This Policy forms part of the Terms of Service dated 1 August 2019 for the Sylo App (the Sylo App Terms). In this Policy, capitalised terms have the meanings given to them in the Sylo App Terms if not otherwise defined.
THE SYLO DIFFERENCE
We are fully committed to your privacy. That is why Sylo is private by design and puts you in control of your own data.
Sylo enables you to communicate directly with your peers using end-to-end encryption. We cannot see or decrypt your communications in the Sylo app. Only the contacts you choose to communicate with are able to decrypt your messages.
Your Sylo data – that is, the encrypted content of communications – is distributed across a network of nodes. Since your data is encrypted, the node operator cannot decrypt it either, so it remains confidential. This system of distributed node storage also means your data is highly resistant to cyberattacks.
WHAT INFORMATION DO YOU HAVE TO PROVIDE TO USE SYLO?
Sylo has no requirement for you to provide an email address or phone number to create an account.
To use Sylo, you simply establish an account by registering a “name” (which can be a pseudonym, alias or nickname) and choosing an avatar. You will share this information with your contacts, not with Sylo.
WHAT OTHER INFORMATION MIGHT WE COLLECT ABOUT YOU?
If you use the Services, we may also collect the following information about you when you visit our App (generic data):
- The IP address of your device when connected to the internet.
- The operating system and the your device uses.
- Information about your country and the language setting on your device
- Other attributes about mobile device and operating system.
YOUR PERSONAL INFORMATION AND SYLO
In this Policy, ‘personal information’ is information (including data) about an identifiable, natural person.
As outlined above, we may collect generic data about all of our users. We will also collect KYC information and payment information from our verified users or arrange for a third party to do so on our behalf. In addition, any user may choose to share an email address or other contact information with us.
The remainder of this Policy sets out why we collect this personal information, and the terms on which we deal with that information.
PURPOSES FOR WHICH WE COLLECT YOUR PERSONAL INFORMATION
The primary purpose for which we collect personal information is to provide Services to you and to comply with our legal and regulatory obligations in connection with the provision of certain Services. In addition, we may collect personal information about you, such as generic data, for the following additional purposes:
- To validate, update and/or enhance our Services.
- To undertake research, analytics and/or benchmarking, including to measure the number of users of any of our Services.
- To identify and understand our users’ needs.
- For our business development and marketing purposes.
- For internal record keeping, audit and compliance purposes.
Together, these are the ‘Purposes’.
WHO CAN WE SHARE YOUR PERSONAL INFORMATION WITH?
If you are a verified user, then:
- KYC information: We will not share your KYC information with any person other than (a) a third party that undertakes KYC on our users on our behalf in accordance with applicable anti-money laundering laws or with any third party that verifies that KYC information; (b) any governmental agency or regulator with whom we are required to share the KYC information in accordance with mandatory applicable law; and (c) our staff and advisers that need access to the KYC information as part of their work, subject to confidentiality restrictions.
- Payment information: We will not share your payment information with any person other than the third party payment processor that manages the payment transaction, and our staff and advisers that need access to payment records as part of their work, in each case subject to confidentiality restrictions.
We may share generic data and any other personal information we hold about you (subject to the restrictions noted above) with the following parties:
- Our service providers – such as technology suppliers/contractors, analytics and advertising service providers, storage facilities, lawyers, accountants and auditors, and all other parties who need to have access to your personal information to provide their services to us.
- Our employees or contractors to the extent reasonably necessary to provide the Services and otherwise fulfil our obligations to you.
- Any person considering acquiring an interest in our business or assets.
- Any other person to the extent reasonably necessary for the Purposes.
- Any law enforcement, legal, government or regulatory agency, where such disclosure is required or authorised by law.
These parties may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.
HOW WE USE YOUR PERSONAL INFORMATION
We will never sell your personal information.
We will only disclose your personal information when we consider it to be necessary in view of the Purpose(s) for which it was collected or where it is required by applicable law or directive.
We may use your personal information to contact you in the future about Services we believe may be of interest to you. If we do so, each communication we send will contain instructions permitting you to "unsubscribe " from any future communications from us. In addition, if at any time you do not wish to receive any future communication or you wish to have your name deleted from our mailing lists, please contact email@example.com.
THIRD PARTIES IN THE SYLO MARKETPLACE
To enhance the Services available to you, we may introduce other third party applications into the Sylo marketplace from time to time. These third party applications may also collect personal information from or about you with your consent.
CAN ANYONE ELSE SEE YOUR PERSONAL INFORMATION?
The information collected is anonymous (that is, it does not include your Sylo name or avatar or other personal information which could identify you). However, you have the ability to opt out by disabling cookies in your or mobile settings.
PROTECTING YOUR PERSONAL INFORMATION: STORAGE AND SECURITY
As we explain at the start of this Policy, your Sylo data – that is, the encrypted content of your communications – is distributed across a network of nodes. Sylo does not hold or store this data.
However, in relation to any personal data that Sylo may hold about you, such as KYC information or payment information if you are a verified user (subject to the earlier terms of this Policy), we will take all reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving any personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with applicable privacy law requirements.
Any personal information about you that Sylo holds or controls will be erased as soon as it is no longer necessary to achieve the Purpose(s) for which it was collected unless we are required by applicable law to store it for a longer period of time, in which case it will be erased after the relevant time period has elapsed.
HOW YOU CAN HELP KEEP YOUR INFORMATION SAFE
Please take care when deciding what personal information you send to us via email. No internet or email transmission is ever fully secure or error free. In particular, email sent to or from the services may not be secure so if you provide us with personal information over the internet, the provision of that information is at your own risk.
When accessing the Sylo website, look for the 'padlock' symbol in your web browser. The 'padlock' symbol is a certificate of authenticity and ensures the site is secure.
Secure Socket Layer (SSL) is the most accepted way of ensuring the security of transmitted information to and from internet sites worldwide. It operates in all pages of our website. We use SSL with Comodo Authentication Certificates with RC4 128 bit encryption.
YOUR RIGHT TO ACCESS YOUR PERSONAL INFORMATION
You may request access to any of the personal information we hold about you at any time. To request access to the personal information that we hold about you, please contact us at firstname.lastname@example.org. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.
We will respond to your request within a reasonable period of time and, where reasonable and practicable, grant access to the information in the manner requested. An explanation will be provided to you if we deny you access to your personal information we hold.
If any information we hold about you is incorrect, please contact us at email@example.com.
HOW TO CONTACT US
If you have any queries about this Policy, please feel free to contact us at firstname.lastname@example.org or write to Sylo Licensing Limited, PO Box 90334, Victoria St West, Auckland 1142, New Zealand.
PRIVACY LAWS STILL APPLY
This Policy does not limit our rights and obligations under applicable privacy laws, including the Privacy Act 1993 for our New Zealand-based users.
CHANGES TO THIS POLICY
We can amend this Policy from time to time in accordance with the Sylo App Terms. If you continue to access the Services then you will be bound by the amended Policy.