Cookies Policy

Entity: Sryptos Labs (“Sryptos”, “we”, “our”, or “us”)

Applies to: All users of the Sryptos website, web application, and associated online services (collectively, the “Service”).

1. Introduction

At Sryptos, your privacy and digital autonomy are fundamental principles of our platform. We design every part of our Service to minimize personal data collection, ensure end-to-end encryption (E2EE), and eliminate unnecessary tracking technologies.

This Cookies Policy explains how and why cookies and similar technologies may be used when you visit our website or use the Sryptos platform. It describes what cookies are, how we classify them, what minimal technologies we may employ for functionality or security, and your options for managing or refusing cookies.

Sryptos is built to operate primarily without tracking or advertising cookies, and our systems are designed to process the least amount of information possible while maintaining performance and security. However, some minimal, strictly necessary technologies may be used to enable core site functionality (such as remembering theme preferences or maintaining login sessions).

2. What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet, etc.) by a website when you visit it. They are widely used to make websites function efficiently, improve user experience, and provide insights into how visitors use the site.

Cookies may be:

• Session Cookies: Temporarily stored while you browse a site and deleted when you close your browser.
• Persistent Cookies: Remain on your device for a set period or until manually deleted.
• First-Party Cookies: Created by the website you’re visiting.
• Third-Party Cookies: Created by external domains that integrate services (such as analytics or social media plugins).

While cookies are common tools for personalization or advertising, Sryptos does not use cookies for profiling, tracking, or marketing purposes.

3. Sryptos’ Privacy-First Approach

Sryptos follows a cookie-minimization and privacy-by-design philosophy:

• No tracking or analytics cookies. We do not use Google Analytics, Meta Pixel, or similar third-party analytics tools.
• No advertising cookies. We never use cookies to display personalized or behavioral ads.
• End-to-End Encryption. Your communication is encrypted on your device before being transmitted, so no cookie can ever access or reveal message content.
• Local storage preference over cookies. We prefer using secure local storage in your browser for essential operational data (like theme mode, guest session keys, or cached encryption tokens).
• Full transparency. Any technical mechanism used for remembering a setting or improving reliability is disclosed in this policy.

4. Types of Cookies and Similar Technologies We Use

Even though Sryptos is largely cookie-free, some limited technologies may be used to provide essential service functionality.

We classify them as follows:

4.1 Strictly Necessary Cookies

These are required for the website or app to function properly and cannot be disabled via consent banners. They:

• Maintain login sessions or guest tokens.
• Enable security checks such as CSRF (Cross-Site Request Forgery) protection.
• Remember your cookie consent or theme preference (light/dark mode).

Examples:

• session_id – Temporary session identifier for maintaining a secure session.
• csrf_token – Protects against unauthorized requests.
• consent_status – Records whether you accepted or rejected cookies.

Duration: Most expire when you close your browser; some persist for up to 12 months for user convenience.

Lawful Basis: Legitimate interest under Article 6(1)(f) GDPR (ensuring secure and reliable service delivery).

4.2 Functional Cookies

Functional cookies enhance usability but are optional. Sryptos may use these only to:

• Remember your display preferences.
• Retain accessibility settings (font size, contrast).
• Store your language selection.

No personal information or tracking identifiers are stored.

Duration: Typically between session-based and 6 months.

Lawful Basis: Consent under Article 6(1)(a) GDPR.

4.3 Performance or Analytics Cookies

Currently, Sryptos does not use any analytics cookies or third-party measurement tools such as Google Analytics, Matomo, or Mixpanel.

If in the future limited first-party analytics are implemented (for example, to measure system uptime or feature adoption), they will:

• Be aggregated and anonymized.
• Never track individual users.
• Require explicit opt-in consent.

Any change will be reflected in an updated version of this policy.

4.4 Third-Party or External Cookies

Sryptos avoids embedding external scripts that place third-party cookies. However, third-party domains may become involved when you:

• Link a Google or other account (optional login method).
• Access embedded content hosted on other platforms (for example, an external documentation portal or video).
• Use a federated authentication provider.

In these cases, cookies may be set by the third-party service. Sryptos does not control these cookies and recommends reviewing the third party’s privacy and cookie policies before use.

4.5 Local Storage, IndexedDB, and Similar Technologies

In addition to cookies, Sryptos may use local storage or IndexedDB to securely store:

• Encryption keys and chat session data.
• Cached user settings or interface preferences.
• Offline messages (encrypted).

These are entirely stored on your device and never transmitted to our servers unless required for encrypted message delivery. You may clear them manually at any time via your browser’s settings or Sryptos’ in-app “Clear Storage” option.

5. How and Why We Use These Technologies

5.1 To Enable Secure Functionality

Cookies and local storage allow Sryptos to maintain:

• Authentication and session integrity.
• Consistent encryption key exchange between devices.
• Secure delivery of push notifications and messages.

5.2 To Remember User Preferences

We use minimal cookies or local storage to remember:

• Whether you prefer dark or light mode.
• If you have dismissed announcements or legal notices.
• Your language or accessibility settings.

