Last updated: March 2021
- The website privowny.app
- The website account.privowny.app
- The Privowny App Browser Extension
- The Privowny App mobile applications (together, the “Product”)
This Policy applies together with our Terms & Conditions, (“T&Cs”), which govern any access to and use of our Product.
Privowny App is a suite of data protection and management modules, including (together, the “Service(s)”):
- A Password Manager
- A Tracker Manager
- An Alias Manager
- A Data Manager
- A Dashboard
This Policy is governed by the European and French legislations on personal data protection, including the following legislations and any future updates and revisions thereto (altogether “Data Protection Laws”):
- Regulation (EU) 2016/679 of April 27, 2016 (the “GDPR”)
- Directive 2002/58 of July 12, 2002 (“ePrivacy”), as modified in 2009
- French Data Protection Act no. 78-17 of January 6, 1978 as modified by the French act n°2018-493 of June 20, 2018
For the purpose of this Policy, the terms “personal data”, “process”, “data processor”, “data controller”, and “data protection authority” shall have the meaning defined in Article 4 of the GDPR. Pursuant to the GDPR, Privowny Group is the data controller with respect to any personal data collected and processed as part of provided Services or in connection with our Product.
Personal Data we collect
Pursuant to this Policy and for the purposes specified below, we collect the following personal data for the creation of an Account:
- Your display name
- Your email address
- Your country of residence (and state when applicable)
Pursuant to this Policy and for the purposes specified below, Privowny Group’s Product may collect the following personal data when you use the Product:
- Your passwords
- Your email aliases
- The data you authorize the Product to collect while browsing online or using your phone (for example, but not limited to, your browsing history)
- The data you added manually in your Data Manager
- Your “Digital footprint” generated from data you authorize the Product to collect while browsing online
We may also collect technical data relating to your use of the Product, notably including the following:
- IP address
- User Agent
- Activity logs on our website
- The category of devices you are using (example: Android phone, iOS phone or browser extension)
The personal data may be collected by using electronic or hard form media, via the Product, when Users contact us (by telephone, email, post, etc.), or any other means.
The personal data that we collect comes from your usage of the product and your browsing activity.
Why and on which basis do we collect personal data?
Privowny Group collects, uses, and stores your personal data on different bases of processing.
Privowny processes some of your personal data on the basis of contract:
- to provide the User with the Services of our Product
- to improve and ensure the security of our Product
- to provide Users with information and services that they request from us
- to comply with our legal obligations
Privowny processes some of your personal data on the basis of Privowny’s legitimate interest:
- to conduct our business functions and activities (including the use of this Platform by our prospects)
- to improve and customize our Product
Privowny Group may also collect, use, and store more personal information on the basis of your consent, for example through direct marketing and other communications related to our business, products, and services.
We store your personal data for as long as necessary to provide you with the Services you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing the agreements to which Privowny Group is a party.
Please note that Privowny Group is required by Applicable Law and/or regulations to retain some types of information for certain periods of time (e.g. statute of limitations). If your personal data is no longer necessary with respect to the purposes for which it was processed and stored and Privowny Group has no legal obligation to retain it, we will erase it from our systems and destroy all record of it.
|Relevant Personal Information||Retention Period|
|Contact Data (the email address used for creating your Privowny App account)||5 years from the last time it was used (either account deletion or last direct contact)|
|Data related to requests you might make directly (eg. to access or rectify data, to oppose data processing, emails to dpo[at]privowny.com, etc.)||3 years from your request|
|Data related to our Services (your Account information, the data stored in the Managers, and your exchanges with our customer support)||Data is stored as long as you use the Services. When you delete your account, all data is removed from our systems within at most 1 month. When you delete specific data (eg. when you delete an account from your Password Manager), it is removed from our systems within at most 10 days|
How do we collect personal information?
We collect personal information using a variety of supports in connection with the Product, as described below.
The websites privowny.app and account.privowny.app
We automatically collect your IP address for audience analytics when you access the websites privowny.app and account.privowny.app.
The Privowny App Browser Extension
When you download and install the Privowny App Browser Extension, we collect your IP address and activity logs.
