Privacy Policy

Last Updated: Jan 1, 2023

Information we collect

How we share and disclose information

California Privacy Notice (CCPA)

Virginia Privacy Notice (VCDPA)

Introduction and Overview

TrueVault (“TrueVault,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use and share information about you as well as your rights and choices about such collection, use and sharing, and applies to this website as well as the services offered by TrueVault, whether via this website or via our application or other software provided by TrueVault (collectively, the “Services”). (Please note that this Privacy Policy does not apply to customers of a business that uses TrueVault Safe, TrueVault Polaris or any other TrueVault product offerings. Please contact the business of which you are a customer to exercise your privacy rights with respect to such products.) 

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Services. By accessing or using the Services, whether or not you purchase any of our Services or create an account with us, you agree to this Privacy Policy. 

This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. If you have any questions about our privacy practices, please contact us as set forth in the Contact Us section below.

Information Collection

We collect the following types of information from users of the Services. 

1. Information You Provide to TrueVault

We collect certain information you provide directly via the Services:

  • Your contact information when you contact us by email, chat, telephone, or via a contact form.

  • Professional information about you, including your employer. 

  • Payment information when you subscribe to the Services.

  • The content of your communications with us as necessary to provide you with the Services.

2. Information Collected Automatically

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

  • Details of your use of the Services, including traffic data, logs, and other communication data and the resources that you access and use on the Services.

  • Information about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data may include IP address, MAC address, device advertising ID (e.g., IDFA or AAID), and other device identifiers.

The information we collect automatically helps us to improve the Services, including by enabling us to:

  • Estimate our audience size and usage patterns.

  • Store information about your preferences, allowing us to customize the Services according to your individual interests.

  • Recognize you when you return to the Services.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on your device. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of the Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services. 

3. Third-Party Sources of Information

We may receive your personal information from third-party resellers of consumer data for our sales and marketing purposes. 

Use of Information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present the Services and its contents to you, including to provide customer support.

  • To provide you with information, products, or services that you request from us.

  • To fulfill any other purpose for which you provide it.

  • If you have an account with TrueVault, to provide you with notices about your account. 

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • To notify you about changes to the Services or any products or services we offer or provide through it.

  • To allow you to participate in interactive features of the Services.

  • In any other way we may describe when you provide the information.

  • For any other purpose with your consent.

We may also use your information to contact you about our goods and services that may be of interest to you. If you do not want us to use your information in this way, please let us know at privacy@truevault.com

We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. 

For information on your rights and choices regarding how we use your information, see Your Rights and Choices below.

Sharing of Information

We share information about you as follows:

  • Service Providers. We may share your information with our agents, vendors and other service providers (collectively "Service Providers") in connection with their work on our behalf. Service Providers assist us with services such as payment processing, data analytics, marketing and promotional services, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.

  • Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

  • Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of TrueVault, the Services or any third party.

  • Consent. We may share your information for any other purpose disclosed to you and with your consent.

Without limiting the foregoing, in our sole discretion, we may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see Your Rights and Choices below.

Your Rights and Choices

1. Review and Update of Account Information

You may access, update, or remove certain account information that you have voluntarily submitted to us through the Services by sending an email to us at privacy@truevault.com. We may require additional information from you to allow us to confirm your identity. 

Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents have additional rights as set forth in Your California Privacy Rights below.

2. Tracking Technology Choices

Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. When we detect a Do Not Track signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. 

Please be aware that if you disable or remove tracking technologies, some parts of the Services may not function correctly.

3. Communications

You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at privacy@truevault.com with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of certain non-promotional emails, such as those about your account, transactions, servicing, or TrueVault’s ongoing business relations with you.

Children

The Services are intended for a general audience and are not directed to children under 13 years of age. TrueVault does not knowingly collect personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe TrueVault has collected such information in a manner not permitted by COPPA, please contact us at privacy@truevault.com and we will remove such information to the extent required by COPPA.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to this Privacy Policy

We reserve the right to revise this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy and updating the “last modified” date above. Your continued use of the Services indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

Contact Us

If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us as follows:

TrueVault Inc.
201 Mission Street, 12th Floor
San Francisco, California 94105

Information we collect

Information you provide to us

We collect the personal information you provide to us when you visit our websites. The categories of information we may collect include:

  • Personal Identifiers, including name, email address, and telephone number

We collect the personal information you provide to us when you visit our website. The categories of information we may collect include:

  • Personal Identifiers, including name, email address, and telephone number

To the extent we process deidentified personal information, we will make no attempt to reidentify such data.

Information collected automatically

We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. This data may be collected using browser cookies and other unique personal identifiers.

Opt-Out Preference Signals. Your browser settings may allow you to automatically transmit the Global Privacy Control (GPC) signal to online services you visit. When we detect such signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. GPC is supported by certain internet browsers or as a browser extension. You can find out how to enable GPC here.

Information from other sources

We may collect personal information about you from third-party sources, including Data Brokers.

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

How we share and disclose information

Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To

We may disclose the following personal information about you when you visit our websites:

Personal Information Disclosed Recipient (by Category)
Personal Identifiers Service Providers
Internet Activity Service Providers

We may disclose the following personal information about you when you visit our website:

Personal Information Disclosed Recipient (by Category)
Personal Identifiers Service Providers and Prospecting Contractors
Online Identifiers Service Providers
Internet Activity Service Providers

California Privacy Notice (CCPA)

This section provides additional information for California residents under the California Consumer Privacy Act (CCPA). The terms used in this section have the same meaning as in the CCPA. This section does not apply to information that is not considered "personal information," such as anonymous, deidentified, or aggregated information, nor does it apply to publicly available information as defined in the CCPA.

