Last Updated: February, 2026
This Privacy Policy describes Virtru’s practices regarding the collection, use, and disclosure of personal information in connection with our website located at www.virtru.com (the “Site”) and our hosted encryption, access control, and revocation services (the “Services”).
When you interact with the Site or use the Services, Virtru processes personal information as described in this Privacy Policy and in accordance with applicable law.
In providing the Services to enterprise customers, Virtru processes personal information on behalf of such customers in accordance with applicable agreements and customer instructions.
Virtru acts as a controller when processing personal information related to the operation of the Site and business communications, and as a processor when processing Customer Content through the Services.
This Privacy Policy may be updated from time to time to reflect changes in our practices or applicable legal requirements. We will post the updated version on this page and indicate the effective date of the revision. Your continued use of the Site or Services after an update indicates acknowledgment of the updated Privacy Policy.
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@virtru.com
Address: Virtru, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006
“Personal Information” means:
Information that identifies you, like your name or email address or telephone number; or
Information that, when combined with other information, could reasonably identify you.
We collect personal information that you voluntarily provide to us when you register with us, express an interest in obtaining information about us or our products and Services, participate in activities or otherwise when you contact us. In particular:
We collect identifiers, such as your name, email address, and telephone number, if you choose to provide such information to us.
We may collect identifiers such as your full name and billing address, and a third party payment services provider will collect and store your credit card number and/or any other financial information required to process payment card transactions on our behalf, in which case your information will be subject to the third party’s privacy policy, rather than this Privacy Policy.
We may collect identifiers and professional or employment-related information, such as your name, company name and size, and your telephone number and email address.
When you use our free or paid Services, we collect key access policies and application activations (“Virtru Application Data”). We store Key Access Policies for each message or file you secure, as well as all updates to those Policies, such as revocation and adding or removing authorized users. Key Access Policies include the minimal metadata required to enforce the policy, such as authorized user email addresses, telephone number (if applicable), encryption keys and expiration date/time as well as a “Display Name” per policy for use in the online dashboard, which may be a file name or email subject line. We store a list of applications that have been activated for use by each user, as well as when those activations expire.
Certain information is collected by most browsers and sent to web servers so that sites can behave reliably, such as your computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.
An Internet Protocol (IP) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP), and is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site and Services. We may also derive your approximate location from your IP address.
Cookies allow a web server to transfer data to a computer for record keeping and other purposes. We and our service providers use cookies and other technologies to, among other things, better serve you with more tailored information, facilitate your ongoing access to and use of the Site, as well as for online tracking purposes. For further information about our use of cookies, please visit our Cookie Policy.
We collect information directly and through service providers that support the operation of the Site and Services. These providers may use cookies, web beacons, or similar technologies on our behalf for purposes such as site functionality, analytics, security, and customer support.
Such service providers are authorized to use these technologies only as necessary to perform services for us and are subject to contractual obligations to protect the information they process.
We use cookies and similar technologies to operate and improve the Site and Services, support functionality, analyze usage, and maintain security. We and our advertising partners use cookies, pixels, and similar technologies to deliver advertisements, measure advertising performance, and support ad retargeting by re-engaging users who have previously interacted with our website or marketing content. Cookies are small text files stored on your browser or device that allow systems to recognize your browser and remember certain information.
You can manage your choices regarding cookies and similar technologies as described in the Tracking and Advertising Choices section below. Please note that disabling certain cookies may affect the availability or functionality of parts of the Site or Services. For more information about how we use cookies and similar technologies, please review our Cookie Policy.
Our Site and Services may use web beacons and similar technologies (such as pixel tags) to help us understand usage patterns, measure the effectiveness of content, and support the security and integrity of our systems. These technologies may collect information such as whether a page or email has been accessed and basic device or browser information.
We may also use these technologies in emails we send to determine whether messages have been opened or links have been clicked. Information collected through these technologies is used for operational, security, service-related, advertising, and marketing purposes, including measuring campaign effectiveness and supporting ad retargeting.
We us Analytic tools such as Google Analytics to help us understand how the Site and Services are used, to improve performance and functionality and measure advertising and marketing effectiveness. These tools collect information such as usage patterns, device and browser information, and IP address and are also used for operational and security purposes. Information about your choices regarding analytics and advertising-related data processing, including how to manage preferences through our cookie preference center or recognized privacy preference signals such as Global Privacy Control (GPC), is described in the Tracking and Advertising Choices section below.
Virtru Email Protection for Gmail uses Google APIs according to the Google API Services User Data Policy. More information can be found here.
We may receive information about you from other sources, for example, publicly available databases, marketing partners, social media platforms and other outside sources.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
The Site and Services are not directed to and we do not knowingly collect Personal Information from individuals under the age of thirteen (13) or market to such individuals. We request that these individuals not provide Personal Information through the Site or Services. By using the Site and Services, you represent that you are at least 13 or that you are the parent or guardian of such minor and consent to such minor dependent’s use of the Site and Services.
We only process or use information, including Personal Information, when we believe it is necessary and we have a valid legal reason to do so under applicable law, with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill legitimate business interests. In particular for the following purposes:
To respond to your inquiries and fulfill your requests, such as to send you email updates you have requested or information regarding the Services, changes to our terms, policies or other administrative announcements, when necessary to manage our contractual relationship with you, to comply with a legal obligation, or based on our legitimate interests.
To send you communications regarding additional services that may be of interest to you, when you have given consent or based on our legitimate interests.
To process your payments, provide you with the products or services you have purchased, communicate with you regarding your purchase and provide you with related customer service, when necessary to manage our contractual relationship with you, to comply with a legal obligation, or based on our legitimate interests.
