Privacy Policy

Our privacy policy continues our commitment to serve you and explains how we intend to protect your privacy. We are responsible for the protection of your personal data and we take this responsibility very seriously. All basic customer data in Ctemplar.com are encrypted end-to-end. This Privacy Policy covers Ctemplar.com’s (“CTemplar”, “We”, “Us”, “Our”) treatment of information we collect when you are on our site and when you use our services. CTemplar has created this privacy statement to demonstrate our firm commitment to protect your privacy and to fully disclose what information we collect and how we use it.

This privacy notice discloses the privacy practices for CTemplar and our website www.ctemplar.com (“Site”). This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:

What Information We Collect

When you visit our website, your browser sends us your user-agent and IP address. When you leave our site no records are kept of your IP address with association to your account. We store your IP in an anonymous way for 7 days. This is required to defend and prevent abuse that could shut down our service. After 7 days it is deleted and no records are kept. If you visit using our Onion site, then your real IP address is not seen.

We do not use any CDN service.

What Information We Retain

  • Username, recovery email, account preferences are not encrypted at rest and are recorded until account is deleted.
  • Generated PGP key pair, encrypted at rest with your password.
  • Your password is created using a zero-knowledge proof, so it does not leave your computer nor is sent by the network. We do not know your password. We are not capable of accessing your account with the password hash we possess.
  • Messages, Subjects and attachments between CTemplar users and external providers are encrypted at rest using your 4096-bit PGP public key. 
  • Messages, Subjects and attachments between CTemplar users (custom domains) are encrypted end-to-end using the recipient’s 4096-bit PGP public key. This is done in the sender’s web browser or phone app before it is sent to our servers. 
  • Contact list is encrypted at rest using your 4096-bit PGP public key. 
  • Metadata is encrypted at rest using your 4096-bit PGP public key (Work in progress).
  • Users may be given an option to scan attachments for viruses. If this option is selected the attachment will be sent to many, 3rd party, malware detection tools. If users do not use this feature then this will not apply whatsoever. Users are given an option to disable this feature.
  • If you choose to delete your account, everything is deleted and no records or backups kept. However we record usernames 1 year so they cannot be used during this time. No other information from the deleted account is recorded except the username. This is required to prevent a new user creating an email address that may have been previously involved in crime or a court order.

Registration

In order to use this website, a user must first complete the registration form. During registration, a user is required to give to provide a username and password. This information is used to enable your use of the Site.The password is created in your browser using a zero-knowledge proof. We do not know your password and we cannot discover it with the hash we have. When payment is made with a credit or debit card, your card information is retained by a 3rd party, so they can process the payment. We encourage and support paying via Bitcoin.

Sharing

We will not disclose anything to third parties, except your payment information if you choose to buy a paid account.

Links

This web site may contain links to other sites (Example: Blog post citations). Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read that sites privacy statements.

Compliance and Cooperation with Regulatory Authorities

CTemplar will only comply with valid Icelandic court orders. When presented with a valid Icelandic court order, we will give them your content. Due to our zero access password technology, we do not know your password/passphrase so we are not able to decrypt your emails. The SRI & Checksum technology that we offer makes it impossible for us to serve malicious scripts that could reveal your password, thus allowing us to access your account.

Aggregated Information

We do not collect aggregated usage or tracking information.

Updating Information

Registered users have the option of accessing, correcting, updating their settings at any time.

Cookies

A “cookie” is a bit of data sent by a Web site through the browser to the computer of the user visiting the site, and enables the site to return the results the browser expects. CTemplar uses temporary, session-specific cookies to ensure visits to the site is smooth for the visitor. Specifically, we use cookies to provide continued use of our website even if the user refreshes their browser without the need to login again (only if user has enabled remember me).

If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in the browser’s settings.

Pixel Tags

We do not use or collect Pixel Tags, also known as beacons, spotlight tags or web bugs.

EU Personal Data

If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your personal data. We will be the controller of your personal data processed in connection with the Site.

Without prejudice to any other administrative or judicial remedy, every customer shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the customer considers that the processing of personal data relating to him or her infringes this Regulation.

Should you select the optional opportunity to receive promotional emails from us about current offers and incentives, we will also use your email for this purpose. If you have not selected this Opt-in option, you will not receive promotional emails. If you have opted to receive promotional emails, or if you receive transactional emails about your incomplete order, you may choose to remove (Opt-out) this feature at any time and the emails will be stopped.

Your email address may also be used should we ever need to contact you regarding your order.

Your Acceptance of these Terms

By using our Site, you signify your acceptance of the terms of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Site and exit immediately. Consent may be withdrawn at any time by emailing us at support@ctemplar.com. Corrections may also be made by emailing us at support@ctemplar.com.

Changes to Privacy Policy

CTemplar may amend this policy from time to time. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any substantial changes in the way we use your personal information, we will notify you by posting a prominent notice in our privacy policy or in other locations on our Web site or by sending you an email to inform you of our updated privacy policy.

Spam

We do not allow our service to be used for spam. We do not support it or engage in it. If you do not want to receive e-mail from us in the future, please let us know by contacting Customer Service at support@ctemplar.com or making the selection in the settings page.

Customer Service

Email: support@ctemplar.com

Questions?

If you have any questions on our Privacy Policy, or complaints about our handling of your Personal and/or Financial Information, you can contact us at support@ctemplar.com.