For privacy related questions or concerns, please contact us via email at firstname.lastname@example.org.
Last Updated: May 18, 2018
Information we Collect and Store
SendSafely may collect and store the following information when providing the Services:
- Profile Data. When you register an account, you provide us with user profile information such as your name, email address, cell phone number (for two-factor authentication), country, time zone, company name (enterprise users only) and credit card or other billing information. You may also provide API keys or OAuth token’s if you choose to integrate SendSafely into third party applications.
- Usage Data. When you use the Services we collect the following information:
- Recipient Information. You will typically provide us with your recipient’s email address and optionally their cell phone number (for two-factor authentication).
- File Metadata. When transferring a file through the Services, we record metadata related to the files you send. This information includes the file name and file size, but not the file contents.
- Log Data. When you use the Services, we automatically record high-level information from the device you are using, such as the IP address, web browser version and type of operating system you are using.
- Cookies. A cookie is a small data file that we transfer to your device. Cookies set by us (SendSafely) are referred to as “first party cookies”. First party cookies are essential for us to provide you with the Services, and allow us to show you the right information once you have logged in and easily access items that have been shared with you. Cookies set by parties other than us are called “third party cookies”. We use third party cookies from Google Analytics to better understand how you interact with the Service, to monitor aggregate usage and web traffic routing on the Service. In certain cases we also use third party cookies from Google AdWords to provide relevant marketing material to you, which is further described below under the Remarketing section of this policy. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.
- Secure Content. The encrypted files and messages sent through our platform (“Secure Content”) is encrypted end-to-end at all times. Secure Content is encrypted client-side before being uploaded to the Services and decrypted client-side when downloaded from the Services. SendSafely does not ever decrypt or use Secure Content other than providing it to the appropriate parties when using the Services.
How we use the Information we Collect
The information we collect is primarily used to provide our Service to you and to administer your use of the Services. We may also use a limited subset of this information for the following purposes:
- Analytics. We use a limited subset of your usage data to monitor and analyze use of the Services, for technical administration of the Services, to increase functionality and user-friendliness of the Services, and to verify users have the authorization needed for the Services to process their requests.
Information Sharing and Disclosure
In the course of providing the Services we may share your information with third parties, as further described below.
International Transfer of Information
When you use our Service, your information will be replicated across data centers in multiple countries. SendSafely employs appropriate mechanisms for cross-border transfers of personal information, as required by applicable data protection law. If you wish to restrict the countries where your information is stored, you should contact us to arrange for restricted controls to be placed on your data storage (available only for enterprise customers).
Compliance with Law Enforcement Requests
We may disclose to outside parties information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of the Services or its users; or (d) to protect SendSafely’s property rights. SendSafely does not maintain a way to decrypt Secure Content that is transferred through the Services, and as such any disclosed Secure Content would retain the encryption that was applied prior to storing it in our system.
We may disclose anonymized data, such as usage statistics of our Service. Any data that we disclose will be anonymized and aggregated such that there would be no way to associate the information with any specific user account.
Changing or Deleting your Information
Your Profile Data and Secure Content can be updated or deleted at any time by you as outlined below. If you no longer desire to use the Services you may deactivate your account at any time.
- Profile Data. If you are a registered user, you may access, update, correct or delete the profile data we store by editing your account profile. You are responsible for the accuracy of the information stored in your account profile.
- Secure Content. Your account has the ability to delete any Secure Content that you have uploaded through the Services at any time.
We retain your information for only as long as necessary to provide the Services, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. We will delete your information upon:
- Account Deactivation. With the exception of Secure Content, all of your information is retained for as long as your account is active. If you wish to cancel your account you may do so from from the account profile page. Your information will be permanently deleted 30 days after your account has been deactivated.
- User Request. We will delete your account information upon request. Requests for deletion should be sent to email@example.com.
- Secure Content. The encrypted files and messages you send through the Services are retained only for as long as required, which is based on the expiration settings specified by the user that uploads the content. Secure Content is deleted when the content expires or when the sender's account has been deactivated. The user who uploaded the content (or an authorized company administrator for enterprise users) can also delete Secure Content manually at any time.
Administration for Enterprise Users
If you are a SendSafely Enterprise user, your account is subject to administration by one or more designated SendSafely Enterprise Administrator users within your organization. Your SendSafely Enterprise Administrators are be able to:
- Access and/or update your profile information
- Access usage data related to your account
- Delete or disable your SendSafely account
Please refer to your company's policies if you have questions about your Enterprise Administrator's rights and obligations to you as an employee.
Our site includes links to other websites whose privacy practices may differ from those of SendSafely. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Website you visit.
The security of your information is of paramount importance to us. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use or disclosure. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can visit our Security Overview page or contact us at firstname.lastname@example.org.
Use by Children
Our Services are not intended for use by persons under 16 years of age, and we do not knowingly collect personally identifiable information from anyone under 16 years of age. If a parent or guardian becomes aware that his or her child has provided us with any information without their consent, they should contact us at email@example.com.