Confide Privacy Policy

Updated: 20 March 2023

Your privacy is important to Confide (“Confide,” “we,” “us,” “our”). Confide has created this Privacy Policy (“Privacy Policy”) to demonstrate the commitment to protecting your privacy and to explain the personal data Confide processes, how Confide processes it, and for what purposes. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

This Privacy Policy is organized as follows:

1. General
2. Information we collect
3. How we use Personal Information
4. Data Sharing
5. How to access and control your Personal Information
6. Cookies
7. Security
8. Do not track disclosures
9. Retention and deletion
10. Children's privacy
11. European privacy rights
12. California privacy rights
13. Updates to the Privacy policy
14. Communication preferences
15. Contact us

1. GENERAL

Confide is a mobile and desktop security software program utilized by individuals and businesses. Confide allows users to share confidential and sensitive information on mobile devices and computers for the purposes of protecting such information from others. Confide utilizes sophisticated encryption software in order to ensure that all information shared between users remains secure, thereby driving meaningful interactions, relationships and creating better outcomes for individuals, professionals and businesses.

2. INFORMATION WE COLLECT

Confide collects personal information about you as you use Confide, through your interactions with us. “Personal information” is any information that relates to an identifiable individual and may include name, address, email address, phone number, login information (account number, password), social media account information, or payment card number.

We collect the following personal information:

• Your account information. We collect limited personal information from users who register with our services including your first and last name and your contact details (such as your email address or your phone number).
• Address book information. When you access and use our services, you may elect to share the data stored in the address book on the device from which you are accessing and using the service (the “Address Book Data”). If you decide to share this data with us, we will see the Address Book Data only in hashed/anonymized form (i.e., in a manner in which we cannot read the data) and we will not store your Address Book Data for non-Confide users. We will use Address Book Data only to provide you with our services and to help you connect with people on Confide that you have listed in your address book via their email address and/or phone number. If you would like to invite one of your friends to Confide, we will send them an invitation to our service (eg, via SMS or email) and then delete that data as soon as the invitation is sent.
• Device and connection information. When you download and use our services, we automatically collect information on the type of device you use, operating system version, a randomly-generated device identifier, system performance information, and IP address.
• Location information. We collect your general location, such as your country from your device settings and based on your IP address. We do not at any time collect your precise location.
• Usage, event and log information. We process certain log and contact data and other related information, such as your unique Confide user ID and service-related, diagnostic, event and performance information (eg, subscription status and connection information), in order to provide the service to you. For example, so the recipient of your message will know who has sent them the message. We do not store the contents of your messages or the recipients of your communications.
• Custom support and other communications. When you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of our products that you deem helpful. For example, information relating to app performance or other issues.
• Billing information. If you decide to subscribe to our service directly via our website, we may collect credit card information which is tokenized and used for payment processing, but not stored. In all other circumstances, you will be directed to the appropriate app store, which may require you to provide certain payment and billing information. In the event you subscribe to our services via an app store, we will not store your billing information.

Your Messages on Confide

When you use our services to send and/or receive encrypted messages, we store your message(s) in encrypted form. We do not have access to your messages at any time. Similarly, we do not have the ability to decrypt or read your encrypted messages.

When “confidential” mode is selected as “on” by you, we delete all messages:

• as soon as they have been successfully read by the recipient;
• after five (5) days in the case of an unread message; and
• after ten (10) days in the case of unopened attachments.

When “confidential” mode is selected as “off” by you, we delete all messages:

• 24-hours after the message is sent by you;
• after five (5) days in the case of an unread message; and
• after ten (10) days in the case of unopened attachments.

3. HOW WE USE PERSONAL INFORMATION

Confide uses the information collected to provide you with a positive experience. In particular, we use the information to:

• Provide our services, which may include updating, securing and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service to you;
• Communicate to you about our services and the development of new features;
• Respond to requests, inquires, comments and suggestions;
• Understand and evaluate how our service and features perform with our users;
• Measure usage of our services;
• Measuring our advertising and marketing efforts (e.g., measuring how a user was acquired);
• Provide you with a secure experience and to take measures to protect our services from cyber risks;
• Protect against, identify, investigate, prevent, and respond to fraud, illegal activity (such as hacking or misuse of our services), and claims and other liabilities, including the enforcement of the terms and conditions that govern the services we provide;
• Identify and repair of impairments to intended, existing functionality of our services;
• Understand our customer in order to more effectively market our services;
• Provide quality and safety maintenance and verification services; and
• Comply with legal or regulatory requirements, judicial process, industry standards and our company policies.

