Legal
Privacy Policy
Effective March 13, 2026 · Last updated March 13, 2026
1. Introduction & Scope
Cypher Lab ("we," "us," or "our") is an AI-powered marketing operations agency serving life sciences, biotech, and pharmaceutical companies. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit cypherlab.ai and its subdomains (collectively, the "Site").
We act as a data controller for personal information collected through our own Site. When we process data on behalf of our clients as part of marketing campaign services, we act as a data processor under separate data processing agreements.
By using our Site, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
Information You Provide Directly
- Contact form submissions: first name, last name, email address, company name, area of interest, and optional comments
- Email correspondence: content and metadata of messages you send to us
- Business inquiries: information provided during sales conversations or service requests
Information Collected Automatically
- Device and browser data: device type, operating system, browser type and version, screen resolution
- Network data: IP address, approximate geographic location (city/region level)
- Usage data: pages visited, time spent on pages, referring URL, click patterns, scroll depth
- Cookies and similar technologies: as described in Section 4 below
Information From Third-Party Platforms
When advertising platforms are active on our Site, they may collect data through their own tracking technologies. See Section 5 for details on each platform.
3. How We Use Your Information
We use the information we collect to:
- Respond to your inquiries and provide requested services
- Analyze website performance, understand user behavior, and improve the Site
- Deliver targeted advertising, including retargeting and conversion tracking
- Build audience segments for advertising campaigns
- Prevent fraud and protect the security of our Site
- Comply with legal obligations
4. Cookies & Tracking Technologies
We use cookies and similar technologies to operate, analyze, and improve our Site. The table below describes the categories of cookies we use.
| Category | Provider | Purpose | Duration |
|---|---|---|---|
| Essential | Cloudflare | DDoS protection, performance optimization, bot detection (Turnstile) | Session – 30 days |
| Analytics | Google Analytics (GA4) | Aggregate traffic analysis, page performance, user journey mapping | Up to 14 months |
| Advertising | Google Ads | Conversion tracking, remarketing audiences | 90 days – 540 days |
| Advertising | LinkedIn (Insight Tag) | Conversion tracking, audience building, website demographics | 90 days – 180 days |
Managing Your Cookie Preferences
- Browser settings: Most browsers allow you to block or delete cookies through their settings menu
- Google Ads opt-out: Google Ads Settings
- Google Analytics opt-out: GA Opt-Out Browser Add-on
- LinkedIn opt-out: LinkedIn Guest Controls
- General opt-out: DAA Opt-Out or Your Online Choices (EU)
5. Advertising & Analytics Platforms
Google Analytics (GA4)
We use Google Analytics 4 to understand how visitors interact with our Site. GA4 collects usage data such as pages viewed, session duration, and traffic sources. Data is processed in aggregate and used to improve our content and user experience. Google may use this data in accordance with its own Privacy Policy.
Google Ads
When active, Google Ads conversion tracking helps us measure the effectiveness of our advertising campaigns. Google Ads may use cookies to serve ads based on your prior visits to our Site. You can opt out via Google Ads Settings.
LinkedIn Ads (Insight Tag)
The LinkedIn Insight Tag enables conversion tracking, retargeting, and website audience analytics for our LinkedIn advertising campaigns. LinkedIn may collect professional demographic data about visitors. You can manage your preferences through LinkedIn Ad Preferences. Review LinkedIn's Privacy Policy for full details.
Cloudflare
Our Site is served through Cloudflare, which provides performance optimization, DDoS protection, and bot detection (including Turnstile CAPTCHA). Cloudflare processes limited technical data to deliver these security services. See Cloudflare's Privacy Policy.
6. How We Share Your Information
We may share personal information with:
- Service providers: hosting (Cloudflare), email delivery (Resend), analytics (Google), advertising platforms (Google, LinkedIn), and other vendors who help us operate the Site
- Legal requirements: when required by law, court order, subpoena, or government request
- Business transfers: in connection with a merger, acquisition, or sale of assets, in which case you will be notified
- With your consent: when you explicitly authorize disclosure
Agency role clarification: When we process data as part of client marketing campaigns, we act as a data processor under the client's instructions and a separate data processing agreement (DPA). Client campaign data is governed by the client's own privacy policy.
7. Data Retention
- Contact form submissions: retained for the duration of the business relationship plus 3 years, unless earlier deletion is requested
- Analytics data: retained per Google Analytics default settings (up to 14 months)
- Advertising data: retained per each platform's retention policies (typically 90–540 days)
- Email correspondence: retained as long as reasonably necessary for business and legal purposes
You may request deletion of your personal information at any time by contacting us at [email protected].
8. Your Privacy Rights
All Visitors
Regardless of your location, you may:
- Request access to the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Opt out of marketing communications
European Economic Area, UK & Switzerland (GDPR)
If you are in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation:
- Lawful basis: We process your data based on legitimate interest (site analytics, security), consent (advertising cookies, marketing communications), and contractual necessity (responding to inquiries)
- Right to restrict processing of your personal data
- Right to data portability in a structured, machine-readable format
- Right to object to processing based on legitimate interest
- Right to withdraw consent at any time without affecting prior processing
- International transfers: Data may be transferred to the United States. We rely on Standard Contractual Clauses and platform-specific safeguards to protect data in transit
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority
We will respond to GDPR requests within 30 days.
California (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information we collect, use, and disclose
- Right to delete personal information we hold about you
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing of personal information
- Right to non-discrimination for exercising your privacy rights
Categories of data collected in the past 12 months: Identifiers (name, email, IP address), internet activity (browsing, search, interaction data), professional information (company name, job function), and geolocation data (approximate, derived from IP).
We will respond to CCPA requests within 45 days.
Other U.S. State Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws may exercise similar rights to access, correct, delete, and opt out. Contact us using the information below.
How to Exercise Your Rights
To submit a privacy request, email [email protected] with "Privacy Request" in the subject line. Include your name, the right you wish to exercise, and enough information for us to verify your identity. We may request additional verification before processing your request.
9. Data Security
We implement appropriate technical and organizational measures to protect personal information, including:
- Encryption in transit via TLS/HTTPS on all pages
- Cloudflare DDoS protection and Web Application Firewall
- Bot detection through Cloudflare Turnstile
- Access controls and authentication for internal systems
- Regular review of security practices
No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
10. Children's Privacy
Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will promptly delete it.
11. Third-Party Links
Our Site may contain links to third-party websites, including advertising platform settings pages, client websites, and industry resources. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent changes were made. Material changes will be communicated through a notice on our Site.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
Privacy Inquiries
General Inquiries
Phone
Mailing Address
Cypher Lab
700 El Camino Real, Suite 120
Menlo Park, CA 94025