You trust CryptoDrop™ to keep your systems free of Ransomware and your data safe. But you can also trust that we are dedicated to protecting your right to privacy. While we may collect and use some of your data in the process of protecting your systems, we do so only to the most minimal extent necessary to provide strong defenses and the best possible customer experience. This Privacy Policy gives you a better idea of how CryptoDrop™ (‘we’, ‘us’, ‘our’) do that, and it applies to both our website (www.cryptodrop.org) and our application.

How Do We Collect Data?

CryptoDrop™ interacts with its customers in many ways. During those exchanges, we may collect specific information in order to help us provide you with the best products and the highest level of service. Such information is collected in three ways: through our software, through direct communication and through browser cookies.

Our software collects information about the threats it observes, provides us with information critical to ensuring our software’s continued correct operation, and alerts us of your license status.

Direct interaction may come in the form of posts to our forums, email and chat messages and telephone calls.

Cookies are small text files saved in the browser that allow CryptoDrop™ to provide the best possible experience to our users. One of the most commonly used methods of customizing user experience, cookies enable us to determine how users move through our website, how often they return, and gather basic demographic information on our customers (e.g., geographic region). Accordingly, we rely on both persistent (i.e., long-lived) and session (i.e., short-lived) cookies, some of which may be provided by third parties. Cookies can easily be turned off in the browser, but they are essential to the core functionality of our website, without which, users may experience diminished features.

What Data Do We Collect?

We may collect a range of data, including Personally Identifiable Information (PII) and non-Personally Identifiable Information. PII is data provided directly by our customers, and includes contact information (e.g., full name, email address, phone number), unique identifiers (e.g., usernames), and, for corporate customers, information about your business (e.g., company name, size and sector).

We do not consider data posted to our public forums to be private, but such data will be retained.

Our applications may also collect additional information including license data, the email account used to register for a license (for the free and paid editions of our applications) and hardware ID being used by an installation. This data helps us to manage licenses.

Our applications never send us the contents of your personal files. However, in the event of a detection, our software may send us compact representations of the application, the full filesystem path name of the file upon which execution caused a detection to occur, the process ID of said application and your response to the detection. We may also potentially receive a copy of the malicious executable responsible for causing the trigger event. This is done to ensure the cutting edge of protection for all our customers and so that we can study emerging trends in ransomware.

CryptoDrop™ relies on a Third-party (i.e., PayPal) to perform credit card transactions. As such, we never have access to, nor store your credit card information. We do this because payment services spend significant resources to protect you against fraud and identity theft, and credit card information is best handled by parties with expertise in that area. However, customer data collected by such third parties are subject to the privacy policies of those vendors. Customers curious about these policies should visit the Privacy Policy homepage for PayPal to see their most up-to-date documents at https://www.paypal.com/gi/webapps/mpp/ua/privacy-full.

CryptoDrop™ collects a range of non-PII in order to assist us in delivering the highest quality user experience and products. As is done by the majority of commercial websites, much of this information is gathered automatically, and consists of information including Internet Protocol (IP) address, domain of the endpoint, browser type and version, referring/exit pages, pages viewed on our site, operating system type and its version, search terms, time and date, approximate geolocation, and clickstream data. These data are aggregated across all users to protect your privacy, and help us to identify trends in usage and ransomware.

When Do We Collect Data?

We collect data during the following events: 1) when you visit our webpages, including our social media sites, 2) when you enter licensing information into our applications, 3) when the applications detects a potential attack, 4) periodically to check for software updates and 5) through explicit communication such as email, chat or trouble tickets.

How Will My Data Be Protected?

We take security extremely seriously. As such, we do our utmost to protect your data. We do so by deploying at least best-practice defenses where possible to protect such data from unauthorized disclosure or use. For instance, our servers are configured to use the most current version of Transport Layer Security (TLS), that have been independently verified using the “Qualys SSL Test” to select only strong configurations and ciphers.

Please note that data stored in third-parties is protected according to their policies, and we have tried to select partners with the best history of defending user data.

However, no security configuration or tool provides perfect security for data in transit or at rest. Accordingly, we (and no other party) can claim to guarantee absolute security.

Who Else Gets to See My Data?

CryptoDrop™ is not in the business of giving away your data. As such, we do not license, rent, lease, lend, profit from or sell your PII to third-parties. However, there are a few scenarios when PII and non-PII may need to be exchanged.

Third-Parties Processing Data on Our Behalf: CryptoDrop™ relies on Third-Parties for processing our payments and generating licenses. Accordingly, we may provide these parties with a limited amount of PII including full name and contact information (e.g., email address). This sharing is necessary to ensure proper billing and licensing operations.

CryptoDrop™ also relies on Google Analytics for managing visitor statistics for our website. Accordingly, our website automatically collects information including your IP address, browser type and version, referring/exit pages, pages viewed on our site, operating system type and its version, search terms, time and date, and clickstream data. Customers can view Google’s Privacy Policy at https://www.google.com.policies/privacy.

Marketing Campaigns: CryptoDrop™ posts advertisements on a variety of websites based on information advertising networks have collected on you. Where we provide such advertisements and you click on them, we learn the previous domain you were browsing. However, we do not gain any insight into your behavior on that or any other website.

We respect that some users do not wish to be targeted in this fashion. While numerous “Do Not Track” proposals exist, the lack of a unified standard makes our compliance with such requests impossible at the current time. Accordingly, we encourage clients to with such concerns to consider deleting cookies or, for those wishing to have stronger guarantees when browsing our website, use an anonymization service (e.g., VPN or anonymity network).

Changes in Ownership: Like most other companies, CryptoDrop™ treats information about our customers as an asset. As such, if we are acquired, merge or through some other exchange including bankruptcy become subsumed by another entity, your PII may be transferred to whichever party acquires us. Customers will be notified, where possible, of such a change in ownership directly where possible (via email) and through conspicuous notifications on our website. This notification will include information about the acquiring party and any choice you may have regarding your data.

Demands from Law Enforcement: It may be necessary for CryptoDrop™ to provide your data to law enforcement. We will only disclose your information 1) if we receive a subpoena, warrant or other legal request issued by a court with appropriate jurisdiction, 2) to comply with applicable law or regulation, particularly where failure to respond would render CryptoDrop™ liable, 3) to protect our company, our employees and our intellectual property against activity that we consider to be illegal or unethical and 4) in the rare situation where requests are necessary to prevent or reduce serious harm (e.g., for reasons of national security).

How Will This Policy Be Updated?

We may need to modify this Privacy Policy in the future. We will notify you of material changes to this document via our website or email where possible. We will alert you of such changes 30 days prior to them taking effect. Further questions about our policy or changes to it can be sent via email to privacy@cryptodrop.org.

How Can I Challenge/Delete My Data?

CryptoDrop™ will provide you with information regarding whether we possess any of your information upon request. Such requests, and requests to challenge or delete such data, must be made to privacy@cryptodrop.org and must include contact information. It is our goal to respond to such requests within a reasonable timeframe. However, we note that CryptoDrop™ may need to retain certain data to be in compliance with appropriate laws, to provide services and/or to enforce agreements/resolve disputes.

We note that CryptoDrop™ is specifically not directed towards individuals under the age of 18 years and therefore do not knowingly collect PII from children. If we should discover or are alerted that we have inadvertently collected such data, we will delete it as soon as possible, except as otherwise required by relevant laws.

We Stop Ransomware

Download CryptoDrop today and put it to work for you to keep your computer protected!