SafeToOpen Online Privacy Statement

What This Statement Covers
This Statement only applies to the personal and business information we collect through our systems and does not apply to information collected by or in connection with your use of our products and services. To learn more about the privacy practices relating to certain products or services, visit our “If You Use Our Products” Section.

Information we collect:
When you send your emails to us or sign up to our dashboard, we may collect or ask you to provide certain information in order to help us manage our relationship with you. This information may include:
    * Contact details, such as name, email address and phone number
    * Shipping and billing information
    * Information you provide to us to receive technical assistance or during customer service interactions

* Depending on the service you use, we may collect different type of information:

I-  Email Verification - SafeToOpen add-in for Microsoft Outlook: 

        a. Free Outlook Add-in:
            * Your email address

            * Your IP address / country

            * The SHA-2 of FQDNs of links in the email you verify (we do NOT collect clear-text URLs in your email when you verify an email)

           * Full URL of the link you report to us

        b. Premium Outlook Add-in:
            * Your email address

            * All information from free outlook add-in

            * Subscribed email addresses

            * Company name, website (if available)

            * Username and password to manage your account

            * Phone number, contact details for support (Only for medium-size and enterprises)

            * Your subscription period

            * Your monthly payment information is stored on our third-party payment gateway

II- Browser Extension: 

    a. Unmanaged version / Free version or Version you directly download from Chrome, Mozilla and Microsoft stores:

            * Your IP address

            * The SHA-2 of FQDNs and Domain name of links you are visiting

            * Version of the extension you are using

            * The reason why a URL is categorised as suspicious or phishing 

            * Your browser and OS information (name and version)

            * HTTP referer of the link you are visiting

            * Full URL of detected suspicious or phishing URL (Not all website you visit)

            * Full URL of the website you report to us (as mistake or as phishing/suspicious)


        b. Managed version:

            * All information from unmanaged version

            * Customer ID

            * Username and password to manage your account

            * Phone number, contact details for support 

            * IP address and ports of the SafeToOpen VM installed within your cloud environment

III- SafeToOpen's Backend (Virtual Machine in Microsoft Azure and Amazon AWS)
    When you install SafeToOpen VM in your Microsoft Azure or Amazon AWS cloud environment, you are asked to create an account to log in with the web application installed on the VM and provide SafeToOpen with your business details as below:
        a. An account to access the web application installed on the VM

             * Corporate Email address. It is used as your user name when you want to login to the box. Also, we use the domain name of your corporate email address to register your business in our systems.

            * Password. The password you provide in the registration phase is ONLY stored on the VM. In other words, we do not store your password in our systems. Hence, we are unable to reset/recover your password. Please store your password in a secure location.

        b. Information we collect about your organization
            * Your first name and last name

            * Your email address. We use your email address to communicate with you and provide you with our latest services and capabilities.

            * Your phone number

            * Your Business legal name

            * Your corporate main website

            * Your corporate address and country

Similar to the email address, we use your full name and phone number to communicate with you to update you with SafeToOpen new features. Please note that your phone number and physical address will not be shared with anyone outside SafeToOpen.

We use your business legal name, main website and country to perform some research about your business to tune out our scanning engines to provide you with the best service and reduce false positives. For example, we use your country to provide you with related threat feeds (confirmed phishing IoC) to your country. Also, we use the type of industry your business is in to provide you with related phishing detection theme. For example, if your business is in the financial industry, our scanning engines will treat reported URLs differently from the health industry.


