3.1 This Introduction section.

3.2 The “Your Files” section. This covers the actual encrypted files that you upload, access and share using our services.

3.3 The “Account Data” section. This covers the metadata that is collected and generated by our systems when you use our services, and the information that you provide to us when you register and communicate with us.

3.4 The “Website Usage Data” section. This covers the data that is collected and generated by our systems when anyone browses our website.

3.5 The “General Terms” section, which applies to all our services and all types of data.

5.1 When you upload a file, it is already encrypted at your device, so we do not know whether it is personal to you or someone else, relates to a business or some other organisation, or what it contains. We also generate and store encrypted previews of images, videos and certain other types of file.

5.2 All Your Files remain encrypted at all times while they are on our system. They are never received, stored or otherwise dealt with by us in unencrypted form because any decryption takes place only on your device or that of another user to whom you have provided the file/album/folder/collection keys or links that are created when you give them access.

5.3 We collect Your Files because that is necessary for us to provide our end-to-end encrypted cloud storage and collaboration services that you contract for when you agree to our ToS.

5.4 Although Your Files are not personal information within our system because you have encrypted them, you should know that we store Your Files and make them available from servers in secure facilities in Europe or in countries that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR, depending where you are based.

5.5 We keep Your Files while you are subscribed to our services but this is subject to our suspension and termination rights set out in our ToS. You should download Your Files prior to termination of services.

5.6 If you forget your password you will lose access to all Your Files.

5.7 When you delete one of Your Files it will be made inaccessible, marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS. After account termination, all Your Files will be marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS.

5.9 We may, but shall not be obliged to, keep Your Files after your account has been suspended or terminated. In particular, we may, but shall not be obliged to, keep Your Files where we consider it necessary for evidential purposes relating to a breach of our ToS or with respect to current or anticipated action by any competent enforcement authority or other third party. With respect to release of Your Files to competent enforcement authorities and third parties, see our Takedown Guidance Policy.

5.10 See also the General Terms section of this Policy which applies to all types of data, including Your Files.

6.1 When you sign up for particular services on our website you will need to give us the details required in our registration form and will need to keep that information up to date.

6.2 When you use our services, the following information is retained in their unencrypted form:

• Your email address to serve as a medium of communication and as an identifier for your account.
• Your name and avatar (both optional) for notifying other users when you invite/share files with them.
• Amount of storage consumed by your encrypted data (files and thumbnails).
• Deletion status of your files to remove deleted files from clients who might have already downloaded them.
• Owner, sharee relationships within folders/albums/collections to control access permissions.
• Payment invoices provided to us by our third-party Payment Processors for verifying the validity of your subscription plan.
• Details of referrers and people your have referred, together with the storage balance accrued, for the purposes of ente's referral programme.
• The email addresses you choose to share an album with.
• Your public key.
• IP address and port information used for API calls to ensure account security, to detect data centers closest to you, and to mitigate possible DDoS attacks.
• Browser type and operating system of the devices from which you have logged in to ente to ensure account security.
• Timestamps when our database rows were modified as a result of an API call from your account.
• Takedowns and account suspension history.
• Our communications with you.

6.3 From time to time we may need to communicate with each other directly. We will use the email address you have verified in your account. You can communicate with us using the appropriate address on our contacts page. Examples of direct communications include invoices, copyright or other enforcement emails, notifications under our Takedown Guidance Policy, system update information, data breach notifications, notification of major changes to our ToS or this Policy. Other examples include notifications to inform you about company, product or feature updates; that you can opt out from by clicking the "unsubscribe" button included in the footer of these emails.

6.4 Access to your account and files is by way of nominated email address and password. It is your responsibility to keep these safe and secure as ente stores the email address but does not store the password. If you forget your password you will lose access to all your data.

6.5 We will collect, store, use and otherwise process Account Data so that we can provide the services you have contracted to obtain from us under our ToS. We also have a legitimate interest in processing Account Data so that we can maintain and improve our systems and services and communicate with you as referenced in this Policy.

6.6 We retain Account Data as long as your account is active. After account suspension or termination we may, but shall not be obliged to, retain all Account Data if enforcement action is likely or commenced under our ToS or Takedown Guidance Policy or for 1 month, whichever is longer. Where there is no enforcement action likely or commenced and the 1 month period has expired, Account Data that identifies you will be anonymized, but where you are a contact of, have had a data shared with you by another ente user, those details will continue to be retained to allow services to continue for those other users. See also the General Terms of this Policy with regard to retention.

6.7 You can request to download your Account Data by reaching out to you [email protected] from your registered email address. You can also request correction of Account Data if it is considered incorrect, in accordance with the GDPR. The information will be provided or updated promptly, and at least within one month, without charge unless the request is manifestly unfounded or excessive. Corrections will be promptly considered and actioned if appropriate.

6.8 If we have disclosed the Account Data to any third party (such as a compliance authority), we will inform them of any correction where possible and will also inform the individuals about the third parties to whom the data has been disclosed where lawful and appropriate.

6.9 See also the General Terms section of this Policy which applies to all types of data, including Account Data.

7.1 We use a privacy focussed third-party analytics service to monitor the metrics of our website. You can read their privacy policy here: https://simpleanalytics.com/privacy

7.2 See also the General Terms section of this Policy which applies to all types of data, including Website Usage Data.

15.1. Payment Processors

We use third-party services to process your payments. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council that help ensure the secure handling of payment information.

The Privacy Policies of the payment processors we work with can be accessed below:

• Apple: https://www.apple.com/legal/privacy
• Google: https://policies.google.com/privacy
• Stripe: https://stripe.com/privacy

15.2. Feedback Collection

We use FeatureMonkey to collect feedback from users and to decide what features we should be working on. The data that is pushed to them is obfuscated and does not include a customer's personal information (like name or email). You can find their privacy policy here: https://www.featuremonkey.com/privacy.

15.3. Website Analytics

We use a privacy focused third-party analytics service to monitor the metrics of our website. You can read their privacy policy here: https://simpleanalytics.com/privacy

15.4. Backend Analytics

We use Amplitude for analyzing API access patterns. The data that is pushed to them is obfuscated and does not include a customer's personal information. You can read their privacy policy here: https://amplitude.com/privacy.

15.5. Emails

We use Zoho for sending out emails like login tokens, billing reminders, product update notifications etc. You can read their privacy policy here: https://zoho.com/privacy.

15.6. Monitoring

We use Grafana Cloud for storing our server side logs, that are stripped off any personally identifiable information. You can read their privacy policy here: https://grafana.com/legal/terms/#privacy.