Privacy Policy
Our privacy policy continues our commitment to serving you and explains how we intend to protect your privacy. We are responsible for the protection of your personal data and we take this responsibility very seriously. All basic customer data in CTemplar.com are encrypted end-to-end. This Privacy Policy covers CTemplar.com’s (“CTemplar”, “We”, “Us”, “Our”) treatment of information we collect when you are on our site and when you use our services. CTemplar has created this privacy statement to demonstrate our firm commitment to protect your privacy and to fully disclose what information we collect and how we use it.
This privacy notice discloses the privacy practices for CTemplar and our website www.ctemplar.com (“Site”). This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
What Information We Collect
When you visit our website, your browser sends us your user-agent and IP address. When you leave our site no records are kept of your IP address in association to your account. We anonymously store your IP for 7 days. This is required to defend and prevent abuse that could shut down our service. After 7 days it is deleted and no records are kept. If you visit using our Onion site, then your real IP address is not seen.
We do not use any CDN service.
What Information We Retain
- Username, recovery email, account preferences are not encrypted at rest and are recorded until the account is deleted.
- Generated PGP key pair, encrypted at rest with your password.
- Your password is created using a zero-knowledge proof, so it does not leave your computer nor is sent by the network. We do not know your password. We are not capable of accessing your account with the password hash we possess.
- Messages, Subjects and attachments between CTemplar users and external providers are encrypted at rest using your 4096-bit PGP public key.
- Messages, subjects, and attachments between CTemplar users (custom domains) are encrypted end-to-end using the recipient’s 4096-bit PGP public key. This is done in the sender’s web browser or phone app before it is sent to our servers.
- Contact list is encrypted at rest using your 4096-bit PGP public key.
- Metadata is encrypted at rest using your 4096-bit PGP public key (Work in progress).
- Users may be given an option to scan attachments for viruses. If this option is selected the attachment will be sent to many, 3rd party, malware detection tools. If users do not use this feature then this will not apply whatsoever. Users are given an option to disable this feature.
- If you choose to delete your account, everything is deleted and no records or backups kept. However, we record usernames 1 year so they cannot be used during this time. No other information from the deleted account is recorded except for the username. This is required to prevent a new user from creating an email address that may have been previously involved in crime or court order.
Registration
In order to use this website, a user must first complete the registration form. During registration, a user is required to give to provide a username and password. This information is used to enable your use of the Site. The password is created in your browser using a zero-knowledge proof. We do not know your password and we cannot discover it with the hash we have. When payment is made with a credit or debit card, your card information is retained by a 3rd party, so they can process the payment. We encourage and support paying via Bitcoin.
Sharing
We will not disclose anything to third parties, except for your payment information if you choose to buy a paid account.
Links
This web site may contain links to other sites (Example: Blog post citations). Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read that site’s privacy statements.
Compliance and Cooperation with Regulatory Authorities
CTemplar will only comply with valid Icelandic court orders. When presented with a valid Icelandic court order, we will give them your content. Due to our zero access password technology, we do not know your password/passphrase so we are not able to decrypt your emails. The SRI & Checksum technology that we offer makes it impossible for us to serve malicious scripts that could reveal your password, thus allowing us to access your account.
Aggregated Information
We do not collect aggregated usage or tracking information.
Updating Information
Registered users have the option of accessing, correcting, updating their settings at any time.
Cookies
A “cookie” is a bit of data sent by a website through the browser to the computer of the user visiting the site, and enables the site to return the results the browser expects. CTemplar uses temporary, session-specific cookies to ensure a visit to the site is smooth for the visitor. Specifically, we use cookies to provide continued use of our website even if the user refreshes their browser without the need to log in again (only if the user has enabled Remember Me).
If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in the browser’s settings.
Pixel Tags
We do not use or collect Pixel Tags, also known as beacons, spotlight tags, or web bugs.
EU Personal Data
If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your personal data. We will be the controller of your personal data processed in connection with the Site.
Without prejudice to any other administrative or judicial remedy, every customer shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the customer considers that the processing of personal data relating to him or her infringes this Regulation.
Should you select the optional opportunity to receive promotional emails from us about current offers and incentives, we will also use your email for this purpose. If you have not selected this Opt-in option, you will not receive promotional emails. If you have opted to receive promotional emails, or if you receive transactional emails about your incomplete order, you may choose to remove (Opt-out) this feature at any time and the emails will be stopped.
Your email address may also be used should we ever need to contact you regarding your order.
Your Acceptance of these Terms
By using our Site, you signify your acceptance of the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Site and exit immediately. Consent may be withdrawn at any time by emailing us at [email protected]. Corrections may also be made by emailing us at [email protected].
Changes to Privacy Policy
CTemplar may amend this policy from time to time. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or through a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any substantial changes in the way we use your personal information, we will notify you by posting a prominent notice in our privacy policy or in other locations on our Web site or by sending you an email to inform you of our updated privacy policy.
Spam
We do not allow our service to be used for spam. We do not support it or engage in it. If you do not want to receive e-mail from us in the future, please let us know by contacting Customer Service at [email protected] or making the selection in the settings page.
Customer Service
Email: [email protected]
Questions?
If you have any questions on our Privacy Policy or complaints about our handling of your Personal and/or Financial Information, you can contact us at [email protected].