Privacy Policy
Last Updated: April 7, 2026
This Privacy Policy describes how Ciphon (“we,” “us,” or “our”) collects, uses, and protects your information when you use the Ciphon application and website (collectively, the “Service”). By using the Service, you agree to the collection and use of information as described in this policy.
1. Information We Collect
Information You Provide
- Account Information. When you create an account, we collect your name and email address through our authentication provider, Clerk.
- Profile Information. To use the Service, you provide your school or university, major or field of study, academic year, academic or career goal, and optionally your technical skills and a personal hook or background summary.
- Generated Content. We store the cold emails generated through the Service on your behalf, along with any edits you make.
- Conversation Content. If you use the follow-up email feature, you may paste replies you have received from professors. These messages are stored as part of your conversation thread and are sent to our AI provider to generate contextual follow-up emails. You are responsible for ensuring you have the right to share any third-party communications you input into the Service.
Information Collected Automatically
- Usage Data. We collect basic usage information such as email generation timestamps, rate-limiting counters, and account creation dates.
- Cookies and Session Data. Our authentication provider (Clerk) may set cookies necessary for maintaining your login session. We do not use advertising cookies or third-party tracking cookies.
Information We Do Not Collect
- We do not collect payment card details directly. Future payment processing will be handled by a third-party processor.
- We do not use analytics or tracking tools such as Google Analytics, Hotjar, or similar services at this time.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — generate personalized cold emails by combining your profile information with publicly available professor, research, and grant data.
- Process your requests — send your profile data and publicly available academic data to our AI provider (OpenRouter) to generate email content.
- Enforce usage limits — apply weekly email generation caps and cooldown periods.
- Improve the Service — we may use anonymized or aggregated data, including generated email content and user profiles, to refine and improve our AI prompts and email generation quality.
- Communicate with you — respond to support requests or send important service-related notices.
3. Third-Party Services
We share limited information with the following third-party services to operate Ciphon:
| Service | Data Shared | Purpose |
|---|---|---|
| Clerk | Email, name, auth credentials | Authentication & sessions |
| OpenRouter (AI) | Student profile, professor data, conversation content | AI-powered email & follow-up generation |
| Supabase | All stored app data | Database hosting |
| Semantic Scholar | Professor names (queries) | Research paper retrieval |
| Exa | Faculty page URLs | Faculty directory parsing |
| NSF & NIH | University names (queries) | Public grant data retrieval |
We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.
4. Publicly Available Academic Data
Ciphon aggregates publicly available information about professors, including names, titles, departments, email addresses, published research papers, and government-funded grants. This information is sourced from public university faculty directory web pages, the Semantic Scholar academic search engine, the National Science Foundation (NSF) public awards database, and the National Institutes of Health (NIH) RePORTER database. This data is factual, publicly available, and used solely to help students write informed, personalized outreach emails.
5. Data Retention
- Account and profile data is retained for as long as your account is active.
- Generated emails are retained until you delete them or your account is terminated.
- Conversation threads (including professor replies you paste in and AI-generated follow-ups) are retained until you delete the conversation or your account is terminated.
- Cached research papers are retained for 30 days and then automatically refreshed.
- Professor and grant data is retained indefinitely as part of our public-information database.
6. Data Security
We use commercially reasonable measures to protect your information, including encrypted database connections and secure authentication through Clerk. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
7. Your Rights and Choices
- Access and correction. You can view and update your profile information at any time through the Service.
- Email deletion. You can delete individual generated emails from your account at any time.
- Account deletion. You may delete your account through your Clerk account settings. We will make commercially reasonable efforts to delete your associated profile and generated email data from our database within 30 days of account deletion.
- Contact us. To request full data deletion or to exercise any privacy rights, contact us at ciphonai@gmail.com.
8. Children's Privacy
Ciphon is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at ciphonai@gmail.com.
9. Texas and U.S. Privacy Rights
If you are a resident of Texas or another U.S. state with applicable data privacy legislation (such as the Texas Data Privacy and Security Act), you may have additional rights regarding your personal data, including the right to access, correct, delete, or obtain a copy of your data. To exercise these rights, contact us at ciphonai@gmail.com. We will respond to verified requests within the timeframe required by applicable law.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last Updated” date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy, contact us at:
Ciphon
Email: ciphonai@gmail.com