The Services are operated by Trusted Accounts (the “Company”, “We”), domiciled at Hintere Achmühlerstraße 1b, 6850 Dornbirn, Vorarlberg, Austria. It is therefore governed by the laws and regulations of Austria. Additional information about the legal framework can be found in our transparency report.
We are also GDPR compliant.
Our overriding policy is to collect as little user information (personal data included) as possible to ensure a completely private user experience when using the Services. We do not have the technical means to access your data after the encryption.
Data collection is limited to the following:
2.1 Visiting our website: We do not use any analytics tools for our website or services to protect user privacy. IP addresses are not retained and stored for such analytics.
2.2 Account creation: It is necessary to provide personal information in order to create a verified Account, as well as to provide an external email address for password recovery purposes. We encrypt all your personal data directly after or during account verification. The legal basis for processing is consent and you are free to remove that data in your Account settings panel at any time.
In order to maintain the integrity of the Services, we must take measures to avoid creation of accounts by spammers. In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either hCaptcha (or reCAPTCHA in the event that hCaptcha is unavailable), email, and SMS. IP addresses, email addresses, and phone numbers provided are saved in order to send you a verification code, ensure user integrity and for anti-spam purposes. It is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us.
In addition to end-to-end encryption, all content is also cryptographically signed by the user, before sending it to us. This means that you can always check the signature of any content you get back from our servers, which protects you from forgery (e.g. by a malicious actor).
2.3 Communicating with Trusted Accounts: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services.
2.4 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our terms and conditions (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against nefarious activities.
All servers used in connection with the provision of the Services are wholly owned and operated by the Company or its subsidiaries. Only employees of the Company have physical or other access to the servers. Data is always stored in encrypted format on our servers. Offline backups, which may be stored periodically, are also encrypted. We cannot decrypt any user encrypted content on either the production servers or in the backups. Backups are kept for up to 30 days.
We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request. Under no circumstances can Trusted Accounts decrypt encrypted user data and disclose decrypted copies. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of the law. Trusted Accounts’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Aggregate statistics about data requests from the competent authorities can be found in our transparency report.
Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services.
If your Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
We reserve the right to periodically review and change this policy from time to time. Continued use of the Services will be deemed acceptance of such changes.