Sensible Defaults. Our default user settings try to balance user experience and privacy in as sensible a fashion as we can.
Data Security. Security is our business.We use reasonable organizational, technical and administrative measures to protect personal information under our control.
Choice. We let our users know when and how we collect information and we are designing our Services to offer our customers choices about how their information is used.
Limited Collection of Data. We seek to collect and retain the least amount of user data necessary for the functioning, security, and effective operation of our business.
Working with Partners. We make privacy a key factor in selecting service providers who have access to Personal Information.
Last Updated: September 20, 2018
For us, “Personal Information” means:
- Information which identifies you, like your name or email address; or
- A combination of several pieces of information which couldn’t identify you on their own, but which we believe would be sufficient to identify you when combined.
Personal Information We Collect
Through our Site:
- When you use our Site, (for example, when you contact us, sign up for a newsletter, download informational content (such as whitepapers), or register to attend an event or webinar) we collect Personal Information such as your name, email address, and telephone number, if you choose to provide such information to us.
Through our Services:
When you register for or use our free or paid Services, we collect your name, company name and size, your (business) telephone number and email address, and Virtru Application Data. Virtru Application Data consists of:
- Key Access Policies. We store Key Access Policies for each message or file you secure, as well as all updates to those Policies, such as revocation and adding or removing authorized users. Key Access Policies include the minimal metadata required to enforce the policy, such as authorized user email addresses, encryption keys and expiration date/time as well as a “Display Name” per policy for use in the online dashboard, which may be a file name or email subject line.
- Application Activations. We store a list of which applications that have been activated for use by each user as well as when those activations expire.
If you purchase our paid Services, we also may collect full name and billing address. We use third party payment services to collect and process users’ payment card transactions.
- We collect Personal Information from you offline, e.g., when you visit our company, attend an event, or contact customer service.
From Other Sources:
- We receive your Personal Information from other sources, for example, publically available databases.
How We Use Personal Information
We and our service providers use Personal Information for legitimate business purposes, including:
- Providing the Services and fulfilling your requests,
- To respond to your inquiries and fulfill your requests, such as to send you e-mail updates you have requested or information regarding the Services, changes to our terms, policies or other administrative announcements.
- To process your payments, provide you with the products or services you have purchased, communicate with you regarding your purchase and provide you with related customer service.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
- Sending you communications regarding additional services that may be of interest to you.We will engage in this activity with your consent or where we have a legitimate interest.
- Performing security analyses to verify that the Services are working properly and have not been compromised. We will engage in this activity where we have a legitimate interest.
- For our internal business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our services, identifying usage trends and determining the effectiveness of our promotional campaigns. We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
When We Share Personal Information
We disclose Personal Information:
- To our subsidiaries and affiliates.
- To our third party service providers to facilitate services they provide to us. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
- As required to comply with applicable law and regulations and to cooperate with public and governmental authorities (this can include laws and authorities outside your country of residence), including law enforcement. We will handle any government requests for encryption keys in accordance with our Frequently Asked Questions on Government Surveillance.
- For other legal reasons, when we need to enforce our terms and conditions and when it is reasonably necessary to protect the rights, property or safety of you, our other users, Virtru or the public.
- With third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquirer and its advisors.
- We may disclose your Personal Information in other circumstances when we tell you and you consent to the sharing.
Other Information We Collect
We and our third party service providers may collect other information in a variety of ways, including:
- Through your browser: Certain information is collected by most browsers and sent to web servers so that sites can behave reliably, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
- Through server log files: An Internet Protocol (IP) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP), and is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site. We may also derive your approximate location from your IP address.
- Email Image Downloads – The downloading of images embedded in the introduction template for Services may be used for internal business metrics such as click-through rates and to measure the success of our marketing campaigns.
- From you: We may collect demographic information such as your geographic region, as well as other information, such as your preferred means of communication, when you voluntarily provide this information to us.
- Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
- By aggregating information: We may aggregate Personal Information so that the end-product does not personally identify you or any other user of the Site or Services, for example, by using Personal Information to calculate the percentage of our users who have a particular telephone area code. Aggregated Personal Information does not personally identify you or any other user of the Site or Services.
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
Third Party Sites
Security is our business! We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. We also require our third-party service providers with access to Personal Information to use reasonable measures to protect the confidentiality and security of the Personal Information they maintain for us. Unfortunately, no data transmission or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Use of Site by Minors
The Services are not directed to individuals under the age of sixteen (16), and we request that these individuals do not provide Personal Information through the Services.
Jurisdiction & Cross-Border Transfers
The Services are controlled and operated by us from the United States. Your Personal Information may therefore be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here).
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
Third Party Payment Service
Your Choices and Rights
How you can access, change or delete your Personal Information
If you would like to request to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided to us, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right is provided to you by applicable law), you may contact us at: firstname.lastname@example.org. We will respond to your request consistent with applicable law. You may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.
Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:
- Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by: by following the “unsubscribe” instructions in the next such email you receive from us. Note that you may not opt-out of receiving some administrative announcements (such as changes to our policies).
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.