- We do not own the personal data that you leave on your Privowny App account.
- We do not sell your data.
- You can encrypt your personal data
- We do not store your Master Key used to encrypt your data.
Last updated: November 2019
- The website privowny.app
- The website account.privowny.app
- The Privowny App Browser Extension
- The Privowny App mobile applications (together, the “Product”)
This Policy applies together with our Terms & Conditions (“T&Cs”), which govern any access to and use of our Product.
Privowny App is a suite of data protection and management modules, including (together, the “Service(s)”):
- A Password Manager
- A Tracker Manager
- An Alias Manager
- A Data Manager
- A Dashboard
This Policy is governed by the European and French legislations on personal data protection, including the following legislations and any future updates and revisions thereto (altogether, “Data Protection Laws”):
- Regulation (EU) 2016/679 of April 27, 2016 (the “GDPR”)
- Directive 2002/58 of July 12, 2002 (“ePrivacy”), as modified in 2009
- French Data Protection Act No. 78-17 of January 6, 1978, as modified by the French act n°2018-493 of June 20, 2018
For the purpose of this Policy, the terms “personal data”, “process”, “data processor”, “data controller”, and “data protection authority” shall have the meaning defined in Article 4 of the GDPR. Pursuant to the GDPR, Privowny Group is the data controller with respect to any personal data collected and processed as part of provided Services or in connection with our Product.
Personal Data we collect
Pursuant to this Policy and for the purposes specified below, we collect the following personal data for the creation of an Account:
- Your display name
- Your email address
- Your country of residence (and state when applicable)
Pursuant to this Policy and for the purposes specified below, Privowny Group’s Product may collect the following personal data when you use the Product:
- Your passwords
- Your email aliases
- The data you authorize the Product to collect while browsing online or using your phone (for example, but not limited to, your browsing history)
- The data you added manually in your Data Manager
- Your “Digital footprint” generated from data you authorize the Product to collect while browsing online
We may also collect technical data relating to your use of the Product, notably including the following:
- IP address
- User Agent
- Activity logs on our website
- The category of devices you are using (example: Android phone, iOS phone or browser extension)
The personal data may be collected by using electronic or hard form media, via the Product, when Users contact us (by telephone, email, post, etc.), or any other means.
The personal data that we collect comes from your usage of the product and your browsing activity.
Why and on which basis do we collect personal data?
The data is collected on the basis of this contract for the following purposes:
- Provide the User with the Services of our Product
- Conduct our business functions and activities (including the use of this Platform by our prospects)
- Improve and ensure the security of our Product
- Improve and customize our Product
- Provide Users with information and services that they request from us
- Comply with our legal obligations
Privowny Group may also collect, use, and store more personal information on the basis of your consent, for example through direct marketing and other communications related to our business, products, and services.
We store your personal data for as long as necessary to provide you with the Services you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing the agreements to which Privowny Group is a party.
Please note that Privowny Group is required by Applicable Law and/or regulations to retain some types of information for certain periods of time (e.g., statute of limitations). If your personal data is no longer necessary with respect to the purposes for which it was processed and stored and Privowny Group has no legal obligation to retain it, we will erase it from our systems and destroy all record of it.
|Relevant Personal Information||Retention period|
|Contact Data (the email address used for creating your Privowny App account)||5 years from the last time it was used (either account deletion or last direct contact)|
|Data related to requests you might make directly (e.g., to access or rectify data, to oppose data processing, emails to dpo[at]privowny.com, etc.)||3 years from your request|
|Data related to our Services (your Account information, the data stored in the Managers, and your exchanges with our customer support)||Data is stored as long as you use the Services. When you delete your account, all data is removed from our systems within at most 1 month. When you delete specific data (e.g., when you delete an account from your Password Manager), it is removed from our systems within at most 10 days|
How do we collect personal information?
We collect personal information using a variety of supports in connection with the Product, as described below.
The websites privowny.app and account.privowny.app
We automatically collect your IP address for audience analytics when you access the websites privowny.app and account.privowny.app.
