This policy describes how we collect, use and handle your information when you use our website, software and services ("Services").
What & Why
We collect and use the following information in order to provide our Services:
Account. We collect, and associate with your account, information like your name, email address, phone number, payment info, and account activity.
Services. Our Services allow you to store your encrypted credentials and other sensitive data, collaborate with others, and work across multiple devices. To make that possible, we store, process, and transmit your encrypted data, messages, and other data as well as information related to it. This related information can be things like your profile nickname and profile image that makes it easier to collaborate and connect with others. Our Services provide you with different options for collaboration.
Usage. We collect information related to usage of our Services, including actions you take in your account. This helps us provide you with features like access logs and audit logs.
We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies and other technologies. We use technologies like cookies to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. If our systems receive a do not track signal from your browser, we'll respond to that signal as outlined here.
We may share information as discussed below, but we won't sell it to advertisers or other third parties.
Other users. Our Services display information like your nickname, profile picture, to other users in places like your connection profile and sharing notifications.
Lawful Requests and other disclosures. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Passpack or our users; or (d) protect Passpack's property rights.
Stewardship of your data is critical to us and a responsibility that we take seriously. Our users' data should receive the same legal protections regardless of whether it's stored on our servers or on their device. When responding to government requests (including national security requests) for our users' data we will:
- Be transparent,
- Fight blanket requests,
- Protect all users and
- Provide trusted services.
- Amazon Simple Email Service Used to provide account and service notifications
- Stripe Used to provide payment processing
- Zendesk Used to provide help desk services and customer support
- MailChimp Used to provide marketing emails and newsletter services
We publish a Transparency Report as part of our commitment to informing users about when and how governments ask us for information. This report details the types and numbers of requests we receive from law enforcement.
Security. We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like two-factor authentication, and client side encryption to prevent disclosure of your encrypted data. However no method of transmission over the Internet, or method of electronic storage, is 100% secure, the security of your Information also depends on how you use the Services and protect your login credentials and the Packing Key that enables you to access your account and decrypt your Encrypted Data.
Retention. We'll retain information you store on our Services for as long as we need it to provide you the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. You can access your personal information by logging into your Passpack account.
To provide you with the Services, we may store, process and transmit information in the United States and other locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring data from the European Union, the European Economic Area, and Switzerland, Passpack relies upon a variety of legal mechanisms, including contracts with our users. Passpack complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States.
If you are in the European Economic Area (EEA), you have the following rights with respect to information that Passpack holds about you. Passpack strives to provide you with these rights no matter where you are located.
You may exercise your rights to limit the use of your data by third parties, or receive a report of the data and usage of that data by contacting customer support at firstname.lastname@example.org. You may also remove data not required by law for retention from our services by deleting your account.
Right to access: You have the right to access the categories of personal information that we hold about you, including the information's source, purpose and period of processing,.
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify legitimate use or legal obligations to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices.
Have questions or concerns about Passpack, our Services and privacy? Contact us at email@example.com.