Privacy & Terms

Privacy Policy

Last Revised: February 7, 2014 (view archived versions)

Summary

What We Do

  • You choose what data to store and manage in your vault, and it belongs to you. That’s why Personal users are called “Owners”.
  • We build privacy into our product, technology and business practices, and Personal has been officially recognized as an ambassador for Privacy by Design.
  • We only collect basic, non-personal or technical information, such as browser type, from visitors. In addition, if you register, we’ll use cookies to support your logged-in experience
  • Your sensitive information is encrypted in a way that prevents even us from accessing it.
  • We use a limited number of trusted service providers to perform work on our behalf. They are permitted to use data only for those services or at an aggregate level.
  • We enable you to export and delete your data at any time.

What We Don’t Do

  • We don’t sell your data. Period.
  • We won’t share the data in your vault without your explicit permission, except in very limited circumstances, such as to comply with our legal obligations, resolve disputes, and enforce our agreements.
  • We won’t use your vault data to market things to you from our partners unless you choose to allow it.
  • Other than our trusted service providers, we don’t allow others to track you or put third party cookies on your computer while you’re at Personal without your permission.
  • Although we know how you got to Personal, we don’t track you across the Internet.

Your Privacy and Security Are Central to Personal

Welcome to Personal! This Privacy Policy describes how Personal, Inc. (“Personal”, “us” or “we”) collects, uses and discloses information through our website (www.personal.com), native mobile applications, products and services, and co-branded services with our partners (the “Personal Service,” which includes your “Data Vault”).

We also encourage you to review the Owner Data Agreement, which is the contract between you and Personal that makes you the legal owner of the data, notes and files you store and manage in Personal (collectively, your “Data”). Together, our Privacy Policy and Owner Data Agreement govern the handling of all personal information from those who visit, register for and use the Personal Service. By becoming a registered user (“Owner”) at Personal, you must also accept the Owner Data Agreement.

Personal has been awarded TRUSTe’s Privacy Seal signifying that this Privacy Policy and our practices have been reviewed by TRUSTe for compliance with TRUSTe’s Program Requirements and the TRUSTed Cloud Program Requirements, including for transparency, accountability and choice regarding the collection and use of your personal information. As an independent third party, TRUSTe’s mission is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints about our privacy policy or practices, please contact us at privacy [at] personal [dot] com. If you are not satisfied with our response, you can contact TRUSTe here.

The TRUSTe program review covers our collection, use and disclosure of information we collect through our website, www.personal.com, our mobile applications, platform, and the Personal Service and does not cover any information that may be collected through downloadable software you may encounter through the use of the Personal Service. The use of information collected through the Personal Service shall be limited to the purpose of providing the requested service to Owners.

The Privacy Policy includes the main text on this page, including the FAQs below. The summary above is for your convenience only and has no effect. Please read the entire Privacy Policy, as well as the Terms of Use into which this Privacy Policy is incorporated. In the event of any conflict between the provisions of the Terms of Use and the Privacy Policy, the terms and conditions of the Privacy Policy will prevail. If you don’t agree with the Privacy Policy, Terms of Use or the Owner Data Agreement, please don’t use Personal.

As the Personal Service grows, we will evaluate our own policies and practices and occasionally implement improvements and refinements. If a change to the Privacy Policy, in our sole discretion, is material, we will notify you (for example, by email to the email address in your account) prior to the changes becoming effective. Other changes may be noted here, at "Privacy & Terms," or on our blog. We will post the new Privacy Policy and indicate the date it was last revised. By using the Personal Service 30 days after any changes, you agree to be bound by those changes and the new Privacy Policy. If you object to the new Privacy Policy, please stop using the Personal Service. Before doing so, you may wish to export and delete your Data.

FAQs

1. What is “personal information” and “non-personal information”?

“Personal information” uniquely identifies a visitor or Owner or otherwise contains personally identifiable information provided by or obtained from visitors or Owners. “Non-personal information” does not, by itself, identify a visitor or Owner as a specific individual. Rather, non-personal information provides technical data, such as an IP address and browser information that may provide information about your computer or your interaction with Personal.

