Cirrofy
Legal

Privacy Policy

Last updated: 2026-05-12

This policy covers cirrofy.com — the marketing website. The Cirrofy product (cirrofy.app) is not yet generally available; when it launches, a separate product privacy notice will apply.

We're a small team building in public. This page is written plainly first, with formal language underneath each section so it stands up to legal scrutiny later.

Quick summary

In plain English:

  • Our host (Cloudflare) logs your IP address and which page you requested. That's the only data we collect automatically.
  • We don't run analytics, set cookies, or use third-party trackers on cirrofy.com today.
  • If you join the preview waitlist or email us, we keep that information so we can reply and so we can notify you when paid plans launch.
  • You can ask us what we hold about you, ask us to delete it, or ask us to correct it. Write to [email protected].

Who we are

In plain English:

Cirrofy is a small operation building a cloud ERP for small and mid-sized businesses. The legal entity behind the site is in the process of being formalized; once that's done, we'll fill in the details below.

For the purposes of this policy, "Cirrofy" (also "we", "us", or "our") refers to [LEGAL ENTITY NAME], [ENTITY TYPE] with its registered address at [REGISTERED ADDRESS]. The website at cirrofy.com (the "Site") is operated by Cirrofy.

For any question about how we handle personal data, you can reach our privacy contact at [email protected].

What data we collect

In plain English:

Two categories: data the server records automatically when any browser visits a website, and data you give us on purpose — today, just the preview waitlist form (email, optional name, optional "what are you using today" answer).

If you visit from a Philippine IP and land on the root path, your country code is used to redirect you to cirrofy.com/ph. That's it — we don't store it, we don't profile you with it.

Data collected automatically

When you visit the Site, our hosting provider (Cloudflare Pages) logs standard request data, including:

  • Your IP address;
  • Your user-agent string (browser and operating system);
  • The page you requested and the referring URL, if any;
  • The timestamp of the request;
  • Your two-letter country code, derived by Cloudflare from your IP, used solely to route Philippine visitors from the root path to /ph via a redirect rule.

We do not maintain a separate copy of these logs. Retention is governed by Cloudflare's defaults.

Data you provide voluntarily

The Site includes one form: the preview waitlist. When you submit it, we collect:

  • Your email address (required) — used only to notify you when paid plans launch and, occasionally, to ask for feedback about the preview.
  • Your name (optional) — used to address you by name in any reply we send.
  • The "what are you using today" answer (optional, 40 characters) — used as product-research input to help us prioritize what to build.

Along with the form submission, we automatically attach the same request metadata listed above (IP, country, user-agent, timestamp) so we can debug failures and discourage abuse. We do not pass any of this to third-party advertising or analytics services.

If you email us at one of our published addresses (for example [email protected] or [email protected]), we will retain your email and the contents of the correspondence in order to reply.

Why we collect it (legal basis)

In plain English:

We log requests because that's how every web server on the internet works — it lets us serve the page, route Filipino visitors to the right version, and notice if someone's trying to break the site. If you email us, you're consenting to us keeping that email long enough to reply.

We rely on the following legal bases for processing personal data:

  • Legitimate interests — for server logs and country-based routing. The interest is delivering and securing the Site. We balance this against your reasonable expectation that visiting a website produces some technical log data.
  • Consent — for any voluntary data you submit (e.g. emailing us, or, in the future, completing a contact or signup form on the Site). Sending us an email constitutes your consent for us to retain and respond to that email.

These bases are framed to satisfy Article 6 of the EU General Data Protection Regulation (GDPR) and Section 12 of the Philippines Data Privacy Act of 2012, even if you are not located in either jurisdiction.

Who we share it with

In plain English:

Cloudflare hosts the site, so they see request data. That's it for the marketing site. We don't sell data. We don't share it with advertisers. There are no data brokers in this picture.

