// LEGAL
Privacy Policy
How Xocipher collects, uses, and protects your personal data.
Last updated: July 3, 2026
Xocipher ("Xocipher", "I", "me", "we") is operated by an individual developer based in Sweden. This Privacy Policy explains what personal data is collected through xocipher.com (the "Site") and any software distributed from it (the "Tools"), why it's collected, and what rights you have over it under the EU General Data Protection Regulation (GDPR) and applicable Swedish law.
Contents
1. Data Controller
For the purposes of GDPR, the data controller responsible for your personal data is the individual developer operating Xocipher, based in Sweden. Xocipher is operated as an individual. You can reach the controller using the contact details in Section 13.
2. Data We Collect
Xocipher collects only the personal data you choose to give us. Specifically:
- Contact form submissions: name, email address, and the content of any message you send via the contact form on this Site.
- Direct email: if you email us directly, we receive your email address, name (if provided), and message content.
All fonts used on this Site are self-hosted rather than loaded from a third-party font service, so no font-related data is sent to Google or any other font provider.
As of this policy's publication, the contact form is a front-end placeholder and does not yet transmit data to a backend or third-party service. Once it is wired up to an email delivery service, this policy will be updated to name that service.
We do not currently use analytics, advertising trackers, or session-recording tools on this Site. If that changes, this policy will be updated before any such tool goes live.
3. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Art. 6):
- Consent (Art. 6(1)(a)): when you voluntarily submit the contact form or email us.
- Legitimate interest (Art. 6(1)(f)): to respond to your inquiry and operate a functioning, secure website.
4. How We Use Your Data
Personal data you provide is used solely to:
- Respond to your inquiry, message, or request;
- Notify you about tools or updates you've asked to hear about;
- Maintain records of correspondence for our own reference.
We do not sell, rent, or use your data for advertising purposes.
5. Sharing & Third Parties
We do not share your personal data with third parties except where necessary to operate the Site (e.g. hosting infrastructure, such as Cloudflare), or where required by law. If a future version of the contact form uses a third-party form or email delivery service, that provider will be named here before it goes live.
6. International Transfers
Cloudflare is used to host and serve this Site and may process data (such as your IP address) outside the European Economic Area, including in the United States. Where this occurs, Cloudflare relies on its own applicable safeguards (such as EU-US Data Privacy Framework participation or standard contractual clauses). Fonts are self-hosted rather than loaded from a third-party font service, so no separate international transfer occurs as a result of font loading.
7. Data Retention
Contact form and email correspondence is retained only as long as reasonably necessary to respond to your inquiry and keep a record of it, and is deleted or anonymized when it is no longer needed for that purpose, unless a longer retention period is required by law.
8. Your Rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you;
- Request correction of inaccurate data;
- Request erasure of your data ("right to be forgotten");
- Request restriction of processing;
- Object to processing based on legitimate interest;
- Request data portability;
- Lodge a complaint with a supervisory authority: in Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), imy.se.
To exercise any of these rights, contact us using the details in Section 13.
9. Cookies & Tracking
This Site does not currently set its own cookies or use tracking technologies. Fonts are self-hosted, and hosting infrastructure (Cloudflare) may be subject to its own cookie or logging practices, governed by its own privacy policy.
10. Children's Privacy
This Site and the Tools are not directed at children under 16, and we do not knowingly collect personal data from children under that age. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Security
We take reasonable technical measures to protect any personal data we hold. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time, for example as the Tools or contact mechanisms evolve. The "Last updated" date at the top of this page will reflect the most recent revision. Material changes will be reflected here before taking effect.
13. Contact
Questions about this Privacy Policy, or requests relating to your personal data, can be sent to contact@xocipher.com.