Cryptlex provides a software licensing service through a Software as a Service (SaaS) model. This privacy policy explains how Cryptlex processes and protects information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through the use of all the products and services offered by Cryptlex.

For the purposes of this policy, Cryptlex defines the term “User” as an entity who registers for our services through our website or an individual whose data you (our customer) collect and store using our services and the term “Visitor” as an individual that visits our website (e.g. https://cryptlex.com).

1. Collection and use

The following sections cover the specifics of website visitors and users from which data is collected.

1.1 Website visitors

By visiting this website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible.

Cryptlex may collect, record, and analyze information of Visitors to its website. We may record your IP address and use cookies. Cryptlex may add information collected by way of pageview activity. Furthermore, Cryptlex may collect and process any Personal Data that you volunteer to us in our website’s forms, such as when you sign up for information and newsletters.

Such Personal Data may comprise your IP address, first and last name, company name, and email address.

Cryptlex gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on, or where Visitors have come.

1.1.1 Purpose of processing personal data

Cryptlex uses the collected data to communicate with Visitors, to customize content for Visitors, and to improve its website by analyzing how Visitors navigate its website.

1.1.2 Sharing personal data

We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above. We may use third-party service providers to help us operate our business and administer activities on our behalfs, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes.

1.1.3 Cookies

Cookies are small pieces of information sent by a website to a Visitor’s hard disk. Cookies cannot be used to run programs or deliver viruses to your computer. By continuing to visit the website, you agree to the placement of cookies on your device. If you choose not to accept our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. We may also place cookies from third parties for functional and marketing purposes.

1.1.4 Links to other sites

Please be aware that while visiting our site, Visitors can follow links to other sites that are beyond our sphere of influence. Cryptlex is not responsible for the content or privacy policy of these other sites.

1.2 Users

In order to provide services to its Users (our customers and your customers), Cryptlex collects certain types of data from them. This section will describe how these two types of data are collected and used by Cryptlex. Data entered or transferred into Cryptlex by Users remains the property of the User and may not be shared with a third party by Cryptlex without express consent from the User.

1.2.1 Collection of User data from our customers

Information in this category includes the information you provide when registering to use our services and further usage of our services. This data is primarily stored within Cryptlex and a part of it may also be stored in third-party services.

1.2.1.1 Personal information stored within Cryptlex

• First name, last name, email, company name

• Stripe customer and subscription unique identifiers

• Paddle customer unique identifiers

• IP addresses for rate-limiting (stored temporarily)

1.2.1.2 Personal information stored in third-party services

• First name, last name, email, company name (through Stripe, Paddle, Hubspot, PostHog and Intercom)

• Links to social media profiles (through Hubspot)

• Credit card information (securely stored within Stripe and Paddle)

• Geographic location (through PostHog)

• Name, email, and IP addresses in crash reports (through Bugsnag retained for seven days)

1.2.2 Collection of User data from your customers

Information in this category includes the information you store when adding license users, information collected at the time of license activation to identify the user device required for node-locked licensing, and additional metadata stored along with user or license activation data which may or may not contain personally identifiable information.

This data is only stored within Cryptlex and is entirely owned by you. This data is never shared with any third-parties outside of our logging, crash reporting, and other infrastructure-related services.

1.2.2.1 Personal information stored within Cryptlex

• First name, last name, email

• User metadata (may or may not contain personal data)

• Geo-location data

• License activation metadata (may or may not contain personal data)

• Following device details associated with license activation:

  • Hostname of the device

  • Username of the device (hashed using SHA256)

  • Operating system of the device

  • Virtual machine being run on the device

  • Fingerprint of the device generated using various hardware components (hashed using SHA256)

  • IP address of the device

1.2.2.2 Personal information stored in third-party services

• Name, email, and IP addresses in crash reports (through Bugsnag retained for seven days)

1.2.3 GDPR

The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. We will apply the GDPR to all the users whose personal data is either stored within Cryptlex or who use our services, whether inside or outside of the EU.

Cryptlex processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR.

1.2.3.1 Controller

In the GDPR “controller’ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union/Member State law.

For user data, as outlined in section 1.2.1, Cryptlex will be the data controller.

For user data, as outlined in section 1.2.2, you (our customer) will be the data controller.

1.2.3.2 Processor

The processor is the entity that processes personal data on behalf of the controller under the controller’s instructions.

We (Cryptlex) are a data processor.

