1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
Privacy Policy
==============
Last Updated: 22.09.2021
This Privacy Policy describes the policies and procedures of Anastasis
SARL (“we,” “our,” or “us”) pertaining to the collection, use, and
disclosure of your information on our sites and related mobile
applications and products we offer (the “Services”). This Privacy
Statement applies to your personal data when you use our Services, and
does not apply to online websites or services that we do not own or
control.
Overview
--------
Your privacy is important to us. We follow a few fundamental
principles: We don’t ask you for personally identifiable information
(defined below). That being said, your contact information, such as
your phone number, social media handle, or email address (depending on
how you contact us), may be collected when you communicate with us,
for example to report a bug or other error related to Anastasis. We
don’t share your information with third parties except when strictly
required to deliver you our Services and products, or to comply with
the law. If you have any questions or concerns about this policy,
please reach out to us at privacy@anastasis.lu.
How you accept this policy
--------------------------
By using our Services or visiting our sites, you agree to the use, disclosure,
and procedures outlined in this Privacy Policy.
What personal information do we collect from our users?
-------------------------------------------------------
The information we collect from you falls into two categories: (i) personally
identifiable information (i.e., data that could potentially identify you as an
individual) (“Personal Information”), and (ii) non-personally identifiable
information (i.e., information that cannot be used to identify who you are)
(“Non-Personal Information”). This Privacy Policy covers both categories and
will tell you how we might collect and use each type.
We do our best to not collect any Personal Information from Anastasis
users. The detailed Personal Information Anastasis asks from you
during the regular backup and recovery process at the beginning is
never shared with us and only used to create a cryptographic account
identifier which does not allow us to recover any of your
details. This data will always remain on your own device without the
possibility of access from our side.
That being said, when using our Services to recover key material, we may
inherently receive the following information (depending on your choice of
authentication method):
* Bank account details necessary when receiving funds from you to authenticate via a SEPA transfer. We will store these as part of our business records for accounting, and our bank will also be legally obliged to store the details for many years according to legal retention periods.
* Your phone number when using SMS authentication. We rely on third party providers (such as your mobile network operator) to deliver the SMS to you. These third parties will see the SMS message sent to you and could thus learn that you are using Anastasis. SMS is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your phone number for SMS communication on our systems, except maybe in short-term logs to diagnose errors.
* Your e-mail address when using E-mail authentication. We rely on the Internet and your E-mail provider to deliver the E-mail to you. Internet service providers will see the E-mail message sent to you and could thus learn that you are using Anastasis. E-mail is inherently insecure, and you should expect many governments and private parties to be able to observe these messages. However, we do not store your E-mail address on our systems, except maybe in short-term logs to diagnose errors.
* Your physical address when using postal mail authentication. We rely on external providers for printing and sending the letter to you. These providers will need to learn your address and could learn that you are using Anastasis. Physical mail has strict privacy protections by law, but governments are known to break postal secrecy. We do not store your physical address on our systems, except maybe in short-term logs to diagnose errors.
* When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us. We strictly only use the information provided by you in these instances to answer your request or to deliver the services requested by you.
How we collect and process personal data
--------------------------------------
We may process your personal data for the following reasons:
* to authenticate you during secret recovery
* to support you using Anastasis when you contact us
How we share and use the information we gather
----------------------------------------------
We may share your authentication data with other providers that assist
us in performing the authentication. We will try to use providers that
to the best of our knowledge respect your privacy and have good
privacy practices. We reserve the right to change authentication
providers at any time to ensure availability of our services.
We primarily use the limited information we receive directly from you to
enhance Anastasis. Some ways we may use your Personal Information are
to: Contact you when necessary to respond to your comments, answer your
questions, or obtain additional information on issues related to bugs or
errors with the Anastasis application that you reported.
Agents or third party partners
------------------------------
We may provide your Personal Information to our employees, contractors,
agents, service providers, and designees (“Agents”) to enable them to perform
certain services for us exclusively, including: improvement and maintenance of
our software and Services.
Protection of us and others
---------------------------
We reserve the right to access, read, preserve, and disclose any information
that we reasonably believe is necessary to comply with the law or a court
order.
What personal information can I access or change?
-------------------------------------------------
You can request access to the information we have collected from
you. You can do this by contacting us at privacy@anastasis.lu. We will
make sure to provide you with a copy of the data we process about
you. To comply with your request, we may ask you to verify your
identity. We will fulfill your request by sending your copy
electronically. For any subsequent access request, we may charge you
with an administrative fee. If you believe that the information we
have collected is incorrect, you are welcome to contact us so we can
update it and keep your data accurate. Any data that is no longer
needed for purposes specified in the “How We Use the Information We
Gather” section will be deleted after ninety (90) days.
What are your data protection rights?
-------------------------------------
Anastasis would like to make sure you are fully aware of all of your
data protection rights. Every user is entitled to the following:
**The right to access**: You have the right to request Anastasis for
copies of your personal data. We may charge you a small fee for this
service.
**The right to rectification**: You have the right to request that
Anastasis correct any information you believe is inaccurate. You also
have the right to request Anastasis to complete information you
believe is incomplete. The right to erasure - You have the right to
request that Anastasis erase your personal data, under certain
conditions.
**The right to restrict processing**: You have the right to request
that Anastasis restrict the processing of your personal data, under
certain conditions.
**The right to object to processing**: You have the right to object to
Anastasis's processing of your personal data, under certain
conditions.
**The right to data portability**: You have the right to request that
Anastasis transfer the data that we have collected to another
organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you
would like to exercise any of these rights, please contact us at our
email: privacy@anastasis.lu
You can always contact your local data protection authority to enforce
your rights.
Data retention
--------------
Information entered into our bug tracker will be retained indefinitely
and is typically made public. We will only use it to triage the
problem. Beyond that, we do not retain personally identifiable
information about our users for longer than one week.
Data security
-------------
We are committed to making sure your information is protected. We employ
several physical and electronic safeguards to keep your information safe,
including encrypted user passwords, two factor verification and authentication
on passwords where possible, and securing connections with industry standard
transport layer security. You are also welcome to contact us using GnuPG
encrypted e-mail. Even with all these precautions, we cannot fully guarantee
against the access, disclosure, alteration, or deletion of data through
events, including but not limited to hardware or software failure or
unauthorized use. Any information that you provide to us is done so entirely
at your own risk.
Changes and updates to privacy policy
-------------------------------------
We reserve the right to update and revise this privacy policy at any time. We
occasionally review this Privacy Policy to make sure it complies with
applicable laws and conforms to changes in our business. We may need to update
this Privacy Policy, and we reserve the right to do so at any time. If we do
revise this Privacy Policy, we will update the “Effective Date” at the top
of this page so that you can tell if it has changed since your last visit. As
we generally do not collect contact information and also do not track your
visits, we will not be able to notify you directly. However, Anastasis clients
may inform you about a change in the privacy policy once they detect that the
policy has changed. Please review this Privacy Policy regularly to ensure that
you are aware of its terms. Any use of our Services after an amendment to our
Privacy Policy constitutes your acceptance to the revised or amended
agreement.
International users and visitors
--------------------------------
Our Services are (currently) hosted in Germany. If you are a user
accessing the Services from Switzerland, Asia, US, or any other
region with laws or regulations governing personal data collection,
use, and disclosure that differ from the laws of Germany, please be
advised that through your continued use of the Services, which is
governed by the law of the country hosting the service, you are
transferring your Personal Information to Germany and you consent to
that transfer.
Questions
---------
Please contact us at privacy@anastasis.lu if you have questions about our
privacy practices that are not addressed in this Privacy Statement.
|
