Privacy Policy

Last updated: 10/09/19

Version number: 2.0

Previous version (1.0)

Introduction

This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when you access, install or use the NordPass Services.

All definitions and capitalized words used in this Privacy Policy are defined in our Terms of Service.

By visiting the NordPass website, by submitting your personal data to NordPass, and by accessing, installing and/or using the NordPass Services, you confirm that you have read this Privacy Policy and you agree to be bound by this Privacy Policy. If you disagree with the rules of this Privacy Policy, please do not use our Services.

If you have any questions about this Privacy Policy or your privacy, please contact us by email at [email protected].

Processing of your data

NordPass processes user data to a limited scope – for provision of the Services, processing payments for the Services, as well as the functioning of the NordPass website and mobile applications. We process the following basic information:

Information for creating your account

  • Email address. We ask for your email address as part of your registration. It is necessary for establishing a NordPass account.
  • Payment data (if using paid Services). This information is necessary to collect payments from you when you use our paid Services. In addition to the conventional payment methods, such as credit card, users can buy NordPass Service with cryptocurrency. Our payment processing partners process basic billing information for payment processing and refund requests (such as date of purchase, card owner's name and surname, and credit card information).

Communication data

  • Email address. We use your email address to: i) send you important updates and announcements related to your use of our Services; ii) respond to your requests or inquiries; iii) send you offers, surveys and other marketing content (you can opt-out of those at any time).
  • Email optimization data. We use various tools to help us optimize our emailing campaigns. These tools may collect information about you, such as IP address, location, device information and track the actions such as unsubscribe or email forward.

Information collected on our website

  • Access logs. Our website, as in the case of most websites on the internet, collects access logs (such as IP address, browser type, operating system) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning and similar hacking attempts.
  • Cookies. Cookies, pixels and other similar technologies are usually small text or image files that are placed on your device when visiting our website. Some cookies are essential for our website to operate smoothly, others are used to improve website functionality or analyze aggregated usage statistics in order to improve website performance (as in the case of Google Analytics cookies). You can check what cookies we use in the detailed cookie table that is accessible here.
  • Social media platforms and widgets. Our website may include social media features, such as the Facebook Like button, to help you share our content more easily. These features may collect information about your IP address and which page you are visiting on our website, and they may set a cookie to make sure the feature functions properly.

Information collected on our applications.

  • Application diagnostics. This aggregated and anonymized data help us to identify problems related to our app performance and updates. The collected information includes crash error reports.
  • Anonymized app usage statistics. We collect statistical information about the activity of your account: the number of passwords and secure notes stored, the date when the item was created, how the password was created (e. g. imported, autosaved, created manually), the strength of your passwords in percentage (e. g. 85% of your passwords are very strong), the strength of your master password, the percentage of suggested passwords used, and the number of different folders you have. This analytical information provides knowledge of how our application is being used so we can improve the user experience and the app itself.
  • Device information. As in case of when you visit our website, we collect some device information on our application too. Such information is logged automatically and may include your IP address, browser type, operating system version and similar non-identifying information. We may use this information to monitor, develop and analyze the use of our Services.
  • Device identifiers. In some cases, we may record your device’s advertising ID for marketing or analytics purposes. Please note that advertising IDs can be reset at any time using your device's settings.

NordPass has no technical means to access your encrypted passwords or secure notes. They are securely protected by your master password that is known only to you.

Data disclosure

We do not share your personal information with third parties except as described in this privacy policy. We may share your personal information with (i) third party service providers; (ii) affiliated companies within our corporate structure; and (iii) as needed for legal purposes.

We have the following third-party service providers: an email automation service provider, website analytics service providers, providers for website customization, data storage providers and others that help us enhance our Services. Our service providers have access to personal information only as needed to perform their functions and they must process the personal information in accordance with this Privacy Policy.

We may use various third-party tools, such as Mailchimp, to store the mailing lists, send communications to you or confirm your signup to news subscriptions or waitlists. We select those tools very carefully, making sure they do not compromise your security and privacy. However, these tools may collect information about you, such as IP address, location, and device information, and track actions such as unsubscribe or email forward. This information is used to optimize our email campaigns.

Your personal information may be processed in any country in which we engage service providers. When you use our Services, you acknowledge the transfer of your personal information outside of the country where you reside.

Only basic payment information is processed through our payment service providers and payment processing partners authorized to provide services within respective country (e.g. Mollymind AG, having its registered address at Riedstrasse 7, 6330 Cham, Switzerland).

Our website includes links to other websites, whose privacy practices may be different from ours. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

You can access and edit your profile information by logging into your account. You can create, manage and delete your passwords and secure notes there as well.

If you’d like to delete your account or data, please contact us at [email protected].

If you wish to unsubscribe from our communication, you can opt out at any time by clicking the unsubscribe link at the bottom of each message.

You can control the use of cookies at the individual browser level. To disable cookies through your browser, follow the instructions usually located within the “Help,” “Tools” or “Edit” menus in your browser.

Some browsers have incorporated a “do-not-track” feature that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser “do-not-track” requests.

If you disagree with the processing of your data by NordPass, you are free not to use the Service. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement, or deleting all personal data based on your email address), or finalizing other NordPass’s legal relationship with you (e.g. accounting, invoicing, processing refunds).

If you wish to use the Services again, you will have to accept and agree to this Privacy Policy anew.

Data security

We take data security very seriously at NordPass and take all steps reasonably necessary to secure your data (whether technical, physical, or administrative). However, no company can guarantee the absolute security of internet communications. By using the Services, you expressly acknowledge that we cannot guarantee the security of any data provided to or received by us through the Services and that any information received from you through the website or our Services is provided at your own responsibility. If you have any questions about how we secure your information, contact us at [email protected].

Personal data of underage persons

Persons younger than 16 shall not use the NordPass Services and provide any personal data to us without the supervision of parents or guardians. NordPass does not knowingly collect personal information from persons younger than 16. Based on the above, it is presumed that any person using the Services and supplying personal data to us is at least 16 years of age. If a person younger than 16 or a person supplying wrongful data become known to NordPass, such person and all their data may be immediately and without any notice withdrawn by suspending their access to the Services.

Information for users in the European Economic Area (EEA)

The European Union's General Data Protection Regulation (“GDPR”) requires that we provide notice in a specific way to our European users about their privacy rights. Please find all the necessary information here.

Other Terms

The Privacy Policy is governed by and shall be construed in accordance with the laws provided in NordPass Terms of Service.

In order to ensure the security of personal data, NordPass employs various administrative, technical and physical security measures; however, it is your responsibility to exercise caution and reason when using the Services. You will be personally responsible if such action violates any third party’s privacy or any other rights, or any applicable law. Under no circumstances is NordPass liable for the consequences of your unlawful activities, your willful and negligent activities violating applicable laws or third-party rights, as well as any circumstances, which may not have been reasonably controlled or foreseen.

This Privacy Policy may be modified and updated at any time, at our sole discretion, for any or no reason, and without liability, as indicated below. The date of the most current wording of the Privacy Policy is indicated at the top of the text. We ask all users to ensure that they are familiar with the most current wording of the Privacy Policy. The amendment of the Privacy Policy may be communicated to you by sending an email and/or by publishing the updated Privacy Policy on the NordPass website. Updates of the Privacy Policy come into force as of the moment when they are published.

You may not assign or transfer your rights or obligations under this Privacy Policy to any third party.

You can check full list of cookies that are being used on NordPass website here.