ExaVault Privacy Policy


Last Updated: 3 February 2017


ExaVault Inc. (“ExaVault”) operates web-based and FTP-based services at exavault.com ( the “Service”). It is ExaVault’s policy to respect your privacy regarding any information we may collect while using our Service. This privacy policy describes the choices available to you regarding our use of the personal information we collect and how you can access and update this information. ExaVault complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  ExaVault has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/



Information We Collect

We collect many different types of information, depending on how you use our service:

  • We collect the actual contents of the files uploaded to your ExaVault account ("Customer Data").
  • Additionally, we collect "metadata" about your Customer Data that is distinct from the actual content itself ("Customer Metadata"). Customer Metadata includes file and folder names, creation and modification dates, permissions, and size information.
  • We also collect metadata about your account overall, not tied to any specific file (“Account Metadata”). Account Metadata includes general account settings, users and their associated data (passwords, access restrictions, etc.), group settings and customer brand data (name, logo, etc.)
  • We also collect usage information customarily logged by web and FTP server software, including the date and time of your visit, the originating IP address, the pages and images requested, and other similar types of information. We also get usage data from third parties such as Google Analytics, who may place tracking pixels our site. Collectively, we call this "Usage Data".
  • We collect information from those who communicate with us via e-mail or our website, and information volunteered by consumers, such as the information you provide during account registration and signup ("Registration and Billing Data"), and contact form submissions and E-Mails ("Correspondence Data").


How Information is Used

  • "Customer Data" is stored securely and may only be accessed by users who have been given the appropriate permissions to that Customer Data by someone with administrative permissions on the account. We will not access this data for any other purpose, except as provided below.
  • "Customer Metadata" is used by our software systems to provide the Service and may be displayed, subject to our permissions controls, to users on the account.
  • "Usage Data" and "Correspondence Data" is used to help us understand how the Service and our websites are being used and to help us improve our websites and the Service.
  • "Registration and Billing Data" is used for billing purposes and to notify you about important service-related issues. ExaVault uses a third-party payment processor and Registration and Billing Data will be sent on to such payment processor.
  • E-Mail addresses collected as part of Registration and Billing Data will be used to communicate with you regarding the Service. We communicate such things as announcements of new features, changes to Terms of Use/Privacy Policy, information about pricing changes or systems outages, and other Service-related announcements. We may use a third-party service for purposes of sending these communications, and so your name and email address may be transferred to such third-party service.
  • E-mail addresses collected as part of your use of the service (e.g. for sending a customer a notification of available files) will only be used for the purpose you requested that they be used for, and will not be used to communicate service announcements.
  • Unless you request otherwise, we may use the name of your company and screenshots from your public website in advertisements promoting ExaVault.
  • All information may be disclosed when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the Terms of Use and policies governing the Service and applicable laws or to protect against misuse or unauthorized use of the Service. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
  • If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.


Our Access To Your Data

  • We have implemented controls designed to prevent our employees or contractors from improperly using your Customer Data for purposes other than those set forth in this Privacy Policy. Our employees and contractors will not access your Customer Data unless explicitly authorized to do so by you, e.g. as part of troubleshooting an issue with your account.
  • However, as is reasonably necessary to facilitate provision of the Service, employees and contractors of ExaVault may have access to your Customer Metadata, Account Metadata (other than passwords), Usage Data, Registration and Billing Data, and Correspondence Data, and may use that to communicate with you or improve the service. For example, we may use the total amount of data you’ve stored to recommend you switch to a higher or lower plan tier.


Technology

  • Wherever possible, browsing sessions to the Service are secured with SSL, to prevent eavesdropping, tampering, and message forgery. If SSL is enabled, you will see a lock icon in your browser.
  • If you connect via FTP, you may choose to use FTP, FTP-SSL or SFTP. Only FTP-SSL and SFTP are secured, standard FTP is not.
  • At your option, you may turn on ‘Secure Only Mode’, which will reject any non-secure connections to your account. We recommend that you do this.
  • Cookies: Use of the Service requires support for cookies, small pieces of data that are stored on your computer's hard drive and transmitted back to the Service with each web page request. A cookie simply identifies your browser to the Service by assigning it a unique ID number, which enables us to associate your browser session with your account.


U.S.-EU Data Privacy Shield Framework

  • ExaVault complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  ExaVault has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
  • ExaVault’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, ExaVault remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless ExaVault proves that it is not responsible for the event giving rise to the damage.
  • In compliance with the EU-US Privacy Shield Principles, ExaVault commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact ExaVault at: 

    Client Services Manager
    privacy@exavault.com
    Phone: +1 (510) 500-0245
    ExaVault, Inc.
    344 Thomas L Berkley Way, Suite 410
    Oakland, CA 94612

  • ExaVault has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
  • ExaVault is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).


Removing Information

  • You may use the Service to delete any of your "Customer Data," and doing so will remove such content from our active servers immediately. Your data may remain on our backup servers for a short period of time, but will be automatically removed.
  • All of your "Customer Data" and "Customer Metadata" will be deleted from our active and backup servers within 30 days after you cancel your account.
  • We do not support removal of Registration and Billing Data, Correspondence Data or Usage Data.
  • ExaVault acknowledges that EU individuals have the right to access the personal information/data that we maintain about them.  An EU individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to our Client Services manager or email privacy@exavault.com. If requested to remove data, we will respond within a reasonable timeframe.


Other Provisions

  • Your use of the Service is governed by a Terms of Service, which will prevail in the event of a conflict with this document.
  • This Privacy Policy does not describe information collection practices on other sites, including those linked to or from the Service.
  • We use third parties to facilitate our business, such as server hosting, file hosting, and payment processing. In connection with these offerings and business operations, our service providers may have access to your information in connection with these business activities. Where we utilize third parties for the processing or storing of any information, we have ensured that they will fully comply with this Privacy Policy.
  • Google Analytics: We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies and other methods to help us study usage patterns on the Service. Information generated from your use of the Service will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of preparing reports regarding aggregate use of the Service. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
  • If the ownership of all or substantially all of ExaVault, Inc., or individual business units associated with the Service, were to change, your user information may be transferred to the new owner so the service can continue operations. In any such transfer of information, your user information would remain subject to the promises made in this Privacy Policy. In the event of such transaction, we will alert ExaVault paying customers of such change via E-Mail, and provide an opportunity to cancel or change your service.


Changes to this Privacy Policy

  • ExaVault, Inc. reserves the right to change this Privacy Policy at any time by posting a new Privacy Policy at this location and alerting ExaVault paying customers of such change via E-Mail. Any change(s) to this Privacy Policy will take effect thirty (30) days after such changes have been posted. Your continued use of the Service following such changes will indicate your acceptance of those changes.
  • This document was last updated according to the date at the top of this page.

ExaVault, Inc. regularly reviews its compliance with this policy. Questions regarding the Privacy Policy should be sent by e-mail to us at privacy@exavault.com.