Chiff BV processes some personally identifiable information to be able to provide the services of Chiff BV, and/or because you provided the information directly to Chiff BV, for instance by filling out the contact form on the website. Chiff BV processes the following personally identifiable information about you:
- Email address
- Website on which User has an account
- Biometrical data
privacy [you know it] chiff dot app
Purpose data collection
Chiff has several purposes why your data is needed:
- Email marketing: If you subscribe to our mailing list, we use your email address to keep you informed about Chiff’s progress and development. Each email contains a link where you can unsubscribe from the mailing list.
- Mobile application: If you download the Chiff app, an application on your phone, you will be presented a seed consisting of twelve random words, a so called ‘paper backup’. You can find the paper backup at any time in your phone under 'Settings'. This seed is unique for each person and serves as the key to encrypt all your personal data. Since the seed never leaves your phone and passwords are only stored locally, your data is inaccessible to us. To make sure you can restore your accounts if you would lose your phone, Chiff needs to store some data remotely which will be used to generate the correct passwords. Before that data is sent to our server, it is encrypted on your phone with a cryptographic key derived from your seed. This ensures that we cannot read this data. Since we do not have the technical ability to decrypt your information, we are unable to hand over your data to third parties in an unencrypted form.
There are some third parties Keyn BV transfers personally identifiable information to:
- Mailchimp: Chiff BV uses Mailchimp as a service for email marketing. Therefore, Mailchimp processes your email address and optionally (if you have provided it), your name. Learn more about Mailchimp's privacy practices here.
- Apple: Apple processes push notifications that are sent to your Apple device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Apple. Learn more about Apple's privacy practices here.
- Google: Google processes push notifications that are sent to your Android device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Google. In addition, this website uses Google Analytics to collect statistics about visitors to this website. Learn more about Google's privacy practices here.
- Amazon: Chiff BV uses Amazon Web Services for its serverless backend infrastructure. Amazon processes your IP-address if requests are made to the backend. All communication between the browser extension and the mobile application is handled by Amazon. Furthermore, your backup data is stored with Amazon, but encrypted with a key that is derived from your seed, so it cannot be read by Amazon. Learn more about Amazon's privacy practices here.
Following the GDPR legislation, users have the right to access, change or delete personal identifiable information. Your backup data can be deleted by navigating to Settings -> Privacy -> Delete data in the Chiff app. This will delete all data locally and on the server. If you have any additional needs for accessing, changing or deleting your data, please send us an email to privacy [you know it] chiff dot app. We will respond as soon as possible, but always within four weeks, to answer your request. If you have a complaint about the way your data is processed, you can object via Autoriteit Persoonsgegevens.
For Chiff BV information security is of major importance. Chiff BV takes technical and organizational measures to prevent abuse, loss or unlawful processing of personal data. In addition to standard measures such as using TLS for connections to the server, the website of Chiff BV uses TLS to encrypt communication for the website and backend. Additionally, the backup data stored on the server is encrypted. As a result, it is not possible for Chiff to view or share this data with third parties in an unencrypted state. If you are interested in the details of Chiff’s security, please read Bas's blog post.