Privacy Shield Policy
At IronCore Labs, we believe that everyone has a right to their privacy online. We respect the privacy of our visitors, our customers, and others that we do business with. We are committed to collecting, using, and keeping only the bare minimum of personal data, and deleting personal data after it is no longer needed. We never sell personal data. If we are obligated to disclose personal data because of a court order or other legal instrument, we will comply with the law after exhausting legal options available to us.
IronCore Labs is based in the US, and the Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
In compliance with Privacy Shield Principles, IronCore Labs commits to investigate and resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact IronCore Labs at [email protected], or write us at:
Privacy Shield Inquiry
1750 30th Street #500
Boulder, CO 80301 USA
IronCore Labs has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
In some circumstances, the Privacy Shield framework gives individuals the right to invoke binding arbitration if a complaint can’t be resolved in any other way. There is more information about how and when to invoke binding arbitration at the website https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
How We Use Personal Data: “Controller” or “Processor”
In the European Union, data protection laws differentiate between “controllers” and “processors” of personal data. A controller decides how and why to process personal information. On the other hand, a processor processes personal data on behalf of a controller based on the controller’s instructions.
When we talk about personal data, we mean data that can be used to personally identify someone. For Switzerland, a “person” includes both natural people as well as legal entities.
At IronCore Labs, our employees or contractors can access and use personal data only if they are authorized to do, and only for the purpose for which they are authorized.
IronCore Labs as the Controller of Personal Data
Under Privacy Shield, residents of the EU and Switzerland have the right to access, correct, limit the disclosure of, or delete their personal data that IronCore Labs holds. Below are descriptions of the types of data for which IronCore Labs is classified as the “Controller”, along with choices and means for affecting personal data.
When potential customers request that we send them information, they provide their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications such as social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately. Customers with questions or requests may contact us at [email protected].
Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to correct or delete it at [email protected].
Our direct customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at [email protected] to delete those conversations. Some of this data may be stored on third party platforms.
Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.
We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.
Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield https://support.google.com/analytics/answer/7105316?hl=en
If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers https://tools.google.com/dlpage/gaoptout?hl=en
Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information https://legal.hubspot.com/privacy-policy#_Toc513893751
If IronCore Labs receives any personal information under Privacy Shield and then transfers that personal information to a third party acting on our behalf, we are still liable under Privacy Shield Principles if the third party processes the personal information in a way that is inconsistent with the Principles, unless we can show that we are not responsible for the event that caused the damage.
IronCore Labs does not disclose personal data to third parties for any reason that is materially different than the purpose for which it was originally collected.
Queries about third parties which collect analytics information on behalf of IronCore Labs may be sent to: [email protected]
As IronCore Labs grows, we periodically place job postings for positions in the company. We receive resumés and job applications from people interested in joining us. Those
resumés and applications are kept for up to a year after a position is filled so that we can, at our option, contact qualified applicants for new positions. We will, if requested at [email protected], delete a resumé and application from an applicant who no longer wishes to be contacted.
Our Human Resources department maintains personal information on all IronCore Labs employees. Because of US tax laws, we must retain this information. At the time that this Policy was first published, all employees of IronCore Labs are residents of the United States. We do not use information collected for employment purposes for any non-employment-related reasons.
IronCore Labs End-to-End Encryption Services
At IronCore Labs, our core business is end-to-end data control, privacy, and security of our customers’ data. When our customers use our service, they are acting as the Controller of any personal data that they choose to transmit using IronCore Labs end-to-end encryption services. IronCore Labs does not have the ability to decrypt, or identify, customers’ data sent using our encryption.
Audit trail logs of customer users and files are stored for a length of time under customer control, either 30 days, one year, or unlimited, depending on customer tier.