PRIVACY POLICY
Last updated 10 March, 2024
This Privacy Policy describes the collection and processing of information about you that may directly or indirectly identify you (“Personal Data”) by BLACKBIRD SECURE BROWSING LTD and its affiliates, authorized resellers and subsidiaries (hereafter “OCTO”, “Octo Browser”, “we”, “our” or “us”).
This Privacy Policy is designed to help you feel more confident about the privacy and security of your personal information when using or accessing any software, products, and services offered by OCTO (hereafter “Software”).
This Privacy Policy explains how we collect, use, and transfer information. It also explains the rights you have related to the subject matter of the Privacy Policy.
Important: By using our Software and by sharing your Personal Data with us, you acknowledge that your Personal Data will be processed in the manner described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, do not provide us with any information and do not use the Software.
Note: This Privacy Policy does not constitute your consent to the processing of your Personal Data. You may consent to the processing of Personal Data for one or several specific purposes when such consent is requested.
Collecting your Personal Data
We collect your Personal Data if you provide it to us yourself or when it is provided automatically by electronic means, including cookie files, when you use our Software.
The Types and Purposes of Personal Data Being Collected
We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing. See below what types of Personal Data we use and for what purposes:
| Purpose of processing | Personal Data | Legal basis for the processing | Duration of storage |
|---|---|---|---|
| Account creation and user authorization |
|
EULA and Terms of Use. * Without providing this data you will not be able to use the Software |
3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
| Supporting proper use and functionality of the Software, including troubleshooting |
|
EULA and Terms of Use. * Without providing this data you will not be able to use the Software |
3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
| Customer Support |
|
Our legitimate interest in receiving communication from you and reacting to it and your interest in receiving our response. | 2 months after the issue you reported has been resolved. |
| Managing and optimizing user experience by improving our knowledge of our users |
|
Our legitimate interest in creating and evaluating statistics covering the use of the Software and your interest in updates to the Software which will be tailored to your needs. | 3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
| Advertising, including providing you with offers relevant to your interests |
|
Our legitimate interest is based on the balance of interests. You reserve the absolute right to object to direct marketing. | 3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
| Sending you emails containing our offers |
|
Our legitimate interest is based on the balance of interests. You reserve the absolute right to object to direct marketing. To unsubscribe from receiving such emails, you can click the “Unsubscribe” button in the email. | 3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
| Conducting surveys |
|
Our legitimate interest is based on the balance of interests. You reserve the absolute right to object to direct marketing. | 3 months after the account is deleted; or immediately after the account is deleted if specifically requested. |
Please note that we do not collect any special categories of Personal Data about you (including data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Likewise, we do not collect any information about criminal convictions and offenses.
Reasons for Sharing your Personal Data
We can share your Personal Data with third parties only in the cases listed below.
When we are required by law. We may disclose your Personal Data to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
With our partners who help us support and maintain the Software. We may use third-party systems to fulfill the purposes set forth in the Privacy Policy. You can find a list of such third-party systems used by Software below.
With payment services. We may provide paid-for products and/or services. In that case, we may use third-party services for payment processing, such as Stripe, Coinbase, Coinspaid. We do not process your payment data; such data is processed by the relevant payment service.
With analytics services. We may use third-party service providers to monitor and analyze the use of our Software, such as Google Tag Manager, Google Analytics, Yandex Metrica.
Chat. We use Talk-me to automate our Support Chat.
Emails. We use Postmark third-party services to deliver emails quickly.
Surveys. We use Alchemer to conduct surveys.
If you would like to receive more information about these third-party systems, please contact our team by email indicated in this Privacy Policy.
OCTO will only transfer Personal Data to, or allow access by, third parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient.
Duration of Storing your Personal Data
We store your Personal Data for no longer than is necessary to fulfill the purposes specified in the section “The Types and Purposes of Personal Data Being Collected.” Except for any legal obligation that sets a longer data retention period, at the end of the aforementioned storage time periods, the Personal Data will be deleted or anonymized.
Protecting your Personal Data
We always take precautions and appropriate measures to protect your Personal Data.
We have physical, electronic, and managerial procedures in place to help safeguard, prevent unauthorized access, maintain data security, and use your information correctly, including encryption, pseudonymization, firewalls, limited access rights, use of passwords, and other relevant measures applied as appropriate. All supplied sensitive and or credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted in our payment systems providers’ databases only accessible by those authorized with special access rights to such systems, and such persons and organizations are required to keep such information confidential. After a transaction, your private information (credit or debit cards, financial data, etc.) is never kept on file.
In addition, we limit access to your Personal Data to only those employees, agents, contractors, and other third parties who have a business need to know such data. They will only process your Personal Data according to our instructions and they are subject to a duty of confidentiality.
