The short version
We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don’t sell it to third parties; and we only use it as this Privacy Statement describes. If you’re visiting us from the European Union (EU), European Economic Area (EEA), Switzerland, or the United Kingdom (UK), please see our global privacy practices: we comply with the General Data Protection Regulation (GDPR). No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.
Of course, the short version doesn’t tell you everything, so please read on for more details!
What information we collect and why
Categories of personal information
“User Personal Information” is any personal information about one of our users which could, alone or together with other information, personally identify them. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
“Technical Information” may include information we collect from website browsers, such as web server logs, or other log information, such as User session or activity logs. Technical Information may be connected to User Personal Information such as a username or an email address, or to other potentially personally-identifying information like Internet Protocol (IP) addresses.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, analyze, improve, and optimize our website and service.
Information from website browsers
If you’re just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as web server logs, to collect Technical Information. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
Why we collect this information
- We need your User Personal Information to provide the services you request or to respond to support requests. For example, if you contact us via email, we will use your name and email address to communicate with you. Please see our section on email communication for more information.
- We collect Technical Information to better understand how our website visitors use this website, and to monitor and protect the security of the website.
- We use your User Personal Information and Technical Information for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation and compliance.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first.
Our legal basis for processing information (TODO)
Under certain international laws (including GDPR), we are required to notify you about the legal basis on which we process User Personal Information. We process User Personal Information on the following legal bases:
- When you contact us, you provide your email address and (optionally) your name. We require those data elements to communicate with you and provide you with a reply to your request.
- If you would like to request erasure of data we process on the basis of consent or object to our processing of personal information, please contact us.
What information we do not collect
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information.
We do not knowingly collect information from or direct any of our content specifically to children under 13. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use this website without obtaining your parents' or legal guardians' consent.
How we share the information we collect
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.
We do not host advertising on this website. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can’t always control what third parties show.
We do not disclose User Personal Information outside KeePassium website, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use this website, or how our users respond to our paid offerings, such as premium membership. For example, we may compile statistics on the number of visitors on this website. However, we do not sell this information to advertisers or marketers.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. While we process all User Personal Information in the European Union, our third party vendors may process data outside of the European Union or the United States.
We do* share aggregated, non-personally identifying information with third parties. For example, in the event of a security incident, we may share the number of times a particular file was accessed.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.
How you can access and control the information we collect
If we process information about you, then you may access, update, alter, delete, or object to the processing of your personal information by contacting us.
Data retention and deletion of data
Generally, we will retain User Personal Information for as long as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete support requests, so unless you request to delete them, we will retain your support requests indefinitely.
If you would like to delete your User Personal Information, you may do so by contacting us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your information (within reason) within 30 days.
We use a privacy-focused web analytics service Plausible.io to help us evaluate our users' use of this website; compile statistical reports on activity; and improve our content and website performance.
How we secure your information
We take all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
Transmission of data on this website is encrypted using SSH, HTTPS, and SSL/TLS.
Our global privacy practices
We store and process the information that we collect in the European Union in accordance with this Privacy Statement (our subprocessors may store and process data outside the European Union). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the European Union does not have the same privacy framework as other countries'.
We provide a high standard of privacy protection — as described in this Privacy Statement — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.
- We provide clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal information using consent as a basis.
- We collect only the minimum amount of personal information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- We offer you simple methods of accessing, correcting, or deleting the User Personal Information we have collected.
- We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing.
How we respond to compelled disclosure
We may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, we strive for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
How we, and others, communicate with you
We will use your email address to communicate with you. For example, if you contact our Support team with a request, we will respond to you via email.
We may occasionally send notification emails about new features, requests for feedback, important policy changes, or offer customer support. We may also send marketing emails. There’s an unsubscribe link located at the bottom of each of the marketing emails we send you. Please note that you can not opt out of receiving important communications from us, such as mails from our support team or system emails.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
Changes to our Privacy Statement
Although most changes are likely to be minor, we may change our Privacy Statement from time to time.
For any questions regarding our privacy policies, feel free to contact us.