Last Updated: October 2024
This Privacy Policy describes our policies and procedures in connection with information that we collect from you when you use our website at www.virtru.com (the “Site”) or our hosted encryption, access control and revocation services (the “Services”). By visiting the Site, using the Services or otherwise providing information to Virtru, you consent to our use and treatment of such information pursuant to the terms of this Privacy Policy.This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. If you have any questions, please contact us at:
Email: privacy@virtru.com
Address: Virtru, 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006
“Personal Information” means:
We collect personal information that you voluntarily provide to us when you register with us, express an interest in obtaining information about us or our products and Services, participate in activities or otherwise when you contact us. In particular:
We collect identifiers, such as your name, email address, and telephone number, if you choose to provide such information to us.
We may collect identifiers such as your full name and billing address, and a third party payment services provider will collect and store your credit card number and/or any other financial information required to process payment card transactions on our behalf, in which case your information will be subject to the third party’s privacy policy, rather than this Privacy Policy.
We may collect identifiers and professional or employment-related information, such as your name, company name and size, and your telephone number and email address.
When you use our free or paid Services, we collect key access policies and application activations (“Virtru Application Data”). We store Key Access Policies for each message or file you secure, as well as all updates to those Policies, such as revocation and adding or removing authorized users. Key Access Policies include the minimal metadata required to enforce the policy, such as authorized user email addresses, telephone number (if applicable), encryption keys and expiration date/time as well as a “Display Name” per policy for use in the online dashboard, which may be a file name or email subject line. We store a list of applications that have been activated for use by each user, as well as when those activations expire.
Certain information is collected by most browsers and sent to web servers so that sites can behave reliably, such as your computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using.
An Internet Protocol (IP) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP), and is identified and logged automatically in our server log files whenever a user visits the Site, along with the time of the visit and the page(s) that were visited. We use IP addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site and Services. We may also derive your approximate location from your IP address.
Cookies allow a web server to transfer data to a computer for record keeping and other purposes. We and our service providers use cookies and other technologies to, among other things, better serve you with more tailored information and facilitate your ongoing access to and use of the Site, as well as for online tracking purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. For further information about our use of cookies, please visit our Cookie Policy.
We collect the above Information directly and through the use of third parties. We collect this information by using certain technologies, such as cookies, web beacons, and other technologies. Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.
Cookies and similar technologies are small files of letters and numbers that we store on your web browser or the hard drive of your computer or mobile device. Cookies contain information that is transferred to the hard drive of your computer or mobile device, and enable the website’s or service provider’s systems to recognize the user’s browser and capture and remember certain information.For further information about our use of cookies, please visit our Cookie Policy.
Most internet browsers are automatically set up to accept cookies. However, if you want to refuse or delete any cookies (or similar technologies), please refer to the help and support area on your internet browser for instructions on how to block or delete cookies. Please note you may not be able to take advantage of all the features of our Site, including any personalized features, if you delete or disable cookies.
You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
Some website browsers have incorporated “Do Not Track” features that send an automated signal to the websites that you visit using that browser. At this time, the Services do not recognize or respond to these signals. However, you can adjust your preferences regarding the data we collect using the tools and methods described above.
For more information on managing cookies, please go to www.allaboutcookies.org, or visit www.youronlinechoices.eu, or https://www.aboutads.info which have further information about behavioral advertising and online privacy.
We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or display content based upon what you view on our Services to personalize your visit. Third parties, with whom we partner to provide certain features or to display advertising based upon your browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount and type of data stored and the method of storing this data. Cookie management tools provided by your browser will not remove Flash cookies.
Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of information either directly to us or to a third party authorized by us to collect information on our behalf. Our Services may use retargeting pixels from Google, Facebook, and other ad networks. We may also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.
Analytics are tools we use, such as Google Analytics, to help provide us with information about traffic to our website and use of our Services, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. Learn more about Google’s Privacy Policy at https://policies.google.com/privacy. You can opt-out of having your activity on our Services made available to Google Analytics by installing the Google Analytics opt-out add-on for your web browser by visiting https://tools.google.com/dlpage/gaoptout for your web browser.
Virtru Email Protection for Gmail uses Google APIs according to the Google API Services User Data Policy. More information can be found here.
We may receive information about you from other sources, for example, publicly available databases, marketing partners, social media platforms and other outside sources.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
The Site and Services are not directed to and we do not knowingly collect Personal Information from individuals under the age of eighteen (18) or market to such individuals. We request that these individuals not provide Personal Information through the Site or Services. By using the Site and Services, you represent that you are at least 18 or that you are the parent or guardian of such minor and consent to such minor dependant’s use of the Site and Services.
