Hover Help is available for your assistance. Hover over any area of a page for guidance. ×

secure-transmit Privacy Policy

Effective: May 1, 2021

Thank you for using secure-transmit. Our Privacy Policy describes the information we collect from you, how we treat this information, and how we use and handle your personal data when you use our website, software, and services. We are committed to respecting your privacy and safeguarding the confidentiality and privacy of your personal information. Our Privacy Policy describes the policies and procedures of secure-transmit and its affiliates (“we”, “our,” or “us”) on the collection, use, and disclosure of personal information from those who use or access secure-transmit services, our websites, branded pages on social media services, marketing campaigns, any communications with us (whether online or offline), features, content, (collectively, our “sites”), services, applications (collectively, our “services”) or products.

By using our sites, services, or products, you agree to the collection, disclosure and use of your information as described in this Privacy Policy. If you do not agree, please do not use our sites, services, or products.

This Privacy Policy is hereby incorporated into the terms and conditions of use of our sites, services, or products. By using our sites, services, or products, you also agree to the Terms of Service.

Purpose

Our goal is to help you understand how we collect, disclose, and use your information to improve our content, advertisements, sites, and services. Our Privacy Policy also explains how we safeguard your information and how you may access and control the use of your information.

What We Collect & Why & How It Is Used

We collect and use the following information to provide, improve, protect, and promote our services:

Identifying Data and Credentials - identify users of our service by first name, last name, username, email address and, optionally, phone number and/or public key. To use the service, you must demonstrate that you control and can read the email that you provided to us. If you provided a phone number, you will be required to respond to one-time passwords sent to that phone number. If you provided a public key, emails addressed to you will be encrypted with that public key. By responding to the emails, you will demonstrate possession of the corresponding private key.

Use of Identifying Data and Credentials - Account Holder. We validate your credentials when you create an account and when you access your account holder’s user interface. The account holder’s user interface allows you to create proxies for other people to sponsor transmissions using the funds in your account. The interface also allows you to review expenses against your account and add funds to your account. Your name, email address, and phone number, if provided, are shared with the people to whom you grant proxies. The fingerprint of the public key is also shared if a public key is provided. We share this information because your collaborators need to know with whom they are corresponding. We do not reveal this information to anyone else and, at rest, we are not in control of this information in a form that we can decrypt.

Use of Identifying Data and Credentials – Sponsor. We validate your credentials when you initiate a transmission and when you access your sponsor’s user interface. The sponsor’s user interface allows you to upload (if you are also the file supplier) or download (if you are also a recipient) files. It allows you to disable participants in the transmission, add new recipients to the transmission, and/or query all activities associated with the transmission. Your name, email address, and phone number, if provided, are shared with the correspondents (suppliers and recipients) of the transmissions you initiate. The fingerprint of the public key is also shared if a public key is provided. We share this information, because your correspondents need to know with whom they are sharing data. We do not reveal this information to anyone else and, at rest, we are not in control of this information in a form that we can decrypt.

Use of Identifying Data and Credentials - Suppliers/Recipients (“correspondents”). We validate the credentials supplied by the sponsor for suppliers and recipients before granting them access to either the supplier or recipient user interface. The supplier user interface allows the supplier to upload files and to associate descriptive metadata with those files. The recipient user interface displays the descriptive metadata provided by the supplier and allows the uploaded files to be downloaded by the recipient. Both interfaces allow the correspondent to review all their respective actions associated with the transmission but no other actions. It is not possible for the correspondents to see the actions of the other correspondents associated with the transmission.

Additionally, we may use your Identifying Data and Credentials in the following manner:

  • To operate, maintain, and improve our sites, products, and services.
  • To respond to comments and questions and provide customer service.
  • To send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
  • To communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
  • To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity

Your Content. Our services are designed as a simple and secure way for you to transfer your files, documents, photos, comments, messages, and so on (“Your Content”). Your Content is encrypted and is never stored in plain text. Furthermore, there is no way for us to find Your Content and associate it with you, even in its encrypted form, without keys which secure-transmit generated and supplied only to you. secure-transmit does not retain those keys once supplied to you.

Usage Information. We keep track of the quantity of data you, your sponsors, and your correspondents transmit and charge you accordingly. Furthermore, we record all contacts with our site associated with your transmission (correspondent, originating IP, quantity of data transmitted, and checksum of data downloaded). We will report this information to you at your discretion for the records retention specified for this transmission; however, this contact information is encrypted and only you are in possession of the key. secure-transmit has no means to access this information unless you supply the appropriate keys.

Cookies. We use cookies to keep track of the fact that you have authenticated your identity and to keep track of where you are in the transmission process. These cookies are ephemeral and will expire within an hour or less. Should you opt out of using cookies, you will be challenged to demonstrate your identity every time you visit the site. We do not solicit for our service as we do not retain identification information, with the exception of the payment information for a transaction. We merely use cookies to simplify your transmission activity with our Service.

Sharing Information with Others

We may share your identifying data and credentials in the following manner:

Others working for and with secure-transmit.

secure-transmit uses AWS infrastructure and PayPal for credit card clearing. To the best of our knowledge, there is no way for AWS to directly access Your Content, your credentials, or the records of your transmissions as these are encrypted at rest. secure-transmit will not solicit AWS to act on its behalf for any action involving your unencrypted data or metadata.

PayPal is in sole possession of whatever financial mechanism you used to pay for our services. We do not store that financial information and, therefore, are never in possession of it.

