choices where available, or withdraw consent later through the cookie or privacy settings made available on the website.

For U.S. users, certain disclosures of identifiers, internet activity, hashed customer information, event data, and advertising identifiers to advertising platforms may be considered "sharing," "targeted advertising," or, under some laws, a "sale" of personal information, even though Cipher does not sell personal information for money. You may opt out as described in Sections 13 and 14.

08Disclosures of Personal Information

We may disclose personal information to service providers, processors, contractors, and other recipients such as Stripe, Stripe Tax, GoDaddy, Cloudflare, Render, email providers, storage, download, and CDN providers used to deliver installers, consent-management providers, fraud-prevention tools, tax/accounting providers, professional advisers, support tools, and manual influencer/referral payout administrators.

If enabled subject to required consent and opt-out controls, we may disclose advertising and conversion-measurement information to TikTok, Meta, and similar advertising platforms, including pixel identifiers, cookie identifiers, click identifiers, hashed email address or other hashed customer information, IP address, user agent, event data, page URL, referral URL, purchase data, demo-download data, checkout data, timestamps, and approximate location derived from IP address. These recipients may process such information under their own terms and privacy policies for advertising measurement, attribution, ad delivery, retargeting, audience matching, platform security, and reporting.

We may also disclose information in business transfers, to comply with law, to protect rights and security, to enforce agreements, to prevent fraud or piracy, or with your direction.

09No Sale of Personal Information for Money; Advertising Sharing

Cipher does not sell personal information for money. However, when Cipher uses advertising pixels, advertising cookies, retargeting technologies, or server-side advertising event APIs, certain disclosures to advertising platforms may be considered a "sale," "sharing," or "targeted advertising" under California and other U.S. state privacy laws, even if no money is exchanged.

Cipher will provide required notices and choices where applicable, including a mechanism to opt out of sale, sharing, and targeted advertising, and will honor legally required opt-out preference signals such as Global Privacy Control where required. If you opt out, Cipher will not use your personal information for cross-context behavioral advertising or targeted advertising through those technologies, except as permitted by law.

10International Transfers

We are based in the United States, and personal information may be processed in the United States and other countries with laws different from your jurisdiction. Where required for EEA, UK, or Swiss transfers, we use appropriate transfer mechanisms such as Standard Contractual Clauses, adequacy decisions, transfer-risk assessments, and supplementary measures where applicable.

11Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including license and purchase records for the life of the license plus a reasonable period for support, fraud prevention, accounting, and legal claims; tax and accounting records as required by law; support records for a reasonable period after resolution; security logs typically for 180 days unless needed for investigation; download and activation records for the life of the license plus a reasonable enforcement period; influencer/referral records as needed for payout, tax, fraud-prevention, and dispute purposes; consent and privacy-preference records for as long as needed to evidence and honor choices; advertising event records for the shorter period reasonably needed for measurement, attribution, suppression, and compliance or the retention period configured with the relevant advertising platform; and backups until overwritten in the ordinary course.

12Security

We use reasonable technical and organizational safeguards designed to protect personal information, such as TLS in transit, access controls, least-privilege practices, encryption or hashing where appropriate, logging, vendor review, and security monitoring. No system is 100% secure. You are responsible for keeping your License Key, email account, devices, DAW environment, and backups secure.

13Your Privacy Rights

Depending on your location, you may have rights to access, know, correct, delete, restrict, object, port, withdraw consent, opt out of certain sharing, sales, targeted advertising, profiling, limit use of sensitive information, and appeal a privacy decision. To exercise rights, email privacy@cipheraudio.io with "Privacy Request" and enough information to verify and process the request.

You may opt out of advertising cookies, retargeting, sale, sharing, or targeted advertising through the cookie/privacy settings made available on cipheraudio.io, by using any "Do Not Sell or Share My Personal Information" or similar link provided on the website, by enabling a legally recognized opt-out preference signal such as Global Privacy Control where required, or by contacting privacy@cipheraudio.io.

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect processing that occurred before withdrawal. Cipher will respond to privacy requests within legally required timeframes and will not discriminate against you for exercising privacy rights.

14California and U.S. State Privacy Notice

For U.S. state privacy laws that apply, categories collected may include identifiers, commercial information, internet or electronic activity, approximate geolocation inferred from IP address, inferences related to fraud prevention or product usage, and advertising or conversion-measurement information where advertising technologies are enabled.

Cipher may disclose identifiers, internet or electronic activity, approximate geolocation, commercial information, hashed customer information, cookie or pixel identifiers, click identifiers, and event data to advertising networks, social networks, analytics providers, and advertising technology providers for advertising measurement, attribution, ad optimization, audience creation, retargeting, and targeted advertising.

Cipher does not sell personal information for money. Cipher may "share" personal information for cross-context behavioral advertising or process personal information for "targeted advertising" when advertising pixels, cookies, or server-side advertising APIs are enabled. Cipher provides the right to opt out of sale, sharing, and targeted advertising where required. Cipher honors legally required opt-out preference signals, including Global Privacy Control, where applicable.

Cipher does not knowingly collect, sell, or share personal information of children under 16. Cipher does not use sensitive personal information for purposes requiring a right to limit unless stated otherwise. Purposes, retention, and disclosures are described in this Privacy Policy.

15Marketing Communications

Cipher does not expect to operate a newsletter at launch. If Cipher later sends marketing emails, it will do so only where permitted by law and applicable consent or opt-out rules. You may unsubscribe using the link in marketing emails or by contacting privacy@cipheraudio.io. We may continue sending transactional or service messages, such as receipts, license delivery, demo delivery, support responses, security notices, and policy notices.

16Children

The services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child provided personal information, contact privacy@cipheraudio.io so we can take appropriate action.

17Third-Party Links

Our services may link to third-party sites, stores, DAWs, processors, communities, advertising platforms, or social platforms. Their privacy practices are governed by their policies, not ours.

18Changes to This Policy; Contact

We may update this Privacy Policy from time to time. The Last Updated date identifies the current version. Material changes will be communicated through reasonable means, such as website notice, email, checkout notice, consent banner notice, or in-product notice where appropriate.

This Version 4.1 update discloses Cipher planned use of advertising pixels, advertising cookies, server-side advertising event APIs, retargeting, advertising measurement, and related consent and opt-out controls. Non-essential advertising technologies must be implemented only after Cipher deploys the required consent and opt-out mechanisms.

Contact: Cipher Audio LLC, c/o ZenBusiness Inc., Registered Agent, 336 E. College Ave., Suite 301, Tallahassee, FL 32301; privacy@cipheraudio.io.

End of Privacy Policy.