To administer the Site and Services, including performing security analyses to verify that the Services are working properly and have not been compromised, based on our legitimate interests.
To contact you or another authorized user in connection with providing the Services (including, but not limited to, enforcing the Key Access Policies, verification of users of the Company’s Services or visitors to the Company’s Site, or in connection with a feature of the Services such as two-factor authentication).
For our internal business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our services, identifying usage trends and determining the effectiveness of our promotional campaigns, when necessary to manage our contractual relationship with you, to comply with a legal obligation, or based on our legitimate interests.
Any other purpose when in de-identified or aggregate form, e.g., to calculate the percentage of our users who have a particular telephone area code.
Where we need to collect Personal Information by law or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the Services, but we will notify you before doing so.
If you wish to have more information regarding the legitimate interests we rely on, please contact us in accordance with the “Contacting Us” section below.
VIRTRU DOES NOT SELL YOUR PERSONAL INFORMATION.
To our affiliates.
To our third-party service providers to facilitate services they provide to us. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
As required to comply with applicable law and regulations and to cooperate with public and governmental authorities (this can include laws and authorities outside your country of residence), including law enforcement. We will handle any government requests for encryption keys in accordance with our Frequently Asked Questions on Government Surveillance.
If necessary, to enforce obligations under our terms and conditions and when it is reasonably necessary to protect the rights, property or safety of you, our other users, Virtru or the public.
To third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquirer and its advisors.
In other circumstances when we tell you and you consent to the disclosure. Without restriction when in de-identified or aggregate form.
This Privacy Policy does not apply to information collected by any third party through any website, application, or content that may link to or be accessible from the Site and operated independently of Virtru. The inclusion of a link on the Site does not imply endorsement of the linked site by us or by our affiliates.
We use reasonable administrative, technical, and organizational measures designed to protect personal information under our control. We also require third-party service providers that have access to personal information to implement reasonable safeguards to protect the confidentiality and security of the information they process on our behalf. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, such as if you believe the security of an account has been compromised, please notify us immediately using the contact information provided in the Contact Us section below.
We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements, and as otherwise permitted or required by applicable law.
The criteria used to determine our retention periods include:
the duration of our relationship with you and whether you maintain an account or otherwise use the Services;
whether we are subject to a legal or regulatory obligation to retain the information; and
whether retention is necessary or appropriate in light of our legal position, such as applicable statutes of limitations, litigation, or regulatory inquiries.
Customer Content processed through the Services is retained in accordance with applicable agreements and customer instructions.
Virtru is headquartered in the United States, and personal information processed in connection with the Services may be transferred to, stored in, or accessed from countries other than the country in which it was originally collected, including the United States. These countries may have data protection laws that differ from those of your jurisdiction.
Where required by applicable law, Virtru relies on appropriate transfer mechanisms to safeguard personal information when it is transferred across borders. These mechanisms may include adequacy decisions issued by relevant authorities, the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and other lawful transfer mechanisms, together with appropriate supplementary measures.
In limited circumstances, personal information may be subject to access by courts, law enforcement, regulatory authorities, or security agencies in accordance with applicable law.
You may contact us in accordance with the “Contacting Us” section below to obtain a copy of the safeguards we use to transfer Personal Information for international data transfers.
Opt-out of direct marketing: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by following the “unsubscribe” instructions in the next email you receive from us. Note that you may not opt out of receiving some administrative announcements (such as changes to our policies). Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.
Withdrawing Your Consent: If we are relying on your consent to process your personal information, you can withdraw your consent at any time by contacting us at info@virtru.com.
Virtru does not sell personal information. You can control the use of cookies and similar tracking technologies through our cookie preference center, your browser settings, and, where applicable, recognized privacy preference signals such as Global Privacy Control (GPC).
In the European Economic Area, we rely on your consent for non-essential cookies and similar tracking technologies, which you may withdraw at any time through our cookie preference tools.
In the United States, you may opt out of certain advertising and analytics-related data processing, including ad retargeting, through our cookie preference center or as otherwise permitted by applicable law.
Depending on your state of residence, you may have certain rights regarding your personal information, subject to applicable law. These rights may include the right to:
Know the categories and specific pieces of personal information we have collected, used, disclosed, and shared about you;
Access personal information we process about you;
Correct inaccuracies in your personal information;
Delete personal information, subject to legal and contractual restrictions;
Obtain a copy of your personal information in a portable format;
Opt out of the sale or sharing of personal information, where applicable under law; and
Limit the use and disclosure of sensitive personal information, where required by law.
To make a request, please call us at 1 (855) 892-7499, email us at privacy@virtru.com, or visit https://support.virtru.com. To verify your identity, we will generally ask you to provide certain information that we already maintain in our records. Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information.
To make a request on your behalf, an authorized agent may contact us by email with proof of your written and signed permission.
If we decline to take action on a request, you may have the right to appeal our decision by contacting us using the information provided below. Virtru will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under applicable laws.
If you are located in the European Economic Area, you have certain rights under applicable data protection law, subject to legal limitations. These rights include the right to:
Request access to your Personal Information
Request rectification of your Personal Information
Request erasure of your Personal Information
Restrict or object to the processing of your Personal Information
Receive and transfer your Personal Information (data portability)
Lodge a complaint with a supervisory authority
Where processing your Personal Information is based on consent, withdraw your consent at any time without affecting the lawfulness of the processing of Personal Information that occurred before you withdraw consent.
To make a request, please email us at privacy@virtru.com.
If you have any questions about this Privacy Policy, please contact us by email at privacy@virtru.com, or please write to the following address: 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 . If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority.
Contact us to learn more about our partnership opportunities.