This Privacy Policy (the “Policy” or “Privacy Policy”) describes how Reason Cybersecurity Ltd. (“we”, “our” and “us”) collects, uses and handles your information when you use the website available at: https://mysafepass.io/ (the “Website”) and/or Safe Pass password manager software (the “Software”, and collectively, the “Services”).
This Policy is incorporated into and is subject to the following Terms of Service, available at: https://mysafepass.io/terms-of-service/.
Please note that you are not legally required to provide us with any personal data. In case you disagree with any terms set forth in the Privacy Policy, or you do not wish to provide us with your personal data, or to have it processed by us or any of our service providers, we urge you to stop using the Services immediately.
In the case that you ask us to exercise any of your rights under this Privacy Policy or any applicable law, please note that we may ask you to provide us certain credentials to make sure that you are the person you claim you are, to ask you to provide further information to better understand the nature and scope of information that you request to access, and to avoid disclosure to you of personal information related to others. We will retain such additional information for legal purposes (e.g., as proof of the identity of the person submitting the request).
You cannot provide us any personal information if you are under 16 years of age. We require parental or other guardian consent before we collect any personal information from a person under the age of 16.
WHAT KIND OF INFORMATION WE USE AND COLLECT?
Secure Data:
Information that is stored within the Software’s accounts. The Secure Data is encrypted using secure cryptographic keys that only you have as a customer. We cannot decrypt it in any way, and we have no access to this data. The Secure Data will remain entirely yours and only you will be able to add, modify and delete it at your sole discretion.
SafePass Privacy Policy
Service Data:
Information such as your IP address, billing information, your activity log, number of accounts and number of items on each account, email addresses, your last name or company name, and the name you provide us on your profile creation. We collect this information only for the purpose of providing you with the Software. Therefore, We will only retain the Service Data required for us in order to do so. This data will be visible to Our team (while kept confidential) in order to operate and maintain the Services, troubleshoot problems, provide the information needed to the payment processors We work with, and analyze the demands and performance on Our Software.
Diagnostic Data:
Information which is collected by Us when we help you identify and solve problems with Our Services. This data is not required for operating Our Services and is given by you voluntarily. We use this data to identify the problem with Our Services and solve it for you. The data may contain personally identifying information and sensitive information about your devices and operating environment. In no case We will ask you for the secret password that you use to log into your password vault (the “Master Password”).
Other Data:
· Your contact information (such as your full name, email address):
This information is collected and used to communicate with you and update you on relevant updates and changes on Our Services (you can always choose not to receive any update from Us, but some important messages such as billing notifications and account security alerts are mandatory), and for the purpose of direct marketing and only for those who have opted-in (therefore, you can always choose not to receive our newsletters by clicking the "unsubscribed" link in our newsletters).
· IP address, operating system, user agent and other information about your activities on our Website:
This data is collected through the use of cookies or log entries in order to improve the performance of our Website for your needs and ensuring its security. This data may be collected through the use of cookies (as described below).
HOW DO WE SHARE INFORMATION?
· If we have a good faith belief that disclosure is permitted by law or is reasonably required to: (i) comply with any law, regulation or legal requirement by any court or regulatory or governmental authority, or such other disclosures reasonable required to establish, protect, maintain or exercise our legal rights; or (ii) enforce this Privacy Policy or any agreement between you and us (including, but not limited to, the Terms of Service).
· In the event of an event of a merger, acquisition, reorganization or sale of assets, your information may be transferred or sold.
· With our corporate affiliates – from which we receive services, such as IT, security, storage, and other internal operations.
· To detect and prevent fraud, security and other issues of technical nature.
· To protect our rights as well as the rights of our users.
· Third party service providers – We may use third parties to provide us with audit, payment, maintenance, analysis, and development services with respect to Services (as further listed below). We may provide your information to such third parties depending on their specific purposes and roles in enhancing and facilitating our Services. Such third party service providers may only use such information for limited purposes, as determined in our agreements with them.
THIRD PARTY SERVICE PROVIDERS
We have partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. The third party service providers we are currently engaging are:
● Passcamp, for providing the password management solution. You can read about Passcamp’s practices with respect to the protection of your information at: https://www.passcamp.com/passcamp-privacy-policy/.
● Cleverbridge, for processing your payment, if applicable. You can read about Cleverbridge’s practices with respect to the protection of your information at: https://store.reasonsecurity.com/1679/?scope=opprivacy;
● Amazon Web Services, Inc. servers, for processing your information. You can read about Amazon’s practices with respect to the protection and the security of their servers and your information at: https://aws.amazon.com/security/;
● Zendesk, for providing you with support services. You can read about Zendesk practices with respect to the protection and the security of their servers and your information at: https://www.zendesk.com/company/customers-partners/privacy-policy/.
● Mailchimp, for providing us email and marketing services. You can read about Mailchimp practices with respect to the protection and the security of their servers and your information at: https://mailchimp.com/legal/privacy/.
● Iterable, for providing us email and marketing services. You can read about Iterable practices with respect to the protection and the security of their servers and your information at: https://iterable.com/trust/privacy-policy/.
● SendGrid, for providing us email and marketing services. You can read about SendGrid practices with respect to the protection and the security of their servers and your information at: https://www.twilio.com/legal/privacy.
● Wix.com (Editor X), for creating and maintaining our website. You can read about Wix.com’s practices with respect to the protection and the security of their servers and your information at: https://www.wix.com/about/privacy.
