Whatbox Logo

Data Handling Policy

Username

Why do we need it?

A username is how you identify yourself when logging in to services.

How do we collect it?

You provide this to us on registration.

Where and how do we store it?

Location Safety
SiteDB Encrypted at rest
ServerDB Cleartext
App configs Cleartext

Who do we share it with?

Group Reason
Whatbox Staff Providing customer support
Same-server users Technical limitations[1]
Registering users Technical limitations[2]
  1. There are currently known issues where a username may be visible to other users sharing the same server. We are actively working to address the technical issues where this is still happening.
  2. If someone attempts to register with the same username as you, we will tell them it is in use.

How long do we store it?

Indefinitely

How can it be modified or removed?

Not currently possible.

Email

Why do we need it?

We use your email to send you necessary account alerts and to recover your account if you forget your password.

How do we collect it?

You provide this to us on registration.

Where and how do we store it?

Location Safety
SiteDB Encrypted at rest

Who do we share it with?

Group Reason
Amazon Web Services AWS provides our email infrastructure
Registering users Technical limitations[1]
  1. If someone attempts to register with the same email as you, we will tell them it is in use.

How long do we store it?

Indefinitely

How can it be modified or removed?

You can change your email address in your preferences or remove it by deleting your account.

Password

Why do we need it?

We need a password to authenticate you and prevent strangers from logging into your account.

How do we collect it?

You provide this to us on registration.

Where and how do we store it?

Location Safety
SiteDB Cryptographically hashed & Encrypted at rest
ServerDB Cryptographically hashed
App configs Cryptographically hashed[1]
  1. Not all apps are compatible with best practices for password hashing. Some app configuration files may contain cryptographic hashes considered weak by modern standards.

Who do we share it with?

Nobody.

How long do we store it?

Indefinitely

Haw can it be modified or removed?

You can change your password in your preferences or remove it by deleting your account.

Mobile phone number

Why do we need it?

A phone number is optional.

We will send you account alerts via SMS if you provide a phone number.

How do we collect it?

You provide this to us on registration or set it in the preferences.

Where and how do we store it?

Location Safety
SiteDB Encrypted at rest

Who do we share it with?

Group Reason
Amazon Web Services AWS provides our SMS infrastructure

How long do we store it?

Indefinitely

How can it be modified or removed?

You can change or remove your mobile phone number in your preferences or by deleting your account.

Contact information

Why do we need it?

This is not actually required information. You do not need to provide it.

Contact information is optional.

You will need to provide this information if you want your name, business name, or address included on invoices.

How do we collect it?

You provide this to us by filling in the section in the preferences.

Where and how do we store it?

Location Safety
SiteDB Encrypted at rest

Who do we share it with?

Nobody.

How long do we store it?

Indefinitely

How can it be modified or removed?

You can change or remove your contact information in your preferences or by deleting your account.

Province

Why do we need it?

We need your province to charge you the appropriate sales tax amount.

How do we collect it?

You provide this to us on registration.

Where and how do we store it?

Location Safety
SiteDB Encrypted at rest

Who do we share it with?

Nobody.

How long do we store it?

Indefinitely

How can it be modified or removed?

You can change province in your preferences.

Credit card

Why do we need it?

A credit card is an accepted payment method.

We require your credit card number, CVC, and expiry to charge your credit card successfully.

How do we collect it?

When adding a credit card, you provide this directly to our credit card provider. For security, we avoid handling this information ourselves.

Where and how do we store it?

Piece Location Safety
Full number Stripe PCI-DSS
CVC Stripe PCI-DSS
Expiry Stripe PCI-DSS
Last 4 SiteDB Encrypted at rest

Who do we share it with?

Group Reason
Stripe Stripe provides our credit card infrastructure

How long do we store it?

We will delete saved credit cards after six months of account inactivity.

How can it be modified or removed?

You can change or remove your credit cards in your preferences.

