Keyn BV processes some personally identifiable information to be able to provide the services of Keyn BV, and/or because you provided the information directly to Keyn BV, for instance by filling out the contact form on the website. Keyn BV processes the following personally identifiable information about you:
- Email address
privacy at chiff dot app
Purpose data collection
Chiff has several purposes why your data is needed:
- Email marketing: If you subscribe to our mailing list, we use your email address to keep you informed about Chiff’s progress and development. Each email contains a link where you can unsubscribe from the mailing list.
- Mobile application: If you download the Chiff app, an application on your phone, you will be presented a seed consisting of twelve random words. This seed is unique for each person and serves as the key to encrypt all your personal data. Since the seed never leaves your phone and passwords are only stored locally, your data is inaccessible to us. To make sure you can restore your accounts if you would lose your phone, Chiff needs to store some data (websites and usernames) remotely. This data encrypted with a cryptographic key that is derived from your seed. This ensures that we cannot read this data. Since we do not have the technical ability to decrypt your information, we are unable to hand over your data to third parties in an unencrypted form.
- Improvement: To constantly improve Chiff, we measure how and when Chiff is used. This helps us to improve Chiff. The IP-address will be logged to determine the geographical distribution.
There are some third parties Keyn BV transfers personally identifiable information to:
- Mailchimp: Keyn BV uses Mailchimp as a service for email marketing. Therefore, Mailchimp processes your email address and optionally (if you have provided it), your name. Learn more about Mailchimp's privacy practices here.
- Apple: Apple processes push notifications that are sent to your Apple device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Apple. Learn more about Apple's privacy practices here.
- Google: Google processes push notifications that are sent to your Android device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Google. Learn more about Google's privacy practices here.
- Amazon: Keyn BV uses Amazon Web Services for its serverless backend infrastructure. Amazon processes your IP-address if requests are made to the backend. All communication between the browser extension and the mobile application is handled by Amazon. Furthermore, your backup data is stored with Amazon, but encrypted with a key that is derived from your seed, so it cannot be read by Amazon. Learn more about Amazon's privacy practices here.
Following the GDPR legislation, users have the right to access, change or delete personal identifiable information. Your backup data can be deleted by navigating to Settings -> Privacy -> Delete data in the Chiff app. This will delete all data locally and on the server. If you have any additional needs for accessing, changing or deleting your data, please send us an email to privacy at chiff dot app. Keyn BV will respond as soon as possible, but always within four weeks, to answer your request. If you have a complaint about the way your data is processed, you can object via Autoriteit Persoonsgegevens.
For Keyn BV information security is of major importance. Keyn BV takes all possible measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unwanted modification of personal information. The website of Keyn BV uses TLS to encrypt communication for the website and backend. Additionally, all communication between your device and the browser extension is end-to-end encrypted with cryptographic keys that are only accessible to the user. Keyn BV does not have the technical ability to decrypt your information and as a result, Keyn BV is unable to hand your data over to third parties in a decrypted form. If you are interested in the details of Chiff’s security, please read Bas's blog post.