We define ‘Personal Information’ (which refers with no exception to, "your information", "personal information") in the following manner:
Any information that you provide to us about yourself while using the service that could help someone else identify you as an individual entity. This may include information such as your name, phone number, location, IP address, system locale and preferences, picture, public key information, etc.
We define as "Products" Passbolt downloadable Software products, such as Passbolt web extension or API server.
Collected Personal Information
Here is a summary of the personal data we collect for each services. All of these services are optional, for example when you may use the Demo Site and not sign up for the community forum.
We use collect information about your usage of the Site, such as which page you visited, how long you stayed on the Site, etc. It is possible for you to opt-out of this analytics tracking by enabling your browser's " Do Not Track" preference.
We collect your name, email and IP address as part of the newsletter signup process. This information is required to be able to get in touch with you and for security purposes such as spam and abuse detection.
On the Demo Site we collect personal information such as your name, email, and information about your usage, such as when you triggered a system error, etc.
The Demo Site is organized by domains in the form of demo.passbolt.com/yourdomain. Users signed up on a given domain are capable of viewing other users email addresses and names. This is needed to provide functionalities such as sharing passwords and organizing users by groups.
Community Forum data
On the Community Forum we collects personal information such as your email and IP address, the kind of browser or computer you use, number of links you click within the site, state or country from which you accessed the site, the date and time of your visit, the name of your Internet service provider, the web page you linked to our site from, pages you viewed on the forum. This information is needed to enhance your experience as well as allow automated moderation and spam prevention.
Payment and billing data
We collect personal information such as your email, name, address, VAT information, preferred payment channel, etc. when you purchase a subscription or service with Passbolt SA.
We do not collect directly your credit card information, this information is collected in a secure iframe and processed securely directly by the third party services involved such as our payment gateway and your bank.
We may collect personal information about you and your usage of passbolt as part of voluntary surveys you participate in. Surveys may request personal information such as your name, email, phone number, organization name, etc.
Cookies and Tracking
- Sessions, e.g. to provide you with the functionality that keeps you logged in or to make sure your preferences are carried forward.
We use Google Analytics to collect information about your usage of the Site. This service may store a cookie to identify which page you visited, how long you stayed on the Site, etc.
Demo Site application session
Community Forum session cookie
Payment and billing session cookie
Cookie and Tracking (Summary)
Respect "Do Not Track"
No tracking on 3rd party sites
Cookie and Tracking (Summary)
No 'social button' tracking
Our use of your personal information
We may use your personal information only for one or more of the following purposes:
To give you access to the Products or Service. For example, if you register to the demo section of the Site we may send you a link by email to activate your account. For example if you subscribe to Passbolt Pro Edition we will send you an email with instructions on how to get started.
To notify you about any activity within the Service. For example if you are using the demo section of the Site and if another user shares a password with you, we may send you an email notification.
To provide you with support. For example, if you leave your personal information by email or the Forum, we may contact you back to help you solve your issues or answer your questions.
To promote our services. For example, if we think you might benefit from using another Products or Service we offer, or if we think an information about a change in the current Service is relevant for you, we may contact you to tell you about it.
To bill and collect money owed to us. This includes communications with regards to invoices, receipts, payment statuses and processing issues.
Disclosure of personal information
We may disclose your Personal Information for one or more of the following purposes:
To provide you with the Service. For example, if you register on the Demo Site other people will be able to see the email address and name you used to register and will be able to share information with you.
To meet legal requirements. In the event we are to comply with court orders and valid subpoenas or to defend a court, arbitration, or similar proceeding.
To provide information to representatives and advisors. These include engineers, attorneys and accountants, who help us comply with legal, accounting, or security requirements.
Use of data summary
Limited use of personal data
3rd Party Access
We will not give, sell, rent or loan any personal information to any third party. The following third parties may have access to your personal data under certain conditions.
Our organization is registered in Luxembourg. We are therefore subject to luxembourgish and european legislative texts on data protection and privacy.
Our organization relies on services (such as hosting, help desk and newsletters) provided by companies registered in the USA. They are obliged to provide access to notices pursuant to judicial, regulatory or other governmental orders or requests valid in USA.
We primarily use Google Cloud Platform to host our websites.
See GCP Data Processing and Security Terms.
We use Google Recaptcha (with remoteip unset) to protect signup forms against spam and other types of automated abuse.
We use Mailchimp to send newsletters.
See Mailchimp legal framework.
Help desk provider
We use GrooveHQ to provide support by email or on social networks.
We use Google Analytics for analytics.
To protect your privacy, Google Analytics is configured on our website to anonymize your ip address and not to collect data for advertising or remarketing purpose.
See the privacy section in the Google Analytics terms of services and their GDPR compliance policy.
We use typeform for some of our surveys.
See the privacy section in the Typeform terms of services.
We use discourse to run the community forum.
Customer Relationship Management
We use Hubspot to manage sales inquiry.
Payment gateway provider
We use Stripe to process payments.
Invoices and billing history provider
We use Zoho Books to provide you with invoices, receipts and billing history.
3rd party access (Summary)
European laws apply
List of 3rd party services
Deleting, editing and accessing your personal information
You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
You can stop receiving Demo notification emails by deleting your account in the demo section of our Site. To delete your account send us an email at: firstname.lastname@example.org. Demo data are also periodically deleted automatically at regular intervals.
You can stop receiving emails and/or delete your account from the Community Forum by logging in and going on your profile settings page.
We can also edit/delete/get access to any personal information that we hold within 60 days of any request you make by contacting us: email@example.com.
We work hard to prevent unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We aim to encrypt all of our services using SSL.
- We regularly review our information collection, storage and processing practices, to guard against unauthorized access to systems.
- We restrict access to personal information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.
Date of Last Update
Deleting data (Summary)
You can request access to your data
You can delete your data