Privacy policy

Welcome to CHIFFRY!

We, Chiffry GmbH, Ernst-Thälmann-Str. 39, 06179 Teutschenthal, Germany, attach great importance to the protection of your data and the preservation of your privacy in accordance with the principles and requirements of the European General Data Protection Regulation (EU GDPR). We therefore inform you below about the collection and use of personal data when using our website and the "Chiffry Secure Messenger" communication app. Unless otherwise stated below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies if no other information is provided in the following processing operations. "Personal data" means any information relating to an identified or identifiable natural person.

1.1 Server log files

You can visit our website without providing any personal information. Every time you access our website, usage data is transmitted by your Internet browser and stored in log data (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the amount of data transferred and the requesting provider. This data is used exclusively to ensure the trouble-free operation of our website and to improve our services. It is not possible to assign this data to a specific person. This site does not use cookies. Nor does it use any other techniques that serve to track the access behaviour of users. The IP address of the computer from which the enquiry was sent is not stored. Personalised user profiles can therefore not be created.

1.2 Collection and processing when using the contact form

When you use the contact form, we only collect your personal data (name, e-mail address, message text) to the extent that you have provided. The data processing serves the purpose of establishing contact. By sending your message, you consent to the processing of the transmitted data. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. We will only use your email address to process your enquiry. Your data will then be deleted unless you have consented to further processing and use.

1.3 Customer account

When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your customer account will then be deleted.

1.4 Collection, processing and use of personal data for orders

When you place an order, we collect and use your personal data only to the extent necessary to fulfil and process your order and to process your enquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. The processing is carried out on the basis of Art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract with you. Your data will not be passed on to third parties without your express consent. The only exceptions to this are our service partners that we need to fulfil the contractual relationship or service providers that we use as part of order processing. In addition to the recipients named in the respective clauses of this privacy policy, these are, for example, recipients of the following categories Shipping service providers, payment service providers, merchandise management service providers, service providers for order processing, web hosts, IT service providers and dropshipping retailers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to a minimum.

1.5 Use of the e-mail address for sending newsletters

We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters, provided you have expressly consented to this. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list.

1.7 Use of YouTube

On our website, we use the function for embedding YouTube videos from YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube"). YouTube is a company affiliated with Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The function displays videos stored on YouTube in an iFrame on the website. The "Extended data protection mode" option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. For more information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy, please refer to YouTube's privacy policy:

1.8 Duration of storage

Once the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular under tax and commercial law, and then deleted after expiry of the period, unless you have consented to further processing and use.

1.9 Rights of the data subject

If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability. You also have the right to object to processing based on Art. 6 (1) f GDPR and to processing for the purposes of direct marketing in accordance with Art. 21 (1) GDPR. Please contact us if you wish. You can find the contact details in our legal notice.

1.10 Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully.

2.0 Use of the "Chiffry Secure Messenger" app

To enable you to use the Chiffry Secure Messenger communication platform, we require personal data from you. This data is used exclusively to fulfil the Chiffry user contract. The legal basis for data processing is set out in Art. 6 para. 1 lit. b GDPR. It includes the processing of your data for the fulfilment of a contract to which you are a party. Further information can be found below.

2.1 Collection and processing of data during registration

To register a Chiffry user account, the mobile number and optionally the profile picture are recorded via the Chiffry Secure Messenger. The mobile number is stored hashed on the Chiffry server. You can also use Chiffry Secure Messenger without access to your contacts. If you register with Chiffry and explicitly authorise access to the phonebook contacts on your smartphone, these will be hashed and transferred to the server for comparison and then deleted again. Contacts who have saved your number in their phone book and who also use Chiffry Secure Messenger will be informed of your registration when they search for it.

2.2 Collection and processing of data for the use of Chiffry Secure Messenger

Chiffry Secure Messenger stores your login data (mobile number and certificate) in encrypted form locally on your device so that you can log in permanently. Your communication data is also stored locally and encrypted on your device in Chiffry Secure Messenger. When using the Chiffry Secure Messenger communication app, we only collect and store the user's telephone number in encrypted form on our servers for the entire duration of use. These servers are located in an ISO 27001-certified data centre in Germany. Voluntary details such as "profile picture", "status text" and "last online" are optional and are only collected and also stored in encrypted form if the user activates these options and enters them in their CHIFFRY profile. This information can be changed (anonymised) or deactivated by the user at any time. In accordance with contractual agreements, registration can be carried out using an anonymised user ID instead of the telephone number. All messages and phone calls are transmitted end-to-end encrypted using the "client-to-client encryption" principle. This means that all messages are encrypted on the sender's device, then transmitted to the recipient's device and only decrypted there. During transmission, this data is temporarily stored on the server in encrypted form. After successful delivery, these messages are deleted from the server. Messages that have not been delivered are deleted after 21 days. The header information of the respective messages (about the content, e.g. whether a message contains an image or text) is also transmitted in encrypted form. Encrypted telephone calls are transmitted without intermediate storage. Telephone numbers from the address book are encrypted one-way ("hashed") by the user during synchronisation of the contacts and are also transmitted to the servers securely using the Chiffry TLS protocol. The servers keep these hashes in the working memory for a short time for synchronisation and delete them again immediately after the list of matching IDs has been determined. At no time are the hashes or the results of the synchronisation written to a storage device. The user has the option of sending their messages to the CHIFFRY team via the CHIFFRY communication channel. This information is transmitted anonymously and is also encrypted. Your telephone number will be stored in encrypted form for the duration of the processing of your enquiry and then deleted. These messages will be taken into account in the further development of CHIFFRY. If errors or crashes occur, a system message is generated about the cause of the error. This message can also be edited by the user and sent to CHIFFRY support in encrypted form or deleted. Furthermore, Chiffry GmbH uses this channel to transmit important usage information to Chiffry users. A user account can be deleted by the Chiffry user themselves under the profile settings in Messenger. All applicable data will also be completely removed from our servers.

2.3 Use of GoogleMaps, Apple Maps, Bing Maps in Chiffry Secure Messenger

In our Chiffry Secure Messenger for Android, we use the function for embedding GoogleMaps maps from Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"), for iOS the function for embedding AppleMaps maps from Apple Inc (One Apple Park Way, Cupertino, California, USA, 95014) and for Windows Phone the function for embedding BingMaps maps from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). The function enables the visual display of geographical information and interactive maps. Google, Apple and Microsoft also collect, process and utilise user data when the functions in which the corresponding maps are integrated are called up. This is primarily position data. None of the aforementioned map services have access to Chiffry Secure Messenger-related data such as telephone number, profile pictures, status information or the content of messages sent. You can find more information on the collection and use of data by the specified map services in Google's privacy policy at from Apple at from Microsoft at Under the link provided for Google, you also have the option of changing your settings in the data protection centre so that you can manage and protect your data processed by Google. Your data may also be transferred to the USA. The European Commission has issued an adequacy decision for data transfers to the USA. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Art. 6 (1) f GDPR. However, we would like to point out that in this case you will not be able to use all the functions of Messenger, such as sending items. Optionally, we also offer Chiffry Secure Messenger with other map services, such as OpenStreetMaps. Please contact us if you require this.

3.0 Responsible body

If you have any questions about the processing and storage of your personal data by Chiffry GmbH, you can contact us at any time. Please use the following contact options:

Postal address:
Chiffry GmbH
Ernst-Thälmann-Str. 39
06179 Teutschenthal

Phone: +49/345/2317352

Last update: 15.07.2021

+49 (0) 345/ 2317352