Privacy Policy
Version 2.1.0
Last Updated: November 16, 2024
Effective Date: December 1, 2024
Your Privacy Matters
This Privacy Policy explains how we collect, use, and protect your personal information. We are committed to maintaining the trust you place in us by being transparent about our data practices.
1. Introduction
Cryonote ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital legacy planning service.
By using Cryonote, you consent to the data practices described in this Privacy Policy. We will only collect and use your information in accordance with this Policy.
2. Information We Collect
2.1 Personal Information
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Contact Information | Account creation and communication | Contract performance |
| Authentication Data | Account security | Legal obligation |
| Payment Information | Subscription processing | Contract performance |
2.2 Service Data
| Data Type | Description | Storage Method |
|---|---|---|
| Message Content | Your created messages and attachments | Encrypted storage |
| Usage Data | Service interaction patterns | Aggregated analytics |
| Technical Data | Device and connection information | Secure logs |
3. How We Use Your Information
3.1 Service Provision
- Account creation and maintenance
- Message storage and delivery
- Trigger system operation
- Customer support
3.2 Security
- Fraud prevention and detection
- Account protection
- System integrity verification
- Security audit logging
3.3 Legal Basis for Processing
Contract Performance
Processing necessary to provide our service to you
Legal Obligations
Processing required to comply with legal requirements
Legitimate Interests
Processing based on our legitimate business interests
4. Data Protection
4.1 Encryption Standards
Data in Transit
- TLS 1.3 encryption
- Perfect Forward Secrecy
Data at Rest
- AES-256 encryption
- Hardware Security Modules
4.2 Enhanced Security Mode
When Enhanced Security mode is enabled, additional protection measures are implemented:
- Client-side encryption before transmission
- Zero-knowledge architecture
- End-to-end encryption for all content
5. Data Sharing
5.1 Third-Party Service Providers
| Provider Category | Purpose | Data Access Level | Security Measures |
|---|---|---|---|
| Payment Processors | Transaction processing | Payment data only | PCI DSS compliance |
| Cloud Storage | Data storage | Encrypted data only | SOC 2 Type II certified |
| Email Service | Notifications | Email address only | TLS encryption |
5.2 Legal Requirements
We may disclose your information if required by law, regulation, or legal process:
- Response to valid court orders or subpoenas
- Protection of legal rights and property
- Prevention of fraud or illegal activities
Note: For enhanced security messages, we can only provide encrypted data that we cannot decrypt.
6. User Controls
6.1 Privacy Settings
Security Level
Choose between standard or enhanced security
Notifications
Manage communication preferences
Authentication
Configure two-factor authentication
6.2 Data Management
Export Data
Download your personal information
Delete Data
Remove your data from our systems
Access Logs
View account activity history
7. Data Retention
7.1 Retention Periods
| Data Type | Retention Period | Reason for Retention |
|---|---|---|
| Account Information | Duration of account + 30 days | Account recovery and legal compliance |
| Message Content | Until scheduled delivery | Service functionality |
| Security Logs | 12 months | Security and audit requirements |
| Payment Records | 7 years | Financial regulations |
7.2 Account Closure Process
30-Day Recovery Period
After account deletion request, data is maintained for 30 days to allow for recovery
Data Archival
Certain data may be retained in encrypted backups for up to 90 days
Permanent Deletion
After retention periods expire, data is securely and permanently deleted
8. Children's Privacy
Age Restrictions
Cryonote does not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for the Services or send any personal information about yourself to us.
If We Learn of Children's Data:
- We will immediately delete such information
- We will terminate associated accounts
- We will notify relevant guardians if possible
9. International Data Transfers
9.1 Data Location
Primary Storage
European Union (Frankfurt)
Backup Storage
United States (Virginia)
Disaster Recovery
Singapore
9.2 Transfer Safeguards
Standard Contractual Clauses (SCCs)
EU-approved mechanisms for international data transfers
Privacy Shield Framework
Compliant with EU-US and Swiss-US requirements
Additional Security Measures
End-to-end encryption and access controls
12. Security Measures
12.1 Technical Controls
- End-to-end encryption
- Multi-factor authentication
- Advanced intrusion detection
- Real-time threat monitoring
12.2 Personnel Security
- Background checks
- Regular security training
- Security certifications
- Access control policies
14. Contact Information
Data Protection Officer
- team@cryonote.com
Privacy Team
- team@cryonote.com
- Response within 24 hours
Questions About Your Privacy?
We're committed to protecting your privacy and are always here to help with any questions or concerns.
This Privacy Policy is available in other languages.