EU Privacy Shield Policy
Privacy Shield Policy
At IronCore Labs, we believe that everyone has a right to their privacy online. We are committed to collecting, using, and keeping only the bare minimum of personal data, and deleting personal data after it is no longer needed. We never sell personal data. If we are obligated to disclose personal data because of a court order or other legal instrument, we will comply with the law after exhausting legal options available to us.
IronCore Labs is based in the United States, and the Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
If you have questions about IronCore Labs’ privacy practices related to Privacy Shield, you can contact us at [email protected], or write us at:
Privacy Shield Inquiry
1750 30th Street #500
Boulder, CO 80301 USA
If you aren’t satisfied with how we have addressed your Privacy Shield concerns, you can refer your complaints to your local data protection authority, and we will work with them to resolve the issues that you raise. In some circumstances, the Privacy Shield framework gives you the right to invoke binding arbitration if your complaint can’t be resolved in any other way. You can find out more about how and when to invoke binding arbitration by visiting https://www.privacyshield.gov/article?id=ANNEX-I-introduction
How we use personal data
In the European Union, data protection laws differentiate between “controllers” and “processors” of personal data. A controller decides how and why to process personal information. On the other hand, a processor processes personal data on behalf of a controller based on the controller’s instructions.
IronCore Labs as the Controller of personal data
When potential customers request that we send them information, they leave their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications, for example on social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately.
Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to delete it at [email protected]. Our customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at [email protected] to delete those conversations. Some of this data may be stored on third party platforms.
Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.
We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.
Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield https://support.google.com/analytics/answer/7105316?hl=en
If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers https://tools.google.com/dlpage/gaoptout?hl=en
Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information https://legal.hubspot.com/privacy-policy#_Toc513893751
As IronCore Labs grows, we periodically place job postings for positions in the company. We receive resumés and job applications from people interested in joining us. Those resumés and applications are kept for up to a year after a position is filled so that we can, at our option, contact qualified applicants for new positions. We will, if requested at [email protected], delete a resumé and application from an applicant who no longer wishes to be contacted.
Our Human Resources department maintains personal information on all IronCore Labs employees. Because of US tax laws, we must retain this information. At the time that this Policy was first published, all employees of IronCore Labs are residents of the United States. We do not use information collected for employment purposes for any non-employment-related reasons.
IronCore Labs end-to-end encryption services
At IronCore Labs, our core business is end-to-end data control, privacy, and security of our customers’ data. When our customers use our service, they are acting as the Controller of any personal data that they choose to transmit using IronCore Labs’ end-to-end encryption services. IronCore Labs does not have the ability to decrypt customers’ data sent using our encryption.
Audit trail logs of customer users and files are stored for a length of time which is under customer control, either 30 days, one year, or unlimited, depending on customer tier.