skip to Main Content

Privacy Policy

This Privacy Policy (“Privacy Policy”) explains how Ciphertrace (“Company” or “we” or “us”) collects, uses, stores, and discloses personal information from our users (“you”) when you interact with our website, ciphertrace.com (our “website”) or our application (our “app”, and together with our website, our “services”).  This Privacy Policy is effective as of July 31, 2018.

We reserve the right to and may update this Privacy Policy from time to time.  If we make any material changes, we will notify you by email (sent to the email address specified when you register for an account, or by presenting you with a new version of this Privacy Policy for you to accept. The most current version of the Privacy Policy will be displayed on the website. We encourage you to check the website from time-to-time for the latest information on our privacy practices. If you do not accept the terms of the Privacy Policy, we ask that you do not access the website or use any of our services.

Summary

This section provides a summary on how we obtain, use, and store information about you. Please read this section along with the full sections of this Privacy Policy.

Data controller:  The Company.

 

What information we collect from you:  name, contact details, IP address, information from cookies, information about your computer or device such as device and browser type, information about how you use our services such as which pages you have viewed and at what time, what you click on, and the geographical location from which you accessed our services which is based on your IP address.

 

How we collect or receive information about you: from your use of our services, using cookies, and when you provide it to us through contact forms, information and demo request forms, signing up for our blog and reports, requesting quotations, case sharing, and attribution reporting.

 

How we use your information: i.e. to contact you, to improve our business and services, to fulfil our contractual obligations, to imrpvoe our product and communicate improvements, to analyze your use of our services, and in connection with our legal rights and obligations.

How long do we store your information: we store your information at Hubspot in their secure Customer Relationship Database. We will store your information as long as you are a customer or user of the app.

Why do we disclose your information to third-parties: only to the extent necessary to run our business, to fulfill any contracts we enter into with you or our service providers, or where required by law or to enforce our legal rights.

Whether we sell your information to third parties outside of the course of a business sale or purchase of a similar transaction: No.

How do we secure your information:  we take measures to secure your information such as storing it on secure servers and encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology.

Do we use cookies and similar technologies:  yes, we use cookies and similar technologies such as web beacons.

Do we use automated decision making and profiling:  we do not use automated decision making and/or profiling.

Do we transfer your information outside of the European Economic Area: we transfer your information outside of the European Economic Area, including to the following countries: United States of America. We will ensure appropriate safeguards in place when we do so.

Do we collect sensitive personal information:  we neither intentionally nor knowingly collect what is referred to as “sensitive personal information”.  Please do not submit sensitive personal information about you or others to us

What rights do you have with regard to your information:

  • to have your information corrected and/or completed
  • to access your information and understand how we use it
  • to have your information deleted or the use of your information restricted
  • to receive your information in an accessible format
  • to withdraw the consent you provided to the use of your information
  • to object to the use of your information
  • to complain to us and/or to a supervisory authority about the use of your information.

About Us

The data controller’s representative is Guhan Iyer. You may contact the data controller’s representative by writing to 68 Willow Road, Menlo Park, CA, 94025 or sending an email to contact@ciphertrace.com.

If you have any questions about this Privacy Policy, please contact the data controller representative.

information we collect from you

WHEN YOU VISIT OUR WEBSITE OR APP

We collect and use information from website and app visitors such as you in accordance with this section and the section “Disclosure and other use of your information”.

Web server log information

We use GoDaddy, a third-party server, to host our website. You can locate GoDaddy’s privacy policy here.  Our website server automatically logs the IP address you use to access our website.  As the GoDaddy server is located in the US, your information is transferred outside of the European Economic Area (EAA).

We use Amazon Web Services, a third-party server, to host our app. You can locate Amazon’s privacy policy here.

Our third-party hosting providers automatically collect and store server logs to ensure network and IT security of our website and app, and to analyze how our users interact with our website and our app and their features.  We use the information gathered from such analysis to help identify and prevent unauthorized attacks to our network, and to improve our services.

Legitimate interests:  we, and our third-party hosting providers have a legitimate interest in using your information for the purposes of ensuring network security and to analyze website usage and improve our website.

Legal basis for processing:  our third-party hosting providers’ legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Cookies and similar technologies

Cookies are small data files sent from a website to a browser to record information about website users for various purposes.  We use cookies and similar technologies, such as web beacons, on our website.

By changing your browser settings, you can reject a portion or all of the cookies we use on our website, but it may impact your ability to use some features of our website.

When you provide us with your information

Contact form

When you contact us using our contact form, we collect your email address, IP address?, and any optional information you provide to us, such as your first and last name, industry, country, blog email subscription preferences, and any additional information you may supply in the contact field.

