Privacy Policy
Cryptlex (Cryptlex, LLC) provides a software licensing service through a Software as a Service (SaaS) model. This privacy policy explains how Cryptlex processes and protects information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through the use of all the products and services offered by Cryptlex.
For the purposes of this policy, Cryptlex defines the term “User” as an entity who registers for our services through our website or an individual whose data you (our customer) collect and store using our services and the term “Visitor” as an individual that visits our website (e.g. https://cryptlex.com).
The following sections cover the specifics of website visitors and users from which data is collected.
By visiting this website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible.
Cryptlex may collect, record, and analyze information of Visitors to its website. We may record your IP address and use cookies. Cryptlex may add information collected by way of pageview activity. Furthermore, Cryptlex may collect and process any Personal Data that you volunteer to us in our website’s forms, such as when you sign up for information and newsletters.
Such Personal Data may comprise your IP address, first and last name, company name, and email address.
Cryptlex gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on, or where Visitors have come.
Cryptlex uses the collected data to communicate with Visitors, to customize content for Visitors, and to improve its website by analyzing how Visitors navigate its website.
We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above. We may use third-party service providers to help us operate our business and administer activities on our behalfs, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes.
Cookies are small pieces of information sent by a website to a Visitor’s hard disk. Cookies cannot be used to run programs or deliver viruses to your computer. By continuing to visit the website, you agree to the placement of cookies on your device. If you choose not to accept our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. We may also place cookies from third parties for functional and marketing purposes.
Please be aware that while visiting our site, Visitors can follow links to other sites that are beyond our sphere of influence. Cryptlex is not responsible for the content or privacy policy of these other sites.
In order to provide services to its Users (our customers and your customers), Cryptlex collects certain types of data from them. This section will describe how these two types of data are collected and used by Cryptlex. Data entered or transferred into Cryptlex by Users remains the property of the User and may not be shared with a third party by Cryptlex without express consent from the User.
Information in this category includes the information you provide when registering to use our services and further usage of our services. This data is primarily stored within Cryptlex and a part of it may also be stored in third party services.
1.2.1.1 Personal information stored within Cryptlex
First name, last name, email, company name
Stripe customer and subscription unique identifiers
IP addresses for rate-limiting (stored temporarily)
1.2.1.2 Personal information stored in third-party services
Name and email (through Stripe, Hubspot, and Intercom)
Company name (through Stripe, Hubspot, and Intercom)
Links to social media profiles (through Hubspot)
Credit card information (securely stored within Stripe)
Website usage (through Google Analytics)
Geographic location (through Google Analytics)
Name, email, and IP addresses in crash reports (through Bugsnag retained for seven days)
Information in this category includes the information you store when adding license users, information collected at the time of license activation to identify the user device required for node-locked licensing, and additional metadata stored along with user or license activation data which may or may not contain personally identifiable information.
This data is only stored within Cryptlex and is entirely owned by you. This data is never shared with any third-parties outside of our logging, crash reporting, and other infrastructure-related services.
1.2.2.1 Personal information stored within Cryptlex
First name, last name, email
User metadata (may or may not contain personal data)
Geo-location data
License activation metadata (may or may not contain personal data)
Following device details associated with license activation:
Hostname of the device
Username of the device (hashed using SHA256)
Operating system of the device
Virtual machine being run on the device
Fingerprint of the device generated using various hardware components (hashed using SHA256)
IP address of the device
1.2.2.2 Personal information stored in third-party services
Name, email, and IP addresses in crash reports (through Bugsnag retained for seven days)
The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. We will apply the GDPR to all the users whose personal data is either stored within Cryptlex or who use our services, whether inside or outside of the EU.
Cryptlex processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR.
1.2.3.1 Controller
In the GDPR “controller’ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union/Member State law.
For user data, as outlined in section 1.2.1, Cryptlex will be the data controller.
For user data, as outlined in section 1.2.2, you (our customer) will be the data controller.
1.2.3.2 Processor
The processor is the entity which processes personal data on behalf of the controller under the controller’s instructions.
We (Cryptlex) are a data processor.
