Privacy Policy

Owner and Data Controller

Types of Data Collected

The owner does not provide a list of Personal Data types collected. Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application. Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services.

In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy. Users are responsible for any third-party Personal Data obtained, published or shared through this Application.

Access to User Data on Third-Party Services

This application accesses users' email data from external providers (Google and/or Microsoft) with users' permissions requested for each provider. The users' email data is not tracked by this application or the owner.

Access to Google User Data

With your explicit permission, our email client accesses certain types of data from your Google account to provide our service. Specifically, we access your email data to enable the ScryptX Mail service.

This Application uses Google Analytics (GA4) for anonymous usage analytics to improve our services. Google Analytics collects anonymised data about how users interact with the Application. No personally identifiable information is shared with Google Analytics.

Mode and Place of Processing the Data

Methods of Processing

The Owner takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated.

In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own.

Retention Time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Cookie Usage

This Application uses Trackers, including cookies set by Google Analytics (GA4) for anonymous usage analytics. To learn more about all cookies and trackers used, Users may consult the Cookie Policy.

Legal Basis of Processing

The Owner may process Personal Data relating to Users if one of the following applies:

• Consent: Users have given their consent for one or more specific purposes.
• Contract performance: Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof.
• Legal obligation: Processing is necessary for compliance with a legal obligation to which the Owner is subject.
• Public interest: Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner.
• Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

Further Information About Retention Time

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner's legitimate interests shall be retained as long as needed to fulfill such purposes.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Once the retention period expires, Personal Data shall be deleted.

The Rights of Users Based on GDPR

Users may exercise certain rights regarding their Data processed by the Owner:

• Withdraw their consent at any time
• Object to processing of their Data
• Access their Data
• Verify and seek rectification
• Restrict the processing of their Data
• Have their Personal Data deleted or otherwise removed
• Receive their Data and have it transferred to another controller
• Lodge a complaint

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered within one month.

Further Information for Users in Switzerland

The rights of Users according to the Swiss Federal Act on Data Protection:

• Right of access
• Right to object
• Right to data portability
• Right to correction

Requests are answered free of charge as early as possible.

Further Information for Users in Brazil (LGPD)

Grounds for processing include: consent, legal obligation, contract performance, legitimate interests, credit protection, and others.

Brazilian Privacy Rights

• Confirmation of processing
• Access to data
• Rectification of inaccurate data
• Anonymization, blocking, or deletion
• Data portability
• Deletion upon consent withdrawal
• Right to lodge complaints with ANPD
• Right to oppose non-compliant processing
• Right to review automated decisions

Requests are processed within 15 days for full disclosure.

Further Information for Users in the United States

Applies to residents of: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon and Montana.

Privacy Rights Under US State Laws

• Right to access / right to know
• Right to correct inaccurate Personal Information
• Right to request deletion
• Right to obtain a copy (data portability)
• Right to opt out from Sale of Personal Information
• Right to non-discrimination

Additional Rights for California Residents

• Opt out of Sharing for cross-context behavioral advertising
• Limit use of Sensitive Personal Information

Additional Rights for Virginia, Colorado, Connecticut, Texas, Oregon and Montana Residents

• Opt out of Targeted Advertising or profiling
• Freely give, deny or withdraw consent for Sensitive Personal Information

Additional Rights for Utah Residents

• Opt out of Targeted Advertising
• Opt out of Sensitive Personal Information processing

We will respond within the timeframe required by applicable law.

Additional Information About Data Collection and Processing

Legal Action

User's Personal Data may be used for legal purposes by the Owner in Court or in stages leading to possible legal action.

System Logs and Maintenance

This Application may collect files that record interaction (System logs) or use other Personal Data (such as IP Address) for operation and maintenance purposes.

Changes to This Privacy Policy

The Owner reserves the right to make changes at any time by notifying Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top.

Last updated: May 2025

Questions? Contact us at admin@scryptx.io

See also: Terms of Service GDPR & Account Deletion Cookie Policy