If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not be able to view your inquiry.

Legitimate interest:  responding to questions and messages we receive and maintaining records of our communication.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).  When your message relates to our provision of goods or services or providing you with information about such goods and services, we will process your information in order to do so.

Processing and storage of your information

We use a third-party contact form provider to store messages you send us.  Our contact form provider is HubSpot.  Information that you submit through our contact form will be stored outside the European Economic Area on our third-party hosting servers in the United States.  Their privacy policy is available here.

Email

If you send an email to the email address listed on our website, we collect your email address and any other information that you include in that email, such as your name, telephone number, message, and the information contained in any signature block in your email.

Legitimate Interest:  responding to inquiries and messages we receive and maintaining records of our communications.

Legal basis for processing:  our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).  When your message relates to our provision of goods or services or providing you with information about such goods and services, we will process your information in order to do so.

Processing and storage of your information

We use a third-party email provider to store emails you send to us. Our third-party email provider is GoDaddy for non-marketing communications, and their privacy policy is available here.  Emails that you send to us will be stored outside of the European Economic Area on the GoDaddy servers in the United States.

Phone

If you contact us by the phone number listed on our website or through Google, we will collect your phone number and any information that you share with us during our conversation or your message. We do not record phone calls.

Legitimate Interest:  responding to inquiries and messages we receive and maintaining records of our communications.

Legal basis for processing:  our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).  When your message relates to our provision of goods or services or providing you with information about such goods and services, we will process your information in order to do so.

Post

If you contact via post, we will collect any information that you provide to us in the postal communication.

Legitimate Interest:  responding to inquiries and messages we receive and maintaining records of our communications.

Legal basis for processing:  our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).  When your message relates to our provision of goods or services or providing you with information about such goods and services, we will process your information in order to do so.

Blog Email Subscription

When you register for our blog email subscription on our website, we collect your name and email address in order for us to send you the newsletter.  You provide your consent to us sending you our e-newsletter by filling in the information requested and by signing up to receive it.

Legal basis for processing:  your consent (Article 6(1)(a) of the General Data Protection Regulation).

Processing and storage of your information:  We use a third-party service to send out our blog email. The third-party service is Hubspot, and their privacy policy is available here.  Information that you submit to us to subscribe to our blog email will be stored outside the European Economic Area on Hubspot’s servers in the US.  We use technologies such as web beacons and insert any additional technologies used by the third-party service in the emails that we send you in order to analyze the level of engagement of our emails. We track information such as the delivery rates, open rates, click through rates, and insert any additional information you may measure about user interaction.

Registering on our website

If you register and create an account on our website, we will collect your name and email address in order for us to confirm your registration.  You provide your consent to us by filling in the information requested by us and by signing up to receive an account.  If you do not provide this information, we will not be able to verify or set up your account.

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).  If you wish to create an account on our website, it is necessary to process such information to allow you to access such portions of the site.

Processing and storage of your information:  Information that you share with us when you register for an account will be stored outside the European Economic Area on GoDaddy’s servers in the United States.  Our third-party hosting provider is GoDaddy.

Requesting a Demo

When you request a demo on our website, we will collect certain information such as your name, email address, telephone number, company name, and message, and any optional information that you may include to share with us such as your country, job title, industry, and timeline. You provide your consent to us by filling in the information requested by us and by signing up to receive a demo. The optional information that we suggest is so that we can better tailor our provision of services to you and to improve your customer experience.

Legal basis for processing: necessary to fulfill a contract or respond to your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Processing and storage of your information:  Information that you share with us when you request a demo will be stored outside the European Economic Area on Hubspot’s servers in US.  Our third-party hosting provider is Hubspot.

Downloading a report

When you request to download a report from our website, we give you the option to provide us with your email address to receive future correspondence from us.

information collectED from THIRD PARTIES

typically, we do not receive information about you from third parties. It is possible, however, that third parties with whom we have had no previous contact provide us with information about you. In addition, third parties may pass on information about you to us if you have potentially infringed on any of our legal rights. If so, we will have a legitimate interest in processing that information to evaluate any such potential infringement. If we receive information about you from a third party in error and we do not have any legal basis for processing that information, we will delete your information.

