CipherX Technologies Ltd is committed to protecting your privacy and handling your personal data responsibly.
This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, use our online store, purchase a Microdot Tattoo product, receive a redemption code, book an appointment, complete a waiver, attend a CipherX pop-up or event, receive a Microdot Tattoo application, contact us, submit a complaint, subscribe to marketing, or otherwise interact with us.
CipherX Technologies Ltd is a company registered in England and Wales under company number 13607960, with its registered address at Scale Space Building, 58 Wood Lane, London W12 7RZ, United Kingdom.
In this Privacy Policy, “CipherX”, “we”, “us”, and “our” refer to CipherX Technologies Ltd.
We process personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and other applicable UK laws.
CipherX Technologies Ltd is the data controller for the personal data described in this Privacy Policy. This means we decide how and why your personal data is used.
We have not appointed a Data Protection Officer. Questions about this Privacy Policy or how we use your personal data should be sent to:
Email: support@cipherx.tech
Postal address: CipherX Technologies Ltd, Scale Space Building, 58 Wood Lane, London W12 7RZ, United Kingdom
You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection matters. We would appreciate the opportunity to respond to your concerns first, so please contact us before raising a complaint with the ICO.
We may collect and use different types of personal data depending on how you interact with us.
This may include your name, email address, billing address, and other contact details you provide to us.
At launch, our online store uses guest checkout. We may introduce customer accounts in the future. If we do, we may also process account login details, account preferences, and account history.
We do not currently collect phone numbers as part of our standard online checkout flow.
When you place an order, we may collect information about the product you purchased, your order number, billing details, payment status, discount codes used, refund status, order history, customer communications, and related purchase records.
We do not directly store full payment card details. Payments are processed through third-party payment providers, including Shopify Payments, which is powered by Stripe. Apple Pay and Google Pay may also be available through Shopify Payments. We may add PayPal, Shop Pay, or other payment options in the future.
When you purchase a Microdot Tattoo product, you may receive a digital QR code or equivalent redemption mechanism. This may be issued through Shopify or a related store function.
When you redeem your purchase, we may collect booking information, appointment details, waiver completion status, redemption status, and operational information needed to provide the Microdot Tattoo application.
Our current process may involve online purchase, QR-code issuance, waiver completion, appointment booking through Jotform, internal scheduling through Google Calendar, data matching through Google Sheets, in-person age eligibility checks, staff-assisted application at a physical pop-up or event, and application record collection through AppSheet or our internal systems.
When a Microdot Tattoo is applied, we may record operational and traceability information. This may include the QR code or order reference, tattoo design, application site, patch used, applicator used, date of application, staff member involved, and other product or application details.
We use this information for product traceability, quality management, customer support, complaint handling, safety monitoring, insurance, legal purposes, and continuous improvement of our products and services.
Microdot Tattoo application is only available to individuals aged 18 or over.
We may ask customers or recipients to confirm that they are aged 18 or over before purchase, booking, waiver completion, or application. The person receiving the Microdot Tattoo may be different from the person who purchased it.
At physical pop-ups or events, if a recipient appears under 25, our staff may visually check their ID before proceeding.
We do not retain copies of ID documents, ID document numbers, ID type, or dates of birth. We may record a minimal confirmation that age eligibility has been confirmed.
Before receiving a Microdot Tattoo application, recipients may be asked to complete a waiver confirming that they are aged 18 or over, understand the application process, agree to follow aftercare instructions, and do not have any condition, circumstance, or skin issue that would make Microdot Tattoo application unsuitable.
We aim to collect only minimal safety eligibility information. Our preferred waiver approach is a negative confirmation, for example:
“I confirm that I am aged 18 or over and do not have any condition, circumstance, or skin issue that would make Microdot Tattoo application unsuitable for me.”
We do not ask recipients to provide detailed medical history unless this becomes necessary for safety, complaint handling, product traceability, insurance, or legal purposes.
Where waiver, safety screening, customer support, complaint, or adverse reaction information includes health-related information, this may constitute special category data under UK data protection law. We process this information only where necessary and with appropriate safeguards.
If you subscribe to marketing communications, we may collect your email address, marketing preferences, subscription status, email engagement information, and records of whether you have opted in or opted out.
We currently use Mailchimp for marketing communications. We may use other marketing or customer communication tools in the future.
