Posted on 1st July, 2015.
Updated on 7th March, 2016.
What We Collect and Why
We collect and use the following information to provide, improve and protect our Services:
Account. We collect, and associate with your account, information like your name, email address, phone number, payment info, and physical address. We may use your information for direct marketing purposes, such as sending you our newsletter(s) and updating you on our services. We will allow you to 'opt out' of such communications.
Services. When you use our Services, we store and process information regarding website domains that you visit (for example, domain name, protocol, port, time of visit, but not the full URL or parameters). This is required to provide the service, and is described in greater detail below under 'Your Website Visits'.
Usage. We collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies and other technologies. We use technologies like cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
Your Website Visits
When you use our software, we may collect information on what domains you visit, in order to provide our Services. We do not collect information on the full URL you visited, since that is not needed to provide our Services. So, for example, if you visit https://example.com:29011/articles/content.html?option=true, we only see:
The rest of the path, /articles/content.html?option=true, is hidden from us, and never touches our servers. We use the information collected primarily to:
- Give Partners a way to verify that a visitor is an active subscriber, so they can provide you the appropriate services as required by their partnership terms
- Determine which websites you make the most use of, in order to pay Partnering websites a fair rate for providing services to you
- Share anonymous, broad usage levels with non-Partners to encourage them to become Partners (e.g., how many of our subscribers regularly visit their website)
We only provide information related to that particular visit to that particular Partner. We do not provide that Partner with other information, except for that which you have given us permission to share. We do NOT share information like your name, email address, phone number, payment info, physical address, and so on. Please consult the Webpass.io API for details on exactly what information is shared through the API.
We can provide Partners with a way to recognise you across visits, called your Domain User ID. This is an ID that is unique to you, and unique to each domain. This provides a Partner with a way to remember you across subsequent visits. That means that even if you use a browser on a different computer, they can remember who you are and continue to give you access to your account without the need for cookies. This Service can be turned off under your Privacy settings in your account.
Who We Share With
We may share information as discussed below, but we won't sell your personal information to advertisers or other third-parties. You, as a subscriber, are our customer, and so our primary concern is with offering you a service that protects your interests.
Other users. Our Services may display information like your name to other users in places like our forums, should you use them. Certain features may let you choose to make additional information available to other users, and so we will share that information when you instruct us to.
Partners. We share some limited information with our Partners. This may be aggregate visitor statistic (e.g., how many Webpass.io subscribers visited over a period), or information as described above under 'Your Website Visits'. We do not share specific information about you with partners, except as described elsewhere here, or as authorised by you. Just remember that their use of your information will be governed by their privacy policies and terms.
Law & Order. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Webpass.io or our users; or (d) protect Webpass.io's property rights.
Stewardship of your data is critical to us and a responsibility that we embrace seriously. We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive. We'll abide by the following Government Request Principles when receiving, scrutinizing and responding to government requests for our users' data:
- Be transparent: Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll advocate for the right to provide this important information.
- Fight blanket requests: Government data requests should be limited to specific people and investigations. We’ll resist requests directed to large groups of people or that seek information unrelated to a specific investigation.
- Protect all users: Laws authorising governments to request user data from online services shouldn’t treat people differently based on their citizenship or where they live.
- Provide trusted services: Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We’ll work to protect our systems and to change laws to make it clear that this type of activity is illegal.
Around the world. To provide you with the Services, we may store, process and transmit information in locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services.
Your information is stored on our servers, and in backups. This includes your Visits, as described above. While currently unavailable, it is a priority for us to provide you with the means to select the retention policy for your Visits. Visits information will need to be kept for at least a period of 40 days in order to provide our Services, after which (once the functionality is implemented) we anticipate being able to remove such data, at your request. We are also experimenting with models where we need to retain Visits for only a few hours, and will make this available if we are able to while still providing our Services.
Credit Card Storage
Webpass.io may store some information about your credit card. The credit card details include (but are not limited to): the name on the card, expiry date and the masked version of the credit card (i.e, first 6 digits and last 4 digits). Your full Credit Card details are stored by Spreedly, a PCI Level 1 certified provider, and will be processed when required by an online merchant suitable for your region, through Spreedly. At no stage do we see your full credit card number.
Your saved payment methods are available in your account details. You are able to update this by logging in to your registered account. From there, you are able to add, remove, and set default payment methods.
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.
Have questions or concerns about Webpass.io, our Services and privacy? Contact us at firstname.lastname@example.org.