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes, including historical and statistical analysis and business planning, without restriction.

4. DATA SHARING

We may share your personal information with third parties for the purposes of operating our business, delivering, analyzing, improving, securing, and customizing our services, sending marketing and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent.

We may share personal information in the following ways:

• Corporate Affiliates. Confide is part of the IAC Group family of businesses. We may share your information with other parts of IAC for the purposes of data processing, such as marketing and business operations, technical operations, such as data hosting and maintenance, legal, finance, HR and accounting assistance, security, service functionality, storage, or compliance with applicable laws.
• Third Party Service Providers. We may share information about you with the following categories of third party service providers for a variety of business purposes:
  • Customer Communications and Insights Platforms. We may share phone numbers, email addresses, app usage, and interactions for purposes of allowing us to communicate with you and administer your account as well as track your usage for our internal analytics.
  • Internal Business Insights Platforms. Our third party internal business analytics platform provides us with the tools to help us understand app usage and interactions and uncover insights that allow us to improve our product and features as well as optimize our marketing. We may share or make available unique user identifiers, IDFA, deviceID, IP address, Adjust ID and app usage and events (such as when you subscribed to our services) with third party service providers to allow us to: (i) monitor and understand usage in order to enhance existing services or develop new products and features; and (ii) better understand our customers in order to market our products more effectively.
  • Customer Support. When you contact us, your email may be directed through our third-party customer support platform which will have access to your email, the content of your email as well as the date and time your request came into our system. We use these providers to allow us to communicate with you about your account and to receive reports from users about the quality or safety of our products.
  • Measurement and Attribution. These service providers offer tools that allow us to measure and attribute the source of new subscription sign-ups and that provides us with insights about usage and app events. We may use unique user identifiers made available to us from these third-party service providers to help us measure the effectiveness of our ads (e.g., where and how a user is acquired) and to uncover information about how our customers are using our mobile application in order to improve their quality and safety. We may also share and/or store unique user identifiers, device IDs, IDFA, or IP addresses with these providers for the same purpose.
  • Other Technology Providers Necessary to Provide our Services. We store user-provided, automated information and/or aggregate or non-personally identifiable information with our cloud storage providers. We also may make certain automated information available for various purposes such as monitoring network traffic to detect malicious actors and to protect against malware, fraud, or other unlawful uses or activity. Additionally, we may use a third party service provider to assist us in providing transcription services.
  • Payment Processors. If you purchase our services outside of the Apple or Google stores, we will process your payment through a third-party service provider. When you pay in this manner, you authorize and direct us to process your payment through our payment processor.
  • Marketing. We, or the third party service providers we use to assist us with marketing our products to you, may use the information we collect from you to provide advertisements and offers for our other products. Additionally, we may share certain information, including app events, with advertising partners that provide us with optimization services for our advertising.
• Corporate Transactions. We may share information about you in connection with (including during the evaluation or negotiation of) a corporate change or dissolution, including for example a merger, acquisition, reorganization, consolidation, bankruptcy, liquidation, sale of assets or wind-down of a business (each a "Corporate Transaction"). Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we engage in any Corporate Transaction (including, selling or transferring all or a portion of our business or assets). If we engage in such a sale or transfer, we will, where feasible, direct the recipient to use the information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.
• Legal, Regulatory, Compliance. In addition, we may disclose and/or share your information to comply with legal or regulatory requirements (including to comply with a court order, judicial subpoena or other subpoena or warrant), industry standards, judicial process, and our company policies, as well as to protect against, identify, investigate, prevent and respond to fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), adverse event reporting, and claims and other liabilities. We also reserve the right to disclose your information (i) when we believe in good faith that disclosure is appropriate or necessary to take precautions against liability, (ii) to protect our rights or property or the legal and property rights of others and (iii) investigate and defend third party claims or allegations against us. In addition, we may collect, use, and disclose your personal information as required or permitted by applicable law, or as directed by you, in accordance with this Privacy Policy.
• Miscellaneous. We may share information that has been aggregated, anonymized, and/or in an de-identified form that cannot reasonably be used to identify you. In addition, we may disclose and/or share your information if we otherwise notify you and you consent to the sharing.