2. What information does Personal collect from visitors?

Personal only collects non-personal information from visitors, including how you got to Personal, so visitors can remain generally anonymous to Personal.

3. What information does Personal collect from Owners?

To register, you must provide a username and email address. You use your username to log in. We may also collect certain non-personal information, such as an IP address or whether an Owner registers through the web or our native mobile app.

We may use this information to: deliver, administer and improve the Personal Service; provide customer service; improve and personalize your experience; better understand your needs and interests; fulfill requests you make; deliver special announcements and updates about the Personal Service; and contact you about any of the above as well as any changes to or notifications regarding your account. You may choose to stop receiving our newsletter or marketing emails by following the included “unsubscribe” instructions or you can contact us at privacy [at] personal [dot] com. You can also manage receipt of these emails and those regarding Data sharing and imports within your account on mobile (see “Settings”) or web (see “Account”).

4. Does Personal collect geo-location data?

We collect country-specific information derived from your IP address. We only use this information at an aggregate, generalized level. Other than that, we don’t ask you for, access or track any location-based information from your mobile device at any time while using the Personal Service or native mobile apps without your express permission.

5. How does Personal collect information from visitors or Owners?

Personal may collect non-personal information during your visit to the website or mobile site through our automatic data collection tools, which may include the use of “cookies” and other commonly used technologies.

6. What is a cookie?

A cookie is a small piece of data stored by a user’s browser. At Personal, cookies can contain preferences or session information to identify you for access purposes as you navigate the website or mobile site. We may use cookies, for example, to keep track of your profile information. Cookies are also used to collect general usage and volume statistical information that does not include personal information.

Our partners and trusted service providers use cookies to make it easier for you to navigate their site and help us improve our service. The use of cookies by our partners and service providers is not covered by our Privacy Policy; we don’t have access to or control over these cookies.

Our web pages contain electronic images known as web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.

We or our service providers may use local shared objects, also known as Flash cookies, on public areas of the site, such as the blog, to store your preferences, display content based upon what you view on our site to personalize your visit, or collect and store usage information (not your Data from your Data Vault) to help us improve the Personal Service. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here.

7. How do you respond to “do not track” signals?

While we may use cookies to facilitate your experience at Personal, we don’t collect personally identifiable information about your online activities over time and across third-party websites or online services. Consequently, we don’t alter our data practices in response to a “do not track” signal emitted from your browser.

8. Does Personal create user profiles of everyone who visits the website?

No. Personal uses cookies to facilitate functionality and preserve Owner preferences. When you visit the website or mobile site, Personal may place a cookie in order to improve your experience by recognizing you when you visit. But Personal does not use cookies to create profiles of visitors or Owners. Personal also does not use cookies or other information-gathering tools to automatically collect personal information from visitors. We only receive personal information when you choose to provide it. At an aggregate level within the service, we know the types of data fields being used across Personal, and we may suggest parts of Personal to you based on what you’ve already chosen to use.

9. What other parties can see me on Personal?

Personal uses a select number of service providers to help facilitate the Personal Service. For example, we use Twitter, Facebook and Gravatar to provide additional functionalities on our blog—such as the ability to include photos of those who post on our blog, count the number of visitors on our blog posts, and allow you to share blog posts on Facebook and Twitter. Social media features and widgets are either hosted by a third party or directly on our website. They may collect your IP address, and may use cookies or other technologies to facilitate these features on our blog, and, of course, if you choose to share on Facebook or Twitter, your activity is governed by their privacy policies, not ours.

10. Is there an age restriction for joining Personal?

Yes. No one under 13 is allowed to register for the Personal Service. If we become aware that a person under 13 has registered, we will delete the account in accordance with the law.

11. Are there any territorial restrictions for using Personal?

Personal is globally available, but your use is subject to U.S. law. All visitors and Owners, including without limitation individuals in the European Union, acknowledge and hereby unambiguously consent to the collection and processing of such information in and transfer of it to the United States. You may not use the Personal Service if you do not agree to such transfer to, collection, and processing of your personal information in the United States.

12. Are customer testimonials personally identifiable?

If we post such testimonials, we will obtain your consent beforehand. If you change your mind later, you can contact us at privacy [at] personal [dot] com to request removal.

