We collect many different types of information, depending on how you use our service:
ExaVault is committed to compliance with the California Consumer Privacy Act of 2018 (the “CCPA”). ExaVault operates primarily as a “service provider”, as that term is defined in the CCPA, because ExaVault stores data on behalf of other “businesses”, and ExaVault has agreed (by virtue of Section 4 of the Terms of Service, or a similar provision) not to disclose that information. “Business”, for purposes of the CCPA, is a company that collects personal information and controls it. ExaVault is only a “Business” for the information that it collects from its own customers.
Right to To Opt Out of the Sale of Personal Information. Although the CCPA provides a right to opt out of the sale of personal information, you’re opted-out by default: ExaVault has not, does not, and will not sell personal information. It is for this reason that ExaVault does not have a “Do Not Sell My Personal Information” link you may see on other companies’ websites.
CCPA Right to Know and Right to Deletion Requests. If you are an ExaVault customer, then you have a right to request disclosure and/or deletion of the personal information that ExaVault has collected from you. You may either submit the request via email to firstname.lastname@example.org or via a support ticket. Such requests will be subject to verification by requiring two or three items of information stored in your account, and a state-issued ID and signed statement under penalty of perjury. Any such verification information which ExaVault did not previously possess shall only be maintained as long as required to comply with the record-keeping requirements of the CCPA.
You can also request: the categories of personal information collected by ExaVault about you; categories of sources from which collection of personal information about you occurs; the business or commercial purpose for collecting personal information; the categories of third parties with whom ExaVault shares personal information; categories of personal information that the business disclosed about the consumer for a business purpose.
ExaVault will not discriminate against customers that have made requests pursuant to their CCPA rights.
Please note that if you are seeking disclosure of your personal information that you believe ExaVault holds on behalf of one of its customers, then it is almost certain that ExaVault will deny the request and refer you to that customer to seek your CCPA rights. This is because ExaVault is a “service provider” for its customers as that term is defined in CCPA, and not responsible for the CCPA obligations of its customers.