Collection and Disclosure of Personal Information

The personal information we collect is described above in Information we collect. The personal information we disclose for business or commercial purposes is described above in How we share and disclose information. The length of time for which we retain personal information is described above in How long we keep your data.

Business and Commercial Purposes for Collection

We collect personal information for the following business purposes:

  • Checking Job Applicant and Employee Backgrounds
  • Creating Customer Profiles
  • Fulfilling Customer Orders

Information “Sharing” and “Selling”

We do not sell or share any personal information to any third parties.

CCPA Rights

Your CCPA rights are described below. You can make a Request to Know or a Request to Delete under the CCPA by submitting a Privacy Request at the top of this page, or by clicking here.

Right to Know

You have the right to request to know the following about the personal information we have collected about you in the past 12 months:

  • the categories and specific pieces of personal information we have collected about you
  • the categories of sources from which we collect personal information about you
  • the business and commercial purposes for which we collect personal information
  • the categories of third parties with whom we share the information
  • the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose

The information we would provide to you in response to a Request to Know Categories is contained in this Privacy Notice. To access the specific personal information we have about you, submit a Request to Know via the link above. If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal information about you that you have provided to us. We will permanently delete from our records any personal information that is not necessary for our business operations and direct our service providers to do the same.

We consider information to be necessary for our business operations if it is used to:

  • Complete an obligation to you that you have requested
  • Detect and resolve issues related to security or functionality
  • Comply with legal obligations
  • Enable solely internal uses

Right to Non-Discrimination

If you exercise your CCPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services, including through the use of discounts or other benefits or penalties
  • We will not provide a different level or quality of goods or services to you

Right to Opt-Out

We do not sell or share any personal information to third parties.

Request Verification

Before we can respond to a Request to Know or Request to Delete, we will need to verify that you are the consumer who is the subject of the CCPA request. Verification is important for preventing fraudulent requests and identity theft. Requests to Opt-Out do not require verification.

Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you. If we cannot verify your identity based on our records, we cannot fulfill your CCPA request.

For a request that seeks specific personal information, we ask that you sign a declaration stating that you are the consumer whose personal information is the subject of the request, as required by the CCPA.

In some cases, we may have no reasonable method by which we can verify a consumer's identity. For example:

  • If a consumer submits a request but we have not collected any personal information about that consumer, we cannot verify the request.
  • If the only data we have collected about a consumer is gathered through website cookies (i.e. the consumer visited our website but had no other interaction with us), we are unable to reasonably associate a requester with any data collected; therefore, we cannot verify the request.
  • If we process a consumer’s information as a service provider to another organization, we are not permitted to respond in a substantive way to that consumer’s CCPA request. We will, however, assist the organization in fulfilling your privacy request.

Authorized Agent

A California resident's authorized agent may submit a Request to Know or a Request to Delete under the CCPA by emailing us at privacy@truevault.com. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above. We will also ask for proof that the person who is the subject of the request authorized an agent to submit a privacy request on their behalf. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but consumer verification is not required.

If you have trouble accessing this notice, please contact us at privacy@truevault.com.

Contact Us

If you have any privacy-related questions, please send them to privacy@truevault.com.

Virginia Privacy Notice (VCDPA)

This section provides additional information for Virginia residents under the Virginia Consumer Data Protection Act (VCDPA). ​​The terms used in this section have the same meaning as in the VCDPA. This section does not apply to information that is not considered "personal data," such as deidentified or publicly available information as defined in the VCDPA.

Collection and Disclosure of Personal Information

The personal data we collect is described above in Information we collect. The personal data we disclose to third parties and the categories of third parties to whom we disclose personal data is described above in How we share and disclose information. The length of time for which we retain personal information is described above in How long we keep your data.

Purposes for Processing

We process personal information for the following purposes:

  • Checking Job Applicant and Employee Backgrounds
  • Creating Customer Profiles
  • Fulfilling Customer Orders

Data “Selling” and Targeted Advertising

We do not sell personal data or process personal data for targeted advertising.

Profiling

The VCDPA gives consumers the right to opt out of automated profiling that produces legal or similarly significant effects, such as approval for a loan, employment, or insurance.

We do not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

VCDPA Rights

Your VCDPA rights are described below. You can make a Privacy Request by clicking the link at the top of this page, or by clicking here.

Right to Access

You have the right to confirm whether we are processing personal data about you and to access such data. Where processing is carried out by automated means, you have a right to receive a copy of your personal data in a portable and readily usable format that allows you to transmit your data to another controller.

If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal data provided by or obtained about you. We will permanently delete any such personal data from our records and direct our processors to do the same. However, we may retain your personal data if it is necessary for certain purposes, including the following:

  • To comply with legal obligations
  • To comply with an official investigation or cooperate with law-enforcement agencies
  • To establish or defend legal claims
  • To complete an obligation to you that you have requested
  • To respond to security incidents, fraud, harassment, and other similar activity
  • To identify and repair technical errors
  • To conduct internal research to develop, improve, and repair our products and services
  • For internal operations that are reasonably aligned with your expectations

Any personal data retained for these purposes will not be processed for other purposes.

Right to Non-Discrimination

If you exercise your VCDPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services
  • We will not provide a different level or quality of goods or services to you

However, we may offer a different price, rate, level, quality, or selection of products or services if your personal data is required in order to provide those products or services and you have exercised your right to opt out, or the offer is related to a voluntary loyalty or rewards program.

Right to Opt-Out

We do not sell your personal data, process it for targeted advertising, or engage in profiling in this way.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Right to Appeal

If we decline to take action in response to any of your privacy requests, you have the right to appeal that decision within a reasonable amount of time.

If you believe your rights have been violated and you are not able to resolve the issue directly with us, you may file a complaint with the Virginia Attorney General’s Office.