Privacy & Cookie Policy
This policy explains how CipherHunt Ltd ("we", "us", "our", "CipherHunt") collects, uses, shares and protects personal data when you visit our website or get in touch about our services, and your rights under UK data protection law.
It covers visitors to our website and people who enquire about our services. If you go on to become a client, we will give you additional privacy information relevant to the investigation or recovery work we carry out for you (including how we handle identity-verification and due-diligence information).
Who we are
CipherHunt Ltd is the data controller for the personal data described in this policy.
- Data controller: Cipher Hunt Ltd, a company registered in England and Wales (company number 06096307), a wholly-owned subsidiary of Comera Intelligence Ltd.
- Registered office: Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP.
- Data protection contact: privacy@cipherhunt.co.uk.
Having assessed our processing, we are not required to appoint a statutory Data Protection Officer; the contact above handles all data protection matters. This policy is governed by UK data protection law, principally the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) for cookies and marketing.
What data we collect
- Enquiry & contact data you give us through our enquiry form: your name, email address, phone number (if you provide it), the type of enquiry, any message you include, and whether you opt in to marketing.
- Communications: the content of any emails or messages you send us.
- Technical & usage data: IP address, device and browser type, pages visited and referring pages — collected through cookies and analytics, and only with your consent for non-essential cookies (see Cookies below).
Please never include wallet seed phrases, private keys, PINs or passwords in a form message or email — we do not need them to assess an enquiry and will never ask for them by email. Please also avoid including sensitive personal information (such as health details); the website is not intended to collect special category data.
How we use your data and our lawful bases
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Respond to your enquiry and assess whether we can help | Taking steps at your request before entering a contract (Art. 6(1)(b)), and our legitimate interests in responding to enquiries (Art. 6(1)(f)) |
| Manage our relationship with you and keep business records | Legitimate interests; legal obligation |
| Carry out identity verification and due diligence before accepting an engagement | Legal obligation (anti-money-laundering law); legitimate interests |
| Send you marketing (occasional updates on crypto fraud trends and our services) | Consent (Art. 6(1)(a)) — only if you opt in; you can withdraw at any time |
| Measure and improve the website | Consent (for non-essential analytics cookies) |
| Provide investigation and recovery services and meet our legal and regulatory duties (if you become a client) | Contract; legal obligation (including anti-money-laundering law) |
We will only send you marketing if you have opted in, and every marketing email includes an unsubscribe link. We do not sell your data or share it with third parties for their own marketing.
Cookies and similar technologies
When you first visit our site we show a cookie banner that lets you accept or reject non-essential cookies. Non-essential cookies are not set until you consent, and you can change your choice at any time by clearing the site data in your browser. We use the following categories:
| Category | Examples | Purpose | Consent needed? |
|---|---|---|---|
| Strictly necessary | A record of your cookie choice, stored in your browser | Remembers your consent decision so we don't ask again, and keeps the site working | No — required for the service |
| Analytics / performance | Google Analytics (_ga, _ga_*) | Measures how the site is used so we can improve it | Yes |
Google Analytics loads only after you accept analytics cookies. We enable IP anonymisation and do not use it for advertising. Google Analytics cookies last up to 2 years; we retain the analytics data for up to 14 months. You can also block or delete cookies through your browser settings, though some parts of the site may not work properly without strictly necessary cookies.
Who we share your data with
We do not sell your data. We share it only with providers who help us run our business, each under a contract that requires them to protect it and use it only on our instructions:
- Fasthosts (UK) — website hosting.
- Zoho Corporation — ZeptoMail (EU) — sends transactional emails, such as the confirmation you receive after making an enquiry.
- Zoho Corporation — Zoho CRM & Zoho Campaigns — manages enquiries and leads and, if you opt in, sends our marketing.
- Google — Google Analytics, used only with your consent.
- Comera Intelligence Ltd (UK) — our parent company, where an enquiry needs the group's wider investigations capability.
We may also disclose data where required by law, by a regulator or law-enforcement body, or to establish, exercise or defend legal claims. If you become a client, we may share data with exchanges, legal partners and authorities as needed to deliver our services — this is covered in your engagement information.
International transfers
Some of our providers process data outside the UK. Where they do, an appropriate safeguard is in place:
| Provider | Role | Location | Safeguard |
|---|---|---|---|
| Fasthosts | Hosting | United Kingdom | No overseas transfer |
| Zoho (ZeptoMail) | Transactional email | European Union | UK adequacy regulations for the EEA |
| Zoho (CRM / Campaigns) | CRM & marketing | International | International Data Transfer Agreement (IDTA) / UK Addendum to the EU Standard Contractual Clauses |
| Analytics | United States / global | UK Extension to the EU–US Data Privacy Framework and/or the IDTA |
Details of the specific safeguards are available on request from our data protection contact.
How long we keep your data
- Enquiries that don't become clients: up to 24 months from your last contact with us, then deleted.
- Marketing contacts: until you unsubscribe or withdraw consent (we also review our list periodically).
- Website analytics: up to 14 months.
- Client records (if you engage us): at least 6 years after our engagement ends, to meet record-keeping obligations including anti-money-laundering law.
We keep personal data no longer than necessary for the purpose it was collected, unless the law requires us to keep it for longer.
How we protect your data
We use technical and organisational measures proportionate to the data we hold: encryption in transit (HTTPS/TLS), reputable service providers, access limited to those who need it, and protections on our forms against spam and abuse. No system is completely secure, but we take reasonable steps to safeguard your information.
Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time where processing is based on consent. To exercise any of these, email privacy@cipherhunt.co.uk. We will respond within one month, and there is normally no charge.
Complaints
If you have concerns about how we handle your data, please contact us first so we can try to put things right. You also have the right to complain to the UK supervisory authority: the Information Commissioner's Office (ICO) — ico.org.uk, helpline 0303 123 1113.
Changes to this policy
We may update this policy from time to time. We will post the updated version here and change the "last updated" date above. Where changes are significant, we will take reasonable steps to highlight them.
Contact us
Cipher Hunt Ltd
Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP
Data protection: privacy@cipherhunt.co.uk