Legal

Ciphar's legal and policy documents in one place. Everything is written in plain English; nothing is boilerplate copied from a template.

Privacy Policy

What Ciphar collects (almost nothing), what it does not collect, the sub-processors that touch a request, and how long anything lives. The honest version, with no marketing weasel words.

The rules for using Ciphar: acceptable use, what the service is and is not warranted to do, the limit on liability, the operator's jurisdiction, and the explicit list of uses the service is not designed for.

Security Model

The threat model in detail: what is encrypted, what is not, what an attacker who controls the server can and cannot see, the cryptographic primitives in use, and how to report a vulnerability.

Contact

For privacy requests, legal inquiries, vulnerability disclosure, or anything else: contact@ciphar.org.

Operator and jurisdiction

Ciphar is operated by an individual based in the Kingdom of Saudi Arabia. The Privacy Policy and Terms of Service are governed by Saudi law. Where local law in your jurisdiction grants you stronger rights, those rights are preserved.

The documents linked above are provided for transparency and are not legal advice. For binding regulatory obligations, consult counsel in your jurisdiction.