that we collect from you when you use Virtru.
Sensible Defaults. Our default user settings try to balance user experience and privacy in as sensible a fashion as we can.
Data Security. Security is our business.We use reasonable organizational, technical and administrative measures to protect personal information under our control.
Choice. We let our users know when and how we collect information and we are designing our Services to offer our customers choices about how their information is used.
Limited Collection of Data. We seek to collect and retain the least amount of user data necessary for the functioning, security, and effective operation of our business.
Working with Partners. We make privacy a key factor in selecting service providers who have access to Personal Information.
Last Updated: September 7, 2016
For us, “Personal Information” means:
- Information which identifies you, like your name or email address; or
- A combination of several pieces of information which couldn’t identify you on their own, but which we believe would be sufficient to identify you when combined.
Any information that falls outside of this is “Other Information.” If we combine your Personal Information with Other Information, we will consider the combination as Personal Information.
Personal Information We Collect
Through our Site:
- When you use our Site, we may collect Personal Information such as your name, email address, and telephone number, if you choose to provide such information to us.
Through our Services:
When you register for or use our free or paid Services, we may collect Personal Information such as your email address, and Virtru Application Data. Virtru Application Data consists of:
- Key Acess Policies. We store Key Access Policies for each message or file you secure, as well as all updates to those Policies, such as revocation and adding or removing authorized users. Key Access Policies include the minimal metadata required to enforce the policy, such as authorized user email addresses, encryption keys and expiration date/time as well as a “Display Name” per policy for use in the online dashboard, which may be a file name or email subject line.
- Application Activations. We store a list of which applications have been activated for use by each user as well as when those activations expire.
If you purchase our paid Services, we also may collect full name and billing address. We use third party payment services to collect and process users’ payment card transactions.
How We Use Personal Information
We may use Personal Information:
- To provide the Services.
- To respond to your inquiries and fulfill your requests, such as to send you e-mail updates you have requested or information regarding the Services, changes to our terms, policies or other administrative announcements.
- To process your payments, provide you with the products or services you have purchased, communicate with you regarding your purchase and provide you with related customer service.
- To send you communications regarding additional services that may be of interest to you. If you no longer wish to receive newsletters or other marketing-related email communications from Virtru, you can opt out from receiving them by following the “unsubscribe” instructions in the next such email you receive from us. Note that you may not opt-out of receiving some administrative announcements (such as changes to our policies).
- To perform security analyses to verify that the Services are working properly and have not been compromised.
- For our internal business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our services, identifying usage trends and determining the effectiveness of our promotional campaigns.
When We Share Personal Information
We may disclose Personal Information in the following situations:
- To our service providers to enable them to provide services on our behalf.
- We may use and disclose Personal Information as required to comply with applicable law. We will handle any government requests for encryption keys in accordance with our Frequently Asked Questions on Government Surveillance.
- We may use or disclose Personal Information when we have a good-faith belief that it is reasonably necessary to protect the rights, property or safety of you, our other users, Virtru or the public.
- If our organizational structure or status changes (if we undergo a restructuring, are acquired, or go bankrupt,) we may pass your information to an acquirer, successor or affiliate.
- We may disclose your Personal Information in other circumstances when we tell you and you consent to the sharing.
Other Information We Collect
We and our third party service providers may collect other information in a variety of ways, including:
- Through your browser: Certain information is collected by most browsers and sent to web servers so that sites can behave reliably, such as browser version, resolution and operating system.
- Through server log files: An Internet Protocol (IP) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP), and is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site.
- Email Image Downloads – The downloading of images embedded in the introduction template for Services may be used for internal business metrics such as click-through rates and to measure the success of our marketing campaigns.
- From you: We may collect demographic information such as your location, as well as other information, such as your preferred means of communication, when you voluntarily provide this information to us. Unless combined with Personal Information, this information does not personally identify you or any other user of the Site or Services.
- By aggregating information: We may aggregate Personal Information so that the end-product does not personally identify you or any other user of the Site or Services, for example, by using Personal Information to calculate the percentage of our users who have a particular telephone area code. Aggregated Personal Information does not personally identify you or any other user of the Site or Services.
We may use and share Other Information for any purpose, provided that it does not constitute Personal Information as defined above.
Third Party Sites
Security is our business! We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. We also require our third-party service providers with access to Personal Information to use reasonable measures to protect the confidentiality and security of the Personal Information they maintain for us. Unfortunately, no data transmission or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
Use of Site by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that these individuals do not provide Personal Information through the Services.
The Services are controlled and operated by us from the United States, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States.
Updating Your Personal Information
If you would like to update your Personal Information that you have previously provided to us, you may contact us at: firstname.lastname@example.org