We share data with the following categories of service providers, only as needed to operate the Site:

  • Cloudflare, Inc. — hosting and content delivery for the Site. Cloudflare receives request data (IP, user-agent, request path, timestamp) as part of serving each page. Cloudflare's own privacy policy is at cloudflare.com/privacypolicy.
  • Payment processor — we have not yet selected a payment processor and no billing data is collected today. When we sign a merchant-of-record contract for paid plans, we will update this policy before billing goes live and identify the provider here.
  • Email-delivery provider — if you submit the preview waitlist, your email is also passed to our outbound email provider (currently set up to use Resend) so that we can send you a notification when paid plans launch. The provider may change; this section is updated whenever it does.

We do not sell personal data. We do not share personal data with advertisers, ad networks, or data brokers. We do not use cross-site tracking pixels or third-party advertising cookies.

We may disclose personal data when required by law, by a valid court order, or to protect the rights, safety, or property of Cirrofy, our users, or the public.

Cookies and tracking

In plain English:

We don't set any cookies. We don't run analytics. There are no pixels, no fingerprinting scripts, no third-party tags. If that changes, this page is updated before the change goes live, and you'll see a consent prompt where the law requires one.

As of the date at the top of this page, cirrofy.com does not set first-party cookies, does not load third-party analytics or advertising scripts, and does not use device-fingerprinting or session-replay tools.

Cloudflare may set short-lived security or load-balancing cookies in response to specific traffic patterns (for example, when challenging suspected bot traffic). These cookies are operational and do not track you across sites.

If we introduce analytics or other tracking in the future, this section will be revised in advance, and where applicable law requires it (e.g. the EU ePrivacy Directive), we will obtain consent before any non-essential cookie is set.

Your rights

In plain English:

You can ask us what we have about you. You can ask us to correct it, delete it, or stop using it. Email [email protected]. We'll reply within 30 days.

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete personal data;
  • Delete your personal data ("right to erasure");
  • Object to or restrict certain types of processing;
  • Portability — receive a copy of your data in a structured, commonly used format;
  • Withdraw consent, where processing is based on consent, at any time and without affecting prior lawful processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may ask you to confirm your identity before acting on a request.

If you are in the European Economic Area or the United Kingdom and you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority. If you are in the Philippines, you may file a complaint with the National Privacy Commission (privacy.gov.ph).

How long we keep it

In plain English:

Cloudflare's request logs are kept per their defaults — we don't keep our own copy. Emails you send us are kept until they're no longer useful for replying or for our records.

We retain personal data only for as long as needed for the purposes set out in this policy:

  • Server logs — retained by Cloudflare per its standard retention schedule. We do not maintain a separate archive.
  • Email correspondence — retained for as long as is reasonably necessary to respond to your message and to keep a record of the interaction. You may request deletion at any time.

Where a legal obligation (tax, regulatory, dispute) requires us to retain certain records longer, we will retain only the minimum data needed and for only as long as that obligation requires.

Children's privacy

In plain English:

Cirrofy is a business product. We don't market to children. If we learn we've collected data from someone under 16, we delete it.

The Site is intended for business users and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us at [email protected] and we will delete it promptly.

International transfers

In plain English:

Cloudflare is a US company with servers around the world. Data routed through them may transit through countries other than your own. That's how the global internet works.

Cloudflare is headquartered in the United States and operates a global edge network. Request data may therefore be processed in jurisdictions outside your country of residence, including the United States. Where applicable law requires safeguards for cross-border transfers (for example, Standard Contractual Clauses under the GDPR), those safeguards are addressed in Cloudflare's own data processing terms.

Contact us

In plain English:

Email is the fastest way. We read every message.

For any privacy-related question, request, or complaint, write to us at:

Changes to this policy

In plain English:

We update this page when something material changes — for example, when we add a contact form, turn on analytics, or change billing providers. Material changes are flagged at the top of the page with a new "Last updated" date, before the change goes live.

We may revise this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted at the top of the page before they take effect. We encourage you to review this page periodically.

This page was last reviewed on 2026-05-12. It is provided for transparency and to describe our actual practices. It is not legal advice. If you need a contract for a specific use case, write to [email protected].