5. HOW TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION

Access, Edit and Delete Your Information.

• EEA Resident. If you are a resident of the European Economic Area (“EEA”), your rights to access, edit and delete your information can be found in the European Privacy Rights section of this Privacy Policy. If you are a California resident, your rights to access, edit and delete can be found in the California Privacy Rights section of this Privacy Policy.
• Non-EEA Resident. If you are not a resident of the EEA or California, you may be able to make requests to access, correct and/or delete certain personal information that you provide to Confide. For your protection, we may require proof and verification of your identity and jurisdiction of residency before we can answer any requests. If you wish to make such a request, you may contact us. If we change or delete your personal information or if you decline to actively share certain personal information with us, we may not be able to provide you with our services or some of the features and functionality of our services. Once we have verified that you own the account, we will honor such requests at our discretion and in accordance with applicable law.

Device Permissions.Mobile platforms have permission systems for specific types of device data and notifications, such as camera and microphone as well as push notifications. Where applicable, you can change your settings on your device to either consent or oppose the collection of the corresponding information or the display of the corresponding notifications. Of course, if you do that, certain services may lose full or partial functionality.

Uninstall. You can stop all information collection by the app by deactivating your account and then uninstalling the Confide app using the standard uninstall process for your device. If you uninstall the Confide app from your mobile device, the unique identifier associated with your device will continue to be stored by us. If you reinstall the application on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.

Email. If you receive a commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may contact us if you decide to opt-out from receiving commercial emails and any other promotional communications that we may send to you from time to time. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive transactional or administrative messages from us regarding the services.

Notice to Nevada Users. Under Nevada law, Nevada residents may opt-out of the "sale" of certain "covered information" (as defined under Nevada law) collected by operators of websites or online services. We currently do not sell covered information, as "sale" is defined by Nevada law, and we do not have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Nevada law, please contact us. You are responsible for updating any change in your email address by the same method and we are not obligated to cross-reference other emails you may have otherwise provided us for other purposes. We will maintain this information and contact you if our practices change.

International Transfers. Our services are hosted in the United States. If you choose to use our services from outside the United States, with laws governing data collection and use that may differ from United States law, note that you are transferring your personal information outside of those regions to the United States for storage and processing. We may transfer your data from the United States to other countries in connection with the storage and processing of data to operate our business. By using our services and providing personal information, you consent to such transfer, storage, and processing.

Marketing Opt-Outs. Some of the third party service providers we use to market our services and show our ads on other websites and mobile applications may participate in the Digital Advertising Alliance's (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising on the websites and mobile applications that you visit and use, including use of Cross-device Data for serving ads, visit www.aboutads.info/choices, and www.aboutads.info/appchoice for information on the DAA's opt-out program specifically for mobile applications (including use of precise location for third party ads). Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see www.networkadvertising.org/choices.

Should you allow notifications within the Confide mobile application, we may send you offers and promotions related to Confide. You may opt-out of these through the settings menu on your device.

6. COOKIES

Confide uses automatic data collection tools, such as cookies. These tools collect certain standard information that your browser sends to us (eg, Internet Protocol (IP) address, MAC address, clickstream behavior and telemetry). These tools help make your use of our services easier, more efficient, and personalized.

In addition to cookies, such other technologies may include “SDKs” or software development kits which are used to collect information, usage and statistics from a user’s use of a mobile application. By integrating a mobile SDK, developers can access different tools like analytics or re-engagement, or connect to ad networks to run in-app ads.

Web browsers and mobile app settings may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality may not function correctly. The "help" menu on most web browsers contains information on how to disable cookies, or you can visit www.aboutcookies.org/how-to-control-cookies.