How We Use Your Information
We may use your Information to:
    * Detect phishing websites targeting your business
    * Create and manage your account
    * Verify your identity and entitlement to products or services, when you contact us or access our services
    * Provide commercial quotes for our products and services
    * Process your purchase transactions
    * Update you on the status of your orders
    * Manage your subscriptions
    * Provide you with technical and customer support
    * Subscribe you to a newsletter, send product updates or technical alerts
    * Communicate with you about and manage your participation in contests, offers or promotions
    * Solicit your opinion or feedback, provide opportunities for you to test our new features/products
    * Research and implement product improvements and product updates
    * Evaluate and improve the quality of our products, services and websites
    * Enforce our legal rights or comply with legal requirements

Marketing:
In addition to the purposes described above, we may, in compliance with applicable consent requirements, use Your Information to provide you with advertisements, promotions and information about products and services tailored to you and your needs. This may include using demographic data or trend data provided by third parties, where permitted. Contact details, including email addresses, may be used to contact you. If you do not want us to use Your Information in this way, you can simply choose not to give your permission on the web pages and/or forms with which we collect Your Information. Please note that in some regions this may involve un-checking a box. You can also exercise this right at any time by unsubscribing from a promotional email.

Interest-Based Ads:
We do not use any of your information for the Internet-based advertisement.

Information From Third Parties:
We do not obtain any information about you from third parties.

Tracking Technologies & Do-Not-Track Cookies:

We do not track your activities on our websites.

How We Disclose Your Information:
We do not sell, lease, rent or give away Your Information. We only disclose Your Information as described below, within our group of companies, with our partners, with service providers that process information on our behalf and with law enforcement. Processing is only undertaken for the purposes described in this Statement. If we disclose Your Information, we require those we disclose it with to comply with adequate privacy and confidentiality requirements and security standards.

Partners:
We may provide Your Information to our partners for the sole purpose of allowing them to conduct SafeToOpen business. Our partners go through a certification process and only after that are they authorized to promote and sell our products and services. Our partners may use Your Information to communicate with you and others about SafeToOpen services. We do not share your contact details with promotional email.

Service Providers Processing Data On Our Behalf:
We may use contractors and service providers to process Your Information on our behalf for the purposes described in this Statement. We contractually require service providers to keep information secure and confidential, and we do not allow our data processors to disclose your information to others without our authorization, or to use it for their purposes. However, if you have an independent relationship with these service providers, their privacy statements will apply.

Law Enforcement:
In certain instances, it may be necessary for SafeToOpen to disclose Your personal information to government officials or otherwise as required by applicable law. No personal information will be disclosed to any law enforcement agency or governmental agency except in response to:
    * A subpoena, warrant or other process issued by a court of competent jurisdiction
    * A legal process having the same consequence as a court-issued request for information, in that if SafeToOpen were to refuse to provide such information, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honour such legal process
    * Where such disclosure is necessary for SafeToOpen to enforce its legal rights pursuant to the laws of the jurisdiction from which such information was gathered
    * A request for information with the purpose of identifying and/or preventing credit card fraud
    * Where such disclosure is necessary to prevent or lessen a serious and imminent threat of bodily harm to the data subject

Transfer Among SafeToOpen Entities:
We are a global company and, as such, we process information in many countries. To conduct our business, and in accordance with this Statement, Your Information may be transferred to
SafeToOpen Corporation in multiple geographic zones. If the privacy of your data-in-rest is a big matter for you, please contact us ([email protected]) so that we can help you with the nearest geographical zone to process and preserve your emails.

How We Protect Your Information:
We have taken appropriate technical and organizational security measures to protect Your Information from misuse, unauthorized or unlawful access or disclosure, loss, alteration, damage or destruction. These measures include:
    * Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing your information.
    * Technology safeguards, like the use of anti-virus and endpoint protection software, encryption, and monitoring of our systems and data centers to ensure that they comply with our security policies. For example, credit card information is transmitted using Transport Layer Security (TLS) encryption.
    * Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect Your Information. Our organizational privacy policies and standards also guide our handling of Your Information.

Storage of Your Information:

The information we collect from you may be stored on servers in the Amazon AWS.

Children’s Privacy
Our site is not directed to, nor do we knowingly collect information from, children under the age of 13.

Managing Your Information:
We retain Your Information for as long as your account is active or as needed to provide you services. We also retain and use Your Information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We delete the original email from our mail servers one the analysis of your emails has been finished. The metadata and the report of your emails are still stored on our servers, and you can delete them from your dashboard.