5.3 To Comply with Legal Obligations

Under GDPR and ePrivacy Directive requirements, Sryptos uses cookies strictly within lawful bases — either legitimate interest (security and service reliability) or consent (optional preferences).

6. Cookies That We Do Not Use

We explicitly confirm that Sryptos does not use:

• Advertising or retargeting cookies.
• Third-party marketing pixels or beacons.
• Behavioral profiling identifiers.
• Social media tracking cookies.
• Location-based cookies or geofencing identifiers.

Your activity on Sryptos is not tracked, analyzed, sold, or shared with advertisers — ever.

7. Managing Your Cookie Preferences

Even though Sryptos minimizes cookie usage, you retain full control over all cookies and local storage. You can manage your preferences in two ways:

7.1 Through the Sryptos Cookie Banner

When you first visit our site, a simple banner may appear explaining the minimal cookie use and requesting your consent for any optional functionality. You can:

• Accept all cookies.
• Reject non-essential cookies.
• View detailed information about each category.

Your choice will be stored in a cookie called consent_status so we remember your preference.

7.2 Through Your Browser Settings

All modern browsers allow you to manage or delete cookies manually. You can:

• Delete all cookies after each session.
• Block third-party cookies by default.
• Receive notifications before cookies are set.

Visit your browser’s help section for instructions:

• Chrome: support.google.com/chrome/
• Firefox: support.mozilla.org/
• Safari: support.apple.com/safari
• Edge: support.microsoft.com/microsoft-edge

Disabling all cookies will not break the core Sryptos experience, but certain convenience features (like remembering login state or theme) may reset each time.

8. Legal Basis for Processing (Under GDPR)

Sryptos processes cookie-related data only when one of the following lawful bases applies:

• Consent (Article 6(1)(a)) – For optional or functional cookies.
• Legitimate Interest (Article 6(1)(f)) – For necessary cookies that secure your connection or maintain session integrity.
• Legal Obligation (Article 6(1)(c)) – When required to comply with EU regulations or law enforcement requests.

We never rely on “contract necessity” for non-essential cookie processing.

9. Retention and Expiry

We retain cookies and local storage data for the shortest period necessary. Typical durations:

After expiration, cookies automatically delete or become inaccessible. Users may delete them earlier through settings.

10. Third-Party Services and Integrations

Sryptos is largely self-contained but may use external infrastructure providers that process limited technical data under GDPR-compliant agreements:

• Hosting & Infrastructure: Encrypted message relays and metadata storage (region-limited, no plaintext content).
• Push Notifications: Optional service using anonymized tokens, not identifiable to users.
• Authentication Providers: Only if you voluntarily link a third-party account (e.g., Google).

These services may employ strictly necessary cookies under their own control. Sryptos ensures all partners are bound by Data Processing Agreements (DPAs) with adequate safeguards such as Standard Contractual Clauses (SCCs) for international data transfers.

11. Your Rights Under the GDPR

If you are located in the EU, EEA, or UK, you have the following rights regarding cookies and similar technologies:

To exercise these rights, contact privacy@sryptos.com. We will respond within 30 days in compliance with Article 12 GDPR.

12. Security Measures

Even though cookies are small text files, Sryptos ensures they cannot be exploited:

• Secure flags and HTTPOnly attributes prevent unauthorized access.
• SameSite policies restrict cross-site usage.
• Encrypted identifiers protect session integrity.
• Regular penetration testing validates cookie handling.

Due to the architecture of Sryptos (end-to-end encrypted, minimal backend storage), cookies contain no sensitive information and cannot compromise user privacy.

13. International Data Transfers

If cookie-related data is processed outside the European Economic Area (EEA), we ensure compliance with:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Encryption in transit (TLS 1.3) and at rest (AES-GCM).
• Minimal, non-identifiable technical data transfers.

This ensures your privacy rights remain fully protected, regardless of server location.

14. Children’s Data

Sryptos does not knowingly set cookies for or collect data from individuals under 16 years old. If we learn that we have inadvertently stored information related to a child without parental consent, we will delete such data immediately.

15. Updates to This Cookies Policy

We may update this Cookies Policy periodically to reflect:

• Regulatory changes.
• New security measures.
• Product or infrastructure updates.

Any updates will be published at https://sryptos.com/cookies (or equivalent path), with the “Effective Date” at the top updated accordingly. If material changes occur (for example, introducing optional analytics cookies), we will provide advance notice or seek renewed consent where required by law.

16. Contact Information

If you have questions, concerns, or wish to exercise your data protection rights regarding cookies, please contact us:

• Sryptos Labs
• Email: privacy@sryptos.com
• Security: security@sryptos.com
• Support: support@sryptos.com

If you believe your cookie-related rights have been violated, you may lodge a complaint with your local Data Protection Authority (DPA).

17. Summary for Users (Plain Language)

To make this simpler:

• Sryptos is mostly cookie-free.
• We use only essential cookies to keep the site secure and functional.
• No tracking, ads, or analytics.
• You control all cookies and local storage.
• You can delete everything at any time.
• We comply fully with the EU GDPR and ePrivacy Directive.

Our goal: give you control, not collect your data.

© 2025 Sryptos. All rights reserved. A product of BHK Vision Labs.