For the safe storage of information, we use AWS Cloud Storage located in Frankfurt, Germany. We commit to implementing all reasonable efforts to safeguard your Personal Data and for this purpose, we shall review our security procedures and technical and organizational measures regularly in order to account for the latest technological developments.
Links
Our Software may contain links to and from other websites and services. We are not responsible for the privacy policies, practices, and content of any third-party websites and services. Please check individual privacy policies of any such website or service before you submit any personal information to them.
Non-Usage of Automated Decision-Making and Automated Profiling
We do not use either automated decision-making or automated profiling.
Your Rights
All user rights (including those of EU residents) include:
- Right to access. This right enables you to receive a copy of the Personal Data we keep about you, as well as other supplementary information.
- Right to rectification. You have the right to have any incomplete or inaccurate information we keep about you corrected.
- Right to erasure (right to delete). You have the right to ask us to delete your Personal Data when there is no other legal ground for us to continue processing it.
- Right to object processing, when we are relying on our legitimate interest and there is something about your particular situation that makes you want to object to data processing on this grounds. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defense of legal claims. You also have the right to object to use of your personal information for direct marketing purposes.
- Right to transfer. You may request the transfer of your personal information to another party.
- Right to data portability. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format.
Please note that this right only applies to automated information which is processed under your consent or EULA and Terms of Use. We are not able to guarantee technical compatibility with any specific third-party system. - Right to withdraw consent. You have the right to withdraw your consent to the use of your Personal Data.
- Right to restrict processing of your Personal Data if (a) the accuracy of the Personal Data is contested by you, (b) the processing is unlawful and you oppose the erasure of the Personal Data, (c) we no longer need the Personal Data for the purposes of data processing, but it is required by you for the establishment, exercise or defense of legal claims, and (d) you have objected to data processing pending the verification whether there are legitimate grounds overriding it.
We will address your request as early as possible, aiming to resolve it within 1 month. Please note that this period may be extended by 2 more months if necessary, taking into account the complexity and number of requests. In this case, we will inform you of the extension within 1 month of receipt of your request and will explain to you the reasons for the delay.
Rights of California residents:
-
Right to opt out. Under the CCPA each California resident can request businesses to stop selling Personal Data to third parties. Do we actually sell Personal Data? We do not, and will not, provide your Personal Data in exchange for money. Therefore, in the literal sense, we do not sell your Personal Data.
- Other rights.You also have a right to be informed about what categories of Personal Data we are collecting: you can request us to disclose what Personal Data about you we have collected in the past 12 months and you have a right to get a free copy of your Personal Data disclosed in a readily usable and readable format. You can also request us to delete the Personal Data about you we have collected in the past 12 months. We will not discriminate against you for exercising any of your rights granted under CCPA.
Mandatory Verification: As required by CCPA, we will need to verify your identity before processing your request. In order to verify your identity, you will be asked to log into your account or (if you do not have an account) we will try to match the information you provided with the information we handle about you. In certain circumstances, we may decline your request, mainly in cases where we are unable to verify your identity, for example, if you have requested us to delete your Personal Data.
As required by CCPA, we endeavor to respond to verifiable requests within 45 days of their receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by email.
Exercising your rights: You may exercise your rights by sending a relevant request to the email address indicated in the contact details.
If you have any comments about how we process your Personal Data, please let us know and we will consider your claim. If you are not satisfied with our response to any claim or complaint, you have the right to file a complaint with the relevant authority.
Children Data
We do not knowingly collect information from children under the age of 13 (16 in the European Economic Area) or knowingly allow such persons to use the Software. If you are under the age of 13 (or 16, where applicable), do not provide any Personal Data to us. If you find out that a child has provided us with their Personal Data in violation of this Privacy Policy, notify us at privacy@octobrowser.net.
Changes to our Privacy Policy
We may occasionally update this Privacy Policy. If we decide to do so, we will post the changes on this page and update the date found at the top of this page. Your continued use of the Software after the effective date of the updated Privacy Policy will be subject to the updated Privacy Policy. If we make any major changes to our Privacy Policy that will require your explicit consent for further processing of your Personal Data, we will explicitly request your consent or your renewed consent in case it was given previously.
Contacting Us
In accordance with this Privacy Policy, BLACKBIRD SECURE BROWSING LTD is the “controller” or “data controller,” i.e. the entity that determines the purposes and means of the processing of your Personal Data.
If you have questions, complaints, or need any further information about our Privacy Policy, contact us using the details below:
We have appointed a representative in the EU who you can contact if you would prefer not to contact BLACKBIRD SECURE BROWSING LTD directly: