Data Handling Policy
Username
Why we need it
This is how you identify yourself when logging in to services.
How we collect it
You provide this to us on registration.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Encrypted at rest |
| ServerDB | Cleartext |
| App configs | Cleartext |
Who it is shared with
| Group | Reason |
|---|---|
| Whatbox Staff | Providing customer support |
| Same-server users | Technical limitations[1] |
| Registering users | Technical limitations[2] |
- There are currently known issues where under some circmustances a users username may be visible to other users sharing the same server as them. We are actively working to address the technical issues where this is still happening.
- If a user attempts to register with the same username as you, they will be informed it is taken.
How long we store it
Indefinitely
How it can be modified or removed
Not currently possible.
Why we need it
This is used to provide you with important account related notifications and to to recover your account if you forget your password.
How we collect it
You provide this to us on registration.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| Amazon Web Services | AWS provides our email infrastructure |
| Registering users | Technical limitations[1] |
- If a user attempts to register with the same email as you, they will be informed it is taken.
How long we store it
Indefinitely
How it can be modified or removed
You can change your email address in your preferences or remove it by deleting your account.
Password
Why we need it
This is used to ensure only you can log in to your account.
How we collect it
You provide this to us on registration.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Cryptographically hashed & Encrypted at rest |
| ServerDB | Cryptographically hashed |
| App configs | Cryptographically hashed[1] |
- Not all apps are compatible with best practices for password hashing, some app configuration files may contain cryptographic hashes that are considered weak by modern standards.
Who it is shared with
Nobody.
How long we store it
Indefinitely
How it can be modified or removed
You can change your password in your preferences or remove it by deleting your account.
Mobile phone number
Why we need it
This is not actually required information. You do not need to provide it.
If you do provide this, we will send you important account related notifications via SMS.
How we collect it
You provide this to us on registration, or set it in the preferences.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| Amazon Web Services | AWS provides our SMS infrastructure |
How long we store it
Indefinitely
How it can be modified or removed
You can change or remove your mobile phone number in your preferences or by deleting your account.
Contact information
Why we need it
This is not actually required information. You do not need to provide it.
If you do provide this, it will be included on invoices. This is useful for invidiuals or businesses who need to use their invoices as proof of payment for their own record keeping.
How we collect it
You provide this to us by filling in the section in the preferences.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Encrypted at rest |
Who it is shared with
Nobody.
How long we store it
Indefinitely
How it can be modified or removed
You can change or remove your contact information in your preferences or by deleting your account.
Province
Why we need it
We need to know this to charge you the appropriate amount of sales tax.
How we collect it
You provide this to us on registration.
Where and how we store it
| Location | Safety |
|---|---|
| SiteDB | Encrypted at rest |
Who it is shared with
Nobody.
How long we store it
Indefinitely
How it can be modified or removed
You can change province in your preferences.
Credit card
Why we need it
We require your credit card number, CVC and expiry to successfully charge your credit card if you're paying for services.
Card country is required for tracking import/export totals for our company.
How we collect it
You provide this to us when adding a credit card.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| Full number | Not stored | PCI-DSS |
| CVC | Not stored | PCI-DSS |
| Last 4 | SiteDB | Encrypted at rest |
| Expiry | SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| Stripe | Stripe provides our credit card infrastructure |
How long we store it
All credit card data will be purged:
- After 6 months of account inactivity
How it can be modified or removed
You can change or remove your credit cards in your preferences.
Invoices (PayPal)
Why we need it
Invoices are a permanent record of your payment to us and required for our bookkeeping.
How we collect it
We generate the invoices when you make a payment.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| PayPal Transaction ID | SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| PayPal | PayPal facilited the payment |
How long we store it
Indefinitely
How it can be modified or removed
As we are required by law to maintain historical invoices, this cannot be modified or removed.
Invoices (Credit card)
Why we need it
Invoices are a permanent record of your payment to us and required for our bookkeeping.
How we collect it
We generate the invoices when you make a payment.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| Stripe Transaction ID | SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| Stripe | Stripe facilited the payment |
How long we store it
Indefinitely
How it can be modified or removed
As we are required by law to maintain historical invoices, this cannot be modified or removed.
Invoices (Crypto)
Why we need it
Invoices are a permanent record of your payment to us and required for our bookkeeping.
How we collect it
We generate the invoices when you make a payment.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| Blockchain Identifier | SiteDB | Encrypted at rest |
| BitPay Transaction ID | SiteDB | Encrypted at rest |
Who it is shared with
| Group | Reason |
|---|---|
| BitPay | BitPay facilited the payment |
How long we store it
Indefinitely
How it can be modified or removed
As we are required by law to maintain historical invoices, this cannot be modified or removed.
Analytics
Why we need it
Analytics help us understand the geographic, hardware, software and performance characteristics of our customers so that we can improve the performance of our services.
How we collect it
We collect this information all the time.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| Approximate user location | SiteDB | Anonymized & Encrypted at rest |
| Software versions | SiteDB | Anonymized & Encrypted at rest |
| Internet Service Provider | SiteDB | Anonymized & Encrypted at rest |
| Upload & download speed | SiteDB | Anonymized & Encrypted at rest |
Who it is shared with
Nobody.
How long we store it
Indefinitely
How it can be modified or removed
As this data is anonymized and would not be able to identify a specifc account, this cannot be modified or removed.
Errors
Why we need it
Collecting relevant application information in the event of an error or crash helps us to fix these issues and provide a more reliable service.
How we collect it
We collect this information when an error occurs.
Where and how we store it
We do not store it.
Who it is shared with
| Group | Reason |
|---|---|
| Sentry | We use Sentry's error monitoring system |
| Whatbox Staff | To investigate and resolve the errors |
How long we store it
14 days
How it can be modified or removed
It will be automatically removed after 14 days.
Authentication Logs
Why we need it
Automated security software reviews access logs to block malicious parties attempting to break in to your account and steal your Hosted Data.
How we collect it
Many services collect your IP and Username on every login, successful or failed.
Where and how we store it
| Piece | Location | Safety |
|---|---|---|
| Username | Server Log | Cleartext |
| IP Address | Server Log | Cleartext |
Who it is shared with
| Group | Reason |
|---|---|
| Whatbox Staff | To investigate security incidents |
How long we store it
30 days
How it can be modified or removed
It will be automatically removed after 30 days.
Hosted Data
Why we need it
We cannot provide services that function without files for the hosted applications to use.
How we collect it
You upload it to your server, or download it to your server using an application.
Where and how we store it
| Location | Safety |
|---|---|
| Server | Cleartext |
Who it is shared with
| Group | Reason |
|---|---|
| Whatbox Staff | To provide customer support |
How long we store it
7 days after slot expiration.
How it can be modified or removed
You can remove your hosted data at any time using any of the available methods to manage your data.