Blog

Privacy Policy

sndr™’s mission is to empower people to send information freely and securely. We (“sndr™,” “we,” “us,” or “our”) have developed this privacy policy (the “Privacy Policy”) to demonstrate our commitment to protecting your privacy and we encourage you to read it carefully.

The Privacy Policy is intended to describe for you, as an individual who is (1) a visitor, user or customer of a website or web presence owned or operated by sndr™, and/or (2) a user of the sndr™ secure platform and communications service (collectively, the “Service”), the information we collect, how that information may be used, with whom it may be shared, and your choices about such uses and disclosures.

By visiting the Site or using the Service, you are consenting to the practices described in this Privacy Policy.

1. Information We Collect About You

We use various technologies to collect information from your computer or other internet access device related to your use of the Service.

Our website (https://sndr.com) captures e-mail addresses, mobile phone numbers, and other log-in information from visitors who opt-in by providing their email address, mobile phone numbers and/or log-in information. It also captures non-personally-identifiable information for purposes of analytics that assess visitor trends, such as numbers of users, pages visited, and country of origin of IP address.

Our encrypted invite system website (https://sndr.com/i/) captures user IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions. It also collects user and device information for, among other things, authentication and system integrity. In addition, we collect date/time information and recipient service links (e.g., user identifier associated with a particular type of application). For purposes of facilitating the transmission of user messages on the Service, sndr™ will rely on specific contact information that users provide (e.g., an e-mail address for a message recipient). sndr™ does not collect any other information from users’ contact lists or devices.

Our platform (https://a.sndr.com) collects additional information necessary to provide the sndr™ service. This information include IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions. It also includes user-specific device information such as the user’s public key for user-to-user cryptography, and, if the user opts in, may collect the email addresses, SMS addresses, and/or Twitter accounts associated with the user’s sndr™ account. read more.

2. How We Use Information We Collect About You

The information collected from our website will be used for standard, non-invasive, non-personally-identifiable visitor trend analytics, simply to help us measure how users interact with our website content.

With regard to the sndr™ app/SaaS, the Service’s end-to-end encryption prevents us from accessing user-specific content. read more.

3. Sharing Information Collected About You

Website opt-in e-mail capture is the only type of information that could be shared with third parties for internal marketing purposes. Platform service links will only be used (outside of the Service operation) to inform of service failures, emergencies, verification of account changes (such as new devices or password changes), or similar purposes. read more.

4. Third-Party Websites and Integrations

All third-party integrations (including, but not limited to, social media) are subject to privacy and security vulnerabilities. Content sent through such services (i.e., “out of band” from the sndr™ service) is frequently insecure. However, messages and content that are shared with users of those systems, but sent through sndr™, are protected using our technology stack. read more.

5. Choices You Have About Collection And Use Of Your Information

You can choose not to provide us with certain information, but that may result in you being unable to use certain features of the Service because such information may be required in order to validate your identity, utilize the Service, or to contact us for information. read more.

6. Protection of Personal Information

We take appropriate security measures to help safeguard your personal information from unauthorized access and disclosure. read more.

No Collection of Information from Children

The Service is intended for use by adults only. sndr™ does not solicit or knowingly collect any information from visitors under 18 years of age. Please do not use the Service if you are not yet 18.

7. Use of the Services While Traveling

This Privacy Policy is intended to cover collection of information via the Service from residents of the United States. If you are using the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using the Service, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this privacy policy.

8. No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users.

9. Changes to This Privacy Policy

We will occasionally update this Privacy Policy to reflect changes in our practices and services. When we post changes to this Privacy Policy, we will revise the date at the top of this Privacy Policy. read more.

1. Information We Collect About You (continued) 

Beyond network connection information (e.g., IP addresses), we also collect user information via human interface device (“HID”) input, API construction, and crash reports and metrics generated by, for example, Fabric.io, Google Play, and the Apple App Store.

sndr™ users create a sndr™ account with a Service Link, which is a link to an existing e-mail address, SMS number, or Twitter account.  These Service Links will also have a public key, generated by the user’s device, that is transmitted to the sndr™ software-as-a-service (“SaaS”) platform.  Once a user creates a sndr™ account, the user can then link additional email, SMS, or similar accounts to their sndr™ account.

All other information flowing from the user’s device is encrypted from end-to-end, with no way for sndr™ to decrypt.  We store the ciphertext, hmac, signature, and the per-recipient encrypted key until either the sender deletes it or a rule specifying its auto-deletion is met.  After the deletion occurs, the encrypted keys and ciphertext are purged immediately from our system and the additional data (attachments and any forwarded content) are scheduled for deletion, usually within a few seconds.

Messages, sent files, and stored files (i.e., attachments) are end-to-end encrypted before they leave the user’s device.  The encrypted attachments are stored on a cloud storage cluster and the encrypted metadata is stored in the same fashion as the ciphertext.

From user-specific devices, we capture public keys for client to SaaS API-level authentication and device name.  From users, we may collect, among other things: public keys for user-to-user cryptography; e-mail addresses associated with account (opt in); sms addresses associated with account (opt in); twitter account associated with account (opt in); and/or account password. No private keys are ever transmitted to or stored by sndr™.


