Crypho Privacy Policy

March 29 2016

This Privacy Policy applies to all of the products, services and websites offered by Crypho AS (Crypho). References to “we,” “our” and “us” refer to Crypho, while “you” and “your” refer to the Crypho customer or user.

The Information We Collect

When you visit Crypho you provide us with two types of information: personal information you knowingly choose to disclose that is collected by us, and Web Application use information collected by us as you interact with our Web Application.

Information You Provide

When you register with Crypho, you provide us with certain personal information, such as your name, your email address, your phone number, and other personal information that you provide to us. Passwords never reach our servers and we do not store them. Instead they are used to encrypt your keys in your browser and we store the ciphertext. We therefore cannot read your password or keys. When you enter sensitive information related to payment (such as credit card number), we encrypt that information using secure socket layer technology (SSL) and pass it to our payment provider to handle the transactions. We never send them or store them in our servers.

You acknowledge and agree that Crypho may occasionally send you communications regarding your account or the Service via email.

Web Application Use Information

When you enter Crypho, we collect your browser type and IP address. This information is gathered for all Crypho visitors. In addition, we store certain information from your browser using “cookies”. A cookie is a piece of data stored on the user’s computer tied to information about the user. We use session ID cookies to confirm that users are logged in. These cookies terminate once the user closes the browser or logs out.

Crypho automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the page you request. In addition actions you perform such as inviting a user, creating a space are logged for auditing.

In order to speed up the application, we also cache non-encrypted information about your contacts in your browser’s local storage for longer periods of time.

Web Application Data

When using Crypho to communicate, you send us that data and and files, including names of the files. All these data are encrypted in your browser and stored as such without us ever knowing what they contain. All the meta-data of your spaces, such as who is a member are not encrypted by you and are disclosed to us to allow us to provide our service. Thus Crypho does not handle your anonymity, instead protects confidentiality.

Crypho may also record your IP address when you submit information. All data are further encrypted with Secure Socket Layer (SSL) during transfer.

How We Use The Information

We use information which we collect for purposes of providing the services, auditing, research and analysis in order to maintain, protect and improve our services, ensuring the functioning of our servers, providing customer service and developing new products and services for our customers and prospective customers. We may use third party services for this analysis.

We use your email only for identifying your account to the service, to send you transactional emails with things like invitations, and to periodically send you information about the service and updates. We will not sell or market the email addresses or other collected personal information of registered Users to third parties.

We use your phone number solely to send you SMS messages for 2-factor authentication purposes.

We cannot and will not view the content of your communications and files that you exchange using the Service.

We may share certain types of non-personal identifiable information such as average number of spaces for all users.

Minors Under Age 18

Minors under 18 are not allowed to register with Crypho. Crypho does not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register.

Security

Crypho uses industry standard security measures to protect against the loss, misuse and alteration of the information under our control.

Because email and instant messaging are not recognized as secure communications, we request that you not send private information to us by email or instant messaging services.

If you cancel your account, your Personal Data and other information may be retained in our archive or backup record.

Crypho may contain links to other websites. We are of course not responsible for the privacy practices of other web sites. We encourage our users to be aware when they leave our site to read the privacy statements of each and every web site that collects personally identifiable information. This Privacy Policy applies solely to information collected by Crypho.

Changes To This Policy

Crypho reserves the right in our sole discretion to revise, amend, or modify this policy and our other policies and agreements at any time and in any manner. Notice of any revision, amendment, or modification of this policy will be posted on Crypho’s websites, and a User’s continued use of the Service will signify agreement to such changes