// SciPHR LLC privacy policy, formatted in the brand-aligned page layout.
function PolicyLink({ href, children }) {
return (
{children}
);
}
function PrivacyPage() {
const privacyEmail = 'privacy@sciphr.io';
const privacyHref = SP_LINKS.emailPrivacy || 'mailto:privacy@sciphr.io?subject=Privacy%20Policy';
const sections = [
{
n: 1, title: 'Information we collect',
body: (
<>
We collect information needed to operate the SciPHR website, the
xCIPHR app, identity services, support, security, and communications.
a. Information you provide
- Email address when signing up for early access or newsletters
- Name, company, support requests, deletion requests, or feedback submitted via forms or outreach
b. Wallet and identity data
- XRPL wallet address and public account status
- DID, xCIPHR identifier, DID document, and public identity metadata used for discovery or authentication
- Public XRPL transaction data, including wallet setup, NFToken minting, DID updates, signer-list, recovery, and ledger-operation records
- NFT metadata, token IDs, token URIs, content-addressed CIDs, hashes, or other on-chain references associated with a xCIPHR identity
- Encrypted master-envelope references and recovery configuration metadata needed to verify or restore identity, but not plaintext wallet secrets
c. Security and diagnostic data
- IP address, browser or user agent, device model, operating system, app version, language, and general network or region metadata
- Device or installation identifiers, push tokens, or similar non-advertising identifiers if generated or needed for app security, notifications, fraud prevention, or diagnostics
- Authentication logs, including challenge IDs, timestamps, public identifiers, success or failure status, IP address, and user agent
- Crash logs, diagnostic logs, performance data, and support logs when enabled by the app platform, diagnostics provider, or user
- Website usage data through cookies, Cloudflare Web Analytics, or similar analytics tools when enabled
),
},
{
n: 2, title: 'How we collect information',
body: (
<>
We collect information in these ways:
- Directly from you when you submit a form, email us, request support, or request deletion
- Automatically from the website, app, servers, security systems, and diagnostics tools
- From Apple, TestFlight, App Store systems, or crash-reporting providers when you install, test, or report app issues
- From public networks and infrastructure, including the XRP Ledger, XRPL nodes, IPFS or other content-addressed storage, and public block explorers
),
},
{
n: 3, title: 'How we use your information',
body: (
<>
Your data is used to:
- Provide the website, xCIPHR app, identity creation, account recovery, authentication, and support services
- Prepare unsigned XRPL transactions, verify submitted signed transactions, and return ledger status
- Maintain security, prevent abuse, investigate errors, and protect users and SciPHR infrastructure
- Respond to direct inquiries, support requests, deletion requests, or legal requests
- Send opt-in updates, newsletters, TestFlight communications, or service notices
- Improve website experience, app reliability, accessibility, diagnostics, and technical performance
We will never sell your
personal data or share it with third parties for their own advertising or marketing.
),
},
{
n: 4, title: 'Non-custody and biometrics',
body: (
<>
SciPHR is designed as a non-custodial system.
- SciPHR does not collect private keys, seed phrases, recovery-code plaintext, biometric templates, or wallet secrets.
- User wallet keys are generated and held on the user's device. SciPHR backend systems do not become user-wallet signing keys.
- Encrypted master-key recovery envelopes, if stored, are storage-only. SciPHR is not intended to decrypt them or use them to sign transactions.
- Biometric authentication is handled by the device operating system and Apple platform controls. SciPHR receives authentication results, not biometric templates.
You should never send SciPHR your private key, seed phrase, recovery
secret, or biometric data.
),
},
{
n: 5, title: 'On-chain and public data',
body: (
<>
XRPL transactions, NFT metadata, DID references, wallet addresses,
token IDs, hashes, and other on-chain references are public by design.
- Public blockchain data may be permanent, replicated, indexed, and visible to anyone.
- SciPHR cannot delete, hide, or modify confirmed XRPL ledger data or copies held by block explorers, XRPL nodes, IPFS nodes, or other third parties.
- Users should not place sensitive plaintext personal data in public wallet metadata, NFT metadata, DID documents, transaction memos, or other on-chain fields.
),
},
{
n: 6, title: 'Email and communication practices',
body: (
<>
- Emails are opt-in only.
- Every email we send includes an unsubscribe link.