We only process or use information, including Personal Information, when we believe it is necessary and we have a valid legal reason to do so under applicable law, with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill legitimate business interests. In particular for the following purposes:
To process your payments, provide you with the products or services you have purchased, communicate with you regarding your purchase and provide you with related customer service, when necessary to manage our contractual relationship with you, to comply with a legal obligation, or based on our legitimate interests.
To administer the Site and Services, including performing security analyses to verify that the Services are working properly and have not been compromised, based on our legitimate interests.
To contact you or another authorized user in connection with providing the Services (including, but not limited to, enforcing the Key Access Policies, verification of users of the Company’s Services or visitors to the Company’s Site, or in connection with a feature of the Services such as two-factor authentication).
For our internal business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our services, identifying usage trends and determining the effectiveness of our promotional campaigns, when necessary to manage our contractual relationship with you, to comply with a legal obligation, or based on our legitimate interests.
Any other purpose when in de-identified or aggregate form, e.g., to calculate the percentage of our users who have a particular telephone area code.
Where we need to collect Personal Information by law or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the Services, but we will notify you before doing so.
If you wish to have more information regarding the legitimate interests we rely on, please contact us in accordance with the “Contacting Us” section below.
VIRTRU DOES NOT SELL YOUR PERSONAL INFORMATION.
To our affiliates.
To our third party service providers to facilitate services they provide to us. These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
As required to comply with applicable law and regulations and to cooperate with public and governmental authorities (this can include laws and authorities outside your country of residence), including law enforcement. We will handle any government requests for encryption keys in accordance with our Frequently Asked Questions on Government Surveillance.
If necessary to enforce obligations under our terms and conditions and when it is reasonably necessary to protect the rights, property or safety of you, our other users, Virtru or the public.
To third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquirer and its advisors.
In other circumstances when we tell you and you consent to the disclosure.
Without restriction when in de-identified or aggregate form.
This Privacy Policy does not apply to information collected by any third party through any website, application, or content that may link to or be accessible from the Site. The inclusion of a link on the Site does not imply endorsement of the linked site by us or by our affiliates.
Security is our business! We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. We also require our third-party service providers with access to Personal Information to use reasonable measures to protect the confidentiality and security of the Personal Information they maintain for us. Unfortunately, no data transmission or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
The Services are controlled and operated by us from the United States. Your Personal Information may therefore be stored and processed in any country where we have facilities or in which we engage third party service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
If you live in the EEA, we may transfer Personal Information to countries for which adequacy decisions have been issued (the full list of these countries is available here), use contractual protections for the transfer of Personal Information to third parties, such as an intra-company agreement that complies with the European Commission’s Standard Contractual Clauses or their equivalent under applicable law, or where applicable.
You may contact us in accordance with the “Contacting Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.
Opt-out of direct marketing: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by following the “unsubscribe” instructions in the next email you receive from us. Note that you may not opt out of receiving some administrative announcements (such as changes to our policies). Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.
Withdrawing Your Consent: If we are relying on your consent to process your personal information, you can withdraw your consent at any time by contacting us at info@virtru.com.
Most browsers or mobile operating systems include a Do-Not-Track (DNT) feature. As of now, no uniform technology standard for implementing DNT signals have been finalized. As such, we do not currently respond to DNT browser signals. If a standard is adopted, we will follow it in future.
If you are a California resident, you have the right to:
To make a request, please call us at 1 (855) 892-7499, email us at privacy@virtru.com, or visit https://support.virtru.com. To verify your identity, we will generally ask you to provide certain information that we already maintain in our records. Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information. To make a request on your behalf, an authorized agent may contact us by email with proof of your written and signed permission.
Although Virtru does not sell Personal Information, if you are a Nevada resident, you have the right to opt-out of any future sale of Personal Information we have collected or will collect. To make such a request, please email us at info@virtru.com.
We do not sell personal data to third parties.We do not process personal data for targeted advertising purposes (as defined under the VCDPA). However, you can opt-out of all advertising cookies via the cookie preference center. We do not process personal data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Subject to the VCDPA and other applicable laws, you have the following rights concerning your data processed by Virtru:
Deletion: You have the right to request that Virtru erase your personal data, and Virtru will erase such data unless it is reasonably necessary for Virtru to maintain your personal data in accordance VCDPA 59.1-582
Correction: You have the right to request that Virtru correct inaccurate personal data, taking into account the nature and purpose of processing the information.
Access: You have the right to request to access or obtain a copy of the personal data that Virtru holds about you
Non-discrimination: Virtru will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under applicable laws
Please contact us if you wish to exercise your rights under VCDPA or wish to appeal Virtru’s decision with respect to a request to exercise your rights.
If you are an EEA resident, you have the right to:
To make such a request, please email us at privacy@virtru.com.
If you have any questions about this Privacy Policy, please contact us by email at privacy@virtru.com, or please write to the following address: 1801 Pennsylvania Ave, 5th Floor, Washington DC 20006 . If you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority.
Contact us to learn more about our partnership opportunities.