Invoices (PayPal)

Why do we need it?

Invoices are a permanent payment record, and we require them for bookkeeping.

How do we collect it?

We generate the invoices when you make a payment.

Where and how do we store it?

Piece Location Safety
PayPal Transaction ID SiteDB Encrypted at rest

Who do we share it with?

Group Reason
PayPal PayPal facilited the payment
Whatbox Staff Providing customer support and refunds

How long do we store it?

Indefinitely

How can it be modified or removed?

Invoices cannot be modified or removed.

Invoices (Credit card)

Why do we need it?

Invoices are a permanent payment record, and we require them for bookkeeping.

How do we collect it?

We generate the invoices when you make a payment.

Where and how do we store it?

Piece Location Safety
Stripe Transaction ID SiteDB Encrypted at rest
Issuance country SiteDB Encrypted at rest

Who do we share it with?

Group Reason
Stripe Stripe facilited the payment
Whatbox Staff Providing customer support and refunds
Statistics Canada (Aggregate only) Total sales by Issuance country

How long do we store it?

Indefinitely

How can it be modified or removed?

Invoices cannot be modified or removed.

Invoices (Crypto)

Why do we need it?

Invoices are a permanent payment record, and we require them for bookkeeping.

How do we collect it?

We generate the invoices when you make a payment.

Where and how do we store it?

Piece Location Safety
Blockchain Identifier SiteDB Encrypted at rest
OpenNode Transaction ID SiteDB Encrypted at rest

Who do we share it with?

Group Reason
OpenNode OpenNode facilited the payment
Whatbox Staff Providing customer support and refunds

How long do we store it?

Indefinitely

How can it be modified or removed?

Invoices cannot be modified or removed.

Analytics

Why do we need it?

Analytics help us understand our customers' geography, hardware, and software. Knowing this helps us improve your experience.

How do we collect it?

We collect this information all the time.

Where and how do we store it?

Piece Location Safety
Approximate user location SiteDB Anonymized & Encrypted at rest
Software versions SiteDB Anonymized & Encrypted at rest
Internet Service Provider SiteDB Anonymized & Encrypted at rest
Upload & download speed SiteDB Anonymized & Encrypted at rest

Who do we share it with?

Group Reason
Whatbox Staff (Aggregate only) Data-driven decisions about compatibility and performance

How long do we store it?

Indefinitely

How can it be modified or removed?

We can't identify which portion of this data originated with you, so it cannot be modified or removed.

Errors

Why do we need it?

Collecting relevant application information in the event of an error or crash helps us to fix these issues and provide a more reliable service.

How do we collect it?

We collect this information when an error occurs.

Where and how do we store it?

We do not store it.

Who do we share it with?

Group Reason
Sentry We use Sentry's error monitoring system
Whatbox Staff To investigate and resolve the errors

How long do we store it?

90 days

How can it be modified or removed?

It will be automatically removed after 90 days.

Authentication Logs

Why do we need it?

Automated security software reviews access logs to block malicious parties attempting to break into your account and steal your Hosted Data.

How do we collect it?

Many services collect your IP and Username on every login, successful or failed.

Where and how do we store it?

Piece Location Safety
Username Server Log Cleartext
IP Address Server Log Cleartext

Who do we share it with?

Group Reason
Whatbox Staff To investigate security incidents

How long do we store it?

30 days

How can it be modified or removed?

We will automatically delete it after 30 days.

Hosted Data

Why do we need it?

We cannot provide services that function without files for the hosted applications to use.

How do we collect it?

You upload it to your server or download it to your server using an application.

Where and how do we store it?

Piece Location Safety
Files Server Cleartext

Who do we share it with?

Group Reason
Whatbox Staff To provide customer support

How long do we store it?

We store it as long as you are a customer and for a short period afterward (allowing you time to renew).

How can it be modified or removed?

You can remove your hosted data at any time using any of the available methods to manage your data.