Thanks for entrusting Enceeper with your personal information. Holding onto your private information is a serious responsibility, and we want you to know how we're handling it.
We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes. We comply with the EU-US and Swiss-US Privacy Shield Frameworks and we are compliant with the General Data Protection Regulation (GDPR). No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.
Of course, the short version doesn't tell you everything, so please read on for more details!
This policy applies to all information collected or submitted during the use of Enceeper's website, the Enceeper Service and our applications.
"User Personal Information" is any personal information about one of our users which could, alone or together with other information, personally identify them. Information such as an email address are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
"Technical Information" may include information we collect from website browsers, such as web server logs, or other log information, such as User session or activity logs. Technical Information may be connected to User Personal Information such as an email address, or to other potentially personally-identifying information like Internet Protocol (IP) addresses.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, analyze, improve, and optimize our website and service.
If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs, to collect Technical Information. This is stuff we collect from everybody, whether they have an account or not. The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
We collect Technical Information to better understand how our website visitors use Enceeper, and to monitor and protect the security of the website.
When creating an account, you will be asked to enter a valid email address and password (master password). Email addresses are used during registration and authentication and for receiving occasional updates or notifications. These updates include, but are not limited to, account activation and payment receipts. The notifications include, but are not limited to, password sharing and scheduled maintenance. We do not send promotional emails.
We store two kinds of user information: Sensitive Data and Personal Data.
Sensitive Data: is data we are not capable of decrypting under any circumstance and is used for backup and data synchronisation purposes. This data is encrypted using cryptographic keys that only you possess. We never receive copies of unencrypted Sensitive Data.
Personal Data: is data generated by using the applications, your account, and processing your payments. We retain the minimum amount of Personal Data to operate our services. Personal Data is kept confidential. It is visible to our staff and includes, but is not limited to, email address, billing information, server logs, client IP address, and stats on application usage.
We use the information we collect to operate and improve our website, applications, and provide customer support. We do not share personal information with outside parties, except to provide specific services.
Any information you choose to send us through email or our customer support system, may pass through and be stored on a variety of intermediate services.
Under certain international laws (including GDPR), Enceeper is required to notify you about the legal basis on which we process User Personal Information. Enceeper processes User Personal Information on the following legal bases:
If you would like to request erasure of data we process on the basis of consent or object to our processing of personal information, please contact us.
All of your data are held by third party data processors, who provide us with hosting and other infrastructure services.
|DigitalOcean||Cloud infrastructure hosting|
|Mailgun||Transactional email service|
|Paypal||Credit card payment processing|
|Google Analytics||Website analytics and performance|
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Enceeper does not request or intentionally collect any other sensitive personal information, we realize that you might store this kind of information in your account. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data. On top of that your sensitive data are end-to-end ecnrypted making it impossible for us to view the data you store.
If you're under the age of 16, you may not have an account on Enceeper without the consent or authorization of your parents or legal custodian. If we learn or have reason to suspect that you are a user who is under the age of 16 without the appropriate consent, we will unfortunately have to close your account. We don't want to discourage you from being secure online, but those are the rules. Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use Enceeper without obtaining your parents' or legal guardians' consent.
We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf. Additionally, you may indicate, through your actions on Enceeper, that you are willing to share your User Personal Information. For example, if you share one of your passwords with another user of the Enceeper Service.
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.
We do not host advertising on Enceeper. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show.
We do not disclose User Personal Information outside Enceeper, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use Enceeper, or how our users respond to paid plan offerings. For example, we may compile statistics on the usage of our services, API usage and the active users on the platform. However, we do not sell this information to advertisers or marketers.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors under EU-US and Swiss-US Privacy Shield Frameworks, we remain responsible for it. While Enceeper processes all User Personal Information in the European Union, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see above our Subprocessors.
We do share aggregated, non-personally identifying information with third parties. For example, in the event of a security incident, we may share the number of times a particular record was accessed.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.
When you create an Enceeper account you create a password. For your protection, you should create a strong and unique password to ensure that it is not easily guessed. You should also keep a copy in a safe place because future access to your Sensitive Data depends on your password.
We will never ask you for your password at any time and you should never send it to us. Even the authentication procedure to access your account never reveals your password to us, but it is used in a proof-of-knowledge protocol.
All information is encrypted locally in your device using end-to-end encryption before being transmitted, so you must make sure that the environment your operate the Enceeper App is safe.
You have the right to know what we know about you and to understand how that data is handled. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
If you're already an Enceeper user, you may access, update, alter, or delete any information we have about you by using the Enceeper App.
Generally, Enceeper will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you would like to cancel your account or delete your User Personal Information, you may do so inside the Enceeper App. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 30 days. Once your account is deleted, it cannot be recovered.
Disaster recovery and data availability requirements mean that Enceeper has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
We use a number of third party analytics and service providers to help us evaluate our users' use of Enceeper; compile statistical reports on activity; and improve our content and website performance. In addition, we use our own internal analytics software to provide features and improve our content and performance.
Enceeper takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
Enceeper enforces a written security information program. Our program:
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay. If the confidentiality of customer data is breached, we will publicly disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we will inform the applicable supervisory authorities as required by law and regulation.
Transmission of data on Enceeper is encrypted using SSH, HTTPS, SSL/TLS, and end-to-end encryption. The Enceeper App encrypts all information locally and then is transmitted over the network. This also means that all your Sensitive Data are encrypted at rest.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
We store and process the information that we collect in the European Union in accordance with this Privacy Statement (our subprocessors may store and process data outside the European Union). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the European Union does not have the same privacy framework as other countries'.
We provide a high standard of privacy protection — as described in this Privacy Statement — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts.
Enceeper complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, regarding the collection, use, and retention of User Personal Information transferred from/to the European Union, the UK, and Switzerland to/from the United States.
We will use your email address to communicate with you. For example, if you contact our Support team with a request, we will respond to you via email.
Enceeper may occasionally send notification emails about new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, in accordance with applicable laws and regulations. There's an unsubscribe link located at the bottom of each of the marketing emails we send you. Please note that you can not opt out of receiving important communications from us, such as emails from our Support team or system emails.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
Enceeper may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, Enceeper strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
If you have questions regarding Enceeper's Privacy Statement or information practices, please feel free to contact us.