Privacy Policy

Chisu Technologies ("we," "us," or "our") operates Chyra (chyra.chisu.io), a secure document sharing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Account Information

When you create an account, we collect your email address, first and last name, and an optional phone number. Your password is stored as a salted hash and is never stored in plaintext.

Documents

Documents you upload are encrypted at rest using AES-256-GCM encryption with a per-user encryption key. We do not access, read, or analyze the content of your documents. Documents are stored solely to provide the sharing service you request.

Applicant Profile

If you choose to create an applicant profile (address, employment, references, etc.), this information is stored to be shared with recipients you designate through share links. You control which recipients see your profile.

View Tracking Data

When someone views a document you shared, we collect: timestamp of the view, approximate geographic location (country and city derived from IP address), browser user agent, viewing duration, and pages viewed. This data is provided to you so you can monitor access to your documents.

Technical Data

We automatically collect IP addresses, browser type, device information, and referring URLs when you access our service. This is used for security monitoring and service improvement.

• To provide, maintain, and improve the Chyra service
• To process document encryption, storage, and sharing
• To send you notifications about document views (if enabled)
• To authenticate your identity and prevent unauthorized access
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

All documents are encrypted using AES-256-GCM encryption with individual per-user encryption keys. Your encryption key can be rotated at any time from your account settings. Data in transit is protected by TLS 1.2 or higher. Access tokens are stored in memory only and are never persisted to browser storage. Refresh tokens are managed as HTTP-only secure cookies.

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

• With recipients you designate: When you create a share link, the recipient can view the documents and profile information you choose to include.
• Service providers: We use third-party services for hosting (AWS), payment processing (Stripe), and email delivery. These providers only access data necessary to perform their services.
• Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

Your account data is retained as long as your account is active. Documents are retained until you delete them or your account is terminated. View tracking data is retained for the lifetime of the associated share link. If you delete your account, all associated data (documents, share links, view history, and profile information) will be permanently purged within 24 hours.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of non-essential data collection
• Withdraw consent for data processing

To exercise any of these rights, contact us at info@chisu.io.

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To submit a request, contact us at info@chisu.io.

If you are located in the European Economic Area, we process your data based on contractual necessity (to provide the service) and legitimate interest (security and fraud prevention). You have the right to lodge a complaint with your local data protection authority. For data transfer, we rely on standard contractual clauses.

Chyra is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy, contact us at:

Chisu Technologies
Email: info@chisu.io