We have updated our privacy policy

/ Imre Jonk

We have updated our privacy policy today. The two significant changes are the extension of the data retention period for backups from 60 to 90 days, and the reduction of the raw analytics retention period from 10 to 7 days.

The new backup retention period of 90 days is necessary to ensure that we can adequately protect our data, which is in our legitimate interest. We now believe that 60 days is on the short side if we want to protect ourselves from, for example, ransomware. We see 90 days as an acceptable trade-off between the risk of data loss and the privacy impact of the individuals whose data we process in these backups.

It should be noted that only the absolutely required personnel at CipherMail has access to these backups. They are only accessed as a last resort in case of a data loss event. We do not provide these backups to third parties. They are stored in encrypted form and are automatically removed after the above retention period.

This is the list of all changes:

If you have any comment on these changes, please let us know.