The Privowny App Browser Extension
When you download and install the Privowny App Browser Extension, we collect your IP address and activity logs.
When you create an Account, you provide us with mandatory information that is necessary for the purpose of creating and securing your Account, which we need to store. These include your email address, which should be valid, and your Privowny Account Password. However, please note that we do not store the Master Key, which is necessary to decrypt all your encrypted data. We therefore have no access to your encrypted data and can’t put it at risk.
Privowny Group uses session cookies, i.e., cookies that generate a specific security token when you send an email.
Session cookies are deleted as soon as the User closes their web browser. Session cookies do not collect information from the User’s computer.
Privowny uses two cookies. They are only generated if you come from a specific link (a press campaign for example) and they are hosted internally (cly_cmp_id & cly_cmp_uid). Their purpose is to determine how users who end up on privowny.app got there. Countly is our statistic tool.
These two cookies have a lifetime of one month and never collect information from the User’s computer. You have the right to object to the use of these two cookies and can do so by clicking on “I decline”.
Transfer of your personal data outside of the EU/EEA
A Transfer may occur if our processors are located outside of the EU/EEA, if we outsource certain activities outside of the EU/EEA, or if your use of the Product has a connection with a country located outside of the EU/EEA (e.g., when you access and use the Services from a country located outside of the EU/EEA).
Where required by Data Protection Laws, we take steps in order to ensure any transfer is performed in compliance with the appropriate organizational and technical means (including for instance the EU Commission’s model clauses for data transfers or the European Commission’s adequacy decision).
Sharing of your personal data
Privowny Group protects your privacy. As a result, we do not sell, rent, or otherwise share any of your personal data with third parties for advertising or commercial purposes. We only disclose your personal data to third parties that provide services to us, or to other third parties where expressly instructed by you, as the case may be.
In this respect, we only use carefully vetted third-party processors, located inside or outside of the European Union, to provide us with certain services. Each and every one of our third-party data processors is bound to comply with the GDPR, in particular with respect to data security and confidentiality, and only process your personal data on our behalf, and under our instructions in order to offer the contracted services to Privowny Group.
Please find below the list of the third parties we are working with:
|Third Party||Purpose of the processing||Personal Data collected||Contact|
|Android OS (only for Android Users who use the fingerprint through the Keystore technology)||Using the fingerprint on your Android device||Your fingerprint connected to your Master Key||Android is a part of Google company and the Alphabet group.
For the EU/EEE:
Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Irlande
For countries outside the EU/EEE:
Googleplex, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, États-Unis.
|Amazon Simple Email Service||Sending emails to Privowny Users. Forwarding your alias emails.||Email, display name||Data Protection Officer Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg|
|Amazon Web Services (“AWS”)||Hosting our Product||All the content on your Account||Data Protection Officer Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg|
|Apple OS (only for the iOS users who use Face ID or Touch ID through the Keychain technology)||Using the Face ID or Touch ID authentication on your iOS device||Your biometric authentication connected to your Master Key||Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. Apple has a privacy inquiry platform, depending on your location: https://www.apple.com/legal/privacy/contact/|
|Mailchimp||Inviting you by email to join the Servicefirstname.lastname@example.org|
|One Signal||Notifications about your account (security, latest versions update requirements)||Your use of the product (last active session, device and browser you are using), location, email address, account and device email@example.com|
|SurveyMonkey||Surveys—if you specifically agreed to it||Email, name, age, nationality, and your answers to surveys||SurveyMonkey Inc.
