Privacy Shield

At IronCore Labs, we believe that everyone has a right to their privacy online. We respect the privacy of our visitors, our customers, and others that we do business with. We are committed to collecting, using, and keeping only the bare minimum of personal data, and deleting personal data after it is no longer needed. We never sell personal data. If we are obligated to disclose personal data because of a court order or other legal instrument, we will comply with the law after exhausting legal options available to us.
IronCore Labs complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States. IronCore Labs has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit
IronCore Labs is based in the US, and the Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.
In compliance with Privacy Shield Principles, IronCore Labs commits to investigate and resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact IronCore Labs at, or write us at
IronCore Labs
Privacy Shield Inquiry
1750 30th Street #500
Boulder, CO 80301 USA
IronCore Labs has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
In some circumstances, the Privacy Shield framework gives individuals the right to invoke binding arbitration if a complaint can’t be resolved in any other way. There is more information about how and when to invoke binding arbitration at the website

How we use personal data: "Controller" or "Processor"

In the European Union, data protection laws differentiate between “controllers” and “processors” of personal data. A controller decides how and why to process personal information. On the other hand, a processor processes personal data on behalf of a controller based on the controller’s instructions.
When we talk about personal data, we mean data that can be used to personally identify someone. For Switzerland, a “person” includes both natural people as well as legal entities.
At IronCore Labs, our employees or contractors can access and use personal data only if they are authorized to do so, and only for the purpose for which they are authorized.

IronCore Labs as the Controller of Personal Data

Under Privacy Shield, residents of the EU and Switzerland have the right to access, correct, limit the disclosure of, or delete their personal data that IronCore Labs holds. Below are descriptions of the types of data for which IronCore Labs is classified as the “Controller”, along with choices and means for affecting personal data.
When potential customers request that we send them information, they provide their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications such as social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately. Customers with questions or requests may contact us at privacy.
Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to correct or delete it at privacy.
Our direct customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at privacy to delete those conversations. Some of this data may be stored on third party platforms.
Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.
We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.
Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield
If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers
Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information
If IronCore Labs receives any personal information under Privacy Shield and then transfers that personal information to a third party acting on our behalf, we are still liable under Privacy Shield Principles if the third party processes the personal information in a way that is inconsistent with the Principles, unless we can show that we are not responsible for the event that caused the damage.
IronCore Labs does not disclose personal data to third parties for any reason that is materially different than the purpose for which it was originally collected.
Queries about third parties which collect analytics information on behalf of IronCore Labs may be sent to: privacy

End-to-end encryption services

At IronCore Labs, our core business is end-to-end data control, privacy, and security of our customers’ data. When our customers use our service, they are acting as the Controller of any personal data that they choose to transmit using IronCore Labs end-to-end encryption services. IronCore Labs does not have the ability to decrypt, or identify, customers’ data sent using our encryption.
Audit trail logs of customer users and files are stored for a length of time under customer control, either 30 days, one year, or unlimited, depending on customer tier.
Transparency is inseparable from trust and security.
Security is our top priority, for you and our customers.
Reliability is the backbone of our technology.
Privacy is becoming a top concern for enterprises.
Bug hunters are rewarded for finding flaws.
Advisories are where we publish our security flaws.



Trust Center

Find Us