This privacy notice discloses the privacy practices for CTemplar and our website www.ctemplar.com (“Site”). This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
What Information We Collect
When you visit our website, your browser sends us your user-agent and IP address. When you leave our site no records are kept of your IP address with association to your account. We store your IP in an anonymous way for 7 days. This is required to defend and prevent abuse that could shut down our service. After 7 days it is deleted and no records are kept. If you visit using our Onion site, then your real IP address is not seen.
We do not use any CDN service.
What Information We Retain
- Username, recovery email, account preferences are not encrypted at rest and are recorded until account is deleted.
- Generated PGP key pair, encrypted at rest with your password.
- Your password is created using a zero-knowledge proof, so it does not leave your computer nor is sent by the network. We do not know your password. We are not capable of accessing your account with the password hash we possess.
- Messages, Subjects and attachments between CTemplar users and external providers are encrypted at rest using your 4096-bit PGP public key.
- Messages, Subjects and attachments between CTemplar users (custom domains) are encrypted end-to-end using the recipient’s 4096-bit PGP public key. This is done in the sender’s web browser or phone app before it is sent to our servers.
- Contact list is encrypted at rest using your 4096-bit PGP public key.
- Metadata is encrypted at rest using your 4096-bit PGP public key (Work in progress).
- Users may be given an option to scan attachments for viruses. If this option is selected the attachment will be sent to many, 3rd party, malware detection tools. If users do not use this feature then this will not apply whatsoever. Users are given an option to disable this feature.
- If you choose to delete your account, everything is deleted and no records or backups kept. However we record usernames 1 year so they cannot be used during this time. No other information from the deleted account is recorded except the username. This is required to prevent a new user creating an email address that may have been previously involved in crime or a court order.
In order to use this website, a user must first complete the registration form. During registration, a user is required to give to provide a username and password. This information is used to enable your use of the Site.The password is created in your browser using a zero-knowledge proof. We do not know your password and we cannot discover it with the hash we have. When payment is made with a credit or debit card, your card information is retained by a 3rd party, so they can process the payment. We encourage and support paying via Bitcoin.
We will not disclose anything to third parties, except your payment information if you choose to buy a paid account.
This web site may contain links to other sites (Example: Blog post citations). Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read that sites privacy statements.
Compliance and Cooperation with Regulatory Authorities
CTemplar will only comply with valid Icelandic court orders. When presented with a valid Icelandic court order, we will give them your content. Due to our zero access password technology, we do not know your password/passphrase so we are not able to decrypt your emails. The SRI & Checksum technology that we offer makes it impossible for us to serve malicious scripts that could reveal your password, thus allowing us to access your account.
We do not collect aggregated usage or tracking information.
Registered users have the option of accessing, correcting, updating their settings at any time.
If you do not want your browser to accept cookies, you can turn off the cookie acceptance option in the browser’s settings.
We do not use or collect Pixel Tags, also known as beacons, spotlight tags or web bugs.
EU Personal Data
If you are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your personal data. We will be the controller of your personal data processed in connection with the Site.
Without prejudice to any other administrative or judicial remedy, every customer shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the customer considers that the processing of personal data relating to him or her infringes this Regulation.
Should you select the optional opportunity to receive promotional emails from us about current offers and incentives, we will also use your email for this purpose. If you have not selected this Opt-in option, you will not receive promotional emails. If you have opted to receive promotional emails, or if you receive transactional emails about your incomplete order, you may choose to remove (Opt-out) this feature at any time and the emails will be stopped.
Your email address may also be used should we ever need to contact you regarding your order.
Your Acceptance of these Terms
We do not allow our service to be used for spam. We do not support it or engage in it. If you do not want to receive e-mail from us in the future, please let us know by contacting Customer Service at email@example.com or making the selection in the settings page.