0.txt (9761B)
1 Privacy Policy 2 ************** 3 4 Last Updated: 07.09.2021 5 6 This Privacy Policy describes the policies and procedures of Anastasis 7 SARL (“we,” “our,” or “us”) pertaining to the collection, use, and 8 disclosure of your information on our sites and related mobile 9 applications and products we offer (the “Services”). This Privacy 10 Statement applies to your personal data when you use our Services, and 11 does not apply to online websites or services that we do not own or 12 control. 13 14 15 Overview 16 ======== 17 18 Your privacy is important to us. We follow a few fundamental 19 principles: We don’t ask you for personally identifiable information 20 (defined below). That being said, your contact information, such as 21 your phone number, social media handle, or email address (depending on 22 how you contact us), may be collected when you communicate with us, 23 for example to report a bug or other error related to Anastasis. We 24 don’t share your information with third parties except when strictly 25 required to deliver you our Services and products, or to comply with 26 the law. If you have any questions or concerns about this policy, 27 please reach out to us at privacy@anastasis.lu. 28 29 30 How you accept this policy 31 ========================== 32 33 By using our Services or visiting our sites, you agree to the use, 34 disclosure, and procedures outlined in this Privacy Policy. 35 36 37 What personal information do we collect from our users? 38 ======================================================= 39 40 The information we collect from you falls into two categories: (i) 41 personally identifiable information (i.e., data that could potentially 42 identify you as an individual) (“Personal Information”), and (ii) non- 43 personally identifiable information (i.e., information that cannot be 44 used to identify who you are) (“Non-Personal Information”). This 45 Privacy Policy covers both categories and will tell you how we might 46 collect and use each type. 47 48 We do our best to not collect any Personal Information from Anastasis 49 users. The detailed Personal Information Anastasis asks from you 50 during the regular backup and recovery process at the beginning is 51 never shared with us and only used to create a cryptographic account 52 identifier which does not allow us to recover any of your details. 53 54 That being said, when using our Services to recover key material, we 55 may inherently receive the following information (depending on your 56 choice of authentication method): 57 58 * Bank account details necessary when receiving funds from you to 59 authenticate via a SEPA transfer. We will store these as part of 60 our business records for accounting, and our bank will also be 61 legally obliged to store the details for many years. 62 63 * Your phone number when using SMS authentication. We rely on third 64 party providers (such as your mobile network operator) to deliver 65 the SMS to you. These third parties will see the SMS message sent 66 to you and could thus learn that you are using Anastasis. SMS is 67 inherently insecure, and you should expect many governments and 68 private parties to be able to observe these messages. However, 69 we do not store your SMS number on our systems, except maybe in 70 short-term logs to diagnose errors. 71 72 * Your e-mail address when using E-mail authentication. We rely on 73 the Internet and your E-mail provider to deliver the E-mail to 74 you. Internet service providers will see the E-mail message sent 75 to you and could thus learn that you are using Anastasis. E-mail 76 is inherently insecure, and you should expect many governments 77 and private parties to be able to observe these messages. 78 However, we do not store your E-mail address on our systems, 79 except maybe in short-term logs to diagnose errors. 80 81 * Your physical address when using postal mail authentication. We 82 rely on external providers for printing and sending the letter to 83 you. These providers will need to learn your address and could 84 learn that you are using Anastasis. Physical mail has strict 85 privacy protections by law, but governments are known to break 86 postal secrecy. We do not store your physical address on our 87 systems, except maybe in short-term logs to diagnose errors. 88 89 * When you contact us. We may collect certain information if you 90 choose to contact us, for example to report a bug or other error 91 with the Taler Wallet. This may include contact information such 92 as your name, email address or phone number depending on the 93 method you choose to contact us. 94 95 96 How we collect and process information 97 ====================================== 98 99 We may process your information for the following reasons: 100 101 * to authenticate you during secret recovery 102 103 * to support you using Anastasis when you contact us 104 105 106 How we share and use the information we gather 107 ============================================== 108 109 We may share your authentication data with other providers that assist 110 us in performing the authentication. We will try to use providers that 111 to the best of our knowledge respect your privacy and have good 112 privacy practices. We reserve the right to change authentication 113 providers at any time to ensure availability of our services. 