Privacy Policy

1. Data Controller Statement

CYPRESS INC acts as both a Data Controller (for our direct B2B marketing and client relations) and a Data Processor (when hosting custom client portals and databases for our agency clients). We adhere to stringent security protocols to protect all PII (Personally Identifiable Information).

2. Information Collection

We collect direct communication data (emails, project briefs) when you contact us. For users interacting with our custom software deployments, we log IP addresses, browser agents, and interaction telemetry exclusively for performance monitoring and security auditing.

3. Creative Asset Protection

When developing Digital Asset Management (DAM) systems, any media uploaded during staging or testing is stored in isolated, encrypted AWS S3 buckets. We never use client assets, wireframes, or campaigns for our own marketing without explicit written consent.

4. Third-Party Data Sharing

We do not sell data to brokers. Data is only shared with essential infrastructure providers required to operate the software (e.g., AWS, Vercel, Stripe for payment processing, SendGrid for transactional emails). All vendors undergo our internal SOC2 vendor assessment.

5. Cookie Policy & Telemetry

We use essential cookies to maintain secure sessions within client portals. Non-essential tracking cookies (such as those used for marketing analytics) require explicit opt-in via our consent manager.

6. Data Retention

Staging databases and test environments are securely wiped 30 days after a project is deployed to production. Production data retention is determined by the specific configurations agreed upon in the Client's SOW.

7. User Rights (GDPR/CCPA)

Users have the right to request data access, correction, or deletion. To exercise these rights, or to submit a privacy-related complaint, please contact our Data Protection Officer at connect@cyprestudio.com. We aim to process all requests within 14 business days.