Passpack Privacy Policy

Passpack Privacy Statement
Effective Date: February 17, 2023

Introduction

At Passpack, data privacy is important to us. This Passpack (We, Us or Our) Privacy Policy ("Privacy Policy") details our privacy practices for the activities described in this Privacy Policy and handle your information when you use our website, software and services ("Our Services"). Please take the time to read this Privacy Policy carefully in order to understand how we collect, share, and otherwise process information relating to individuals ("Personal Data"), and to learn about your rights and choices regarding our processing of your Personal Data. The use of information collected through Our Services shall be limited to the purpose of providing the Service for which Passpack is engaged. By using this website, you consent to the data practices prescribed in this Privacy Policy.

Our Commitment to Privacy

We believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don't have. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf. We use your data solely to provide you with Services in which you enroll and to provide you an enhanced user experience when you visit our Website. Our business is providing Passpack products and Services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.

Data Collection and Usage

We collect and use the following information in order to provide our Services: We will never ask for your Account Password or Secret Key.

Account. We collect, and associate with your account, information like your name, email address, phone number, payment information, and account activity.

Services. Our Services allow you to store your encrypted credentials and other sensitive data, collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit your encrypted data, messages, and other data as well as information related to it. This related information could be things like your profile nickname and profile image that makes it easier to collaborate and connect with others. Our Services provide you with different options for collaboration.

Usage. We collect information related to usage of our Services, including actions you take in your account. This helps us provide you with features like access logs and audit logs.

We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.

Website In some areas on Our Website, We ask you to provide personal information that will enable Us to enhance your site visit, to assist you with technical support issues or to follow up with you after your visit. It is completely optional for you to participate. For example, we request information from you when you: subscribe to a newsletter; participate in promotional offers. Personal information you provide will be kept confidential and used to support your customer relationship with Our Company.

Emails All email communication with you will be on an Opt-In basis. This is solely at your discretion. Occasionally, We will send you e-mail communications with information, which may be useful to you, including information about Our products and Services or about offerings from affiliates or business partners. When you first provide Us with your e-mail address, you will be given the option of not receiving any such e-mail communications. We will include instructions in our e-mail messages on how to unsubscribe if you later decide you do not want to receive any future e-mail communications. However, Opt-out does not apply to certain important notifications such as billing and account security alerts.

Cookies and Tracking. We use technologies like cookies on our own domains and subdomains to provide, improve and protect our Services. For example, to store settings that assist with identifying your account for sign-in. Cookies help us understanding how you are interacting with our Services, and improving them based on that information. We also use third-party packages and trackers for our public pages that may set cookies on your computer. These cookies are used to understand broad and anonymous user behavior when you visit passpack.com. Such user behavior includes time spent by a visitor on the website, most visited webpage, aggregated clicks on signups etc. Also to serve more relevant advertisements to visitors once they have left the Passpack website or our partner sites across the web.

You can set your browser to not accept cookies, but this may limit your ability to use the Services. We do not use third-party trackers in our web application or our client applications for MacOS, Windows, Linux, Android or iOS.

With whom

We may share information as discussed below, but we will never sell it to advertisers or other third parties. However, We might share your personal information with Our service providers, such as Our hosting services providers. If you choose to participate in a survey, a focus group etc., we may also share de-identified data with Our customers.

Passpack uses certain trusted third parties (for example, providers of payment processing services) to help us provide, improve, protect, and promote our Services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy, All such agents or contractors who have access to your personal information have Data Processing and Confidentiality obligations to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for Passpack.

Other users. Our Services display information like your nickname, profile picture, to other users in your team(s) in places like your connection profile and sharing notifications.

Lawful Requests and other disclosures. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Passpack or our users; or (d) protect Passpack's property rights.

Stewardship of your data is critical to us and a responsibility that we take seriously. Our users' data should receive the same legal protections regardless of whether it's stored on our servers or on their device. When responding to government requests (including national security requests) for our users' data we will: (a) be transparent, (b) fight blanket requests and (c) protect all users. Upon request we will provide a Transparency Report as part of our commitment to informing users about when and how governments ask us for information. This report details the types and numbers of requests we receive from law enforcement. Your Secure Data remains encrypted with keys that we do not possess, and so we can only hand over Secure Data in encrypted form.

How

Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We use strict access control mechanisms, network isolation, and encryption to ensure that Data is only available to authorized personnel. We also continue to work on features to keep your information safe including two-factor authentication, and client side encryption (Zero Knowledge Model) to prevent disclosure of your encrypted data. When you create a Passpack account in addition to your account user name and password you will create and receive a Secret Key. Your Secret (Encryption) Key is generated on your device. For your protection, you should create a strong and unique Account Password to ensure that it is not easily guessed. Separately, you should create a strong pass phrase to your Secret Key. It is extremely important that you understand that anyone with both your Secret Key and Account Password can access your Secure Data. It is equally important that you keep a copy in a safe place for your own reference, because future access to your Secure Data depends on having access to both your Secret Key and your Account Password. We will never ask you for your Account Password or your full Secret Key, and you should never send it to Us or anyone. Due to the nature of our design and the sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to help you with certain customer service requests unless you are listed as an account owner and are communicating from your verified email address. In the event that you change your email address, it is very important that you update your email on your Passpack account(s) or you may eventually lose access.

Retention. We'll retain information you store on our Services for as long as we need it to provide you the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. You can access your personal information by logging into your Passpack account.

Where

To provide you with the Services, we may store, process and transmit information in the United States and other locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services. Our customer support and email services are hosted primarily in the United States. Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services

Your rights

Passpack provided by your Organization: When we offer Passpack products and services to you through your organization, we continue to adhere to the United States privacy laws and the data protection requirements under the GDPR, in addition to any requirements under the contracts with your organization, to ensure that your data are located, and if applicable, appropriately transferred. If you use a Passpack product or account to access our products and services, and such Passpack product or account was provided by the organization that you are affiliated with, that organization is the controller or the administrator of your Passpack product or account. Your organization can access and process your data associated with your Passpack product or account. As such your use of the Passpack product or account is subject to your organisation's policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization's administrator. We are not responsible for the privacy or security practices of your organization, which may differ from those set out in this Privacy Policy. If you lose access to the organization that you are affiliated with (for example, if you change your employment), you may lose access to Passpack product or account and the content or data associated with such product or account.

Your Right to Have Your Data Erased: As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one's data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours. Disaster recovery and data availability requirements mean that Passpack has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Your right to access and control your personal data: You can add, remove, edit, and change any data that are in the Passpack vault. If you are an affiliate of an organization which provides you with the access to Passpack account and services, there may be certain restrictions to the above, based on your affiliate organization's privacy or other similar policies. For further details, please review below the section under Passpack provided by your Organization.

If you are in the European Economic Area (EEA), you have the following rights with respect to information that Passpack holds about you. Passpack strives to provide you with these rights no matter where you are located.

You may exercise your rights to limit the use of your data by third parties, or receive a report of the data and usage of that data by contacting customer support. You may also remove data not required by law for retention from our services by deleting your account.

Right to access: You have the right to access the categories of personal information that we hold about you, including the information's source, purpose and period of processing,.

Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.

Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.

Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify legitimate use or legal obligations to use it.

Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format.

Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.

Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.

Breach Notifications

In an event of a breach, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. We follow applicable requirements under the laws, that is, the United States data privacy breach notification requirements and the requirements related to data breach notification under the GDPR

Changes

If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) or a notice on Our website of any such deal and outline your choices. We may also disclose your personal information to any other third-party with your prior consent.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

Have questions or concerns about Passpack, our Services and privacy? Contact our Support team..