Download Securely Privacy Notice

Last Updated: November 17th, 2019

Your privacy is extremely important to us here at Download Securely. This privacy notice explains how your data will be used when you access and use our services on mobile and desktop devices. If you use this service as part as an organization or entity, the privacy of this notice may be different upon the agreement between both parties.

Changes to This Notice

We reserve the right to make changes to this policy. If any changes are made, you will be notified by us updating the last updated date above or in some cases via email. If there are any major material changes to this notice, you will be notified by email before they come into effect. We encourage our users to read carefully the contents of this notice. By doing so, you will know how to best protect your privacy.

If you do not consent to any of the changes made in the policy, you are required to notify use so that we may deactivate your account. Your use of our services constitute an agreement to this policy and how we use your information.

Information Collected

We may collect certain user informatin while you use our services (including personal or sensitive information). This information can be used in the following ways:

Information you provide to us. We collect any information provided to us in forms filled out during the use of our service.

• For example, any information used while signing up, logging in, creating file uploads, creating upload portals. This information is stored securely in our database and is used in order to efficiently authenticate yourself and confidential information being sent to other individuals.
• We collect email addresses, first and last names, ip addresses, company names, authentication timestamps and encrypted payment information sent to us by our payment processor Stripe.
• We do not sell or give out any information to third parties or other means. All information you provide for both yourself and your business is never given out.

Information we collect automatically when you use our services. The following information is collected:

• Log Information: We collect certain log information for audit purposes and for your security. Each time you login or your download/portal link has been authenticated successfully, we store a timestamp, the Internet Protocol ("IP") address that accessed it, the browser that was used, and the location.
• Usage Information: We collect the timestamp of your last and current login to protect you account's security. We also collect what pages you have visited, and how many times they were visited.
• Device Information: We collect what devices are used to access our platform. This could be a cellular device, desktop operating system, or the current browser being used.
• Cookies: We set cookies on your computer when you use our service in order to remember you for your next login if you have chosen so. We also use cookies to verify your account after each login and session, and to protect your account from malicious attacks.

Use of Information

We may use the information you provide for statistics and authentication purposes. Your information is never sold or given out. In the event required by law, we will use any information provided to comply with legal matters.

Your information is also used for the following purposes:

• To help maintain and keep secure our platform;
• To send you notifications via email and online messages;
• To understand how we can best improve our online content;
• Help investigate any fraudulent or unauthorized purchases or account access;
• Help us understand what our customers need in order to improve our UI/UX experiences;
• How to best personalize our services for you;
• For any other means in which case you will be notified.

Security

As mentioned previously, security is our number one concern when it comes to online file transfers. Please keep in mind that no service is completely secure which is why we are constantly applying the latest security standards. All payments are sent to Stripe via secure javascript requests which process your subscription purchases. Stripe's servers are PCI DSS compliant. We do not store any credit card information in our database. The only information we store are encrypted tokens that are provided to us as a response when your card is processed.

All information that is transmitted over our site is sent via SSL (Secure Socket Layer) connections, which are aliased by the appearance of HTTPS in the address bar before the domain name. All files that are uploaded through the upload portal or file upload portal, are sent over an encrypted connection and are also stored on Amazon Web Service's servers using the AES-256 encryption algorithm at rest.

Information such as download and upload file links are sent over email. Keep in mind that if a recipients email is mistakenly sent to an individual it was not intended to be, they will have access to your confidential files uploaded. In the event this happens, immediately delete the link created and create a new one with the correct information. If someone other than your intended recipient gets ahold of the download or upload link, it is possible they may be able to gain access to the files within.

All links generated by DownloadSecurely are signed by the website. This means that even if someone were able to guess the storage location of the file, they still could not access it if the link was not obtained directly from our webpage due to the encrypted and algorithmic verification. For the security of our users and their files, links are only valid for 1 minute after appearing on the page. If a download or upload link expires after 1 minute, simply refresh the page to receive a new one. Several invalid authenitcation requests while trying to access these files will result in a 30 minute access denied period to mitigate attacks on access links. However, all this security will not matter if you are using an unsecured connection, someone unintended receives or accesses the link you sent, or there are any viruses on the device being used that record keystrokes or monitor your traffic and links you access.

We require that users sign in with an email and password. It is up to the user to create a secure password that cannot be guessed easily. If someone is able to guess your password, we cannot be liable to what happens to any information within the account. We will never send you any type of notice that will ask you to expose your password or any login information unless warrented by you. Always close your browser and logout of your session when you finish using the service. It is recommended not to have your browser remember any login information.

We cannot always personally guarantee that any confidential or personal information stored within our servers qualify or meet certain necessities you have. Please reach out if there is any uncertainity regarding this aspect.

Contacting Us

Please reach out on our contact page if you have any questions. Our customer service department is open from 9AM - 5PM MST Monday - Friday.