Virtru Values Your Privacy and Security

This Privacy Policy describes our practices in connection with information
that we collect from you when you use Virtru.

Our Principles

Transparency. We only use and share information about our users as spelled out in our Privacy Policy or other notices or in the agreements under which we provide the Services. We want you to know how we use your information, and to avoid any surprises.

Sensible Defaults. Our default user settings try to balance user experience and privacy in as sensible a fashion as we can.

Data Security. Security is our business.We use reasonable organizational, technical and administrative measures to protect personal information under our control.

Choice. We let our users know when and how we collect information and we are designing our Services to offer our customers choices about how their information is used.

Limited Collection of Data. We seek to collect and retain the least amount of user data necessary for the functioning, security, and effective operation of our business.

Working with Partners. We make privacy a key factor in selecting service providers who have access to Personal Information.

Our Privacy Policy

Last Updated: May 23, 2018

This Privacy Policy describes our practices in connection with information that we collect from you when you use our website at www.virtru.com (the “Site”) or our hosted encryption, access control and revocation services (the “Services”).

Your Information

For us, “Personal Information” means:

  • Information which identifies you, like your name or email address; or
  • A combination of several pieces of information which couldn’t identify you on their own, but which we believe would be sufficient to identify you when combined.

Any information that falls outside of this is “Other Information.” If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Policy.

Personal Information We Collect

Through our Site:

  • When you use our Site, (for example, when you contact us, sign up for a newsletter, download informational content (such as whitepapers), or register to attend an event or webinar) we collect Personal Information such as your name, email address, and telephone number, if you choose to provide such information to us.

Through our Services:

When you register for or use our free or paid Services, we collect your name, company name and size, your (business) telephone number and email address, and Virtru Application Data. Virtru Application Data consists of:

  • Key Access Policies. We store Key Access Policies for each message or file you secure, as well as all updates to those Policies, such as revocation and adding or removing authorized users. Key Access Policies include the minimal metadata required to enforce the policy, such as authorized user email addresses, encryption keys and expiration date/time as well as a “Display Name” per policy for use in the online dashboard, which may be a file name or email subject line.
  • Application Activations. We store a list of which applications that have been activated for use by each user as well as when those activations expire.

If you purchase our paid Services, we also may collect full name and billing address. We use third party payment services to collect and process users’ payment card transactions.

Offline:

  • We collect Personal Information from you offline, e.g., when you visit our company, attend an event, or contact customer service.

From Other Sources:  

  • We receive your Personal Information from other sources, for example, publically available databases.

How We Use Personal Information

We and our service providers use Personal Information for legitimate business purposes, including:

  • Providing the Services and fulfilling your requests,
      • To respond to your inquiries and fulfill your requests, such as to send you e-mail updates you have requested or information regarding the Services, changes to our terms, policies or other administrative announcements.
      • To process your payments, provide you with the products or services you have purchased, communicate with you regarding your purchase and provide you with related customer service.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

  • Sending you communications regarding additional services that may be of interest to you.We will engage in this activity with your consent or where we have a legitimate interest.
  • Performing security analyses to verify that the Services are working properly and have not been compromised. We will engage in this activity where we have a legitimate interest.
  • For our internal business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our services, identifying usage trends and determining the effectiveness of our promotional campaigns. We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.

When We Share Personal Information

We disclose Personal Information:

  • To our affiliate Virtru Government Services LLC.
  • To our third party service providers to facilitate services they provide to us. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
  • As required to comply with applicable law and regulations and to cooperate with public and governmental authorities (this can include laws and authorities outside your country of residence), including law enforcement. We will handle any government requests for encryption keys in accordance with our Frequently Asked Questions on Government Surveillance.
  • For other legal reasons, when we need to enforce our terms and conditions and when it is reasonably necessary to protect the rights, property or safety of you, our other users, Virtru or the public.
  • With third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquirer and its advisors.
  • We may disclose your Personal Information in other circumstances when we tell you and you consent to the sharing.