13. Can I invite others to join the Personal Service?

Yes. We’ll ask you for the person’s email address for the sole purpose of sending an invitation.

14. Who owns and controls the Data in my Data Vault?

You do, just as our Owner Data Agreement says. Personal doesn’t collect or use your Data for any purpose other than to enable you to store, manage and choose how to use it through the Personal Service. And, you can always update your account information or permanently delete your account through your account setting options.

15. Who controls third party access to my Data?

You do. We will never sell your Data, and we will only grant access to it with your explicit request. And we won’t otherwise grant any third party access to it except in limited circumstances, such as to comply with our legal obligations, resolve disputes, and enforce our agreements.

16. Could any third party service provider have access to my Data?

We may employ independent companies or other third parties and individuals to help us provide, facilitate or improve the Personal Service (such as customer service support). Service providers will never have access to Data from your Data Vault unless you voluntarily share it. They are permitted to use other information, such as your email address or usage information only for the purpose of performing services on our behalf or at an aggregate level. Transfers to subsequent third parties are covered by the provisions in this Privacy Policy regarding notice and choice and the service agreements with our Owners.

17. What data do you disclose to your partners?

You may receive access to the Personal Service through a partner, such as a company or an organization. In some cases, you will already be a customer or member of that partner. In others, using Personal will help you register for that partner’s site.

While you (and never Personal) will always be able to choose whether to share Data from your Data Vault with a partner, please be aware that you may have a separate data relationship with the partner by virtue of being an existing customer or member of that organization. This could mean, for example, that the partner may already have information about you in their database or Data you share may be added to their systems. With respect to that information, you will be subject to the partner’s own data and privacy policies, and the partner may retain a copy of your Data in their database even if you choose to stop the partner’s ongoing access to it in your Data Vault.

In addition, we may share with partners aggregate level data about general usage of the Personal Service, including for co-branded products and services, such as registrations, logins, sharing, amount and general categories of Data created or imported, form-filling (such as numbers and categories of forms submitted and abandoned and commonly used data fields across categories), and other activities on our platform, as well as performance of joint marketing campaigns.

18. What APIs does Personal provide or use?

Personal provides APIs that allow third parties to request your Data from you. To ensure delivery only to parties with whom you’ve chosen to share it, Personal maintains permissions for your Data in the platform. Personal also uses third-party APIs to help you import your information from other sites into your Data Vault. This action is always initiated by you. At the point you initiate, you are authenticating against the third-party service so they know where you are and you know they’re exporting the Data you requested.

19. When might Personal have to disclose my information?

Other than sharing with our trusted service providers, we will only be in a position to disclose Data from your Data Vault in the following limited circumstances relating to abuse or misuse of the Personal Service or legal process. Even so, because we can’t access your sensitive Data (including any of your files), all of which is encrypted, we wouldn’t be able to share it under any circumstances.

(1) If Personal believes you’ve misused or abused the Personal Service or the Data of any Owner or visitor, or attempted to interfere with or harm the Personal Service, we will investigate and cooperate with appropriate law enforcement, including, if necessary or appropriate, by disclosing your name, registration information or IP address and any other relevant information, to protect our rights or property, or those of our visitors, Owners, partners, and others. We will cooperate fully with any legal process or criminal investigation into the misuse or abuse of the Personal Service.

(2) We may disclose as required by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of our visitors, Owners or others.

Where your personal information has been requested by any governmental entity or other third party pursuant to subpoena or similar legal process, we will notify you as quickly as practicable before providing any such information, unless we are legally prohibited from doing so or we believe in good faith that disclosure is or may be necessary to protect life, avoid serious physical injury or property loss or damage, or to prevent or investigate an ongoing crime.

Where we disclose Data from your Data Vault under the above circumstances, we would only be able to produce limited information. Your sensitive Data (including all files) are encrypted, and, because we don’t store your password, we could only produce encrypted (and thus unreadable) material. Your non-sensitive Data is not encrypted, and we would be able to produce it. In addition, we would be able to disclose certain usage information about your account, such as logins and sharing history.

