ENTE TECHNOLOGIES, INC.
PRIVACY POLICY
Last Updated: Sep 25, 2024
Ente Technologies, Inc. ("Ente," "we," "us," or "our") respects the privacy of its Users ("User," "your," or "you"). This Privacy Policy (the "Privacy Policy") explains how we collect, use, disclose, and safeguard your information when you use Ente's platform, websites or apps (together "Services"). This Privacy Policy is applicable to our Services offered for sale to the public.
Please read this privacy policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using our Services, you agree to accept all the terms contained in this Privacy Policy and acknowledge and agree with the practices described herein.
If you do not agree with the terms of this privacy policy, please do not access and use our Services.
We do not sell your personal information, nor do we intend to do so.
1. INTRODUCTION
Ente provides cloud based mobile and desktop storage apps with a focus on security and privacy. We have open source apps across platforms that securely encrypt and backup all your photos, videos, files, keys, etc. ("File(s)"). We preserve them at multiple storage locations, and only you can decrypt them. We collect and store only the bare minimum amount of information necessary to fulfill our role as a service provider. All of your files and the metadata related to those files are stored encrypted, and only you hold the decryption keys. We collect no app usage metrics and crash reports (if any) are anonymized.
2. TERRITORIAL RESTRICTION
Our Services are available for use and download globally. If you are a resident of the United States ("US"), the laws of the State of Delaware, United States shall apply. If you are a resident of any other country, please ensure compliance with all local laws prior to using our Services.
3. WHAT INFORMATION DO WE COLLECT?
a) Information you Provide: At the time of registration, or through your use of our Services, you will provide us with
- Your email address;
- Referral details including referrers and people you have referred;
- Email addresses you choose to share your Files with;
- Our Communications with you and records or copies of such communications;
- Other personal information you provide to us for support purposes, bug reports, newsletters, surveys, sweepstakes, product feedback, or via forms.
b) Information we automatically collect:
- Public keys;
- Anonymized crash reports;
- Server logs;
- Device identifiers including information about your internet connection, IP address and user agent details;
- Takedowns and account suspension history.
c) Information provided by third-parties:
We collect payment invoices provided to us by our third-party payment processors, which includes details of your Subscription Plan and any payments made by you in favor of Ente in order to receive Services from us. We do not collect or store any credit cards or bank information.
d) Uploaded Information:
We use the limited information collected from you only to provide you with our Services. Your Files, their metadata and any derived indexes (including but not limited to Biometric Information such as face geometry) are stored end-to-end encrypted. Decryption takes place only on your devices or on that of another user with whom you have shared your data with. Learn more about our encryption process at https://ente.io/architecture.
e) Information collected from Children:
Our Services are not meant for use by children under the age of 13 and do not target children under the age of 13. If you are under 13, please do not access or use our services.
4. HOW DO WE USE YOUR INFORMATION?
We use the information that you provide to:
- Provide our Services that you contract for when you agree to our Terms and Conditions ("Terms");
- Communicate with you in accordance with this Privacy Policy and our Terms;
- Maintain and improve our systems and Services;
- Ensure your account's security and mitigate attacks;
- Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
- Control access permissions to your Files and your account;
- Remove deleted files from users who might have already downloaded them;
- Notify you about changes to our Services; and
- Anonymize data and aggregate data for statistics.
5. OUR COOKIE POLICY
We do not set or use Cookies on our website and app.
6. HOW DO WE PROTECT INFORMATION WE COLLECT?
Our Security Measures: We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Specifically (a) all information you provide to us is stored on our secure servers behind firewalls, (b) our website and app use an SSL certificate, receive regular security scans, penetration tests and regular malware scans; (c) we require username and passwords for our employees who can access your personal information that we store and/or process, and (d) we actively prevent third parties from getting access to your personal information that we store and/or process.
Fair Information Practice Principles: In the event of a personal data breach, we will notify you within seventy-two (72) hours via email. We agree to the individual redress principle, according to which you have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law through recourse to courts or a government agency.
