What is Lochbox's Privacy Policy?

Modified on Thu, 26 Jan, 2023 at 2:35 PM

Lochbox's Privacy Policy can be found in the application in the following location:



It says in its entirety:


"This document, our Privacy Policy, governs how Lochbox (“we”, “us”, “Lochbox”) handles our users’ (“you”, “your”, etc.) data both in the Lochbox app itself and on our cloud servers (collectively, the “Services”).


Your use of the Services indicates your consent to this Privacy Policy and our Terms of Service. If you do not want to be bound by these agreements, you may not use our Services.


We work very hard to preserve your privacy and security, and we do our best to be as transparent as possible in explaining how we use your data in providing our Services. Not only is Lochbox’s security architecture and encryption methodologies designed to ensure that only users can gain access to their message content, we promise to never monetize your communications or personal information. Ever.


We provide additional security for the communications of organizations by integrating with an encryption key management server(s) under the organization’s exclusive purview.  We espouse the Zero Trust Architecture; the key management server(s) keeps the encryption key out of our hands so you do not have to even trust us.


Please contact us if you have any questions at info@lochbox.app


Our Privacy Practices in Brief:

Lochbox has to collect some information from you in order to provide our Services to you, but we work to do so in a limited and secure way, as follows:


  •  We can’t see the text, audio, or video you transmit using the Service. Because of this we don’t know — and can’t reveal to others — anything about you or how you use the Lochbox App aside from the limited information such as the date your account was created, the date of last use and the type of device on which such account was installed.

  •  We do not track, log or store users’ unique device information, IP or geo-location data or similar metadata associated with your use of the Lochbox App.

  •  When you send or receive images using Lochbox, it is important to note that if you do not trust the person you’re talking to, do not open files coming from them or send them images you do not want to be saved.

  •  You control how long your messages are viewable on recipient devices. However, there is no magic pill for betrayal and we cannot prevent someone using a camera to take a picture of a message on a screen. Therefore, we strongly encourage you to only send private messages or sensitive information to people you know and trust.

  •  If you enabled message notifications for Lochbox, you will receive notifications about incoming messages on your device’s home screen which may contain the sender’s name as you set it in your Lochbox connections. Please note, if you don’t want other to see who is messaging you on Lochbox, you can disable notifications in your device settings in which case you will continue to receive messages, but notifications will not appear on your home screen.

  •  You own your data. We do not share or sell any data about our users. Period.



What Information Does Lochbox Collect and How Is It Used?

We are committed to limiting our collection of your information to what is necessary to provide you with our Services in accordance with applicable data protection and privacy laws.


The limited information we collect, receive, or have access to is in line with the legitimate interest we have in delivering the Services to you and this is to allow you to send and receive messages and images, to respond to your requests, and to improve the Service. It may also be shared under valid legal process and with third party service providers for the limited purposes described below.


What We Don’t Collect

Equally important to us is to share what information we don’t collect. We do not collect your location information or have access to the contents of the communications you send using the Lochbox App. Remember, however, that if you send a Lochbox message to another Lochbox user, that message or related content might remain on their device even after you delete it and whether the recipient took a screenshot of the message.



User-Provided Information

We collect some very limited information from you after you download the Lochbox App in order to allow you to create a Lochbox Account, and begin using the Lochbox App.

  •  Your Lochbox ID: Your Lochbox ID is how you allow others to contact you via Lochbox. It does not have to be your real name or provide any reference to your identity.

  •  Your Password: We require you to have a password to use the Lochbox App, but we never store your password on our servers and don’t store it by default in any form on your device. For your own security, we require that you use a long, unique password consisting of a mix of upper- and lower-case letters, numbers, and symbols.



Optional User-Provided Information

Within the Lochbox App, we provide a few optional features for your convenience. Some of these features, described below, will ask for personal information. If you want to keep your use of Lochbox as anonymous as possible, please read these sections carefully in order to understand how we associate information you provide with your Lochbox account.


 •  Push Notifications: When setting up your Lochbox account, we will ask if you want to receive notifications of new Lochbox messages, software updates, and other administrative and technological developments. Push notifications are functions of device’s operating system, so if you enable this feature, your devices operating system’s manufacturer will know that you are using the Lochbox App, but will not know anything about how you use it or be able to see anything you transmit through it.