114 115 We primarily use the limited information we receive directly from you 116 to enhance Anastasis. Some ways we may use your Personal Information 117 are to: Contact you when necessary to respond to your comments, answer 118 your questions, or obtain additional information on issues related to 119 bugs or errors with the Anastasis application that you reported. 120 121 122 Agents or third party partners 123 ============================== 124 125 We may provide your Personal Information to our employees, 126 contractors, agents, service providers, and designees (“Agents”) to 127 enable them to perform certain services for us exclusively, including: 128 improvement and maintenance of our software and Services. By accepting 129 this Privacy Policy, as outlined above, you consent to any such 130 transfer. 131 132 133 Protection of us and others 134 =========================== 135 136 We reserve the right to access, read, preserve, and disclose any 137 information that we reasonably believe is necessary to comply with the 138 law or a court order. 139 140 141 What personal information can I access or change? 142 ================================================= 143 144 You can request access to the information we have collected from you. 145 You can do this by contacting us at privacy@anastasis.lu. We will make 146 sure to provide you with a copy of the data we process about you. To 147 comply with your request, we may ask you to verify your identity. We 148 will fulfill your request by sending your copy electronically. For any 149 subsequent access request, we may charge you with an administrative 150 fee. If you believe that the information we have collected is 151 incorrect, you are welcome to contact us so we can update it and keep 152 your data accurate. Any data that is no longer needed for purposes 153 specified in the “How We Use the Information We Gather” section will 154 be deleted after ninety (90) days. 155 156 157 Data retention 158 ============== 159 160 Information entered into our bug tracker will be retained indefinitely 161 and is typically made public. We will only use it to triage the 162 problem. Beyond that, we do not retain personally identifiable 163 information about our users for longer than one week. 164 165 166 Data security 167 ============= 168 169 We are committed to making sure your information is protected. We 170 employ several physical and electronic safeguards to keep your 171 information safe, including encrypted user passwords, two factor 172 verification and authentication on passwords where possible, and 173 securing connections with industry standard transport layer security. 174 You are also welcome to contact us using GnuPG encrypted e-mail. Even 175 with all these precautions, we cannot fully guarantee against the 176 access, disclosure, alteration, or deletion of data through events, 177 including but not limited to hardware or software failure or 178 unauthorized use. Any information that you provide to us is done so 179 entirely at your own risk. 180 181 182 Changes and updates to privacy policy 183 ===================================== 184 185 We reserve the right to update and revise this privacy policy at any 186 time. We occasionally review this Privacy Policy to make sure it 187 complies with applicable laws and conforms to changes in our business. 188 We may need to update this Privacy Policy, and we reserve the right to 189 do so at any time. If we do revise this Privacy Policy, we will update 190 the “Effective Date” at the top of this page so that you can tell if 191 it has changed since your last visit. As we generally do not collect 192 contact information and also do not track your visits, we will not be 193 able to notify you directly. However, Anastasis clients may inform you 194 about a change in the privacy policy once they detect that the policy 195 has changed. Please review this Privacy Policy regularly to ensure 196 that you are aware of its terms. Any use of our Services after an 197 amendment to our Privacy Policy constitutes your acceptance to the 198 revised or amended agreement. 199 200 201 International users and visitors 202 ================================ 203 204 Our Services are (currently) hosted in Germany. If you are a user 205 accessing the Services from the Switzerland, Asia, US, or any other 206 region with laws or regulations governing personal data collection, 207 use, and disclosure that differ from the laws of Germany, please be 208 advised that through your continued use of the Services, which is 209 governed by the law of the country hosting the service, you are 210 transferring your Personal Information to Germany and you consent to 211 that transfer. 212 213 214 Questions 215 ========= 216 217 Please contact us at privacy@anastasis.lu if you have questions about 218 our privacy practices that are not addressed in this Privacy 219 Statement.