Policy as of 6 May 2020.

Our business is your privacy, not your personal information.

For us, this means that we aim to know as little about you as we need to to run this service.

On this page we explain what information we collect and do not collect. We also explain what you can do to exercise your rights.

Table of Contents

• Who We Are
• Information We Collect and How We Use It
• How Your Information May Be Disclosed
• Data Security
• Your Right to Control and Access Your Information
• CalOPPA STATEMENT
• COPPA DISCLOSURE - About Children’s Online Privacy
• Relationship Termination
• Changes to This Policy
• Contact

### Who We Are

We are PrivateStorage.io Inc, and this page covers the storage service we offer, our website (https://private.storage and subpages) and our owners (collectively, ‘We,’ ‘Us,’ ‘Data Controller’ or ‘PrivateStorage.io’). We are registered at 5555 DTC Parkway, Suite 360, Greenwood Village, CO 80111, United States.

### Information We Collect and How We Use It

When Using the PrivateStorage Service

When you download the PrivateStorage software, you are provided a capability to give you access to the PrivateStorage service. Please create and save a Recovery Key as we will not have access to it for support purposes.

The data that you sync is stored on our servers. This data is encrypted before it leaves your device. As we do not have your encryption keys, we do not have the ability to decrypt and/or read the data.

In other words: We cannot read your data when it is stored by us.

(Read more about this here: Technology)

In addition, in normal use of PrivateStorage, we do not log anything about your use of the service.

In exceptional circumstances, such as during network interruptions, our server may automatically create an "incident log", which can contain information like file size, and your IP address.** **We do not use this information. At the moment, we keep this information indefinitely.

Visits to the Website

We use an open-source analytics program with a strong privacy focus, called Matomo, to record and analyze visits to our website.

Matomo informs us about how visitors use our website, and in doing so helps to inform us about how we can improve it, as well as about the impact of any marketing effort we may undertake.

While analyzing website visits, Matomo is respectful of privacy in a few different ways. These include:

1. It respects DoNotTrack requests from your browser. You can set this in your browser preferences.

2. It also allows you to manually opt out of having your website visits recorded, by unchecking the box below:

3. It anonymizes IP addresses by two bytes (so, for example, it keeps 91.101.xxx.xxx instead of 91.101.294.41). This way we cannot see from where exactly you are visiting this website.

4. It allows us to set a period after which the raw visits data are automatically deleted, currently set for 180 days.

5. It also allows us to disable tracking cookies, which means that we do not try to connect your current visit to our website to a previous visit.

The information Matomo collects is:

• 2 byte masked IP address (see also: IP anonymization)
• Date and time of the request
• Title of the page being viewed (Page Title)
• URL of the page being viewed (Page URL)
• URL of the page that was viewed prior to the current page (Referrer URL)
• Screen resolution being used
• Time in your timezone
• Files that you clicked on and downloaded (Download)
• Links to an outside domain that you clicked on (Outlink)
• Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by you: Page speed)
• Main Language of your browser (Accept-Language header)
• User Agent of your browser (User-Agent header)

Read more about Matomo and their privacy policy here: https://matomo.org/docs/privacy/

Payments to PrivateStorage

When you buy PrivateStorage Credits, your payment information gets sent to our payment provider Stripe to process the payment.

This information includes payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, your name, billing address, your IP address, operating system, browser and device. In some cases, Stripe uses your transaction history to authenticate you.

Although we do not store this information and do not want to be able to access it, Stripe provides us access to it through their administrative interface. At the moment, Stripe does not offer us a way to disable such access.

In addition, Stripe may collect personal information about you from other sources. For more details, see Stripe’s Privacy Policy.

On our side, we record the voucher number used to generate the payment, the Stripe token, currency, amount, and when a transaction took place (date and time). We use this information for business accounting and administration purposes. We retain this information indefinitely. We cannot link this information to individuals spending their PrivateStorageCredits.

Support Requests

When you contact Support through the website, we will keep your email address and message(s) until 7 days after the closure of the issue. After 7 days, the closed issue and the corresponding email address will be erased from our system.

Website Contacts

The PrivateStorage.io website includes information that enables you to contact us via email. If you contact us by email, any personal information that you send us is automatically stored. We use such personal information sent voluntarily for the purpose of processing the email or to contact you. We do not transfer this personal information to any third parties whatsoever.

