Last Updated: August 24, 2020
Effective Date: January 1, 2020
Information we Collect and Store
SendSafely may collect and store the following information when providing the Services:
- Profile Data. When you register an account, you provide us with user profile information such as your name, email address, cell phone number (for two-factor authentication), country, time zone, company name (enterprise users only) and credit card or other billing information. You may also provide API keys or OAuth token’s if you choose to integrate SendSafely into third party applications.
- Usage Data. When you use the Services we collect the following information:
- Recipient Information. You will typically provide us with your recipient’s email address and optionally their cell phone number (for two-factor authentication).
- File Metadata. When transferring a file through the Services, we record metadata related to the files you send. This information includes the file name and file size, but not the file contents.
- Log Data. When you use the Services, we automatically record high-level information from the device you are using, such as the IP address, web browser version and type of operating system you are using.
- Cookies. A cookie is a small data file that we transfer to your device. Cookies set by us (SendSafely) are referred to as “first party cookies”. First party cookies are essential for us to provide you with the Services, and allow us to show you the right information once you have logged in and easily access items that have been shared with you. Cookies set by parties other than us are called “third party cookies”. We use third party cookies to better understand how you interact with the Service, to monitor aggregate usage and web traffic routing on the Service. In certain cases we also use third party cookies to provide relevant marketing material to you, which is further described below under the Remarketing section of this policy. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.
- Secure Content. The encrypted files and messages sent through our platform (“Secure Content”) are encrypted end-to-end at all times. Secure Content is encrypted client-side before being uploaded to the Services and decrypted client-side when downloaded from the Services. SendSafely does not ever decrypt or use Secure Content other than providing it to the appropriate parties when using the Services.
How we use the Information we Collect
The information we collect is primarily used to provide our Service to you and to administer your use of the Services. We may also use a limited subset of this information for the following purposes:
- Analytics. We use a limited subset of your usage data to monitor and analyze use of the Services, for technical administration of the Services, to increase functionality and user-friendliness of the Services, and to verify users have the authorization needed for the Services to process their requests.
- Promotional Communications. If you register for a SendSafely account or request more information about the Services, we may use your email address to provide you with news and announcements about the Services, or to request feedback on the Services. If you no longer wish to receive promotional communications from us, you can follow the “unsubscribe” instructions provided in any of those communications or update your account settings information in the Edit Profile screen.
Information Sharing and Disclosure
In the course of providing the Services we may share your information with third parties, as further described below.
International Transfer of Information
When you use our Service, your information will be replicated across data centers in multiple countries. SendSafely employs appropriate mechanisms for cross-border transfers of personal information, as required by applicable data protection law. If you wish to restrict the countries where your information is stored, you should contact us to arrange for restricted controls to be placed on your data storage (available only for enterprise customers).
Compliance with Law Enforcement Requests
We may disclose to outside parties information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of the Services or its users; or (d) to protect SendSafely’s property rights. SendSafely does not maintain a way to decrypt Secure Content that is transferred through the Services, and as such any disclosed Secure Content would retain the encryption that was applied prior to storing it in our system.
We may disclose anonymized data, such as usage statistics of our Service. Any data that we disclose will be anonymized and aggregated such that there would be no way to associate the information with any specific user account.
Changing or Deleting your Information
Your Profile Data and Secure Content can be updated or deleted at any time by you as outlined below. If you no longer desire to use the Services you may deactivate your account at any time.
- Profile Data. If you are a registered user, you may access, update, correct or delete the profile data we store by editing your account profile. You are responsible for the accuracy of the information stored in your account profile.
- Secure Content. Your account has the ability to delete any Secure Content that you have uploaded through the Services at any time.
We retain your information for only as long as necessary to provide the Services, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements. We will delete your information upon:
- Account Deactivation. With the exception of Secure Content, all of your information is retained for as long as your account is active. If you wish to cancel your account you may do so from the account profile page. Your information will be permanently deleted 30 days after your account has been deactivated.
- User Request. We will delete your account information upon request. Requests for deletion should be sent to email@example.com.
- Secure Content. The encrypted files and messages you send through the Services are retained only for as long as required, which is based on the expiration settings specified by the user that uploads the content. Secure Content is deleted when the content expires or when the sender's account has been deactivated. The user who uploaded the content (or an authorized company administrator for enterprise users) can also delete Secure Content manually at any time.
Administration for Enterprise Users
If you are a SendSafely Enterprise user, your account is subject to administration by one or more designated SendSafely Enterprise Administrator users within your organization. Your SendSafely Enterprise Administrators are be able to:
- Access and/or update your profile information
- Access usage data related to your account
- Delete or disable your SendSafely account
Please refer to your company's policies if you have questions about your Enterprise Administrator's rights and obligations to you as an employee.
Our site includes links to other websites whose privacy practices may differ from those of SendSafely. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Website you visit.
The security of your information is of paramount importance to us. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use or disclosure. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can visit our Security Overview page or contact us at firstname.lastname@example.org.
Use by Children
Our Services are not intended for use by persons under 16 years of age, and we do not knowingly collect personally identifiable information from anyone under 16 years of age. If a parent or guardian becomes aware that his or her child has provided us with any information without their consent, they should contact us at email@example.com.
California Privacy Rights
The California Consumer Privacy Act (CCPA) creates certain individual rights for California residents. If you are a resident of California, you have the rights outlined in this section.
- Right to Request Disclosures. You have the right to request information about:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting the personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we have collected about you.
- Right to Request Deletion. You have the right to request the deletion of your personal information collected and stored by us, subject to certain conditions and exceptions under the law.
- Right to Opt-out of the Sale of Personal Data. SendSafely does not sell your personal information.
If you would like to make a request and exercise your rights described above, please contact us via email at firstname.lastname@example.org or toll-free telephone at 1-877-255-3594. Requests must contain sufficient information to allow us to evaluate and respond to your request. Your identity will be validated prior to the disclosure of any personal information. We will not discriminate against you for exercising your rights under the CCPA.