Retention of your data:
a. While you are subscribed: We keep your Files while you are subscribed to our Services, subject to our suspension and termination rights set out in our Terms.
b. After suspension/termination of your account:
Your Files: After account termination, all your Files will be marked for deletion and removed when the next appropriate file purging process is run.
Your Data: After account termination, we may retain your Data for sixty (60) days, or as warranted by your jurisdiction ("Retention Period"), unless an enforcement action is likely under our Terms. If there is no enforcement action likely or commenced and Retention Period has expired, your Data that identifies you will be anonymized.
c. Services to other users: If you have shared Data or Files with another Ente user, your data might continue to be retained after account termination to allow Services to continue for such other users.
d. Other Instances: We may keep your Files after your account has been suspended or terminated where we consider it necessary for evidential purposes relating to a breach of our Terms or with respect to current or anticipated action by any competent enforcement authority or other third party.
Your responsibilities: You are responsible for keeping this password and encryption keys confidential. We ask you not to share your password or keys with anyone. Please note that any transmission of personal information is at your own risk and we are not responsible for circumvention of any privacy settings or security measures contained on our Services.
7. DISCLOSURE OF PERSONAL INFORMATION
We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice. There are times when Personal Information that you have shared with us may be shared by Ente with others to enable us to provide you over Services, including contractors, service providers, and third parties ("Partners") and subsidiaries.
a. Disclosure to provide our Services: We will disclose personal information (i) to fulfill the purpose for which you have provided it, and (ii) to enforce or apply our Terms and other agreements, including for billing and collection purposes
b. Disclosure provided by law or for protection: We will disclose personal information (i) to comply with any court order, law, or legal process, including to respond to any government or regulatory request, or (ii) if we believe it is necessary or appropriate to protect the rights, property, or safety of Ente, our customers or others.
c. Disclosure in the event of merger or sale: We may disclose personal information in the event of a merger, sale of business, etc.
8. BIOMETRIC INFORMATION PRIVACY POLICY
We allow you to search and categorize your photos by the faces of the people in them. This feature, when available, will only be enabled after getting your consent, and can be disabled in settings subsequently. This section describes our policies around handling such information.
We collect, use, disclose, and safeguard your biometric information when you use Ente's platform, websites or apps (together "Services") in the following manner:
- Biometric Data Defined. As defined in the Biometric Information Privacy Act ("BIPA") biometric data includes "biometric identifiers" and "biometric information" (740 ILCS § 14/1, et seq). "Biometric identifier" means a retina or iris scan, fingerprint, voice-print, or scan of a hand and or face geometry. "Biometric information" means any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier used to identify an individual.
- Biometric Information Collected by Us. Ente extracts, stores, uses and discloses Biometric Information like facial geometry from your photos and videos for the sole purpose of allowing you to search and organize your Files based on the people within them. The derivation of such Biometric Information happens on the your device, and such Biometric Information is encrypted with your Keys before such information leaves the device, so we do not have access to any Biometric Information.
- Why We Collect Biometric Information and our Legal basis to Process It. Before processing Biometric Information, Subscribers will be prompted to affirmatively consent to this Biometric Information Privacy Policy. Biometric Information is processed only after the Subscriber has explicitly provided us consent to do so. Our processing of Biometric Information is for the SOLE PURPOSE of allowing Subscribers to search and organize their photos and videos on Ente's Platform.
- Disclosure of Your Biometric Information. Other than to provide Subscribers with Ente's Services, Ente will not sell, lease, trade, or otherwise profit from the Biometric Information that it collects. Ente will not disclose or disseminate Biometric Information for purposes other than to provide our services to you, unless (a) you or your legally authorized representative provides written consent to such disclosure; or (b) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
- How We Store Your Biometric Information. Once captured, your Biometric Information is encrypted with your Keys and stored by Ente on its servers, in a secure manner. Ente shall use a reasonable standard of care to store, transmit, and protect from disclosure any Biometric Information collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which Ente stores, transmits, and protects from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual.