The above tracking technologies may be deployed by us or our third party service providers on our behalf. You can find more information on our third-party service providers in the Data Sharing section of this Privacy Policy.

For more information, please see our Cookie Policy.

7. SECURITY

Confide takes reasonable and appropriate steps to protect the personal information entrusted to us and treat it securely in accordance with this Privacy Policy. Confide uses a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure.

8. DO NOT TRACK DISCLOSURES

Some web browsers may transmit “do-not-track” (“DNT”) signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, our services do not currently process or respond to DNT settings in your web browser. If and when a final standard is established and accepted, we will reassess how to respond to these signals.

9. RETENTION AND DELETION

We will retain your personal information for only as long as is necessary to fulfill the purposes for which it is collected. We will retain and use your personal information to comply with our business requirements (eg, backups, archiving, prevention of fraud and abuse, analytics), legal obligations, resolve disputes, protect our assets, and enforce our rights and agreements.

We store your personal information (such as your account information, subscription status and certain usage info for analytical purposes) for the duration of your account with us. As soon as you select “delete your account” using the in-app settings, your personal information is fully deleted and/or anonymised.

We will not retain personal information in identifiable form when the purpose(s) for which the personal information was collected have been achieved and, there is no legal or business need to retain such personally identifiable information. Thereafter, the data will either be destroyed, deleted, anonymized, and/or removed from our systems

10. CHILDREN'S PRIVACY

Confide does not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe that we may have collected personal information from someone under the applicable age of consent in your country without proper consent, please let us know using the methods described in the Contact Us section of this Privacy Policy and we will take the appropriate measures to investigate and address the issue promptly.

11. EUROPEAN PRIVACY RIGHTS

Choices and Rights. As a resident of the EEA, you may have some or all of the following rights in relation to how we use your personal information:

• Access: you may request access to your personal information and receive a copy of it;
• Correction: you may have inaccurate/incomplete personal information corrected and updated;
• Object to, or Limit or Restrict, Use of Data: in some circumstances, you can ask us to stop using all or some of your personal information or to limit our use of it;
• Deletion: in certain circumstances, you can request a right "to be forgotten" (this is a right to have your information deleted). We will honor such requests unless we have to retain this information to comply with a legal obligation or unless we have an overriding interest to retain it;
• Portability: in certain circumstances, you can exercise the right to data portability (this is a right to obtain a transferable version of your personal information to transfer to another provider);
• Consent Management: where we rely on consent to process your personal data, you may withdraw consent at any time. You do not have to provide a reason for your withdrawal where processing is based on consent; and
• Right to Complain: if you are unhappy with any aspect of our data processing or privacy practices, you have the right to complain to your local privacy supervisory authority, a list of which is available here.

If you are a resident of the EEA and you wish to exercise one of the legal rights mentioned above, you may contact us. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on the rights and freedoms of another person.

For your protection, we may require proof of identity and verification before we can answer the above requests.

Basis for Processing Data. We may rely on the following legal grounds when it comes to processing personal information:

• Legitimate Interest. There may be a legitimate interest to process the personal information that we collect, such as to develop, administer and support our services; to operate, evaluate and improve our business; to facilitate and manage engagement programs; for the purposes of operating and helping ensure the security of our business, to promote research and innovation; or to facilitate a Corporate Transaction (including a sale of assets or merger or acquisition).
• Contractual Obligations. We may process personal information to fulfill our terms of service with you or our contracts with business partners, such as third parties that distribute our products, or to fulfil requirements under our EULA and product terms and conditions.
• Legal Claims. It may be necessary for us to process personal information to establish, exercise or defend against fraud, illegal activity, and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.
• Legal Obligations. Our processing of certain information may be necessary to comply with our legal obligations and for reasons of public interest, such as with respect to adverse events and product safety reporting.
• Permitted by Law. We may process personal information as specifically permitted by applicable legal requirements.

If we rely on consent for the processing of your personal information, we will seek such consent at the time we collect your personal information.

International Data Transfer. We may transfer your personal information to countries other than the country in which the data was originally collected for the purposes described in this Privacy Policy. For example, if you are located outside of the United States, we may transfer your personal information to the United States, where Confide is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal information across borders, we consider a variety of requirements that may apply to such transfers.