You can unsubscribe from marketing at any time by using the unsubscribe link in our emails or by contacting us at support@cipherx.tech.
You may choose to provide reviews, testimonials, photos, videos, social media posts, or other user-generated content.
We may also curate testimonials or link to public content from platforms such as Instagram, TikTok, or other social media platforms.
Where we wish to use your name, image, testimonial, photo, video, or content for marketing, website, social media, PR, or promotional purposes, we will seek appropriate permission or consent where required.
When you visit our website or online store, we may collect technical and usage information. This may include your IP address, browser type, device information, pages visited, interaction data, approximate location, and cookie or similar technology data.
Some cookies are necessary for the website and checkout to function properly. Other cookies or similar technologies may be used for analytics, performance measurement, website improvement, personalisation, marketing, advertising, retargeting, or heatmap analysis.
We currently use Shopify’s native cookie banner. We may use Shopify analytics and may introduce tools such as Google Analytics or Microsoft Clarity in the future.
Where required by law, we will only use non-essential cookies and similar technologies with your consent. You can manage your cookie preferences through our cookie banner or your browser settings.
If you contact us, including by email at support@cipherx.tech, we may collect your name, contact details, order details, application details, complaint details, correspondence, and information needed to investigate and respond.
If a complaint relates to product performance, irritation, adverse reactions, application outcomes, or other safety-related matters, the information may include health-related or special category data.
We retain complaints and adverse reaction reports where necessary for customer support, product safety, quality management, insurance, legal, and regulatory purposes.
We collect personal data directly from you when you visit our website, place an order, use a discount code, receive or redeem a QR code, complete a waiver, book an appointment, attend a pop-up or event, receive a Microdot Tattoo application, contact customer support, submit a complaint, sign up for marketing, submit a review, provide a testimonial, share a photo or video, or interact with us on social media.
We may also receive personal data from service providers and platforms we use to operate our store, process payments, manage bookings, record application information, provide customer support, and send marketing communications.
We use your personal data only where we have a lawful basis to do so.
We may use your personal data to operate our website and online store, process orders and payments, issue and manage QR codes or redemption mechanisms, manage appointment bookings, confirm age eligibility, manage waiver completion, provide staff-assisted Microdot Tattoo application, maintain product traceability, handle customer support enquiries, investigate complaints, monitor product performance, improve our products and services, send marketing communications where permitted, display reviews or testimonials where permitted, comply with accounting and tax obligations, comply with legal obligations, and establish, exercise, or defend legal claims.
Our lawful bases may include performance of a contract, compliance with legal obligations, our legitimate interests, your consent, or, where health-related information is involved, an additional special category condition under UK data protection law.
Special category data is personal data that requires additional protection. This includes information about health.
We do not seek to collect detailed medical records or unnecessary health information. However, we may process limited health-related or safety-related information where this is provided through waivers, safety eligibility confirmations, contraindication checks, customer support communications, complaints, adverse reaction reports, or application records.
Where we process special category data, we will identify both a lawful basis under Article 6 UK GDPR and a special category condition under Article 9 UK GDPR.
Depending on the circumstances, we may rely on explicit consent, where you voluntarily provide safety or health-related information for the purpose of receiving a Microdot Tattoo application. We may also rely on processing necessary for the establishment, exercise, or defence of legal claims, or another lawful condition where applicable.
We will only use this information for safety, eligibility, application, complaint handling, quality management, insurance, legal, regulatory, or product traceability purposes.
You will receive marketing emails from us only where you have opted in or where we are otherwise legally permitted to contact you.
You can unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us at support@cipherx.tech.
If you opt out of marketing, we may still contact you about orders, bookings, redemptions, applications, safety matters, complaints, legal notices, or other service-related communications.
Our website and online store use cookies and similar technologies.
Some cookies are necessary for the website and checkout to function properly. These may include cookies required for page navigation, secure checkout, fraud prevention, shopping basket functionality, and order processing.
We may also use optional cookies and similar technologies for analytics, performance measurement, website improvement, marketing, advertising, retargeting, personalisation, or heatmap analysis. These may include tools provided by Shopify, Mailchimp, Google Analytics, Microsoft Clarity, or other service providers we may introduce in the future.
Where required by law, we will only use non-essential cookies and similar technologies with your consent. You can manage your cookie preferences through our cookie banner or your browser settings.
If we introduce new analytics, heatmap, advertising, or tracking tools, we will update our cookie information and consent settings as appropriate.
