Data Handling Policy

Username

Why we need it

This is how you identify yourself when logging in to services.

How we collect it

You provide this to us on registration.

Where and how we store it

Location Safety
SiteDB Encrypted at rest
ServerDB Cleartext
App configs Cleartext

Who it is shared with

Group Reason
Whatbox Staff Providing customer support
Same-server users Technical limitations[1]
Registering users Technical limitations[2]
  1. There are currently known issues where under some circmustances a users username may be visible to other users sharing the same server as them. We are actively working to address the technical issues where this is still happening.
  2. If a user attempts to register with the same username as you, they will be informed it is taken.

How long we store it

Indefinitely

How it can be modified or removed

Not currently possible.

Email

Why we need it

This is used to provide you with important account related notifications and to to recover your account if you forget your password.

How we collect it

You provide this to us on registration.

Where and how we store it

Location Safety
SiteDB Encrypted at rest

Who it is shared with

Group Reason
Amazon Web Services AWS provides our email infrastructure
Registering users Technical limitations[1]
  1. If a user attempts to register with the same email as you, they will be informed it is taken.

How long we store it

Indefinitely

How it can be modified or removed

You can change or remove your email address in your preferences.

Password

Why we need it

This is used to ensure only you can log in to your account.

How we collect it

You provide this to us on registration.

Where and how we store it

Location Safety
SiteDB Cryptographically hashed & Encrypted at rest
ServerDB Cryptographically hashed
App configs Cryptographically hashed[1]
  1. Not all apps are compatible with best practices for password hashing, some app configuration files may contain cryptographic hashes that are considered weak by modern standards.

Who it is shared with

Nobody.

How long we store it

Indefinitely

How it can be modified or removed

You can change your password in your preferences.

Mobile phone number

Why we need it

This is not actually required information. You do not need to provide it.

If you do provide this, we will send you important account related notifications via SMS.

How we collect it

You provide this to us on registration, or set it in the preferences.

Where and how we store it

Location Safety
SiteDB Encrypted at rest

Who it is shared with

Group Reason
Amazon Web Services AWS provides our SMS infrastructure

How long we store it

Indefinitely

How it can be modified or removed

You can change or remove your mobile phone number in your preferences.

Contact information

Why we need it

This is not actually required information. You do not need to provide it.

If you do provide this, it will be included on invoices. This is useful for invidiuals or businesses who need to use their invoices as proof of payment for their own record keeping.

How we collect it

You provide this to us by filling in the section in the preferences.

Where and how we store it

Location Safety
SiteDB Encrypted at rest

Who it is shared with

Nobody.

How long we store it

Indefinitely

How it can be modified or removed

You can change or remove your contact information in your preferences.

Province

Why we need it

We need to know this to charge you the appropriate amount of sales tax.

How we collect it

You provide this to us on registration.

Where and how we store it

Location Safety
SiteDB Encrypted at rest

Who it is shared with

Nobody.

How long we store it

Indefinitely

How it can be modified or removed

You can change province in your preferences.

Credit card

Why we need it

We require your credit card number, CVC and expiry to successfully charge your credit card if you're paying for services.

Card country is required for tracking import/export totals for our company.

How we collect it

You provide this to us when adding a credit card.

Where and how we store it

Piece Location Safety
Full number Not stored PCI-DSS
CVC Not stored PCI-DSS
Last 4 SiteDB Encrypted at rest
Expiry SiteDB Encrypted at rest

Who it is shared with

Group Reason
Stripe Stripe provides our credit card infrastructure

How long we store it

All credit card data will be purged:

  • After 6 months of account inactivity

How it can be modified or removed

You can change or remove your credit cards in your preferences.

Invoices (PayPal)

Why we need it

Invoices are a permanent record of your payment to us and required for our bookkeeping.

How we collect it

We generate the invoices when you make a payment.

Where and how we store it

Piece Location Safety
PayPal email SiteDB Encrypted at rest
PayPal Transaction ID SiteDB Encrypted at rest

Who it is shared with

Group Reason
PayPal PayPal facilited the payment

How long we store it

Indefinitely

How it can be modified or removed

As we are required by law to maintain historical invoices, this cannot be modified or removed.

Invoices (Credit card)

Why we need it

Invoices are a permanent record of your payment to us and required for our bookkeeping.

How we collect it

We generate the invoices when you make a payment.

Where and how we store it

Piece Location Safety
Stripe Transaction ID SiteDB Encrypted at rest

Who it is shared with

Group Reason
Stripe Stripe facilited the payment

How long we store it

Indefinitely

How it can be modified or removed

As we are required by law to maintain historical invoices, this cannot be modified or removed.

Invoices (Crypto)

Why we need it

Invoices are a permanent record of your payment to us and required for our bookkeeping.

How we collect it

We generate the invoices when you make a payment.

Where and how we store it

Piece Location Safety
Blockchain Identifier SiteDB Encrypted at rest
CoinGate Transaction ID SiteDB Encrypted at rest

Who it is shared with

Group Reason
CoinGate CoinGate facilited the payment

How long we store it

Indefinitely

How it can be modified or removed

As we are required by law to maintain historical invoices, this cannot be modified or removed.

Analytics

Why we need it

Analytics help us understand the geographic, hardware, software and performance characteristics of our customers so that we can improve the performance of our services.

How we collect it

We collect this information all the time.

Where and how we store it

Piece Location Safety
Approximate user location SiteDB Anonymized & Encrypted at rest
Software versions SiteDB Anonymized & Encrypted at rest
Internet Service Provider SiteDB Anonymized & Encrypted at rest
Upload & download speed SiteDB Anonymized & Encrypted at rest

Who it is shared with

Nobody.

How long we store it

Indefinitely

How it can be modified or removed

As this data is anonymized and would not be able to identify a specifc account, this cannot be modified or removed.

Errors

Why we need it

Collecting relevant application information in the event of an error or crash helps us to fix these issues and provide a more reliable service.

How we collect it

We collect this information when an error occurs.

Where and how we store it

We do not store it.

Who it is shared with

Group Reason
Sentry We use Sentry's error monitoring system
Whatbox Staff To investigate and resolve the errors

How long we store it

14 days

How it can be modified or removed

It will be automatically removed after 14 days.

Authentication Logs

Why we need it

Automated security software reviews access logs to block malicious parties attempting to break in to your account and steal your Hosted Data.

How we collect it

Many services collect your IP and Username on every login, successful or failed.

Where and how we store it

Piece Location Safety
Username Server Log Cleartext
IP Address Server Log Cleartext

Who it is shared with

Group Reason
Whatbox Staff To investigate security incidents

How long we store it

30 days

How it can be modified or removed

It will be automatically removed after 30 days.

Hosted Data

Why we need it

We cannot provide services that function without files for the hosted applications to use.

How we collect it

You upload it to your server, or download it to your server using an application.

Where and how we store it

Location Safety
Server Cleartext

Who it is shared with

Group Reason
Whatbox Staff To provide customer support

How long we store it

7 days after slot expiration.

How it can be modified or removed

You can remove your hosted data at any time using any of the available methods to manage your data.