We only transfer personal information from the EEA to:

• countries the EU Commission has deemed to adequately safeguard personal data;
• pursuant to the recipient's compliance with standard contractual clauses (also known as Model Clauses), or Binding Corporate Rules;
• pursuant to the consent of the individual to whom the personal information pertains; or
• as otherwise permitted by applicable EEA requirements.

12. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, we process your personal data in accordance with the California Consumer Privacy Act (“CCPA”). This CCPA section of our Privacy Policy contains information required by the CCPA and supplements our Privacy Policy.

Access to Information and Data Portability Rights. You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:

• The categories of personal information we have collected about you.
• The categories of sources from which we collected your personal information.
• The business or commercial purposes for our collecting or selling your personal information.
• The categories of third parties to whom we have shared your personal information.
• The specific pieces of personal information we have collected about you.
• A list of the categories of personal information disclosed for a business purpose in the prior twelve (12) months, or that no disclosure occurred.
• A list of the categories of personal information sold about you in the prior twelve (12) months, or that no sale occurred. If we sell your personal information, we will explain:
  • The categories of your personal information we have sold.
  • The categories of third parties to which we sold personal information, by categories of personal information sold for each third party.

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your personal information that we have collected in the period that is twelve (12) months prior to the request date.

Data Deletion Rights. Except to the extent we have a basis for retention under CCPA, you may request that we delete your personal information that we have collected directly from you and are maintaining. Note also that we are not required to delete your personal information that we did not collect directly from you.

Exercising Your Rights. To make a request for access, portability, or deletion according to your rights under CCPA, you may contact us. California consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Any request you submit to us is subject to an identification and residency verification process ("Verifiable Consumer Request”). The Verifiable Consumer Request must:

• Provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative. You agree that in order to accommodate certain requests by you, we may require you to verify your ownership of an account by responding to a text message sent to the phone number on the account and/or by requesting reasonable documentation to show your ownership of the number and account.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Some personal information we maintain about consumers is not sufficiently associated with enough personal information about the consumer for us to be able to verify that it is a particular consumer's personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.

Sale of Personal Information. We do not knowingly "sell" personal information that we collect from you, in accordance with the definition of "sell" in the CCPA, and will treat personal information we collect from you as subject to a do not sell request.

Shine the Light Law. California's "Shine the Light" law, Civil Code § 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses' practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. We do not currently engage in the type of sharing covered by this law and as a result, no such list exists. We do not make any representations concerning third parties that do not collect personal information directly through our services.

Miscellaneous. We will make commercially reasonable efforts to identify consumer personal information that we collect, process, store, disclose, and otherwise use and to respond to your CCPA rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request if your request is excessive, repetitive, unfounded, or overly burdensome. Also, we will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of goods or services, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, and retention and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. We may add or change incentive programs and/or their terms by posting a notice on the program descriptions and terms linked to above so check them regularly.

13. UPDATES TO THE PRIVACY POLICY

We may update this Privacy Policy from time to time. If we modify our Privacy Policy, we will post the revised version here, with an updated revision date. If we make material changes to our Privacy Policy, we may also notify you by other means, such as by posting a notice on our website or mobile application or sending you a notification. By continuing to use our services after such revisions are in effect, you accept and agree to the revisions and to abide by them.

We encourage you to periodically review this Privacy Policy to learn how Confide is protecting your information.

14. COMMUNICATION PREFERENCES

Confide uses email as a primary communications channel to keep our customers, prospective customers and other stakeholders informed of our products and services. If you choose to unsubscribe from emails, you will immediately be placed on a “do not email” list.

15. CONTACT US

Should you have any questions or comments related to Confide, please email:

• [email protected]

You may also contact us by postal mail:

Confide, Inc.
555 W 18th Street
New York, NY 10011
Attention: Legal Department

If you have any questions relating to privacy or if you wish to exercise a legal right under applicable privacy law, please contact us here (for EEA residents) or here (for California residents). In addition, California residents may reach us by mail at the address detailed above.

All other queries should be emailed to: [email protected].