If Personal is involved in a merger, acquisition, sale, reorganization or liquidation or other disposition of all or a substantial portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership and choices you can make about your personal information. You can always choose to export and delete your Data from the Personal Service.

20. How does Personal actually delete my data when I choose to delete my account?

Personal applies filters to our entire platform to ensure your Data is never recorded in our logs, including our crash logs. This means that, after you’ve decided to delete your Data, it will be eliminated following the first backup rotation.

21. How long does Personal keep my information?

Personal will retain your account information and Data on your behalf as long as needed to provide you with the Personal Service and comply as necessary with our legal obligations, resolve disputes, and enforce our agreements.

22. How does Personal secure my Data?

In addition to privacy, security is built into your Data Vault and our platform, and we’re constantly working to improve it. It starts with the fact that we don’t store your password to your Data Vault. Only you know it, which means only you can unlock it and your encrypted Data (specifically, your sensitive Data and all your files). For extra protection, your password is hashed using bcrypt with salting and stretching.

Your Data Vault contains fields of information that are designated as sensitive or nonsensitive. Sensitive fields are for what you’d expect (usernames and passwords, financial and health information, and much more), are largely based on U.S. guidelines, and are encrypted. Look for the lock or X’s to tell you what is and isn’t encrypted. While a very small number of specially designated Personal employees could technically access non-sensitive information, they only can do so in strict accordance with this Privacy Policy. All files you import or upload are encrypted.

Your sensitive Data and all your files are encrypted at rest using 256-bit AES encryption and RSA 2048 asymmetric key encryption - the same algorithms relied on by the U.S. military, the U.S. government, and banks.

We use Secure Socket Layer encryption using secure cookies with HTTPS to protect all your Data (whether sensitive or non-sensitive and all your files) in transit to our servers, meaning from browser to server, such as when you access your information or grant access to it to others. All pages and APIs involving the exchange of passwords or Data are safeguarded this way. We also enable forward secrecy in most browsers for additional protection. Please note that Personal can’t guarantee your ISP is not tracking your visits to Personal and other sites.

Your Data Vault is housed in a secure data center, which has 24/7 physical and biometric protections, firewalls, intrusion detection systems, and an array of other technological safeguards, and holds a number of certifications, including SSAE16 Type II SOC 1, SOC 2 and SOC 3 Reports, is Safe Harbor certified, and is PCI compliant.

Nevertheless, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we can’t guarantee absolute security. If we discover a security incident that compromises your sensitive personal information, we will let you know about it, in accordance with applicable law. Please notify us immediately of any suspected or unauthorized use of your password or account or any other such incident at support@personal.com.

23. What about the practices of other websites linked to the Personal Service?

Our Privacy Policy applies solely to information collected by and through the Personal Service. You may be able to link to third-party sites or you may choose to import or share your Data through auto form-filling or granting access to your Data Vault with linked third-party organizations. Please be aware that Personal doesn’t control and isn’t responsible for the privacy and security practices of other sites and apps, and we encourage you to become familiar with their data practices before choosing to share any Data with them.

24. What happens if I forget my password?

If you forget your password and need to reset it, your sensitive data will be deleted. This is done for your protection. Non-sensitive data that isn’t encrypted will be unaffected.

25. What about my privacy rights in California?

We support the principle behind the California “Shine the Light” law, CA Civil Code § 1798.83, which gives consumers the right to know about certain personal information shared with third parties. We will never do that without your express permission. Moreso, you always choose the Data, if any, you’d like to share, so our platform actually gives you more protection and control than the law requires.

26. Where can I send questions, comments or suggestions about Personal’s privacy practices?

We welcome your questions and feedback and will work to improve our practices based on useful input we receive. Please contact us at privacy [at] personal [dot] com or via mail at:

Personal, Inc.
Attn: Legal Department
1010 Wisconsin Ave., N.W.
Suite 150
Washington, DC 20007

PLEASE DO NOT SEND ANY SENSITIVE INFORMATION TO US VIA UNENCRYPTED EMAIL. Also, please note that we’ll need to verify and authenticate any emailed requests for access or changes to your personal or account information.



You will be logged off in seconds. Do you want to continue your session?