- Retention Schedule.
a. While you are subscribed: We keep your Biometric Information in an encrypted form while you are subscribed to our Services, subject to the suspension and termination of your Account, in accordance with our Terms.
b. After suspension/termination of your account: After account termination, all your Biometric Information will be marked for deletion and removed when the next appropriate purging process is run, but no later than sixty (60) days. Unless otherwise stated in this Section, we may retain your Biometric Information for no more than sixty (60) days after the termination or suspension of your account, unless a longer retention period is required by subpoena, warrant, court order or other legal requirement ("Retention Period"). After the Retention Period has expired, we shall permanently destroy such Biometric Information from our systems.
c. Services to other users: If you have shared your Files with another Ente user, your Biometric Information might continue to be retained after account termination to allow Services to continue for such other users. After such user's account is terminated or suspended, we shall permanently destroy such Biometric Information from our systems.
9. FOR OUR EUROPEAN CUSTOMERS AND VISITORS
a. International Data Transfers:
We are headquartered in United States of America. Our servers or our third-party hosting services partners are located in Europe. Your Personal Information may be accessed by or transferred to us in the United States or to our Partners in countries outside of the European Economic Area with a different level of data protection than that provided for under European law. As applicable, we require that our Partners, affiliates, and subsidiaries sign data processing agreements and/or agree to the European Union's model contract for the transfer of personal data to third countries (also known as the "EU Standard Contractual Clauses," of June 4, 2021) to ensure adequate protection of your personal data. By using our site, you consent to any transfer of your Personal Information out of Europe, UK, or Switzerland for processing in the United States of America or other countries.
b. Your Rights:
We agree to fully comply with the letter and the spirit of the General Data Protection Regulation ("GDPR"). If you are a resident of or a visitor to Europe, you have certain rights with respect to the processing of your Personal Information (referred to as "Personal Data" and defined in the GDPR). These are:
i. Access: You can request more information about the Personal Information we hold about you. You can also request a copy of the Personal Information.
ii. Rectification: If you believe that any Personal Information, we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
iii. Objection: You can contact us to let us know that you object to the collection or use of your Personal Information for certain purposes.
iv. Erasure: You can request that we erase some or all of your Personal Information from our systems.
v. Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
vi. Portability: You have the right to ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
vii. Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
viii. Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. Please go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to locate your Data Protection Authority.
ix. Response: We will respond to your inquiry within sixty (60) days of the receipt.
To make any of the aforementioned requests, please contact our Data Privacy Officer, Manav Rathi at [email protected], or contact us in accordance with Section 17. Please note that in some circumstances, we may not be able to fully comply with your request, or we may ask you to provide us with additional information (including Personal Information) such as when we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
10. FOR OUR CANADIAN USERS
This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others who use or access our Services, who reside in Canada ("consumers" or "you"). We ensure with the Personal Information Protection and Electronics Document Act of 2000 ("PIPEDA") and any terms defined in the PIPEDA have the same meaning when used in this Section.
a. Right to Access Personal Information. You can request to access personal information we hold about you. We will first confirm whether you have requested such information, explain how we have used your information, provide a list of names with whom your information has been shared and provide a copy of your information in an accessible format and make alternative formats available if requested and reasonable.
b. Right to Correction/Limited Right to Deletion. You can request us to correct or delete your information IF you demonstrate that the personal information, we hold on you is inaccurate. We will delete or correct your information within sixty (60) calendar days and will inform the third parties with whom we have shared your information.
c. Right to be Forgotten. Your information will be kept with us for as long as it is required for the fulfillment of our Services. Unless we otherwise give you notice, we will retain your Information on the Ente platform on your behalf until such times as you or we terminate your User account.
d. Data Breach Notification. We will send a notification to you as soon as feasible regarding the information of any breach that creates a "real risk of significant harm" to you. We keep a record of every data breach and, on request, provide the Office of the Privacy Commissioner with access to the record.
e. Canadian Privacy Officer. To make sure your privacy rights are protected in compliance with PIPEDA, you may contact our Data Protection Officer, Manav Rathi, via email at [email protected].
11. YOUR CALIFORNIA PRIVACY RIGHTS
Ente does not sell, trade, or otherwise transfer to outside third parties your "Personal Information" as the term is defined under the California Civil Code Section § 1798.82(h).
