PRIVACY POLICY

Effective: 2nd January 2018

This policy describes how we collect, use and safeguard your information when you use our websites, software and services ("Service"). It describes the sources of personal information we may collect about you, the purposes for which we use information, the circumstances in which we may share information, and the steps that we take to safeguard information to protect your privacy.

There are three categories of data which we store: basic data, general data, and usage data.

Basic Data

We collect, and associate with your account, information like your name, email address, phone number, payment info, and physical address. We use this information to deliver ChatFOSS, to bill for your use of ChatFOSS, and also to allow us to communicate directly with you. We do not, outside of specific exceptions described below, share this information with third parties.

We may disclose your personal information to fulfil your instructions, to protect our rights and interests or pursuant to your express consent. Under limited circumstances, your personal information may be disclosed to third parties under our Compliance Policy and as permitted by, or to comply with, applicable laws and regulations, for instance, to protect against fraud or to co-operate with law enforcement or regulatory authorities.

General Data

When you use ChatFOSS, we store, process and transmit your files and information (including emails, messages, documents and photos) and information related to them (for example, time of last change). Other than the restricted rights described in our Compliance Policy, we do not have access nor any other rights to this data. All communication remains your property and is encrypted in transfer. All files remain your property and are encrypted in storage. Where we use third party cloud storage providers (such as Amazon), we only store your files in encrypted form and store the encryption keys separately on our own servers, so that no third party has access to your information.

Usage Data

We collect information from and about the devices you use to access ChatFOSS. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. This information is only used to help us deliver ChatFOSS efficiently to you and we do not share it with anyone.

Cookies and Similar Technologies

We occasionally use cookies and similar technologies (such as HTML5 local storage) to provide, improve and protect our Services. For example, cookies can be used to help us if you request ChatFOSS to remember your username for your next visit.

You can set your browser to not accept cookies, and this should not make any difference to your ability to use ChatFOSS. The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. To learn more about what cookies are set on your computer as you browse the web and how to manage or delete them, visit www.allaboutcookies.org.

Outsourcing

StayPrivate uses certain trusted third parties to help us provide and protect ChatFOSS. Third parties may access your information only to perform tasks on our behalf and only in compliance with this Privacy Policy.

Compliance Exception

As described in our Compliance Policy, we may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of ChatFOSS or our users; or (d) protect StayPrivate’s property rights.

Security

We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to features such as two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account.

StayPrivate is committed to protecting the privacy and confidentiality of your personal information. We limit access to your personal information as much as possible and, as described above, providers are held to stringent standards of privacy. We also maintain physical, electronic and procedural safeguards to protect information against loss, misuse, damage or modification and unauthorised access or disclosure.

Retention

We will retain information you store on ChatFOSS for as long as we need it to provide you ChatFOSS. If you delete your account, we will also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.

If your relationship with StayPrivate ends and we retain any of your personal information we will continue to treat it as described in this policy.

Locations

We store all your information within the European Union. Our servers operate from secure data centres across the UK. However, you may access ChatFOSS from anywhere in the world and information may be stored on the devices you use to access ChatFOSS.

Government Access Rights

StayPrivate believes that individuals have the right to know who can access their data and what terms. We also believe that this should apply to governments and companies alike.

StayPrivate will only release information to governments or other authorities on the presentation of a valid search warrant issued under due legal process. Such a warrant should show probable cause in order to justify the disclosure of the stored contents and communication of any account.

It is our policy to notify users and provide them with a copy of any civil or government legal process regarding their account (including formal requests for private information), unless we are prohibited by law or court order from doing so. If that is the case, we will notify users and provide them with a copy of the legal process when the prohibition expires.

If a request for information is valid, we will preserve the necessary information before informing the user. In most cases, upon notification to the user, that user will be provided with either 7 days or the amount of time before the information is due, whichever is later, during which time the user may legally challenge the request. If, prior to the deadline, we receive notice that the user intends to challenge a request, no information will be delivered until that process concludes. We also review information requests and may lodge our own challenge to the scope or validity of legal process received, on behalf of a user, whether or not the user pursues their own legal challenge.

ChatFOSS is not designed to enable surveillance of users. In order to deliver ChatFOSS, we may use third parties. If such a third party has access to data about our customers this would normally be anonymised. Nevertheless we expect all third parties to handle all data as StayPrivate would, meaning that they should not share the information with any other company or individual, use it any way other than to deliver the necessary service, nor assist governments in widespread surveillance of users.

StayPrivate is a UK-based company and adheres to European Union privacy laws and standards. If it were to receive a National Security Letter (NSL) or its equivalent originating from the US government, and was advised that this letter was legally applicable in the UK, it would notify the US government that it would like the court to review the non-disclosure provision of the NSL pursuant to USA FREEDOM. The US government would have 30 days to let the court know why the non-disclosure should remain in effect. If we receive notice that the non-disclosure no longer applies, we will notify the affected customer.

Changes

If we are involved in a reorganisation, merger, acquisition or sale of our assets, the way your information is managed may change as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

If you have questions or concerns about StayPrivate and privacy, contact us at privacy@stayprivate.com.

COMPLIANCE POLICY

Effective: 2nd January 2018

Privacy Framework

StayPrivate respects all organisations' and individuals' rights to privacy, however, StayPrivate respects the law foremost and also recognises that organisations and individuals only retain their rights to privacy while they are not seriously disrespecting the rights of others. StayPrivate will resist any unlawful requests from governments and other third parties to access your data. StayPrivate's annual Compliance and Transparency Report (first published in December 2017) contains a section summarising all requests for information received and whether information was provided.

Although StayPrivate, as a whole, is able to access your data and information because it needs to in order to be able to deliver its Service to Clients and to allow Clients to access their own information, StayPrivate’s clients should have total confidence that, in the normal course of events, StayPrivate will not access your information. StayPrivate operates Chinese walls within its organisation so that no individual has sufficient access to the various encryption keys and database to be able to circumvent our controls and access any Client data.

Compliance Oversight

StayPrivate accepts no responsibility for the actions of any of its Clients. However, at its discretion, and where it believes that it can do so without compromising users’ rights to privacy, StayPrivate does adopt processes designed to uncover seriously unacceptable behaviour, for example, child abuse. The StayPrivate Compliance Team, subject to Senior Management approval, can run certain automated scripts over the StayPrivate client database. These scripts are carefully targeted and designed to uncover specific types of seriously unacceptable behaviour, and the results are entirely anonymised. If the StayPrivate Compliance Team uncovers evidence of what it believes is seriously unacceptable behaviour then, subject to Senior Management approval, it may be allowed further access in order to gather further evidence. If the outcome of its further investigations provides strong evidence of seriously unacceptable behaviour then, subject to Senior Management approval, the StayPrivate Compliance team may be able to gain full read access to individual Client accounts. If it uncovers criminal activity, the StayPrivate Compliance team, at its discretion, may share such information with the relevant authorities.

StayPrivate accepts no responsibility for the failure of its Compliance Team to uncover seriously unacceptable behaviour.

Annual Compliance and Transparency Report

StayPrivate’s Annual Compliance and Transparency Report was first published in December 2017. The report contains a summary of all the various activities of the StayPrivate Compliance Team as well as all government information access requests.