If you are our User, we process your Personal Data based on your consent and based on the need to perform the obligations of our contract with you. We collect and use Personal Data for the purposes of providing the Services to our Users at their instruction, processing Personal Data on behalf of Users, improving the Services, and conducting related tasks for legitimate business purposes.
1.2.3.4 Data Protection Officer
Cryptlex has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This “Data Protection Officer” can be contacted through email at legal@cryptlex.com.
Cryptlex complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States. Cryptlex has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Under the EU-US Privacy Shield Framework, we are responsible for the processing of information about you we receive from the EU and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Cryptlex commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Cryptlex at legal@cryptlex.com.
Cryptlex has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. The Federal Trade Commission has jurisdiction over Cryptlex’s compliance with the Privacy Shield.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information please refer to Annex I.
Cryptlex is committed to ensuring that your privacy and the data you share with us is protected. We use the best industrial practices to secure and protect the important business data you store within Cryptlex.
All information is stored securely and is accessed by authorized personnel only. Cryptlex implements and maintains appropriate technical, security, and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft, or disclosure.
If you have questions or concerns, reach out to us at security@cryptlex.com.
Cryptlex will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. When a user's account is terminated, all the related Personal Data stored within Cryptlex will be deleted, as required by applicable law. For the user data, collected by you (our customer), with an active account, you will have the responsibility to delete the data when required.
We assume that all visitors of our website and users of Cryptlex’s services have carefully read this document and agree to its contents. If someone does not agree with this privacy policy, they should refrain from using our website and services. We reserve the right to change our privacy policy as necessity dictates. Continued use of the Cryptlex website and services after having been informed of any such changes to these conditions implies acceptance of the revised privacy policy. This privacy policy is an integral part of Cryptlex’s Terms of Service.
We will reveal a user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact, or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Cryptlex or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required.
You may inquire as to whether Cryptlex is processing personal information about you, request access to personal information, and ask that we correct, amend or delete your personal information where it is inaccurate or if you believe that your personal information has been processed in violation of the Privacy Shield Principles. Where otherwise permitted by applicable law, you may send an email to legal@cryptlex.com or use any of the methods set out in this Privacy Policy to request access to, receive (port), seek rectification, or request erasure of Personal Information held about you by Cryptlex. Please include your full name, the email address associated with your account, and a detailed description of your data request. Such requests will be processed in line with local laws.
Although Cryptlex makes good faith efforts to provide individuals with access to their Personal Information, there may be circumstances in which Cryptlex is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Cryptlex determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Cryptlex will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
You have the right to opt-out of certain uses and disclosures of your personal information. Where you have consented to Cryptlex's processing of your personal information, you may withdraw that consent at any time and opt-out to further processing by contacting us at legal@cryptlex.com. Even if you opt-out, we may still collect and use non-personal information regarding your activities on our site.
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt-out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Cryptlex and our services and you will not be able to opt-out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).
WE MAINTAIN “DO-NOT-MAIL” LISTS AS MANDATED BY LAW. WE PROCESS REQUESTS TO BE PLACED ON DO-NOT-MAIL AND DO-NOT-CONTACT LISTS WITHIN 60 DAYS AFTER RECEIPT, OR SUCH SHORTER TIME AS MAY BE REQUIRED BY LAW.
We may share your information as described in this Privacy Policy (e.g., with our Third-Party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.
We use vendors and service providers. We may share any information we receive with vendors and service providers. The types of service providers to whom we entrust personal information include service providers for (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Site.
Privacy Shield. With respect to onward transfers to Agents under Privacy Shield, Privacy Shield requires that Cryptlex remain liable should its Agents process personal information in a manner inconsistent with the Privacy Shield Principles.
Disclosures to protect us or others (e.g., as Required by law and similar disclosures). We may access, preserve, and disclose your Personal Information, other account information, and content, if we believe doing so is required or appropriate to (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Cryptlex policies or contracts; (v) to collect amounts owed to Cryptlex; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
Merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. In such an event, Cryptlex will endeavor to direct the transferee to use personal information in a manner that is consistent with the Privacy Policy in effect at the time such personal information was collected.
If you have any further questions regarding the data Cryptlex collects, or how we use it, then please feel free to contact us by email at legal@cryptlex.com
Effective Date: January 23, 2020
