Effective Date: Aug 10th, 2018
Updated: Mar 5th, 2024

SCOPE

This Privacy Policy applies to when you are accessing EPRIVO services, website, and software from any of your devices (“EPRIVO SERVICE”). If you do not agree with this policy, you can choose not to use EPRIVO. This policy may be changed at any time. A change will be posted on the EPRIVO website at www.eprivo.com. In case of changes we deem substantial, we may also send an email notification or notify you directly.

WHAT WE COLLECT

At BlueRISC and our brand EPRIVO, we view the protection of your privacy as important as our own. In fact, the EPRIVO SERVICE is about ensuring digital privacy. We protect any information with state-of the-art security whether in the cloud or devices, but we cannot guarantee that we can eliminate the risk of every kind of unauthorized access.

Notwithstanding the above, we only collect data from visitors who complete forms to request more detailed information or by direct contact from BlueRISC, EPRIVO software or EPRIVO subscription or voluntarily enter in comments on EPRIVO sites.

Personal information collected during sign up:

EPRIVO-related sign-up information is only stored where necessary for authentication and managing subscriptions and services. This includes your EPRIVO ID (email address), name and estimated country. Information is stored encrypted with Amazon AWSTM cloud services across multiple regions including the US, EU and Asia-Pacific using latest security infrastructure from AWS.

Personal information collected through the use of EPRIVO SERVICE:

EPRIVO maintains a list of devices where the EPRIVO software is being used with your EPRIVO ID for your account security. This includes device names, operating system information and unique device identifiers. This information is displayed on your account page so that you can check EPRIVO software activity any time, and revoke access for devices that are lost/compromised. If you link additional email accounts to your EPRIVO ID, the email addresses are stored, encrypted-at-rest, and linked to your account for authentication and authorization to view EPRIVO private emails.

Billing details for subscription purchased on the EPRIVO website are stored, encrypted-at-rest, for managing subscription, and can be edited by you anytime. If you purchase a product or service through the EPRIVO website, third-party payment processors used on the website may collect the information they need to process your charges. For in-app purchases on Apple/Google platforms done through the EPRIVO app, the purchase receipt is stored, encrypted-at-rest, for verification and to enable features based on the subscription type.

Email account passwords/OAuth credentials you may enter when starting any of the EPRIVO software are neither transmitted to nor stored by the EPRIVO servers, but stored securely on your device and used to authenticate with your email providers. Telegram account information such as phone number, login verification code and two- factor authentication password are only used to authenticate with Telegram service, and are neither transmitted to nor stored by EPRIVO servers.

  • Messages (Email, Chat – Optional):
    Email message content that you send/receive on your existing email accounts (such as Gmail, Yahoo, AOL, Outlook, Hotmail, Microsoft 365, iCloud or any other email provider) using EPRIVO software are not transmitted to EPRIVO servers and neither stored nor accessible by the EPRIVO servers. You may choose to send emails with end- to-end encryption by turning on the “Private” switch. Emails sent/received on EPRIVO virtual addresses (@eprivovip.com or @privacy.eprivo.com) are stored with zero- knowledge encryption (RSA-4096 + AES-256) for a limited time (30 days) for your privacy, after which they are automatically deleted. EPRIVO service has no access to email content on your virtual addresses – only you can read your emails on your device.

    You may choose to add a Telegram account in the app. Chat message content that you may choose to send/receive via the EPRIVO software on your device via your Telegram account are not transmitted to EPRIVO servers, and neither accessible nor stored by EPRIVO servers.

  • Message Attachments (Images, Videos, Audio, Files, Documents) – Optional:
    You may choose to add files, documents, photos/images, videos, audio files, or voice recordings as attachments in either email messages or chat content. These attachments are embedded in the email/chat message and directly sent to the email provider or Telegram service, with end-to-end encryption when enabled. These attachments are neither transmitted to nor stored by EPRIVO servers.
  • Group Chat Images on Telegram – Optional:
    You may choose to add an image on a Telegram group chat when creating a new group chat or edit a group chat image using the EPRIVO software on your device. The image is directly sent to the Telegram service to be associated with that group. These images are neither transmitted to, nor stored by EPRIVO servers.
  • Contacts – Optional:
    You may choose to provide access to the EPRIVO software (app) running on your device to read your contacts list on your device. If consent is granted, the contacts information (name, email address) is solely used on the EPRIVO software running on your device: (i) to display your contacts from your device in the app; (ii) to provide auto-complete suggestions when composing an email; (iii) to qualify privacy sensitivity of received regular emails; and (iv) to enable adding multiple Gmail accounts using Google Sign-in on Android. When composing emails, the contact email address(es) entered in the to/cc/bcc fields are transmitted to EPRIVO servers to check if the recipient contact(s) are using EPRIVO service, and processed ephemerally for authorization and access control for end-to-end encrypted emails. If you choose to import your device contacts (if functionality is available on your platform) from General Settings in the app after providing consent to read device contacts, the email addresses are transmitted to EPRIVO servers to check if the contacts are using EPRIVO and to update the EPRIVO contact list locally on your device accordingly. Information from your contacts list on your device is not stored by the EPRIVO servers.

Anonymous information collected through the use of EPRIVO services and software:

Any collection of analytics and crash or bug reports on EPRIVO or BlueRISC web pages and software is anonymous and based on third-party services such as Google/Firebase AnalyticsTM/Crashlytics and Microsoft App Center, but may contain information about software versions, geographic region, device type, internal working of software, and operating system used and are processed by third-party data processors such as Google Firebase and Microsoft App Center.

BlueRISC or EPRIVO servers do not store EPRIVO emails or any other document or media submitted via EPRIVO email between customers. Notwithstanding anything to the contrary in this Policy, we may receive information via email if you choose to communicate with EPRIVO directly, such as for purposes of technical support.

DATA RETENTION

Any information may be held to provide EPRIVO SERVICE to you or as long as it is required to address any concern you may have had when information was submitted to us. You can request to delete an account, and the account will be deleted unless legal requirements would require retaining it.

HOW WE USE PERSONAL DATA

Your EPRIVO ID and/or contact email address is used by EPRIVO to send login/account update security notifications, password reset and subscription expiration/renewal order confirmations.

To provide the ability to communicate with other EPRIVO users across the globe, the EPRIVO SERVICE allows authenticated EPRIVO users that have an email address for another user, to receive primary/assistant carrier email addresses using the EPRIVO software, in order to send an email. This may include transfer of data to countries outside your location. The EPRIVO SERVICE never shares your name and address with other EPRIVO users.

We do not support advertising and do not share any personal information with third parties. EPRIVO SERVICE is not supported by any advertisement revenue. All privacy features of EPRIVO are opt-in.

LAW ENFORCEMENT

We reserve the right to disclose your information at our discretion in order to:

(a) comply with relevant laws and regulations or to respond to subpoenas, warrants;

(b) defend our rights and ensure the security of EPRIVO SERVICE and our customers.

This Policy does not limit our use or disclosure of information that is anonymous such as related to website access or service usage patterns, or needed for debugging of software.

GDPR DATA PROTECTION COMPLIANCE – European Customers

EPRIVO SERVICE is GDPR compliant.

GOVERNING LAW

This Policy shall be governed by the laws of the State of Delaware, or Massachusetts, U.S.A. Those who choose to access the EPRIVO SERVICE outside the United States are responsible for compliance with local laws and regulations.

CONTACT

If you have any questions please feel free to contact us via the EPRIVO contact form or email us from a regular email at support@bluerisc.com.