DISCLOSURE AND OTHER USE OF YOUR INFORMATION

Service Providers

In order to provide our services to you, we work with a number of third parties to assist us with running our business and who process your information for us on our behalf.  Our service providers include:

  • Email providers: HubSpot’s privacy policy is available here; and MailChimp’s privacy policy is available here.
  • Web site analytics: Upland Software, privacy policy available here

We will share your information with these service providers, along with our accountants, advisors, affiliates, business partners, independent contractors, and insurers, when necessary to provide you with the goods or services you request.  We choose not to display the identities of all of the other third parties we may share information with by name for competitive and security purposes.  If you would like further information about the identities of such parties, please contact us directly and we will do our best to provide you with the information you request where you have a legitimate reason for requesting it.  If we share your information with these third parties for a reason other than when necessary to perform a contract that we enter into, we will share your information in order to allow us to operate our business efficiently.

Other Third Parties

We also provide information to Google Inc., who collects information through our use of Google Analytics on our website. Google utilizes information such as IP addresses and information from cookies to improve its Google Analytics service. Information shared with Google for this purpose is processed on an aggregated and anonymized basis. To find out more information on what and how Google collects such information, please check out this page.

You can opt out of Google Analytics by installing the browser plugin here.

Legal basis for processing: necessary to fulfill contractual obligations to Google under our Google Analytics Terms of Service (Article 6(1)(f) of the General Data Protection Regulation).

Processing and storage of your information:  Information collected by Google Analytics is stored outside of the European Economic Area on Google’s Servers in the US.

In connection with an acquisition or similar transaction

If the Company enters into an agreement with a prospective or actual purchaser or seller in connection with an asset sale or acquisition of the Company, a merger, or similar business transaction, we may share your information with such prospective purchaser seller or similar entity in order for the transaction to occur.

Legal basis for processing: legitimate interest under Article 6(1)(f) of the General Data Protection Regulation.

In response to a legal process or suspected criminal activity

We may share your information in response to any court orders, subpoenas, or legal processes, to the extent permitted and as restricted by law, or if we suspect that criminal or potential criminal conduct has occurred and we need to contact an appropriate authority, such as the policy. We will typically only need to process your information for such legal purpose if you were affected by or involved in such an incident in some way.

Legal basis for processing: legitimate interest in preventing crime or suspected criminal activity, such as fraud or a cyber-crime, enforcing our legal rights, or resolving disputes and potential disputes (Article 6(1)(c) and 6(1)(f) of the General Data Protection Regulation).

HOW LONG WE STORE YOUR INFORMATION

As best as we can, we set out specific retention periods for your information. In the cases where that is not possible, we have set out certain criteria we use to determine the retention period for such information.

Server Information:  we store information on our server logs for up to five years.

Inquiries and Correspondence:  when you send us an email, fill out our contact form, call us, or correspond with us regarding any matter, we will retain your information for at least as long as it takes to respond to and resolve your inquiry, and for five years afterward.

Blog Email Subscription:  when you subscribe to our blog email, we keep your contact information you entered for as long as you remain subscribed or until we decide to cancel our blog email service, whichever comes first.

Criteria for determining retention periods

Other than the foregoing, we will store your information for no longer than necessary and will assess the need for retention based on the following:

  • Whether we are legally required to continue to process your information to be compliant with any record-keeping obligations;
  • Whether we have your consent or other legal basis to continue to process your information;
  • How valuable your information currently is and will be in the future;
  • What the purposes and use of your information both now and in the future will be and whether we need to continue to retain your information in order to fulfill contractual obligations with you;
  • The difficulty in ensuring your information is up to date and accurate;
  • Whether there are any industry standards surrounding how long such information should be stored;
  • The risk, cost, and liability involved with continuing to store your information; and
  • Any other circumstances surrounding the nature of our relationship.

HOW WE SECURE YOUR INFORMATION

We take commercially reasonable measures to protect all collected information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Our technical and organizational measures to secure your information include:

  • Storing information on secure servers;
  • Encrypting transfers of data to or from the Company’s servers using Secure Sockets Layer (SSL) technology;
  • Restricting access to your information and only sharing it to the minimum extent necessary, and on an anonymized basis when possible and subject to confidentiality restrictions where appropriate and;
  • Verifying the identity and need of any individual who may request access to your information prior to providing them with such access.

We cannot guarantee the security of the internet, and any information you submit to us over the internet, such as email, contact form submission, or other means, is transmitted entirely at your own risk. We are not responsible for any expenses, harm to reputation, damages, liabilities, loss of profits, costs, or any other type of loss experienced by you as a result of your decision to transmit information to us via the internet.

SENSITIVE PERSONAL INFORMATION

Sensitive personal information is information that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a person’s sex life or sexual orientation.

We neither knowingly nor intentionally collect sensitive personal information from individuals, and you agree to not submit sensitive information to us. If you either accidentally or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information pursuant to Article 9(2)(a) of the General Data Protection Regulation. We will only use and process such sensitive personal information for the sole purpose of deleting it.