2. How We Use Information We Collect About You (continued) 

As noted above, we capture user IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions, and user and device information for, among other things, authentication and system integrity.

Should users wish to change the personal information they share with us, they may do so at any time via the sndr™ app or via mailing list management.


3. Sharing Information Collected About You (continued) 

All third-party service providers are restricted to anonymized information.  For example, the cloud storage provider may generate metrics regarding information they gather, such as upload and download information volumes, that we do not control or supplement with any additional sndr™-specific metadata.

sndr™ is deeply committed to protecting your personal information.  To the extent we disclose personal information to a third party, they may have their own privacy policies which describe how they use and disclose personal information.  Those policies will govern use, handling and disclosure of your personal information once we have shared it with those third parties as described in this Privacy Policy.

We may also disclose your information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law.  Any information shared in such a case would be shared in the format in which sndr™ maintains it (e.g., end-to-end encrypted content, which would require an end user’s device to decrypt).  However, only content is encrypted, whereas metadata, which might also need to be disclosed, is not.  In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.  We may also disclose your information when we believe it is appropriate in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of you, sndr™, our employees, or the public; to comply with applicable law or cooperate with law enforcement; or to enforce our terms and conditions or other agreements or policies.   Likewise, we may disclose your information in connection with a substantial corporate transaction, such as a merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.


4. Third-Party Websites and Integrations (continued) 

There may be places on the Service where you may click on a link to access other websites or services that do not operate under this Privacy Policy.  In addition, you may be logged into a third party website, such as a payment processing site or social media site, while using the Service.  These third-party websites may independently solicit and collect information, including personal information, from you and, in some instances, provide us with information about your activities on those websites.  We recommend that you consult the privacy statements of all third-party websites you visit by clicking on the “privacy” link typically located at the bottom of the webpage you are visiting.


5. Choices You Have About Collection And Use Of Your Information (continued) 

All non-authentication or network communication use of our Service is opt-in. The system at launch begins as “anonymous”.  As users add in service links, they must confirm that they want the service being added to their account by visiting a link e-mailed or texted to them (Twitter is an OAuth presentation).

When you contact us through the Service, your account will be set up to receive e-mail messages unless you indicate that you do not wish to receive e-mails.  At any time, you can choose to stop receiving such e-mails by following the instructions found in the e-mails.

All facets of the Service are opt-in and users are free to annihilate any of their data stored by our system, except for access logs, which will be purged periodically.


6. Protection of Personal Information (continued) 

We take appropriate security measures to help safeguard your personal information from unauthorized access and disclosure.

For example:

  • The core of the product is end-to-end encrypted so user communication.  Content is protected before it leaves the user’s device with a combination of user-asymmetric cryptography and per-object symmetric cryptography.
  • Each user account is protected using a PBKDF2 scheme with, among other things, variable size, rounds, salt, and an algorithm.
  • Additional metadata (IP addresses, access logs, etc.) are stored on encrypted file systems.

While user information is stored as long as it is left on the platform, there is an account annihilation feature that allows all user data to be purged upon request, with purge confirmation (i.e., an “out-of-band” message asking the user “are you sure you want to purge your data?”).

sndr™ protects the transport and lifecycle of the messages and content sent and received via the Service.  If the end recipient is using the Service and is in compliance  and within the parameters of the Service’s transport and lifecycle rules and restrictions, then they will see the messages and content. We cannot protect against a malicious or compromised recipient: if a sndr™ recipient is using modified software or hardware, takes pictures of your messages with an external camera, or takes similar actions, then the sndr™ communication may be compromised by the recipient’s actions.

We want you to feel confident using the Service; however, no system can guarantee absolute security. Therefore, it is important for you to protect against unauthorized access to your password and to your computer or other internet access device.  In addition, it is recommended that you do not send personal health or other sensitive information to sndr™ or anyone else using unsecured means. Should you choose to supply confidential information in this manner, you do so at your own risk.

Although we take steps to secure your information, we do not guarantee the security of your information, and you should not expect that your personal information, searches, or other communications will always remain secure.  Please refer to the Federal Trade Commission’s website at http://www.consumer.ftc.gov for information about how to protect yourself against identity theft.


9. Changes to This Privacy Policy (continued) 

If we make any material changes in the way we collect, use, and/or share your personal information, we will notify you by sending an e-mail to the e-mail address you most recently provided us in your account, profile, or registration (unless we do not have such an e-mail address), and/or by prominently posting notice of the changes on the Website.  We recommend that you check the Website from time to time to inform yourself of any changes in this Privacy Policy or any of our other policies.

How to Contact Us

If you have any questions about this Privacy Policy or our information-handling practices, or if you would like to request information about our disclosure of personal information to third parties, please contact us by e-mail at privacy@sndr.com or postal mail as follows: ATTN: Privacy Administrator, 1561 S Alafaya Trl, Suite 200, Orlando, FL 32828.