1.2.3.3 Lawful basis of processing

If you are our User, we process your Personal Data based on your consent and based on the need to perform the obligations of our contract with you. We collect and use Personal Data for the purposes of providing the Services to our Users at their instruction, processing Personal Data on behalf of Users, improving the Services, and conducting related tasks for legitimate business purposes.

1.2.3.4 Data Protection Officer

Cryptlex has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This “Data Protection Officer” can be contacted through email at legal@cryptlex.com.

1.2.4 Standard Contractual Clauses

According to the General Data Protection Regulation (GDPR), contractual clauses ensuring appropriate data protection safeguards can be used as a ground for data transfers from the EU to third countries. Cryptlex relies on the European Commission-approved Standard Contractual Clauses (SCCs) as a legal mechanism for data transfers from the EU. SCCs are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of such data. Cryptlex adopted SCCs so that the necessary data flows can be protected when transferred outside the EU to countries that have not been deemed by the European Commission to adequately protect personal data, including protecting data transfers to the United States.

Please refer to this article on the European Commission website to learn more about SCCs.

2. Data security

Cryptlex is committed to ensuring that your privacy and the data you share with us is protected. We use the best industrial practices to secure and protect the important business data you store within Cryptlex.

All information is stored securely and is accessed by authorized personnel only. Cryptlex implements and maintains appropriate technical, security, and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft, or disclosure.

If you have questions or concerns, reach out to us at security@cryptlex.com.

3. Retention and deletion

Cryptlex will not retain data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations. When a user's account is terminated, all the related Personal Data stored within Cryptlex will be deleted, as required by applicable law. For the user data, collected by you (our customer), with an active account, you will have the responsibility to delete the data when required.

4. Acceptance of these conditions

We assume that all visitors of our website and users of Cryptlex’s services have carefully read this document and agree to its contents. If someone does not agree with this privacy policy, they should refrain from using our website and services. We reserve the right to change our privacy policy as necessity dictates. Continued use of the Cryptlex website and services after having been informed of any such changes to these conditions implies acceptance of the revised privacy policy. This privacy policy is an integral part of Cryptlex’s Terms of Service.

5. Disclosure of personal information

We will reveal a user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact, or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Cryptlex or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required.

6. Rights of access, rectification, and erasure

You may inquire as to whether Cryptlex is processing personal information about you, request access to personal information, and ask that we correct, amend or delete your personal information where it is inaccurate. Where otherwise permitted by applicable law, you may send an email to legal@cryptlex.com or use any of the methods set out in this Privacy Policy to request access to, receive (port), seek rectification, or request erasure of Personal Information held about you by Cryptlex. Please include your full name, the email address associated with your account, and a detailed description of your data request. Such requests will be processed in line with local laws.

Although Cryptlex makes good faith efforts to provide individuals with access to their Personal Information, there may be circumstances in which Cryptlex is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Cryptlex determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Cryptlex will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

7. Opt-Out (Right To Restrict Processing)

7.1 General

You have the right to opt-out of certain uses and disclosures of your personal information. Where you have consented to Cryptlex's processing of your personal information, you may withdraw that consent at any time and opt-out to further processing by contacting us at legal@cryptlex.com. Even if you opt-out, we may still collect and use non-personal information regarding your activities on our site.

7.2 Email communications

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Cryptlex and our services and you will not be able to opt-out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).

WE MAINTAIN “DO-NOT-MAIL” LISTS AS MANDATED BY LAW. WE PROCESS REQUESTS TO BE PLACED ON DO-NOT-MAIL AND DO-NOT-CONTACT LISTS WITHIN 60 DAYS AFTER RECEIPT, OR SUCH A SHORTER TIME AS MAY BE REQUIRED BY LAW.

8. Onward transfer - Cryptlex may disclose your information

8.1 Information we share

We may share your information as described in this Privacy Policy (e.g., with our Third-Party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.

• We use vendors and service providers. We may share any information we receive with vendors and service providers. The types of service providers to whom we entrust personal information include service providers for (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Site.

• Disclosures to protect us or others (e.g., as Required by law and similar disclosures). We may access, preserve, and disclose your Personal Information, other account information, and content, if we believe doing so is required or appropriate to (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Cryptlex policies or contracts; (v) to collect amounts owed to Cryptlex; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

  In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of unauthorized activities.

• Merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. In such an event, Cryptlex will endeavour to direct the transferee to use personal information in a manner that is consistent with the Privacy Policy in effect at the time such personal information was collected.

9. For further information

If you have any further questions regarding the data Cryptlex collects, or how we use it, then please feel free to contact us by email at legal@cryptlex.com

Last Updated: June 2nd, 2023