1. Information We Collect About You
We use various technologies to collect information from your computer or other internet access device related to your use of the Service.
Our website (https://sndr.com) captures e-mail addresses, mobile phone numbers, and other log-in information from visitors who opt-in by providing their email address, mobile phone numbers and/or log-in information. It also captures non-personally-identifiable information for purposes of analytics that assess visitor trends, such as numbers of users, pages visited, and country of origin of IP address.
Our encrypted invite system website (https://sndr.com/i/) captures user IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions. It also collects user and device information for, among other things, authentication and system integrity. In addition, we collect date/time information and recipient service links (e.g., user identifier associated with a particular type of application). For purposes of facilitating the transmission of user messages on the Service, sndr™ will rely on specific contact information that users provide (e.g., an e-mail address for a message recipient). sndr™ does not collect any other information from users’ contact lists or devices.
Our platform (https://a.sndr.com) collects additional information necessary to provide the sndr™ service. This information include IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions. It also includes user-specific device information such as the user’s public key for user-to-user cryptography, and, if the user opts in, may collect the email addresses, SMS addresses, and/or Twitter accounts associated with the user’s sndr™ account. read more.
2. How We Use Information We Collect About You
The information collected from our website will be used for standard, non-invasive, non-personally-identifiable visitor trend analytics, simply to help us measure how users interact with our website content.
With regard to the sndr™ app/SaaS, the Service’s end-to-end encryption prevents us from accessing user-specific content. read more.
3. Sharing Information Collected About You
Website opt-in e-mail capture is the only type of information that could be shared with third parties for internal marketing purposes. Platform service links will only be used (outside of the Service operation) to inform of service failures, emergencies, verification of account changes (such as new devices or password changes), or similar purposes. read more.
4. Third-Party Websites and Integrations
All third-party integrations (including, but not limited to, social media) are subject to privacy and security vulnerabilities. Content sent through such services (i.e., “out of band” from the sndr™ service) is frequently insecure. However, messages and content that are shared with users of those systems, but sent through sndr™, are protected using our technology stack. read more.
5. Choices You Have About Collection And Use Of Your Information
You can choose not to provide us with certain information, but that may result in you being unable to use certain features of the Service because such information may be required in order to validate your identity, utilize the Service, or to contact us for information. read more.
6. Protection of Personal Information
We take appropriate security measures to help safeguard your personal information from unauthorized access and disclosure. read more.
No Collection of Information from Children
The Service is intended for use by adults only. sndr™ does not solicit or knowingly collect any information from visitors under 18 years of age. Please do not use the Service if you are not yet 18.
7. Use of the Services While Traveling
8. No Rights of Third Parties
1. Information We Collect About You (continued)
Beyond network connection information (e.g., IP addresses), we also collect user information via human interface device (“HID”) input, API construction, and crash reports and metrics generated by, for example, Fabric.io, Google Play, and the Apple App Store.
sndr™ users create a sndr™ account with a Service Link, which is a link to an existing e-mail address, SMS number, or Twitter account. These Service Links will also have a public key, generated by the user’s device, that is transmitted to the sndr™ software-as-a-service (“SaaS”) platform. Once a user creates a sndr™ account, the user can then link additional email, SMS, or similar accounts to their sndr™ account.
All other information flowing from the user’s device is encrypted from end-to-end, with no way for sndr™ to decrypt. We store the ciphertext, hmac, signature, and the per-recipient encrypted key until either the sender deletes it or a rule specifying its auto-deletion is met. After the deletion occurs, the encrypted keys and ciphertext are purged immediately from our system and the additional data (attachments and any forwarded content) are scheduled for deletion, usually within a few seconds.
Messages, sent files, and stored files (i.e., attachments) are end-to-end encrypted before they leave the user’s device. The encrypted attachments are stored on a cloud storage cluster and the encrypted metadata is stored in the same fashion as the ciphertext.
From user-specific devices, we capture public keys for client to SaaS API-level authentication and device name. From users, we may collect, among other things: public keys for user-to-user cryptography; e-mail addresses associated with account (opt in); sms addresses associated with account (opt in); twitter account associated with account (opt in); and/or account password. No private keys are ever transmitted to or stored by sndr™.
As noted above, we capture user IP addresses to prevent misuse of our system and to enforce sender-specified message restrictions, and user and device information for, among other things, authentication and system integrity.
Should users wish to change the personal information they share with us, they may do so at any time via the sndr™ app or via mailing list management.
All third-party service providers are restricted to anonymized information. For example, the cloud storage provider may generate metrics regarding information they gather, such as upload and download information volumes, that we do not control or supplement with any additional sndr™-specific metadata.
We may also disclose your information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. Any information shared in such a case would be shared in the format in which sndr™ maintains it (e.g., end-to-end encrypted content, which would require an end user’s device to decrypt). However, only content is encrypted, whereas metadata, which might also need to be disclosed, is not. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion. We may also disclose your information when we believe it is appropriate in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of you, sndr™, our employees, or the public; to comply with applicable law or cooperate with law enforcement; or to enforce our terms and conditions or other agreements or policies. Likewise, we may disclose your information in connection with a substantial corporate transaction, such as a merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
All non-authentication or network communication use of our Service is opt-in. The system at launch begins as “anonymous”. As users add in service links, they must confirm that they want the service being added to their account by visiting a link e-mailed or texted to them (Twitter is an OAuth presentation).
When you contact us through the Service, your account will be set up to receive e-mail messages unless you indicate that you do not wish to receive e-mails. At any time, you can choose to stop receiving such e-mails by following the instructions found in the e-mails.
All facets of the Service are opt-in and users are free to annihilate any of their data stored by our system, except for access logs, which will be purged periodically.
We take appropriate security measures to help safeguard your personal information from unauthorized access and disclosure.
- The core of the product is end-to-end encrypted so user communication. Content is protected before it leaves the user’s device with a combination of user-asymmetric cryptography and per-object symmetric cryptography.
- Each user account is protected using a PBKDF2 scheme with, among other things, variable size, rounds, salt, and an algorithm.
- Additional metadata (IP addresses, access logs, etc.) are stored on encrypted file systems.
While user information is stored as long as it is left on the platform, there is an account annihilation feature that allows all user data to be purged upon request, with purge confirmation (i.e., an “out-of-band” message asking the user “are you sure you want to purge your data?”).
sndr™ protects the transport and lifecycle of the messages and content sent and received via the Service. If the end recipient is using the Service and is in compliance and within the parameters of the Service’s transport and lifecycle rules and restrictions, then they will see the messages and content. We cannot protect against a malicious or compromised recipient: if a sndr™ recipient is using modified software or hardware, takes pictures of your messages with an external camera, or takes similar actions, then the sndr™ communication may be compromised by the recipient’s actions.
We want you to feel confident using the Service; however, no system can guarantee absolute security. Therefore, it is important for you to protect against unauthorized access to your password and to your computer or other internet access device. In addition, it is recommended that you do not send personal health or other sensitive information to sndr™ or anyone else using unsecured means. Should you choose to supply confidential information in this manner, you do so at your own risk.
Although we take steps to secure your information, we do not guarantee the security of your information, and you should not expect that your personal information, searches, or other communications will always remain secure. Please refer to the Federal Trade Commission’s website at http://www.consumer.ftc.gov for information about how to protect yourself against identity theft.
How to Contact Us