When you create an Account, you provide us with mandatory information that is necessary for the purpose of creating and securing your Account, which we need to store. These include your email address, which should be valid, and your Privowny Account Password. However, please note that we do not store the Master Key, which is necessary to decrypt all your encrypted data. We therefore have no access to your encrypted data and can’t put it at risk.
Cookies and trackers
Privowny uses trackers which aim to track your use of the Product. Our goal is to verify that your use of the Product is optimal and to be able to improve the Product. We do not use these trackers to send you advertising.
Privowny uses a tool called “Countly” for its usage statistics. All data is hosted by Privowny, Countly does not have access to personal statistical data. This tool uses “localStorage"rather than cookies when it can (i.e., when you use the default options of the majority of internet browsers).
LocalStorage has the same function as cookies (storing connection / activity information), but does not use the same technical tools. As the name suggests, the content of localStorage can be read on the client side (i.e., on your browser) while the content of cookies can be read on the server side. LocalStorage has no information retention period, it depends on your browser settings or on the “clear cache” action.
On the Privowny’s websites
To establish these usage statistics, Countly will deposit localStorage or cookies that collect your IP address, deprecated to keep only your city, as well as the device and the browser you use.
Privowny does not share this information with third parties. Our trackers are only enabled on our websites (i.e., our Countly trackers do not follow you on other websites).
On the mobile apps and browser extensions
In addition, we generate a Countly ID, i.e., an identification number, with the Countly tool. This Countly ID is created when your Account is created and you are logged in. This Countly ID is used to check if you are active with our Services and to detect possible problems with your use. It is also used to communicate in a targeted manner with our users without disclosing their personal information to third-party services (for example, to receive “push notifications” if you have given your consent). If you are logged out, Countly only has your “Device ID,” which allows us to see that a device has downloaded the Privowny App application or extension, but is not active.
Transfer of your personal data outside of the EU/EEA
A Transfer may occur if our processors are located outside of the EU/EEA, if we outsource certain activities outside of the EU/EEA, or if your use of the Product has a connection with a country located outside of the EU/EEA (e.g., when you access and use the Services from a country located outside of the EU/EEA).
Where required by Data Protection Laws, we take steps in order to ensure any transfer is performed in compliance with the appropriate organizational and technical means (including for instance the EU Commission’s model clauses for data transfers or the European Commission’s adequacy decision).
Sharing of your personal data
Privowny Group protects your privacy. As a result, we do not sell, rent, or otherwise share any of your personal data with third parties for advertising or commercial purposes. We only disclose your personal data to third-parties (data processors) that provide services to us, or to other third parties where expressly instructed by you, as the case may be.
In this respect, we only use carefully vetted third-party processors, located inside or outside of the European Union, to provide us with certain services. Each and every one of our third-party data processors is bound to comply with the GDPR, in particular with respect to data security and confidentiality, and only process your personal data on our behalf, and under our instructions in order to offer the contracted services to Privowny Group.
Please find below the list of the third parties we are working with:
|Third Party||Purpose of the processing||Personal Data collected||Contact|
|Amazon Simple Email Service||Sending emails to Privowny Users. Forwarding your alias emails.||Email, display name||Data Protection Officer Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg|
|Amazon Web Services (“AWS”)||Hosting our Product||All the content on your Account||Data Protection Officer Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg|
|Datadog||Hosting of our logs||All logs, which may contain personal data such as your IP address, an identifying number, your email and your pseudonym on Privowny Appemail@example.com|
|Mailchimp||Inviting you by email to join the Servicefirstname.lastname@example.org|
|One Signal||Notifications about your account (security, latest versions update requirements)||Your use of the product (last active session, device and browser you are using), location, email address, account and device email@example.com|
|SurveyMonkey||Surveys—if you specifically agreed to it||Email, name, age, nationality, and your answers to surveys||SurveyMonkey Inc. 1 Curiosity Way San Mateo, California 94403 United States firstname.lastname@example.org and/or SurveyMonkey Europe UC2 Shelbourne Buildings, Second Floor, Shelbourne Rd Ballsbridge Dublin 4, Ireland email@example.com|
|Zendesk||Customer support and Help Center||Email, display name, and any information you provide or that you specifically agreed to (for example your navigation history)||firstname.lastname@example.org|
When you use the Services, all types of data collected by Privowny Group, including the data you choose to manually enter and store in your Account, is stored on Privowny’s Product with Amazon Web Services, our hosting service providers, in the European Union. We may also share your non-encrypted personal data with official authorities and government bodies, but only when and where required to do so by Applicable Law. In such event, we endeavour to only disclose the necessary information to comply with our obligations under Applicable Law.