Correspondents.

secure-transmit shares your identifying credentials (name, email address, and optionally phone number) with your correspondents, because your correspondents need to reliably identify with whom they are communicating. We share no other information with correspondents and, specifically, we do not share information between correspondents.

Account holder.

secure-transmit can provide the funds spent and who spent them per transmission.

Sponsors.

If you are a sponsor, you can provide this service to others. Please refer to your organization’s internal policies if you have questions about this ability. If you are a supplier, you can provide the data to one or more recipients. The sponsor cannot access the data that you will be transmitting but assumes a certain amount of responsibility in funding the transmission. Recipients assume the responsibility for the data once they collect it from our service.

Third Party Collection of Your Credit Card Information.

If you use our sites and services, our third-party credit card processor (PayPal) will process your credit card. This information is collected and retained by PayPal directly. The data that is collected by PayPal is managed by them. PayPal’s Terms and Conditions apply for all financial transactions.

Transfer of Business.

We may share identifying data and credentials when we conduct business or negotiate business involving the sale or transfer of all or a part of our business or assets. These activities can include any merger, financing, acquisition, or bankruptcy transaction or proceeding. We will notify you of any such activity and outline your choices in that event.

Law & Order and the Public Interest.

secure-transmit has the right, but is not obligated, to strictly enforce this Policy through self-help, active investigation, litigation, and prosecution. secure-transmit shall not be obligated to monitor or exercise any control over any content transmitted using the sites and services but reserves the right to do so. In addition, secure-transmit may take any other appropriate action against a user for violations of the Policy, including repeated violations wherein correction of individual violations does not, in secure-transmit’s sole discretion, correct a pattern of the same or similar violations.

secure-transmit further reserves the right to conduct investigations into fraud, violations of the terms of this Policy or other laws or regulations, and to cooperate with legal authorities and third parties in the investigation of alleged wrongdoing, including disclosing the identity of any user that secure-transmit deems responsible for the wrongdoing.

Cooperation with Law Enforcement

secure-transmit may also disclose any information related to a user’s access and use of the sites and services for any lawful reason, including but not limited to: (1) responding to emergencies; (2) complying with the law (e.g., a lawful subpoena); (3) protecting secure-transmit’s rights or property and those of its users; or (4) protecting users of those services and other carriers from fraudulent, abusive, or unlawful use of such sites and services.

secure-transmit will cooperate with appropriate law enforcement agencies and other parties involved in investigating claims of illegal or inappropriate activity. secure-transmit reserves the right to disclose user information to the extent authorized or required by federal or state law. By using and accepting the sites and services, user consents to secure-transmit’s disclosure to any law enforcement agency, without the need for subpoena, of user’s identity as the service provider of record (including basic contact information), as applicable, for any user about whom secure-transmit is contacted by the law enforcement agency. In instances involving child pornography, secure-transmit will comply with all applicable federal and state laws, including providing notice to the National Center for the Missing and Exploited Children or other designated agencies.

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that your data should receive the same legal protections regardless of whether it is stored on our sites and services or on your home computer’s hard drive. We will abide by the following government request principles when receiving, scrutinizing, and responding to government requests (including national security requests) for your data:

  • Be transparent
  • Fight blanket requests
  • Protect all users, and
  • Provide trusted services.

How We Secure Your Information

Security.

This service was developed with the objective of keeping your information secure when you use our sites and services. We launched it with security including two-factor authentication and encryption of files and meta-data at rest.

User Controls.

The sponsor of a transmission can add and/or disable recipients up to the time when the transmission’s file retention period expires. There is an expiration on this data as set by the sponsor, so user controls are inherently limited.

Retention.

There are two types of retention available with our sites and services. These are ‘file retention’ and ‘records retention’. File retention defines how long file(s) being transmitted are available for download by recipients. The maximum file retention for secure-transmit is thirty (30) days. Upon expiration, files are deleted without backup and are no longer available for download. Records retention defines how long the record of the transaction stays in our database. Until a record’s expiration, it is possible for a sponsor to obtain a record of all contacts associated with the transmission. After a record’s expiration, the only record obtainable is that a transmission existed from a start date to a finish date. The maximum record retention is one year.

Where Your Information is Stored

Around the world. To provide you with our sites and services, we may store, process, and transmit data in the United States and locations around the world—including those outside your country. We provide the ability to specify in which AWS S3 region your encrypted data is stored.

Your Control and Access to Your Data

Transmissions are Transactional.

Because there is no relationship to us, secure-transmit has no access to your data.

Verification.

All identifying credentials are validated every time you access our service. If you supplied an email and a phone number, we will confirm that you have control over both.. All correspondents are subject to the same validation procedure.

Data Transfers.

All information processed by us may be transferred, processed, and stored anywhere in the world as directed by the supplier of this service, including, but not limited to the United States or other countries, which may have data protection laws that are different from the laws where you (the sponsor) live. The sponsor and/or the supplier of the transmission is responsible for where the data gets transmitted.

The security of your information is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure; therefore, we cannot guarantee its absolute security. If you have any questions about security with our sites or service, please refer to the FAQ

Changes

We may change our Privacy Policy from time to time. Any changes we make to our Privacy Policy will be posted on this page. You should check this page frequently for updates or changes to our Privacy Policy. We always indicate the effective date of the Privacy Policy on this page. If we make significant changes, we will provide a more prominent notice, which may include posting a notice on this page, by sending you an email, or by other means.

Contact

Have questions or concerns about secure-transmit, our services, and privacy? Please reach out to our ‘Contact’ tab on our website.