PRIVACY POLICY

FOR HUMANS

We take pride in being a security & privacy service accessible to everyone. So we have a simplified and easy to read version of our policy.

Below we will clarify how your data will be used, and the steps we took to protect it. By using Cryptee, you consent to the terms outlined in this policy.

hello. we're from estonia.

To sign up you will need to provide either a username, or optionally an email address for convenience.

It's just for sign up & important notifications. No spam. We won't sell or give this information to anyone else.

DATA
COLLECTION

We collect as little user information as possible. Only the absolute bare minimum stuff to still be able to provide a service to you. All your personal data is encrypted, but in order to provide a service, we still need a few bits of other data. Let's begin.



VISITING OUR WEBSITE

We have an analytics system. We didn't trust any third party ones. So we built one ourselves instead. It is 100% anonymous, and it's only there just to see how well we're doing with design, improvements, features and page views.



ACCOUNT CREATION

We do not require ANY personal information. You don't even need to use an email. It's only for convenience.

Oh, and, legally we have to record the date and time of your sign up.



Account activity

To provide you a service, we need access to some basic things in unencrypted format. These are:



  • folder colors & archive status
  • # of things in each folder or album
  • file byte-sizes & mime-types after encryption
  • version-IDs of files, photos & videos
  • EXIF dates of photos
  • storage space used
  • all payment amounts & dates
  • payment type, plan & discounts


If you choose to upload RAW photos (such as DNG, TIFF, 3FR or FFF formats) to provide you the service, we need access to some basic EXIF data in unencrypted format. These are:



  • camera make & model (i.e. "Leica M11")
  • camera's lens (i.e. "35mm")
  • aperture, exposure, white balance & iso


We do NOT have access to the contents of encrypted photos, videos or documents/files or any specific payment information. More about payments below.



Communications with Cryptee

Your communications, such as support requests, bug reports, or feature requests may be saved to improve our service, knowledge base and FAQ sections.



Error Reporting & Abuse Detection

We have an automatic error collection, abuse detection and reporting system. The error reports are anonymous, but linked to our support system via anonymous user IDs to better help you out. We keep these only for 90 days. Our abuse detection system automatically collects and retains IP addresses and browser user agents for 180 days, but these are deleted once they're no longer relevant.



Payment Information

We rely on awesome and trusty companies called Stripe and Paddle to process your payments, and we use your anonymous user ID to know / track when you paid.

DATA
USE

We don't & won't have ads. We will never share your data unless for reasons listed in Data Disclosure below.

DATA
STORAGE

Your documents, files, photos and videos are always encrypted, and we can't access any of it. We may have backups (also encrypted) occasionally to be safe, but these are kept for up to 90 days.

DATA
RETENTION

When you delete your account, every piece of data we have about your account in our possession and control is immediately deleted. There may be some leftovers in backups (which by the way are encrypted with your keys, and inaccessible to us/or anyone else), but those will be deleted after 90 days if there hasn't been a disaster.

DATA
DISCLOSURE

We will only disclose the limited user data we possess if we receive an enforceable court order.

If someone wants your data, we can only give them the data listed above in the Data Collection section and the fully encrypted data, which we can't decrypt. (and scientifically speaking, nobody should be able to decrypt for the foreseeable million+ years)

If permitted by law, we will always contact you and let you know if we have a way to reach out to you (for example via Email).

INFORMATION
REGARDING
EU GDPR

We are fully committed to EU GDPR.

We can't even access your data. Only you can. That's what GDPR lawyers call magic. Basically your data is as private and as safe as it can be on the internet.

We use a few companies to help us bring you the service such as payments or error reports etc. These companies are:

Google Cloud Platform, Cloudflare, Sentry IO, Stripe, and Paddle only if you became a paid user before February 21, 2021.

COOKIES
TRACKERS
LOCAL STORAGE

We don't have any of that stuff.

MODIFICATIONS
TO
PRIVACY
POLICY

We might make small changes to this policy some day. If you continue to use the service, we'll assume you're cool with these.

APPLICABLE
LAW

We're based in Estonia. So that's where all our legal stories will take place.