1 Curiosity Way San Mateo,
California 94403 United States **firstname.lastname@example.org**
UC2 Shelbourne Buildings, Second Floor, Shelbourne Rd
Ballsbridge Dublin 4, Ireland
|TestFlight (integrated to Apple Connect) only for iOS users||Using the beta version of our App, which is not published on the Apple Store||https://www.apple.com/legal/privacy/contact/|
|Zendesk||Customer support and Help Center||Email, display name, and any information you provide or that you specifically agreed to (for example your navigation history)||email@example.com|
When you use the Services, all types of data collected by Privowny Group, including the data you choose to manually enter and store in your Account, is stored on Privowny’s Product with Amazon Web Services, our hosting service providers, in the European Union. We may also share your non-encrypted personal data with official authorities and government bodies, but only when and where required to do so by Applicable Law. In such event, we endeavor to only disclose the necessary information to comply with our obligations under Applicable Law.
Under Data Protection Laws, you have rights that apply to your personal data, including the right to access, rectify, erase, restrict or object to data processing, or have the personal data that we hold about you ported to another data controller or service provider.
Access and Rectification
You can access and receive a copy of the personal data that we hold about you at any time via the Product using the “Export Data” feature on your computer. This feature is always available to you at any time, from any computer by logging into your Account. Please go on “My Account” to have more information about this feature.
Under certain circumstances provided by Data Protection Laws, we may deny you such access. If we refuse your request to access your personal information, we will provide you with reasons for the refusal where we are required by Data Protection Laws to disclose those reasons.
You can also correct your personal data directly by logging into your Account and updating or editing your data at any time.
Privowny Group endeavors to ensure that any personal information we collect and hold is accurate, complete, and up to date. In this respect, you undertake to provide us with true, accurate, current, and complete information about yourself as requested.
Please inform us of any change that applies to the personal data you provided us by editing your Account information in the “My Account” page if you believe that the personal information is inaccurate or incomplete.
You can delete the data you have stored on your Account whenever you want, free of charge. To delete your account, please go on “My Account” on your computer. You can delete specific pieces of data (for example an account from your Password Manager) directly from the Manager in which it is stored. Deleting your data within your Privowny account won’t delete the data in the websites where the data comes from.
You have the right to ask for a copy of your personal data and/or ask for it to be ported to another data controller or service provider of your choice where the lawful basis for the processing is (i) (a) a contract or (b) your consent and (ii) by automated means. Please note that such a request could be limited to the sole personal information you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.
You can always create an export and download your personal data from your Account. Please go on “My Account” to have more information about this feature.
Security and confidentiality
Privowny Group values your privacy and endeavors to warrant the security and confidentiality of any information you may provide us with or any data we collect in the course of providing you with our Services. Consequently, we have implemented appropriate technical and organizational measures to ensure that any personal data we hold, whether in hard copy or on our computer systems, remains protected at any time against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
In particular, Privowny Group uses state-of-the-art technologies and techniques in order to safeguard your personal data, including asymmetric RSA encryption, Firewalls, and VPNs.
By default, all passwords collected by the system are encrypted, but you can choose to encrypt any other pieces of data. We do not and cannot have access to encrypted information you store on your Account as we do not have access to your Master Key. Please also note that this means that Privowny Group’s staff cannot decrypt any encrypted data.
If you have questions or concerns about our Policy or the way Privowny Group handles personal data, please contact us via the “Contact Us” page in “My Account”, by going on our “Contact page” on our website privowny.app, by emailing our Data Protection Officer at dpo[at]privowny.com, by calling our Data Protection Officer on +33 7 56 82 45 50 or by sending us a letter at Privowny France SAS, Parc du Golf Bat 20/Safran, 350 avenue JRGG de la Lauzière, 13290 Aix-en-Provence, France.
In case of a dispute, you, or an association you designated for this purpose, as provided by Data Protection Laws, have the right to lodge a complaint to a competent data protection authority such as the French Data protection Agency (CNIL—www.cnil.fr).
A complete list of all the European Data Protection Authorities and how to contact them is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Notice to California consumers
Under the California Consumer Privacy Act of 2018 (“CCPA”), all California consumers have the following rights towards their personal information:
- right to notice
- right to access
- right to request deletion
- right to opt out
- right to equal services and prices
The “right to equal services and prices” prohibits businesses from discriminating against consumers who exercise their CCPA rights. Today, our services are free.