Other Information We Collect

We and our third party service providers may collect other information in a variety of ways, including:

  • Through your browser: Certain information is collected by most browsers and sent to web servers so that sites can behave reliably, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.  We use this information to ensure that the Services function properly.
  • Through server log files: An Internet Protocol (IP) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP), and is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site. We may also derive your approximate location from your IP address.
  • Using cookies: Cookies allow a web server to transfer data to a computer for recordkeeping and other purposes. We and our service providers use cookies and other technologies to, among other things, better serve you with more tailored information and facilitate your ongoing access to and use of the Site, as well as for online tracking purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. To learn more about cookies, please visit http://www.allaboutcookies.org/. If you choose to decline cookies, some or all of the features, functionality and promotions available through the Site may not be available to you.
Cookie TypeDescription
Strictly necessary / Essential cookiesEssential cookies enable you to navigate the Site and to use its services and features. Without these absolutely necessary cookies, the Site will not perform as smoothly for you as we would like it to and we may not be able to provide the Site or certain services or features.
Preference cookiesPreference cookies collect information about your choices and preferences, and allow us to remember language or other local settings and customize the Site accordingly.  
Functionality cookiesCookies that allow us to remember visitor choices and preferences. Based on this information, we can show you more relevant information. For example, we may gather country and language preferences.

If you do not allow the use of this type of cookie, it will prevent the use of certain parts of our Site and will prevent us from remembering your preferences.

Targeting cookies or advertising cookiesWith our permission, this type of cookie is placed on our Site by third parties such as advertising networks. These cookies are used to:

  • Show relevant and personalized advertisements
  • Measure the effectiveness of an advertising campaign
  • Remember your visit and share data collected with third parties, such as advertisers. Often these cookies are linked to website functionality provided by the third party.
Analytics cookiesAnalytics cookies collect information about your use of the Site and enable us to improve the way it works. For example, analytics cookies show us which are the most frequently visited pages on the Site, help us record any difficulties you have with the Site, and show us whether our advertising is effective or not. This allows us to see the overall patterns of usage on the Site, rather than the usage of a single person. We use the information to analyze Site traffic, but we do not examine this information for individually identifying information.

We also use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources.  You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

  • If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three programs that clean out tracking cookies:
  • On our Site, we use cookies from Google in order to be able to serve ads on external web sites across the internet for marketing purposes. If you wish to opt out of interest-based advertising from our third-party vendors, visit the Network Advertising Initiative opt-out page. You can use Ads Settings to manage the Google ads you see.
  • Email Image Downloads – The downloading of images embedded in the introduction template for Services may be used for internal business metrics such as click-through rates and to measure the success of our marketing campaigns.
  • From you: We may collect demographic information such as your geographic region, as well as other information, such as your preferred means of communication, when you voluntarily provide this information to us.
  • Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
  • By aggregating information: We may aggregate Personal Information so that the end-product does not personally identify you or any other user of the Site or Services, for example, by using Personal Information to calculate the percentage of our users who have a particular telephone area code. Aggregated Personal Information does not personally identify you or any other user of the Site or Services.

We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.  In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Third Party Sites

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which this Site contains a link. The inclusion of a link on the Site does not imply endorsement of the linked site by us or by our affiliates.

Security

Security is our business! We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. We also require our third-party service providers with access to Personal Information to use reasonable measures to protect the confidentiality and security of the Personal Information they maintain for us. Unfortunately, no data transmission or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.

Retention

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.  

The criteria used to determine our retention periods include:  

  • The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).  

Use of Site by Minors

The Services are not directed to individuals under the age of sixteen (16), and we request that these individuals do not provide Personal Information through the Services.

Jurisdiction & Cross-Border Transfers

The Services are controlled and operated by us from the United States. Your Personal Information may therefore be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.  In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here

Sensitive Information

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

Third Party Payment Service

We may use a third-party payment service to process payments made through the Services. If you wish to make a payment through the Services, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective when we email you about the changes or post the revised Privacy Policy on the Site. Your use of the Site or Services following any such updates will constitute your acceptance of such updates.

Your Choices and Rights

How you can access, change or delete your Personal Information  

If you would like to request to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided to us, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right is provided to you by applicable law), you may contact us at: info@virtru.com. We will respond to your request consistent with applicable law. You may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.

Your choices regarding our use and disclosure of your Personal Information

We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:  

  • Receiving electronic communications from us:  If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by: by following the “unsubscribe” instructions in the next such email you receive from us. Note that you may not opt-out of receiving some administrative announcements (such as changes to our policies).

We will try to comply with your request(s) as soon as reasonably practicable.  Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

Contacting Us

Virtru Corporation, located at 1130 Connecticut Ave NW Suite 210, Washington, Dc 20036, D.C County, US, is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us by email at info@virtru.com, or please write to the following address: 1130 Connecticut Ave NW Suite 210 Washington, DC 20036.