  •  Phone Number or Email Address: To facilitate password reset and the building of your closed network, we require that you verify that you have control of your submitted email or SMS phone address.  This can be used, if needed, to reset your account’s password as well as associating an invitation to join a closed network with another user that already knows your contact email or SMS address. We use a third-party service to deliver a confirmation SMS to you, but that service will not receive any information about you other than your phone number, and the SMS message itself will contain no information except a confirmation link.

  •  Invitations: If you wish to invite others to use the Lochbox App, you can optionally browse your device’s contacts.  If you choose to browse, you will be asked for permission to access your device’s connections in order to invite them to use our Services. We never store your device contacts on our servers in any way.

  •  Avatar: If you set a public profile avatar, it will become visible to others on Lochbox, so please do not add an avatar if you do not intend it to be viewed by other users.



Automatically Collected Information

Lochbox collects two types of information automatically during your setup and use of the Lochbox App: Device Information, Aggregate Usage Data, and Crash Logs.


  •  Device Information: The Lochbox App collects your device’s platform-related information during usage and registration. This information is used to ensure the Lochbox App maintains operational compatibility with the vast majority of our user’s platforms and environments.

  •  Aggregate Usage Data: During the operation of our services, we also collect aggregate, anonymous information about basic usage statistics, such as the number of messages sent by Lochbox users daily, what types of messages our users tend to send (e.g., voice messages more often than text), and other key performance indicators. No content or other meta data is collected.

  •  Crash Logs: For the purpose of debugging, error correction, and system continuity, Lochbox Apps transmit crash logs to a cloud-based bug reporting platform. The logs do not contain any user personal information and they pertain only to the Lochbox App.



What Information Does Lochbox Share with Third Parties?

We do not share any user information we have with third parties, with the exception of the third-party service with whom we share your phone number for the sole purpose of sending you an SMS confirmation if you choose to associate your phone number with your Lochbox ID.



Law Enforcement:

We will always notify our users of any third-party requests for their information unless we are legally prohibited from doing so. As soon as legally permissible, we will notify our users of requests for their information. We require a warrant before handing over the contents of communications; however, because of the nature of our technology, the contents of communications will be encrypted and undecipherable if obtained.



Data Retention

Data Retention on Lochboxʼs Servers: Our servers store the encrypted messages that you send and receive to ensure their reliable delivery to each device associated with your account and the accounts to which you transmit messages. We retain certain account data (i.e., types of messages sent and account settings changes).


Data Retention on an Organization's Servers: For increased security we offer an encryption key management server(s) that is out of our purview.  For all messages and content related to the closed network of the organization sent to and from your devices, and the devices of the other recipients, the devices must securely interact with the organization’s key management server(s) to obtain the content decryption key.  The messages are only temporarily decrypted locally on your and the recipient’s devices after securely receiving the decryption key.



We Are Serious About Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees who need to know that information in order to operate, develop, or improve our Services. No sensitive information is in the clear: we take reasonable efforts (as described herein) to ensure that everything we store is not retrievable by us or anyone else.


However, as security experts, we know that no security system can prevent all potential security breaches. Therefore, we have limited the potential implications of such a breach by designing our system so that in the event of a breach, we would have the least possible information about you.



Children

Lochbox is not directed to children under the age of 13, without the parental supervision of a Family organization and administrator.  If we learn that we have allowed a child under 13 to access our Services unsupervised, we will take appropriate steps to promptly remove such an account and delete all associated information.


If you live in any other country except those in the European Region, you must be at least 13 years old to register for the Services. If you live in the European Region, you must be at least 16 years old to register for and use our Services.



Third Parties

To deliver a confirmation SMS to our users we use Amazon Simple Notification Service.  Their privacy policy can be found at https://aws.amazon.com/privacy/.



Users Outside the US

If you use our Services, your information will be transferred to the U.S. and will be processed and stored under U.S. data protection and privacy regulations which may differ from those your country of residence. By using our Services and providing information to us, you consent to such transfer to and processing in the U.S. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. Please note that all user communications on the Lochbox Service are protected between devices and are never stored unencrypted hence are undecipherable to Lochbox or other third parties.


You are responsible for complying with any laws or regulations in your country that govern use of applications and services like Lochbox.



Contact Us if You Have Questions or Account-Related Requests

This Privacy Policy is subject to change. You are advised to consult this Privacy Policy regularly for any changes. By continuing to use the Services, you agree to be bound by the revised Privacy Policy.


If you have any questions regarding privacy while using our Services, or have questions about our practices, please contact us via email at info@lochbox.app.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article