Privacy Policy

1. Introduction

CipherX Technologies Ltd is committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, use our online store, purchase a Microdot Tattoo product, receive a redemption code, book an appointment, complete a waiver, attend a CipherX pop-up or event, receive a Microdot Tattoo application, contact us, submit a complaint, subscribe to marketing, or otherwise interact with us.

CipherX Technologies Ltd is a company registered in England and Wales under company number 13607960, with its registered address at Scale Space Building, 58 Wood Lane, London W12 7RZ, United Kingdom.

In this Privacy Policy, “CipherX”, “we”, “us”, and “our” refer to CipherX Technologies Ltd.

We process personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and other applicable UK laws.

2. Who is responsible for your personal data?

CipherX Technologies Ltd is the data controller for the personal data described in this Privacy Policy. This means we decide how and why your personal data is used.

We have not appointed a Data Protection Officer. Questions about this Privacy Policy or how we use your personal data should be sent to:

Email: support@cipherx.tech

Postal address: CipherX Technologies Ltd, Scale Space Building, 58 Wood Lane, London W12 7RZ, United Kingdom

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection matters. We would appreciate the opportunity to respond to your concerns first, so please contact us before raising a complaint with the ICO.

3. Personal data we collect

We may collect and use different types of personal data depending on how you interact with us.

3.1 Identity and contact data

This may include your name, email address, billing address, and other contact details you provide to us.

At launch, our online store uses guest checkout. We may introduce customer accounts in the future. If we do, we may also process account login details, account preferences, and account history.

We do not currently collect phone numbers as part of our standard online checkout flow.

3.2 Order and transaction data

When you place an order, we may collect information about the product you purchased, your order number, billing details, payment status, discount codes used, refund status, order history, customer communications, and related purchase records.

We do not directly store full payment card details. Payments are processed through third-party payment providers, including Shopify Payments, which is powered by Stripe. Apple Pay and Google Pay may also be available through Shopify Payments. We may add PayPal, Shop Pay, or other payment options in the future.

3.3 Booking and redemption data

When you purchase a Microdot Tattoo product, you may receive a digital QR code or equivalent redemption mechanism. This may be issued through Shopify or a related store function.

When you redeem your purchase, we may collect booking information, appointment details, waiver completion status, redemption status, and operational information needed to provide the Microdot Tattoo application.

Our current process may involve online purchase, QR-code issuance, waiver completion, appointment booking through Jotform, internal scheduling through Google Calendar, data matching through Google Sheets, in-person age eligibility checks, staff-assisted application at a physical pop-up or event, and application record collection through AppSheet or our internal systems.

3.4 Application and product traceability records

When a Microdot Tattoo is applied, we may record operational and traceability information. This may include the QR code or order reference, tattoo design, application site, patch used, applicator used, date of application, staff member involved, and other product or application details.

We use this information for product traceability, quality management, customer support, complaint handling, safety monitoring, insurance, legal purposes, and continuous improvement of our products and services.

3.5 Age eligibility information

Microdot Tattoo application is only available to individuals aged 18 or over.

We may ask customers or recipients to confirm that they are aged 18 or over before purchase, booking, waiver completion, or application. The person receiving the Microdot Tattoo may be different from the person who purchased it.

At physical pop-ups or events, if a recipient appears under 25, our staff may visually check their ID before proceeding.

We do not retain copies of ID documents, ID document numbers, ID type, or dates of birth. We may record a minimal confirmation that age eligibility has been confirmed.

3.6 Waiver and safety eligibility information

Before receiving a Microdot Tattoo application, recipients may be asked to complete a waiver confirming that they are aged 18 or over, understand the application process, agree to follow aftercare instructions, and do not have any condition, circumstance, or skin issue that would make Microdot Tattoo application unsuitable.

We aim to collect only minimal safety eligibility information. Our preferred waiver approach is a negative confirmation, for example:

“I confirm that I am aged 18 or over and do not have any condition, circumstance, or skin issue that would make Microdot Tattoo application unsuitable for me.”

We do not ask recipients to provide detailed medical history unless this becomes necessary for safety, complaint handling, product traceability, insurance, or legal purposes.

Where waiver, safety screening, customer support, complaint, or adverse reaction information includes health-related information, this may constitute special category data under UK data protection law. We process this information only where necessary and with appropriate safeguards.

3.7 Marketing and communications data

If you subscribe to marketing communications, we may collect your email address, marketing preferences, subscription status, email engagement information, and records of whether you have opted in or opted out.

We currently use Mailchimp for marketing communications. We may use other marketing or customer communication tools in the future.

You can unsubscribe from marketing at any time by using the unsubscribe link in our emails or by contacting us at support@cipherx.tech.

3.8 Reviews, testimonials, photos, and media

You may choose to provide reviews, testimonials, photos, videos, social media posts, or other user-generated content.

We may also curate testimonials or link to public content from platforms such as Instagram, TikTok, or other social media platforms.

Where we wish to use your name, image, testimonial, photo, video, or content for marketing, website, social media, PR, or promotional purposes, we will seek appropriate permission or consent where required.

3.9 Website, analytics, and cookie data

When you visit our website or online store, we may collect technical and usage information. This may include your IP address, browser type, device information, pages visited, interaction data, approximate location, and cookie or similar technology data.

Some cookies are necessary for the website and checkout to function properly. Other cookies or similar technologies may be used for analytics, performance measurement, website improvement, personalisation, marketing, advertising, retargeting, or heatmap analysis.

We currently use Shopify’s native cookie banner. We may use Shopify analytics and may introduce tools such as Google Analytics or Microsoft Clarity in the future.

Where required by law, we will only use non-essential cookies and similar technologies with your consent. You can manage your cookie preferences through our cookie banner or your browser settings.

3.10 Customer support and complaints data

If you contact us, including by email at support@cipherx.tech, we may collect your name, contact details, order details, application details, complaint details, correspondence, and information needed to investigate and respond.

If a complaint relates to product performance, irritation, adverse reactions, application outcomes, or other safety-related matters, the information may include health-related or special category data.

We retain complaints and adverse reaction reports where necessary for customer support, product safety, quality management, insurance, legal, and regulatory purposes.