TRANSFERRING YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA

As we have mentioned, your information will be transferred and stored outside of the European Economic Area (EEA) as set forth below. In addition, we may transfer your information outside of the EEA or to an international organization if required to comply with legal obligations, such as a court order.  We will ensure that appropriate safeguards are in place.

Server Log Information

Information that we collect when you visit our website or app is transferred outside of the EEA and stored on GoDaddy’s servers in the United States. This country is not subject to an adequacy decision by the European Commission. GoDaddy has self-certified its compliance with the EU-U.S. Privacy Shield which is available here.  The EU-U.S. Privacy Shield is a certification mechanism approved under Article 46(2)(f) of the General Data Protection Regulation. You may access the European Commission decision regarding the adequacy of the EU-U.S. Privacy Shield here.

Email

Information that you provide via email is transferred outside of the EEA and stored on HubSpot’s servers in the United States. HubSpot has self-certified its compliance with the EU-U.S. Privacy Shield.

Contact Form

Information that you provide to us when you fill out the contact form is transferred outside of the EEA and stored on HubSpot’s servers in the United States. HubSpot has self-certified its compliance with the EU-U.S. Privacy Shield.

Blog Email Service

Information that you submit to us when you sign up for our blog email subscription is transferred outside of the EEA and stored on Hubspot’s secure servers in the US. HubSpot has self-certified its compliance with the EU-U.S. Privacy Shield.

Google Analytics

Information collected by Google via Google Analytics is transferred outside of the EEA and stored on Google’s servers in the United States. HubSpot has self-certified its compliance with the EU-U.S. Privacy Shield.

YOUR RIGHTS IN REGARD TO YOUR INFORMATION

You may exercise, subject to certain limitations, the following rights in relation to your information by sending an email to contact@ciphertrace.com or by writing to CipherTrace at 68 Willow Road, Menlo Park, CA 94025:

  • Request correction or deletion of your information
  • Request access to your information and details related to our use, processing, and storage of your information
  • Request that we restrict our use of your information
  • Receive information that you provided to us in a commonly used, machine-readable, structured format, such as a CSV file, and the right to have that information transferred to a different data controller
  • Object to the processing of your information for certain purposes
  • Withdraw your consent to our use of your information at any time where we rely on your consent to use and process that information, from the point of withdrawal forward.

If you exercise your rights above and request access to your information, we are required by law to use all reasonable measures to verify your identity before we share any information with you. This is to protect your information and to minimize the threat of identity fraud, identity theft, or unauthorized access to your information. We may require original or certified copies of certain documentation in order to be able to verify your identity prior to providing you with access to your information.

Pursuant to Article 77 of the General Data Protection Regulation, you also hold the right to file a complaint with a supervisory authority, either in the Member State of your habitual residence, place of work, or location of an alleged infringement of the General Data Protection Regulation.

For more information on your rights in relation to your information, and limitations that apply, please review these resources on the ICO’s website:

If you wish to find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf.

YOUR RIGHT TO OBJECT TO THE PROCESSING OF YOUR INFORMATION

You may also exercise the right to object to us using or processing your information for direct marketing purposes by sending an email to contact@ciphertrace.com, or by writing to us at 68 Willow Road, Menlo Park, CA, 94025, or by clicking the unsubscribe link listed at the bottom of any marketing email that we send to you and then following the instructions that appear on your browser. For more information.

CHILDREN’S PRIVACY

We are committed to protecting the privacy of children, and we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA).  We neither knowingly nor intentionally contact or collect any information from persons under the age of 18 years old. Our services are not intended to solicit information of any kind from persons under the age of 18 years old.

If we receive information about persons under the age of 18 by a third party, or by deception or fraud, and are notified of the collection of such information, we will, where required to do so by law, immediately seek the appropriate parental consent to use that information or we will delete such information from our servers. If you are aware of any transmission of information about persons under the age of 18 years old, please send us an email at Contact@ciphertrace.com.

CALIFORNIA DO NOT TRACK DISCLOSURES

“Do Not Track” is a privacy setting that users can set in their web browsers. If a user turns on a Do Not Track signal in their browser, the browser transmits a message to websites requesting that they do not track the user. The company has not implemented a methodology to respond to Do Not Track signals.

PRIVACY QUESTIONS

If you have any questions or concerns about CipherTrace’s Privacy Policy or practices or if you would like to make a complaint about a possible breach of local privacy laws, please contact us.

 

 

 

 

 

 

 

 

 

 

Back To Top