### How Your Information May Be Disclosed

We may share your personal information in limited circumstances as listed below. PrivateStorage.io never sells your information or shares it with third-party advertisers.

But overall: We cannot provide information that we do not have (see Information we collect and how we use it).

Legal requests

We may disclose information that we do have, if we believe it is reasonably necessary to comply with a law, regulation, or valid legal process. Our legal representation scrutinizes each and every legal request that we receive for compliance with both the "spirit" and letter of the law. For invalid or overly broad subpoenas, we will question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option we will provide you with an opportunity to object to any requested disclosures. PrivateStorage.io will not participate with any request that is unconstitutional.

With other users

When you share your unique key with others through PrivateStorage.io, any and all information stored with that key will be accessible to these other people.

Aggregate information

We may disclose aggregate, non-identifying information about how our users use PrivateStorage.io products. For example, we may disclose the total amount of PrivateStorage Credits sold, or the total amount of storage space used.

Sale or merger

If all or part of PrivateStorage.io is sold, merged, or otherwise transferred to another company in the future, your information may be transferred as part of that transaction. If that happens, PrivateStorage.io will take reasonable steps to make sure your information continues to be treated consistently with this privacy policy.

### Data Security

PrivateStorage.io products are designed to have several layers of security.

• We use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to create a secure tunnel to protect data in transit between the PrivateStorage app and servers.
• Files uploaded and stored on PrivateStorage.io servers are encrypted with AES-CTR with a 32 byte secret (key). File metadata is encrypted with 2048 bit RSA.
• We don’t store your keys on our servers in any form. Your keys are only available to you.
• PrivateStorage.io employees do not maintain access to any personal information through policy and technical access controls unless personal information is submitted via email.

While the transmission of data across the internet is never fully secure, we must inform you that we cannot guarantee that unauthorized third-parties will never be able to work around our internal security. PrivateStorage.io is offered to you at your own risk, and you are responsible for taking reasonable measures to secure your key (such as maintaining the confidentiality and integrity of your key).

If you discover or are informed of a vulnerability in PrivateStorage, we would appreciate any report you submit to our Whitehat Program available at https://private.storage/whitehat-program/.

### Your Right to Control and Access Your Information

You have control over your personal information and how it is collected, used, and shared. For example, you have a right to:

• Erase or delete all or some of your data in your PrivateStorage folder.
• Access, Change, or correct personal data. You can review, alter, and manage your personal information by contacting our privacy officer.
• Requests to Delete Personal Information. You can request that we delete any personal information we hold about you. All personal information that we might have is outlined in the sections above. From the moment we receive the request, this process takes up to 30 days to be reflected across all our systems.

### CalOPPA STATEMENT

The State of California requires us to post specific language related to our privacy policy. By default, PrivateStorage.io does not share your private information with any third parties aside from the disclosures already made in this privacy policy. However, if you wish to inquire into how PrivateStorage.io does not share our user's private information with third parties for direct marketing purposes, you may contact: info@private.storage, or PrivateStorage.io Inc, Attn: Legal 5555 DTC Parkway Suite 360, Greenwood Village, CO 80111, United States.

### COPPA DISCLOSURE - About Children’s Online Privacy

The Children’s Online Privacy Protection Act (COPPA) was passed to give parents increased control over what information is collected from their children online and how such information is used. The law applies to websites and services directed to, and which knowingly collect information from children under the age of 13. Our online services are not directed to children under the age of 13, nor is information knowingly collected from them. For additional information on COPPA protections, please see the FTC website at: https://www.consumer.ftc.gov/articles/0031-protecting-your-childs-privacy-online

### Relationship Termination

You can disable your PrivateStorage.io services at any time by not making further payments to purchase PrivateStorage Credits. This means your access to the service will be unavailable if you run out of PrivateStorage Credits, and your stored data will be automatically deleted in the normal course of business without any further notice to you.

### Changes to This Policy

We do not work with accounts, and do not collect your email address as a user of this service or as a visitor to our website. As such, we cannot inform you directly about changes to this privacy policy.

We do commit to publishing all changes to the privacy policy on this page, to maintain an archive of previous privacy policies, and to give at least 14 days advance notice on this page before changes come into effect.

### Contact

PrivateStorage.io values and welcomes questions, concerns, and feedback about our service and this privacy policy. If you have feedback, please send it to info@Private.Storage.