INFORMATION ABOUT CHILDREN
This Service is not intended for, or designed to attract, children. We do not collect personally identifiable information from any person we actually know is an individual under the age of 13. If you become aware that your child has provided us with personal information, please contact us at https://reasonlabs.com/contact-us/, or by email at safepass-support@reasonlabs.com.
SECURITY
Our use of your data is solely for the purposes of providing you with the Services that you have enrolled in. We employ industry standard measures, procedures and policies to ensure the safety of your personal data, and to prevent unauthorized use of any information. Please note that regardless of the measures and efforts taken by us, we cannot and do not guarantee the absolute protection and security of your information. We recognize Our responsibility to inform You if the confidentiality of your data is breached and as soon as possible provide you with a transparent account of the events. Moreover, in compliance with law and regulation, we must notify the relevant supervisory authorities.
DATA LOCATION & RETENTION
The nature of Our Services requires Us and Our Service Providers to maintain and process your data globally in order to meet our legal obligations and to provide you with the Services effectively. Several countries will be involved, including Europe, the U.S., Israel, and others.
While privacy laws may differ from country to country, We and Our Service Providers will adhere to the standards we have set for Ourselves in this Privacy Policy, and apply appropriate measures to prevent misuse of your personal data regardless of whether or not the data laws of that country require us to do so.
Except as required by applicable law or according to any agreements you may have with us, We will not be obligated to store your data for any period of time, and we may delete it without prior notice, at our sole discretion (this does not apply to your Secure Data in our possession - as described in the “Exporting Secure Data” section below).
EXPORTING SECURE DATA
Please note that We are not able to decrypt your Secure Data in any way without your Master Password. However, at any time, during the life of your account, you have the option to export your Secure Data. Once you discontinue payments, your premium account will be suspended; as long as you do not delete your account you can still retrieve and export your Secure Data.
THE RIGHT TO ERASE YOUR DATA
You may request Us to permanently delete your data. In order to do so, you must first delete your Software account through an authenticated session. After you deleted your account, you can contact us and ask that your data will be erased. Once your deletion request is authenticated, your data will be erased from our active systems as soon as possible and within no longer than 30 days.
Notwithstanding the foregoing, We have a legitimate interest in maintaining unchangeable secure backups of the data due to data recovery requirements. Thus, any deletion requests will not impact these backups, which will remain untouched unless we are legally required to remove them.
CUSTOMER RESPONSIBILITY
Please create a strong and unique Master Password so it will not be guessed easily, and take great measures for keeping it safe and secret. Remember – anyone with your Master Password will be able to decrypt your secure data. We will never ask you to send us your Master Password and please do not send it to us in any circumstance.
We will only help you with certain service requests if you are registered as the account owner and contacting us through a verified email address. This is because we design our Services to protect and secure the information you entrust to us (even when encrypted).
GDPR DATA SUBJECT RIGHTS
If you are located in the European Economic Area, United Kingdom, and Switzerland, the following provisions apply to you –
When we process your personal information upon your usage of our Services, we do so on the basis of your consent. If you wish to revoke your consent, please contact us at https://reasonlabs.com/contact-us/, or by email at safepass-support@reasonlabs.com.
Further, We act as controllers and may process personal information as necessary for the performance of our agreement with you, as well as on the basis of legitimate interest.
We may also process your personal information in order to comply with applicable legal requirements and/or obligations.
Please note that you have the following rights: (i) to request access to the personal information that we hold about you, (ii) to block or restrict the processing of your personal information, (iii) to ask that we erase or rectify your personal information (that we process as controllers), and (iv) to withdraw your consent for the processing your personal information.
To submit a request for exercising your rights, please contact us at https://reasonlabs.com/contact-us/, or by email at safepass-support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity.
If we have not addressed your concerns, note that you also have a right to file a complaint with the applicable supervisory authority (e.g. of your domicile or country).
CCPA DATA SUBJECT RIGHTS
The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights over their personal information (subject to certain exceptions), such as: (a) you may ask that we disclose certain information about our collection and/or use of your personal information during the past 12 months; (b) you may ask that we delete the personal information we have collected from you and retained; (c) you may opt-out of the ‘sale’ of your personal information by a business; (d) we shall not unlawfully discriminate against you for exercising the above mentioned rights. To submit a request for exercising your rights, please contact us at https://reasonlabs.com/contact-us/, or by email at safepass-support@reasonlabs.com. Note that the processing of your request is subject to verification of your identity.
For purposes of the CCPA, this clause shall serve as a notice of the right to opt-out of ‘sale’ of personal information.
Note that we may disclose personal information to third parties that are business partners or authorized Service Providers, who have accepted our contractual limitations as to their disclosure, use and retention of such personal information.
ADVERTISING POLICIES
Cookies collect information about the use of our Website, and provide users with basic functionality. We utilize third party vendors such as Google to provide advertising on our Website. These vendors, including Google, use cookies to serve ads based on a user's prior visits. Further, cookies are set in order for us to provide our Service and ensure that it performs properly, to analyze our performance and marketing activities, and to personalize your experience. Google's use of cookies enables them and their partners to serve ads to users based on their visit to our web site and/or other sites on the Internet. Users may opt out of the use of the DoubleClick cookies for interest-based advertising by visiting the ads preference manager. You may also visit aboutads.info to opt out of a third-party vendor's use of cookies for interest based advertising.
Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser.