Privacy Policy

Last Updated: Jun 30, 2023

Information we collect

How we disclose information

California Privacy Notice (CCPA)

Virginia Privacy Notice (VCDPA)

Colorado Privacy Notice (CPA)

Connecticut Privacy Notice (CTDPA)

Contact Us

Introduction and Overview

TrueVault (“TrueVault,” “we,” “our” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use and share information about you as well as your rights and choices about such collection, use and sharing, and applies to this website as well as the services offered by TrueVault, whether via this website or via our application or other software provided by TrueVault (collectively, the “Services”). (Please note that this Privacy Policy does not apply to customers of a business that uses TrueVault Safe, TrueVault Polaris or any other TrueVault product offerings. Please contact the business of which you are a customer to exercise your privacy rights with respect to such products.)

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Services. By accessing or using the Services, whether or not you purchase any of our Services or create an account with us, you agree to this Privacy Policy.

This Privacy Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. If you have any questions about our privacy practices, please contact us as set forth in the Contact Us section below.

Information we collect

Information you provide to us

We collect the personal information you provide to us when you visit our websites. The categories of information we may collect include:

  • Personal Identifiers, including name
  • Professional, including professional information

We collect the personal information you provide to us when you visit our website. The categories of information we may collect include:

  • Personal Identifiers, including name and email address
  • Commercial and Financial Information, including signature
  • Physical and Audio Data, including audio information and visual information
  • Professional, including professional information

To the extent we process deidentified personal information, we will make no attempt to reidentify such data.

Information collected automatically

We automatically collect internet or other electronic information about you when you visit our website, such as IP address, browsing history and interactions with our website. This data may be collected using browser cookies and other tracking technologies.

Opt-Out Preference Signals. Your browser settings may allow you to automatically transmit an opt-out preference signal, such as the Global Privacy Control (GPC) signal, to online services you visit. When we detect such signal, we place a U.S. Privacy String setting in your browser so that any third party who respects that signal will not track your activity on our website. Your request to opt-out of sale/sharing will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us. GPC is supported by certain internet browsers or as a browser extension. Find out how to enable GPC..

Information from other sources

We may collect personal information about you from third-party sources, including Data Brokers and Other consumers (e.g., referrals).

Data Brokers

  • Personal Identifiers, including Name and Email address
  • Professional, including Professional information

Other consumers (e.g., referrals)

  • Personal Identifiers, including Name
  • Professional, including Professional information

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

We generally retain data according to the guidelines below.

Type of DataRetention Period
Cookies and online data we collect while you use our website, including Online Identifiers, Internet Activity We delete or anonymize data concerning your use of our website within 15 years of collecting it.
Data we collect in order to process and ship orders you place with us, including Name, Signature, Professional information We keep personal information related to products and services you purchase for as long as the personal data is required for us to fulfill our contract with you, and for 15 years from your last purchase with us. We may keep data beyond this period in anonymized form.
Data we collect when you contact us for customer support and other inquiries, including Name, Email address, Audio information, Visual information, Professional informationWe keep customer feedback and correspondence with our customer service for up to 2 years to help us respond to any questions or complaints. We may keep data beyond this period in anonymized form.
Data we collect when you review our products, answer surveys, or send feedback, including Name, Email address, Internet Activity, Professional informationWe retain review, survey, and feedback data for up to 5 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services.
Data we collect in connection with privacy requests, including Name, Email address, Online IdentifiersWe retain records related to privacy requests as long as necessary to comply with our legal obligations, and for a minimum of 24 months.

Purposes of Processing

We process personal information for the following purposes:

  • Conducting Surveys
  • Fulfilling Customer Orders
  • Improving our Products & Services
  • Meeting Compliance & Legal Requirements
  • Operating Our Website or Mobile Apps
  • Processing Payments
  • Providing Customer Support
  • Sending Promotional Communications
  • Tracking Purchases & Customer Data

How we disclose information

Information Disclosed for Business or Commercial Purposes in the Last 12 Months, and Categories of Parties Disclosed To

We may disclose the following personal information about you when you visit our websites:

Personal Information CategoryCategories of Service ProvidersCategories of Third Parties
Personal IdentifiersBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, and Sales & Marketing ToolsNone
Online IdentifiersBusiness Operations Tool, Collaboration & Productivity Tools, Customer Support Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, and Website Operations ToolNone
Internet ActivityBusiness Operations Tool, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, and Website Operations ToolNone
ProfessionalBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, and Sales & Marketing ToolsNone

We may disclose the following personal information about you when you visit our website:

Personal Information CategoryCategories of Service ProvidersCategories of Third Parties
Personal IdentifiersBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, and Sales & Marketing ToolsNone
Online IdentifiersBusiness Operations Tool, Collaboration & Productivity Tools, Customer Support Tools, Data Analytics Providers, Governance, Risk & Compliance Software, IT Infrastructure Services, Sales & Marketing Tools, and Website Operations ToolNone
Internet ActivityBusiness Operations Tool, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, Sales & Marketing Tools, and Website Operations ToolNone
Commercial and Financial InformationBusiness Operations Tool and Sales & Marketing ToolsNone
Physical and Audio DataCollaboration & Productivity Tools and Data Analytics ProvidersNone
ProfessionalBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, Data Analytics Providers, IT Infrastructure Services, and Sales & Marketing ToolsNone

California Privacy Notice (CCPA)

This section provides additional information for California residents under the California Consumer Privacy Act (CCPA). The terms used in this section have the same meaning as in the CCPA. This section does not apply to information that is not considered "personal information," such as anonymous, deidentified, or aggregated information, nor does it apply to publicly available information as defined in the CCPA.

To the extent we process deidentified personal information, we will make no attempt to reidentify such data.

Collection and Disclosure of Personal Information

The personal information we collect is described above in Information we collect. The personal information we disclose for business or commercial purposes is described above in How we disclose information. The length of time for which we retain personal information is described above in How long we keep your data. Our purposes for processing data are described above in Purposes of processing.

Information “Sharing” and “Selling”

We do not receive monetary or other valuable consideration in exchange for your data and therefore do not "sell" your data as defined in CCPA.

We do not “share” personal data with third parties, as that term is defined in the CCPA.

We do not knowingly sell or share (for cross-context behavioral advertising) the personal information of consumers under 16 years of age.

CCPA Rights

Your CCPA rights are described below. Make a Privacy Request by clicking here or the link at the top of this page or by emailing us at moc.tluaveurt@ycavirp.

Right to Know and Access

You have the right to request to know and access the following about the personal information we have collected about you in the past 12 months:

  • the categories and specific pieces of personal information we have collected about you
  • the categories of sources from which we collect personal information about you
  • the business or commercial purposes for which we collect, sell, or share personal information
  • the categories of third parties with whom we disclose the information
  • the categories of personal information about you that we have sold, shared, or disclosed for a business purpose, and the categories of third parties to whom we have sold, shared, or disclosed that information for a business purpose

The information we would provide to you in response to a Request to Know Categories is contained in this Privacy Notice. To receive a copy of the specific personal information we have about you, submit a Request to Know or Access via the link above. If you make a Request to Know more than twice in a 12-month period, or we determine the request is manifestly unfounded or excessive, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal information about you that you have provided to us. Subject to certain limitations, we will delete from our records your requested personal information and direct our service providers to do the same.

Right to Non-Discrimination

If you exercise your CCPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services, including through the use of discounts or other benefits or penalties
  • We will not provide a different level or quality of goods or services to you
  • We will not suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services
  • We will not retaliate against you, as an employee, applicant for employment, or independent contractor

We may still offer you certain financial incentives permitted by the CCPA such as discounts, rewards, premium features, or loyalty accounts that can result in different prices, rates, or quality levels.

Right to Opt-Out

We do not sell or share any personal information to third parties.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Request Verification

Before we can respond to a Request to Know or Request to Delete, we will need to verify that you are the consumer who is the subject of the CCPA request. Verification is important for preventing fraudulent requests and identity theft. Requests to Opt-Out do not require verification.

Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you. If we cannot verify your identity based on our records, we cannot fulfill your CCPA request. If you submit a request not through our webform, we will ask you to provide the same information requested in the webform.

For a request that seeks specific personal information, we ask that you sign a declaration stating that you are the consumer whose personal information is the subject of the request, as required by the CCPA.

In some cases, we may have no reasonable method by which we can verify a consumer's identity. For example:

  • If a consumer submits a request but we have not collected any personal information about that consumer, we cannot verify the request.
  • If the only data we have collected about a consumer is gathered through website cookies (i.e. the consumer visited our website but had no other interaction with us), we are unable to reasonably associate a requester with any data collected; therefore, we cannot verify the request.
  • If we process a consumer’s information as a service provider to another organization, we are not permitted to respond in a substantive way to that consumer’s CCPA request. We will, however, assist the organization in fulfilling your privacy request.

Authorized Agent

A California resident's authorized agent may submit a rights request under the CCPA by emailing us at moc.tluaveurt@ycavirp. Requests submitted by an authorized agent will still require verification of the consumer who is the subject of the request in accordance with the process described above. We will also ask for proof that the consumer who is the subject of the request authorized an agent to submit a privacy request on their behalf by either verifying their own identity with us directly or directly confirming with us that they provided the authorized agent permission to submit the request. An authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 may also submit proof of statutory power of attorney, which does not require separate consumer verification.

If you have trouble accessing this notice, please contact us at moc.tluaveurt@ycavirp.

Contact Us

If you have any privacy-related questions or have trouble accessing this notice, please email moc.tluaveurt@ycavirp.

Virginia Privacy Notice (VCDPA)

This section provides additional information for Virginia residents under the Virginia Consumer Data Protection Act (VCDPA). The terms used in this section have the same meaning as in the VCDPA. This section does not apply to information that is not considered "personal data," such as deidentified or publicly available information as defined in the VCDPA.

Collection and Disclosure of Personal Information

The personal data we collect is described above in Information we collect. The personal data we disclose to third parties and the categories of third parties to whom we disclose personal data is described above in How we disclose information. The length of time for which we retain personal information is described above in How long we keep your data. Our purposes for processing data are described above in Purposes of processing.

Data “Selling” and Targeted Advertising

We do not receive monetary consideration in exchange for your data and therefore do not "sell" your data as defined in VCDPA.

We do not process personal data for purposes of targeted advertising as defined in the VCDPA.

Profiling

The VCDPA gives consumers the right to opt out of automated profiling that produces legal or similarly significant effects, such as approval for a loan, employment, or insurance.

We do not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

VCDPA Rights

Your VCDPA rights are described below. Make a Privacy Request by clicking here or the link at the top of this page.

Right to Access

You have the right to confirm whether we are processing personal data about you and to access such data. Where processing is carried out by automated means, you have a right to receive a copy of your personal data in a portable and readily usable format that allows you to transmit your data to another controller.

If you make an Access Request more than twice in a 12-month period, or we determine the request is manifestly unfounded or excessive, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal data provided by or obtained about you. Subject to certain limitations, we will permanently delete any such personal data from our records and direct our processors to do the same.

Right to Non-Discrimination

If you exercise your VCDPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services
  • We will not provide a different level or quality of goods or services to you

However, we may offer a different price, rate, level, quality, or selection of products or services if your personal data is required in order to provide those products or services and you have exercised your right to opt out, or the offer is related to a voluntary loyalty or rewards program.

Right to Opt-Out

Sale of Personal Data:
We do not sell your personal data, as defined by the VCDPA.

Targeted Advertising:
We do not process your personal data for the purpose of targeted advertising.

Profiling:
We do not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Authenticating Your Request

Once we receive your request, we will verify the information you provided by matching the information that we have collected. If we cannot authenticate your request, we may ask for additional information from you. If you are unable to provide additional information, or we are unable to authenticate the request using commercially reasonable efforts, we may deny your request.

Right to Appeal

If we decline to take action in response to any of your privacy requests, you have the right to appeal that decision within a reasonable amount of time, but no later than 90 days from the date of our decision. To submit a request for appeal, click here and select "Appeal a Decision" in the request type drop-down.

If you believe your rights have been violated and you are not able to resolve the issue directly with us, you may file a complaint with the Virginia Attorney General’s Office.

Colorado Privacy Notice (CPA)

This section provides additional information for Colorado residents under the Colorado Privacy Act (CPA). The terms used in this section have the same meaning as in the CPA. This section does not apply to information that is not considered "personal data," such as deidentified or publicly available information as defined in the CPA.

Collection and Disclosure of Personal Information

The personal data we collect is described above in Information we collect. The personal data we disclose to third parties and the categories of third parties to whom we disclose personal data is described above in How we disclose information. The length of time for which we retain personal information is described above in How long we keep your data. Our purposes for processing data are described above in Purposes of processing.

Data “Selling” and Targeted Advertising

We do not receive monetary or other valuable consideration in exchange for your data and therefore do not "sell" your data as defined in CPA.

We do not process personal data for purposes of targeted advertising as defined in the CPA.

Profiling

The CPA gives consumers the right to opt out of automated profiling that produces legal or similarly significant effects, such as approval for a loan, employment, or insurance.

We do not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

CPA Rights

Your CPA rights are described below. Make a Privacy Request by clicking here or the link at the top of this page.

Right to Access

You have the right to confirm whether we are processing personal data about you and to access such data. You have a right to receive a copy of your personal data in a portable and readily usable format that allows you to transmit your data to another controller.

If you make a Request to Know more than twice in a 12-month period, or we determine the request is manifestly unfounded or excessive, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal data we have obtained about you. We will permanently delete any such personal data from our records and direct our processors to do the same. However, we may retain your personal data if it is necessary for certain purposes, including the following:

  • To comply with legal obligations
  • To comply with an official investigation or cooperate with law-enforcement agencies
  • To establish or defend legal claims
  • To complete an obligation to you that you have requested
  • To respond to security incidents, fraud, harassment, and other similar activity
  • To identify and repair technical errors
  • To conduct internal research to develop, improve, and repair our products and services
  • For internal operations that are reasonably aligned with your expectations

Any personal data retained for these purposes will not be processed for other purposes.

Right to Non-Discrimination

If you exercise your CPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services
  • We will not provide a different level or quality of goods or services to you

However, we may offer a different price, rate, level, quality, or selection of products or services if the exercise of your CPA rights affects the feasibility or the value of those products or services, or the offer is related to a voluntary loyalty or rewards program.

Right to Opt-Out

We do not sell your personal data, process it for targeted advertising, or engage in profiling in this way.

Authorized Agents. You may authorize an agent to submit a Request to Opt-Out on your behalf, including through a technology such as a web link, browser setting, or global device setting. We will comply with such requests if we are able to authenticate your identity and the agent’s authority to act on your behalf.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Authenticating Your Request

Once we receive your request, we will verify the information you provided by matching the information that we have collected. If we cannot authenticate your request, we may ask for additional information from you. If you are unable to provide additional information, or we are unable to authenticate the request using commercially reasonable efforts, we may deny your request.

Right to Appeal

If we decline to take action in response to any of your privacy requests, you have the right to appeal that decision within a reasonable amount of time, but no later than 90 days from the date of our decision. To submit a request for appeal, click here and select "Appeal a Decision" in the request type drop-down.

If you believe your rights have been violated and you are not able to resolve the issue directly with us, you may file a complaint with the Colorado Attorney General’s Office.

Connecticut Privacy Notice (CTDPA)

This section provides additional information for Connecticut residents under the Connecticut Data Privacy Act (CTDPA). The terms used in this section have the same meaning as in the CTDPA. This section does not apply to information that is not considered "personal data," such as deidentified or publicly available information as defined in the CTDPA.

If you have any questions or wish to contact us regarding this privacy notice, please send an email to moc.tluaveurt@ycavirp.

Collection and Disclosure of Personal Information

The personal data we collect is described above in Information we collect. The personal data we disclose to third parties and the categories of third parties to whom we disclose personal data is described above in How we disclose information. The length of time for which we retain personal information is described above in How long we keep your data..

Data “Selling” and Targeted Advertising

We do not receive monetary or other valuable consideration in exchange for your data and therefore do not "sell" your data as defined in CTDPA.

We do not process personal data for purposes of targeted advertising as defined in the CTDPA.

Profiling

The CTDPA gives consumers the right to opt out of automated profiling that produces legal or similarly significant effects, such as approval for a loan, employment, or insurance.

We do not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

CTDPA Rights

Your CTDPA rights are described below. Make a Privacy Request by clicking here or the link at the top of this page.

Right to Access

You have the right to confirm whether we are processing personal data about you and to access such data. Where processing is carried out by automated means, you have a right to receive a copy of your personal data in a portable and readily usable format that allows you to transmit your data to another controller.

If you make a Request to Know more than twice in a 12-month period, we may require you to pay a small fee for this service.

Right to Delete

You have the right to request that we delete any personal data provided by or obtained about you. We will permanently delete any such personal data from our records and direct our processors to do the same. However, we may retain your personal data if it is necessary for certain purposes, including the following:

  • To comply with legal obligations
  • To comply with an official investigation or cooperate with law-enforcement agencies
  • To establish or defend legal claims
  • To complete an obligation to you that you have requested
  • To respond to security incidents, fraud, harassment, and other similar activity
  • To identify and repair technical errors
  • To conduct internal research to develop, improve, and repair our products and services
  • For internal operations that are reasonably aligned with your expectations

Any personal data retained for these purposes will not be processed for other purposes.

Right to Non-Discrimination

If you exercise your CTDPA consumer rights:

  • We will not deny goods or services to you
  • We will not charge you different prices or rates for goods or services
  • We will not provide a different level or quality of goods or services to you

However, we may offer a different price, rate, level, quality, or selection of products or services if your personal data is required in order to provide those products or services and you have exercised your right to opt out, or the offer is related to a voluntary loyalty or rewards program.

Right to Opt-Out

We do not sell your personal data, process it for targeted advertising, or engage in profiling in this way.

Authorized Agents. You may authorize an agent to submit a Request to Opt-Out on your behalf, including through a technology such as a web link, browser setting, or global device setting. We will comply with such requests if we are able to authenticate your identity and the agent’s authority to act on your behalf.

Right to Correct

You have the right to correct inaccuracies in your personal data, taking into account the nature of the data and our purposes for processing it.

Authenticating Your Request

Once we receive your request, we will verify the information you provided by matching the information that we have collected. If we cannot authenticate your request, we may ask for additional information from you. If you are unable to provide additional information, or we are unable to authenticate the request using commercially reasonable efforts, we may deny your request. Authentication is not required for a Request to Opt-Out, but we may deny the request if we have a good faith, reasonable, and documented belief that the request is fraudulent.

Right to Appeal

If we decline to take action in response to any of your privacy requests, you have the right to appeal that decision within a reasonable amount of time, but no later than 90 days from the date of our decision. To submit a request for appeal, click here and select "Appeal a Decision" in the request type drop-down.

If you believe your rights have been violated and you are not able to resolve the issue directly with us, you may file a complaint with the Connecticut Attorney General’s Office.

Children

The Services are intended for a general audience and are not directed to children under 13 years of age. TrueVault does not knowingly collect personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe TrueVault has collected such information in a manner not permitted by COPPA, please contact us at moc.tluaveurt@ycavirp and we will remove such information to the extent required by COPPA.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to this Privacy Policy

We reserve the right to revise this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy and updating the “last modified” date above. Your continued use of the Services indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this Privacy Policy to check for any changes.

Contact Us

If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us as follows:

TrueVault Inc.

201 Mission Street, 12th Floor

San Francisco, California 94105

moc.tluaveurt@ycavirp