We believe that privacy should be a fundamental right, for individuals as well as businesses. We are on a mission to invert the trust model and give data owners persistent control of their data so they can take back their privacy by determining who has access to that data, monitoring that access, and rescinding it at will.
When privacy meets law enforcement, ideals collide. In general, we want to see law enforcement able to lawfully do their job given probable cause and warrants. That said, IronCore is almost never in a position to provide meaningful data to law enforcement. See our transparency page for details on how we handle government requests for data and what data we could disclose if compelled to do so.
Today, data is an organization’s most valuable asset. We back our commitment to privacy with strong safeguards of data. Most data is encrypted such that IronCore cannot decrypt it nor provide that ability to anyone else not cryptographically authorized by the data owner. We also back our commitment contractually through our terms of service and privacy policies, which are some of the strongest anywhere.
IronCore follows a set of “Privacy by Design” principles that govern the treatment of data in the possession of IronCore. This approach applies worldwide, and is reflected across the company, from product plans to marketing plans to day-to-day operations. These principles include:
We take compliance seriously. We encourage regular audits, maintain certifications, provide contractual protections, and share tools and information that our customers can use to strengthen their own compliance.
In the European Union, data protection laws differentiate between “controllers” and “processors” of personal data. A controller decides how and why to process personal information. On the other hand, a processor processes personal data on behalf of a controller based on the controller’s instructions.
When potential customers request that we send them information, they leave their contact details (such as email address), for the express purpose of receiving our emails and other kinds of communications, for example on social media. We promptly stop sending emails when we receive an unsubscribe request. In order to make sure that we don’t accidentally send information to those who have unsubscribed, we store unsubscribed email addresses separately.
Direct customers give us contact names, company address, billing information, and other relevant personal information that is required for us to provide services to our customers. Our direct customer information is maintained indefinitely, even after a customer is no longer doing business with IronCore Labs, unless we receive a request to delete it at firstname.lastname@example.org. Our customers may also, at their discretion, contact us for customer or technical support. In order to provide our direct customers with excellent and ongoing support, we keep records of the queries and our responses indefinitely until we receive a request at email@example.com to delete those conversations. Some of this data may be stored on third party platforms.
Our website automatically logs activities, including IP addresses of visitors, for the past 30 days or less. All website logs older than 30 days are purged daily. We keep these logs for 30 days in order to detect, prevent, and investigate bugs, security incidents, or other problems with our products and services.
We collect analytics information on how people use our website in order to better understand our customers. To do that, we use a very few third party services with which we share some marketing data, including Google Analytics and Hubspot.
Google Analytics: to learn more about the Privacy Shield policy of Google Analytics, please refer to Google Analytics and the EU-US Privacy Shield https://support.google.com/analytics/answer/7105316?hl=en
If you wish to opt out of Google Analytics, Google has created the Google Analytics Opt-out Browser Add-On for many major browsers https://tools.google.com/dlpage/gaoptout?hl=en
Hubspot: to learn more about the Privacy Shield policy of Hubspot, please refer to Hubspot’s International Transfer of Information https://legal.hubspot.com/privacy-policy#_Toc513893751
As IronCore Labs grows, we periodically place job postings for positions in the company. We receive resumés and job applications from people interested in joining us. Those resumés and applications are kept for up to a year after a position is filled so that we can, at our option, contact qualified applicants for new positions. We will, if requested at firstname.lastname@example.org, delete a resumé and application from an applicant who no longer wishes to be contacted.
Our Human Resources department maintains personal information on all IronCore Labs employees. Because of US tax laws, we must retain this information. At the time that this Policy was first published, all employees of IronCore Labs are residents of the United States. We do not use information collected for employment purposes for any non-employment-related reasons.
At IronCore Labs, our core business is end-to-end data control, privacy, and security of our customers’ data. When our customers use our service, they are acting as the Controller of any personal data that they choose to transmit using IronCore Labs’ end-to-end encryption services. IronCore Labs does not have the ability to decrypt customers’ data sent using our encryption.
Audit trail logs of customer users and files are stored for a length of time which is under customer control, either 30 days, one year, or unlimited, depending on customer tier.
Privacy policies can be tedious to read, but we're determined to fix that. We are using bullet points and regular language to be absolutely clear about how we value your privacy.
IronCore will use customer data only to provide the services agreed upon, and for purposes compatible with providing those services. We do not use customer data or derive information from it for advertising. Furthermore, we will not disclose customer data to a government agency unless required by law. If law enforcement demands customer data, we will attempt to redirect the agency to request that data directly from the customer. More details on how we respond to government requests can be found in our transparency section.
When you visit the IronCore website, developer portal, or use our products and services, like our APIs, we collect your IP addresses to track and analyze information about the devices that are connecting to our systems and about where those devices are located. For example, we use IP addresses to track the geographic region of visitors and to detect possible fraud.
In the case of stored audit logs, we only record geographic source at the regional level, often at the Country or State level, and many of our systems store only the first three parts of the IP address to avoid any personally identifiable information from our audit logs.
If you want to ask how to delete or access your data, email privacy at ironcorelabs.com.