We may share personal data with trusted third parties where necessary to operate our business, provide our products and services, comply with legal obligations, or protect our rights.
These third parties may include Shopify for online store functionality and checkout; Shopify Payments and Stripe for payment processing; Apple Pay and Google Pay where used for payment; PayPal or Shop Pay if introduced; Jotform for waiver and appointment booking forms; Google Workspace, Google Sheets, and Google Calendar for internal records, scheduling, and operations; AppSheet for application and product-use records; OVH for hosting our in-house quality management system; Mailchimp for marketing emails; professional advisers, including lawyers, accountants, insurers, and auditors; event or operational partners where necessary to provide pop-up or application services; and regulators, public authorities, courts, insurers, or law enforcement where required or permitted by law.
We may also share personal data in connection with a business sale, investment, restructuring, merger, acquisition, licensing arrangement, or transfer of assets, subject to appropriate confidentiality and data protection safeguards.
Some of our service providers may process personal data outside the United Kingdom, including in the EEA, the United States, Canada, or other jurisdictions.
Where personal data is transferred outside the UK, we will take steps designed to ensure that appropriate safeguards are in place. These may include adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.
We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to provide our products and services, maintain business records, comply with legal obligations, support product traceability, investigate complaints, monitor product performance, and establish, exercise, or defend legal claims.
Unless a longer period is required or justified, our standard retention periods are as follows.
Order and transaction records are retained for 6 years.
Booking and redemption records are retained for 6 years where they are linked to an application, complaint, or transaction.
Waiver and application consent records are retained for 6 years from the date of application.
Product traceability and application records are retained for 6 years from the date of application.
Age eligibility confirmation records are retained for 6 years from the date of application. We do not retain ID copies, ID numbers, ID type, or dates of birth.
Complaint and adverse reaction records are retained for 6 years from resolution, or longer where necessary for legal, insurance, regulatory, or product safety reasons.
Marketing consent records are retained until you unsubscribe, plus a suppression record to ensure we do not contact you again.
Photos, videos, reviews, and testimonials are retained until consent is withdrawn or the content is no longer needed for the purpose for which it was collected.
General enquiries and customer support records are retained for up to 2 years after the last interaction, unless they are linked to an order, application, complaint, safety matter, or legal issue.
We may anonymise personal data so that it no longer identifies you. Anonymised data may be used for research, analytics, quality improvement, internal reporting, and business planning.
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
These measures may include access controls, password protection, restricted staff access, confidentiality obligations, internal procedures, secure systems, and supplier due diligence.
Only authorised personnel and service providers may access personal data where they need it for their role or service.
No internet transmission or storage system can be guaranteed to be completely secure. If you believe your interaction with us is no longer secure, please contact us immediately at support@cipherx.tech.
Depending on the circumstances, you may have the right to access your personal data, correct inaccurate or incomplete personal data, request deletion of your personal data, restrict how we use your personal data, object to certain uses of your personal data, request transfer of your personal data, withdraw consent where we rely on consent, and complain to the ICO.
To exercise your rights, contact us at support@cipherx.tech.
We may need to verify your identity before responding to a request. We will normally respond within one month, unless the request is complex or numerous.
You will not usually have to pay a fee to exercise your rights. However, we may refuse to comply with a request or charge a reasonable fee where the request is clearly unfounded, repetitive, or excessive.
Our Microdot Tattoo application services are intended only for individuals aged 18 or over.
We do not knowingly provide Microdot Tattoo application services to individuals under 18. If we become aware that we have collected personal data from a person under 18 in connection with a Microdot Tattoo application, we will take appropriate steps to delete or restrict that data unless retention is required for legal, safety, complaint-handling, insurance, safeguarding, or regulatory reasons.
Our website may contain links to third-party websites, platforms, or social media services, including Instagram, TikTok, or other external platforms.
We are not responsible for the privacy practices of those third parties. You should read their privacy policies before providing personal data to them or interacting with their services.
We may update this Privacy Policy from time to time. The latest version will be posted on our website with the updated date.
Where changes are material, we may take additional steps to notify you, such as displaying a notice on our website or contacting you directly where appropriate.
For questions about this Privacy Policy or how we use your personal data, please contact:
CipherX Technologies Ltd
Scale Space Building
58 Wood Lane
London W12 7RZ
United Kingdom
Email: support@cipherx.tech