Legal

Privacy Policy

CYPHR by NAZO Collective LLC · Effective date: June 22, 2026 · Questions? hello@getcyphr.com

The short version: When you scan an image, it is sent to Google's Gemini API for analysis and immediately discarded — by both Google and CYPHR. We never store, view, or share your images. The only data CYPHR retains about you is your scan count, for billing purposes.

1. Who we are

CYPHR is a Chrome extension and web service operated by NAZO Collective LLC, a Texas single-member LLC. When this policy says "CYPHR," "we," "us," or "our," it refers to NAZO Collective LLC.

Contact: hello@getcyphr.com

2. How CYPHR works — and what that means for your data

When you right-click an image and trigger a scan, CYPHR sends that image to Google's Gemini API — a third-party AI service — to perform the detection analysis. The result (a confidence score and verdict) is returned to your browser and displayed in the extension popup.

CYPHR does not process images on your device. The image travels from your browser to Google's Gemini API servers and back. No image data is stored, logged, or retained by CYPHR at any point in this process.

Google's role: Google's Gemini API may retain prompts and responses for up to 55 days for abuse monitoring and safety purposes. This data is disconnected from your Google Account and API key before any review. Google does not use CYPHR API requests to train its models — logging is strictly opt-in, and CYPHR has not opted in. See Google's Gemini API data logging policy for full details.

3. What data CYPHR collects

Data type	Purpose	Retained by CYPHR?
Scan count per billing period	Enforcing tier limits (Free: 5, Pro: 75, Ultra: unlimited)	Yes — count only, not image content
Email address	Account creation, billing, support	Yes
Subscription status	Determining your tier (Free / Pro / Ultra)	Yes, via Stripe
Image content	Detection (processed by Gemini API)	No — never stored by CYPHR
Image URL	Stored as a one-way SHA-256 hash for deduplication only	Hash only — URL is never stored in readable form
Scan verdict + confidence score	Returned to your browser for display	Only if you have scan history enabled (Pro / Ultra)

4. Third-party services

Google Gemini API

Every scan is processed by Google's Gemini 2.5 Flash model via the Gemini API. By using CYPHR, you acknowledge that image data you submit for scanning is transmitted to Google's servers under Google's terms.

Google does not use CYPHR API data to train its models (opt-in only).
Google may retain API inputs for up to 55 days for abuse detection.
Data is disconnected from identifiers before any human review.

Reference: ai.google.dev/gemini-api/docs/logs-policy

Stripe

Payment processing is handled by Stripe, Inc. CYPHR does not store credit card numbers or payment details. Stripe's privacy policy applies to payment data: stripe.com/privacy.

Clerk

Account authentication is handled by Clerk. Your email and session credentials are managed by Clerk under their privacy policy: clerk.com/privacy.

Supabase

CYPHR uses Supabase (hosted Postgres) to store account data: your email, tier, and scan count. No image content is stored in this database. supabase.com/privacy.

5. What we do not do

We do not sell your data to any third party.
We do not use your scan content for advertising.
We do not use your images to train any AI model (including Gemini — we have not opted in to Google's data sharing program).
We do not store the images you scan.
We do not log or view what images you choose to scan.

6. Data retention

CYPHR retains your account data (email, tier, scan count) for as long as your account is active. If you delete your account, your data is removed from CYPHR's systems within 30 days. Stripe and Clerk may retain billing and authentication records subject to their own retention policies and legal requirements.

Scan verdicts stored in your 30-day scan history (Pro and Ultra) are automatically deleted after 30 days on a rolling basis.

7. Your rights

You may request access to, correction of, or deletion of your account data at any time by emailing hello@getcyphr.com. We will respond within 30 days.

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

8. Security

All data in transit is encrypted via TLS. Database contents are encrypted at rest. We apply the principle of least privilege — CYPHR stores only what it needs to function, nothing more.

9. Children

CYPHR is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us at hello@getcyphr.com.

10. Changes to this policy

We may update this policy as CYPHR's features evolve. Material changes will be communicated via email to registered users. The effective date at the top of this page reflects the most recent revision.

11. Contact

NAZO Collective LLC
Dallas, Texas
hello@getcyphr.com