By accessing KRYPT7's website or products (KRYPT7, we, us, our), each user (user, users, you, your, they, them, their, theirs, themselves), registered or not, agrees to this Privacy Policy.

KRYPT7 is an anonymous web service, without direct cookies or share of data.
Each user is the only responsible for the choice to use anonymous information or not, and therefore for all the consequences of this choice.
By extension, users must not provide KRYPT7 any data considered as "sensitive personal data" under the EU Data Protection Directive 95/46/EC and ensure that the means of passing data to KRYPT7, as the data itself, are conformable to the restrictions relating to the transmission or processing of data for the jurisdictions in which they (the users) operate.
KRYPT7 doesn't use cookies, but by exception, you can figure out that 2 cookies are stored in your browser every time you visit KRYPT7:

• "cfduid": this cookie is used directly by CloudFlare, a Content Delivery Network (CDN), caching KRYPT7 to bring it closer to visitors from every region in the world. This cookie, used to identify individual connections behind a shared IP address and apply security settings on a per-connection basis, does not contain sensitive or personally identifiable data. Read more on this cookie.
• "heroku-session-affinity": this cookie is used directly by Heroku, our application servers provider. This cookie, used to determine the most efficient way to balance the load of KRYPT7 between all users, does not contain sensitive or personally identifiable data. Read more on this cookie.

Those 2 cookies, working only anonymously and strictly to provide a necessary performant service, are not connected in any way to users actions or information.

In order to use our services, you have to provide KRYPT7, and create through it, some data: an email address, a phone number, a username. Those information are strictly proportional to the use of KRYPT7 and mandatory needed to provide users the KRYPT7 services: they can be changed anytime by the user and KRYPT7 doesn't keep their history.
We record the internet protocol (IP) address of each unauthorized access or usage of KRYPT7's website or products.
Your credit card information, necessarily used for the subscription to our services, are processed and stored securely only by our Payment Gateway: Stripe Inc. None of those payment information are even sent through our servers, a fortiori used by them.

All the information processed by KRYPT7 are stored in the Germany, by technical partners (both on application and storage side) certified under the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks.
In addition and according to the KRYPT7 nature, all the user information are strongly encrypted through several concurrent layers:

• by the systematic end-to-end KRYPT7 encryption in the user browser for emails, files, passwords & contacts
• in transit (SSL): from every point of our systems to another, as well as from and to the user browser
• at rest (AES-256): on storage in our databases, as in our storage servers

The user data are continuously backed up in 3 identical replica sets, provisioned across 3 distinct data-centers, ensuring the backups are typically just a few seconds behind the operational system (automatic failover in the event of a failure).

We don't share, sell or rent any data you communicate with KRYPT7. This does not include share of information related to the user with specific third parties, used to provide the necessary technology required to run our services, exclusively in limited cases of:

• Emails, sent or received, only in clear (unencrypted) mode: Wildbit LLC. (PA - USA)
• SMS sent or received: MessageBird B.V. (The Netherlands)
• Payments management: Stripe Inc. (CA - USA)

Please refer to these third parties' respective privacy policies, to understand their engagement in terms of personal information usage.
By exception, we may have to share any information in response to subpoenas, court orders or legal process, after and always under examination of the legal circumstances of each case.

KRYPT7 doesn't have direct marketing practices (designed to reach you personally).
You will never receive emails from us, except in 4 precise cases:

• to welcome you on account creation
• to inform you on storage limit events (reached, increased, decreased) or on payment events (invoice, payment failure, etc.)
• to draw your attention to security-related or privacy-related events in your account
• in response to a question to our support team

We never contact you by phone, except in 2 precise cases:

• by SMS for sending you an authentication code in the signing process
• by SMS to alert you about your actualization - as part of the Monitor service

Each KRYPT7 user can, at anytime, access, rectify, retrieve or delete their personal data:

• Access & Rectification: all users's personal data are accessible and modifiable directly by each user, by signing into their account.
• Deletion: any personal data who can't be deleted directly through the user account is automatically deleted at the account cancelation, in a maximum delay of 48 hours.
• Portability: any personal unencrypted data can be retrieved by the user, simply by asking the support about it, in a maximum delay of one month and strictly after satisfying the KRYPT7 processes to verify the identity of the asker. The data are transmitted only by encrypted emails to the last KRYPT7 email address of the user, in a structured ordinary format of KRYPT7 only choice, readable by automatic systems. For obvious and proportional reasons, the user personal encrypted data can't be accessible as it, in order to protect and preserve the user security as, more generally, the security of all other users. By no means and by design, KRYPT7 doesn't have the possibility to decrypt any user data and will systematically ignore any demand to do so - as any user password transmission, in clear as encrypted, is immediately and definitively deleted by strict KRYPT7 security policy.
• Access postmortem: a user can ask about the access of their data postmortem, simply by asking the support about the processes applied by KRYPT7 in that matter.

KRYPT7 is only tracking, strictly anonymously, two types of non-personal-related events:

• System performances: any performance data, warning, error, general functional information - tracked both client and server side.
• Interactions with the system: any functionality use - tracked only server side.

The purpose of those trackers is only for statistical studies and/or to monitor and improve KRYPT7 operations. In all cases, those trackers are performed without any sensitive or personally identifiable data attachment. Therefore, no personal information or behavior of any kind can be deducted from those tracks - at any step of their creation or conservation. In consequence and by design, KRYPT7 trackers are not personal information.

KRYPT7 reserves the right to review or change this Privacy Policy at anityme: in such a case, all users connected or not will be informed about it.
Continued use of KRYPT7's website or products will be deemed as acceptance of such reviews or changes.

January 1st, 2019