12. CAN-SPAM ACT OF 2003
a. Our Responsibility: We comply with the CAN-SPAM Act and its requirements for commercial/promotional messages, When we send such a commercial/promotional message we will (a) not use false or misleading subjects or email addresses; (b) identify email as an advertisement; (c) include our physical address; and (d) monitor our third-party email marketing service provider for compliance, if one is used.
b. Your choice: If you do not wish to receive marketing communications from us, you can use the unsubscribe link found at the bottom of the email or email us at [email protected], or contact us at [email protected] to opt out of receiving future marketing emails. You may opt-out/unsubscribe from receiving such messages at any time and we will honor your requests. Please note that your opting out from promotional messages shall not affect your ability to receive transaction-related emails or non-promotional communications regarding us and our Services,
13. MODIFICATIONS TO OUR PRIVACY POLICY
We will update this privacy policy as needed so that it is current, accurate, and as clear as possible. Your continued use of our Services confirms your acceptance of our updated Privacy Policy.
14. LIST OF THIRD-PARTY SERVICE PROVIDERS
Ente uses the following third-party service providers for the provision of services as detailed under the Terms, as applicable:
- Apple
- Use-case: App store, payments and app infrastructure
- Privacy Policy: https://www.apple.com/legal/privacy
- Contact: https://www.apple.com/contact/
- Google
- Use-case: Play store, payments and app infrastructure
- Privacy Policy: https://policies.google.com/privacy
- Contact: https://google.com/contact
- Stripe
- Use-case: Payments
- Privacy Policy: https://stripe.com/privacy
- Contact: [email protected]
- BitPay
- Use-case: Payments
- Privacy Policy: https://bitpay.com/about/privacy
- Contact: [email protected]
- PayPal
- Use-case: Payments
- Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
- Contact: https://www.paypal.com/us/smarthelp/contact-us/
- Scaleway
- Use-case: Compute, storage
- Privacy Policy: https://www.scaleway.com/en/privacy-policy/
- Contact: [email protected]
- Backblaze
- Use-case: Storage
- Privacy Policy: https://www.backblaze.com/company/privacy.html
- Contact: [email protected]
- Cloudflare
- Use-case: Networking
- Privacy Policy: https://www.cloudflare.com/privacypolicy/
- Contact: [email protected]
- Amazon
- Use-case: Emails
- Privacy Policy: https://aws.amazon.com/privacy/
- Contact: https://aws.amazon.com/privacy/#Contacts.2C_Notices.2C_and_Revisions
- Hetzner
- Use-case: Compute, storage
- Privacy Policy: https://www.hetzner.com/legal/privacy-policy/
- Contact: [email protected]
- FeatureMonkey
- Use-case: Roadmap and feature requests
- Privacy Policy: https://www.featuremonkey.com/privacy
- Contact: [email protected]
- Simple Analytics
- Use-case: Website analytics
- Privacy Policy: https://simpleanalytics.com/privacy
- Contact: [email protected]
- Zoho
- Use-case: Email communications
- Privacy Policy: https://zoho.com/privacy
- Contact: https://www.zoho.com/contactus.html
- Grafana
- Use-case: Infrastructure monitoring and alerting
- Privacy Policy: https://grafana.com/legal/terms/#privacy
- Contact: [email protected]
- Open Street Maps
- Use-case: Maps and geodata
- Privacy Policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy
- Contact: [email protected]
15. COPYRIGHT INFRINGEMENT
If you believe that any content on our website or app, violates your copyright, and you wish to have the allegedly infringing material removed, please follow the instructions in our Terms and Takedown Policy to submit a DMCA Takedown Notice to us.
16. THIRD-PARTY WEBSITES
We do allow links to third-party web pages. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites.
17. CONTACT US
Email us at [email protected] with any questions about this Privacy Policy or how we process your information. We'll be happy to help!
To contact Ente's Data Protection Officer, Manav Rathi, please email [email protected].
You can also reach us by mail at: Ente Technologies, Inc., 1111B S Governors Ave #6032, Dover, DE 19904.