- You can opt out at any time by using the unsubscribe link or contacting us.
We maintain email logs for compliance and abuse prevention purposes,
but we do not track individual user behavior beyond delivery and
engagement metrics unless explicit consent is given.
),
},
{
n: 7, title: 'Third-party services',
body: (
<>
We use service providers only where needed to operate SciPHR. They may
process data on our behalf or, for public networks, independently
process public ledger data.
- Hosting, CDN, infrastructure, database, storage, and security providers
- Email, support, forms, and communications providers
- Analytics, crash-reporting, diagnostic, logging, and monitoring providers when enabled
- Apple, TestFlight, App Store, and platform services for app distribution, beta testing, diagnostics, and device-level controls
- XRPL nodes, validators, block explorers, IPFS nodes, content-addressed storage, and related blockchain infrastructure
We do not sell personal data. Service providers are expected to use
data only to provide services to SciPHR or as otherwise required by law.
),
},
{
n: 8, title: 'Retention and deletion',
body: (
<>
We retain personal data only as long as needed for the purpose it was
collected, to provide the service, maintain security, comply with law,
resolve disputes, or enforce agreements.
- Marketing contacts are retained until you unsubscribe or request deletion.
- Support and deletion-request records are retained as needed to complete and document the request.
- Authentication, security, diagnostic, and server logs are retained for limited operational, fraud-prevention, audit, and legal purposes.
- Account data can be deleted or de-identified from SciPHR-controlled systems after a verified deletion request, subject to legal, security, and abuse-prevention needs.
You can request account deletion or deletion of personal data by
contacting {privacyEmail}.
We can delete or de-identify data from SciPHR-controlled systems, but
we cannot delete confirmed XRPL transactions, public NFT records,
public DID references, or copies held by public blockchain, IPFS, node,
explorer, or archival systems.
),
},
{
n: 9, title: 'Consent and controls',
body: (
<>
You can revoke consent or change many privacy settings directly:
- Use unsubscribe links to stop marketing emails.
- Use browser settings to block or delete cookies and similar storage.
- Use iOS settings to control app permissions, notifications, diagnostics sharing, Face ID, Touch ID, and Apple platform controls.
- Delete the app from your device to stop device-local app processing, while recognizing that public blockchain data remains public.
- Contact {privacyEmail} to revoke consent, ask questions, or request deletion from SciPHR-controlled systems.
Some controls may limit or disable parts of the service, especially
authentication, security, notifications, recovery, and account support.
),
},
{
n: 10, title: 'Your rights',
body: (
<>
Depending on your location, you may have rights under applicable data
protection laws, including:
- The right to access or correct your data
- The right to request deletion or restrict processing
- The right to data portability or to object to specific use cases
- The right to withdraw consent where processing is based on consent
We will verify and honor valid requests within required timeframes.
Submit requests at {privacyEmail}.
),
},
{
n: 11, title: 'Cookies and tracking',
body: (
We may use cookies, local storage, server logs, Cloudflare Web Analytics,
or similar tools to enhance site performance, protect the service, and
understand general usage trends. You can manage cookie preferences
through your browser settings. We do not use website analytics to collect
wallet private keys, seed phrases, biometric templates, or wallet secrets.
),
},
{
n: 12, title: 'Data security',
body: (
We apply reasonable technical, organizational, and cryptographic
safeguards to protect your data from unauthorized access or misuse.
SciPHR is built with privacy-first principles, and this extends to our
operational and communication stack.
),
},
{
n: 13, title: 'Policy updates',
body: (
We may update this policy from time to time. The latest version will
always be available at{' '}
sciphr.io/privacy,
with the effective date listed at the top.
),
},
{
n: 14, title: 'Contact',
body: (
For any questions or requests regarding this policy or your data,
contact: {privacyEmail}.
),
},
{
n: 15, title: 'Affiliate links',
body: (
Some links on this site may earn a commission if you click or make a
purchase.
),
},
];
return (
› Effective date
June 11, 2026
·
SciPHR LLC ("SciPHR", "we", "our", or "us")
{sections.map(s => (
{s.body}
))}
Questions about how we handle your data? Email{' '}
{privacyEmail}
{' '}or reach out via the contact form on the homepage.
);
}
const root = ReactDOM.createRoot(document.getElementById('root'));
root.render();