Under Data Protection Laws, you have rights that apply to your personal data, including the right to access, rectify, erase, restrict or object to data processing, or have the personal data that we hold about you ported to another data controller or service provider.
Access and Rectification
You may at any time access and receive a copy of the personal data contained in your Browser Extension or your mobile applications through the Product using the “Export data” functionality. This feature is always available to you at any time, by logging into your Account. Please go on “My Account” (on a computer or Android device) or your application’s Settings (on iOS) to have more information about this feature.
Under certain circumstances provided by Data Protection Laws, we may deny you such access. If we refuse your request to access your personal information, we will provide you with reasons for the refusal where we are required by Data Protection Laws to disclose those reasons.
You can also correct your personal data directly by logging in to your Account and updating or editing your data at any time.
Privowny Group endeavors to ensure that any personal information we collect and hold is accurate, complete, and up-to-date. In this respect, you undertake to provide us with true, accurate, current, and complete information about yourself as requested.
Please inform us of any change that applies to the personal data you provided us by editing your Account information in the “My Account” page if you believe that the personal information is inaccurate or incomplete.
You can delete the data you have stored on your Account whenever you want, free of charge. To delete your account, please go to your “My Account” page. You can delete specific pieces of data (for example an account from your Password Manager) directly from the Manager in which it is stored. Deleting your data within your Privowny account won’t delete the data in the websites where the data comes from.
You have the right to request a copy of your personal data and/or to request their portability to another data controller or service provider of your choice. Please note that such a request may be limited to only Personal Information that you have provided to us or that we hold at any given time and subject to any legal requirements and exemptions, including identity verification procedures.
You can always export your personal data and download it from your Account. Go to your “My Account” page (on a computer or Android device) or your application’s Settings (on iOS) to obtain more information on this feature.
Security and confidentiality
Privowny Group values your privacy and endeavors to warrant the security and confidentiality of any information you may provide us with or any data we collect in the course of providing you with our Services. Consequently, we have implemented appropriate technical and organizational measures to ensure that any personal data we hold, whether in hard copy or on our computer systems, remains protected at any time against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
In particular, Privowny Group uses state-of-the-art technologies and techniques in order to safeguard your personal data, including asymetric RSA encryption, Firewalls, and VPNs.
By default, all passwords collected by the system are encrypted, but you can choose to encrypt any other pieces of data. We do not and cannot have access to encrypted information you store on your Account as we do not have access to your Master Key. Please also note that this means that Privowny Group’s staff cannot decrypt any encrypted data.
If you have questions or concerns about our Policy or the way Privowny Group handles personal data, please contact us via the “Contact Us” page in “My Account”, by going on our “Contact page” on our website privowny.app, by emailing our Data Protection Officer at dpo[at]privowny.com, by calling our Data Protection Officer on +33 7 56 82 45 50 or by sending us a letter at Privowny France SAS, Parc du Golf Bat 20/Safran, 350 avenue JRGG de la Lauzière, 13290 Aix-en-Provence, France.
In case of a dispute, you, or an association you designated for this purpose, as provided by Data Protection Laws, have the right to lodge a complaint to a competent data protection authority such as the French Data protection agency (CNIL - www.cnil.fr).
A complete list of all the European Data Protection Authorities and how to contact them is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Notice to California consumers
Under the California Consumer Privacy Act of 2018 (“CCPA”), all California consumers have the following rights towards their personal information:
- right to notice
- right to access
- right to request deletion
- right to opt-out
- right to equal services and prices
The “right to equal services and prices” prohibits businesses from discriminating against consumers who exercise their CCPA rights. Today, our services are free.