Wickr Enterprise Privacy Policy

Last modified: September 14, 2022

Wickr is being sold by AWS. If you purchase or renew Wickr services from an AWS Contracting Party (excluding Wickr LLC), even if you originally purchased through Wickr Inc./LLC, the AWS Customer Agreement and Privacy Notice now apply to your use of such services instead of the terms and privacy policies published on the Wickr website. The AWS Privacy Notice governs AWS’s collection and use of the information you provide to us in connection with the creation or administration of your customer account. The Customer Agreement and any supplemental terms between you and AWS relating to the Wickr service apply to the data transferred to the AWS services for processing, storage, or hosting in connection with your use of the Wickr services. If you did not purchase Wickr services from an AWS Contracting Party, the following applies:

Thank you for using Wickr Enterprise! Wickr Enterprise is a vetted, simple-to-use, end-to-end encrypted secure messaging platform built by an expert security team to protect high-value sensitive communications including messages, files, voice and video conferencing. Wickr (“Wickr”, “we”, or “us”) provides the application downloaded by the user (the “App”). The entity or organization that you are affiliated with (“Provider”) manages the service (the “Service” or “Services”).

This document, the Wickr Enterprise Privacy Policy (“Privacy Policy”), governs how we handle users’ data in the App. Your use of the App indicates your consent to this Privacy Policy. If you do not want to be bound by this agreement, you may not use our App.

We work very hard to preserve your privacy and security, and we do our best to be as transparent as possible in explaining how we use your data in providing our App. Not only is Wickr’s security architecture and proprietary encryption methodology designed to ensure that only users can gain access to their message content, we promise to never monetize you or your communications. Ever. Please contact us if you have any questions at privacy@wickr.com.

Our Privacy Practices in Brief

The Wickr App has to collect some information about you in order for your Provider to provide their Service to you, but we work to do so in a limited and secure way, as follows:

• Information about you such as your email address and business affiliation will be provided by you or your Provider for the purposes of creating your account. This information may also be available to other users of the service in the form of a public profile. For information about how your Provider uses this information, please consult directly with that entity or organization.
• Neither Wickr nor your Provider have access to the messages you transmit by using the Service, the rooms you create or your contacts unless you explicitly consent to monitoring when joining the network or Service. Your messages are protected with multiple layers of encryption before they are transmitted to your Provider’s servers, which is intended to make the messages only accessible to the intended recipient(s). If additional users are added to a secure room by you or by another user, then those users will be able to see the messages shared within that room from the moment they joined the conversation.
• You control how long your messages are viewable on recipient devices and how long rooms are active before they are deleted. The maximum message lifespan may be determined by your Provider.
• Wickr does not track users’ unique device information, IP or geo-location data. For information about whether your Provider tracks any of this information, please consult directly with that entity or organization.
• When you block someone from being able to contact you on Wickr Me, they are automatically added to the block list in your settings. To protect your privacy, they won’t know that you are blocking them when they send you a message.
• We do not share or sell customer data to any third party for any purposes.

Please review the rest of this Privacy Policy, below, for additional detail about the summary above.

What Information Does Wickr Collect?

We are committed to limiting collection of your information in our App to only what is necessary to provide you with the Services in accordance with applicable data protection and privacy laws.

Automatically-Collected Information: Wickr collects the following information automatically during your setup and use of the App or the Provider’s Service:

• Crash Logs: For purposes of debugging, error correction, and system continuity, Wickr Apps transmit crash logs to a cloud-based bug reporting platform. The logs do not contain any user personal information and they pertain only to the Wickr Service.

What Information Does Your Provider Collect?

Mandatory User-Provided Information: You are required to provide limited information during the registration process to create a Wickr Enterprise account and to begin using the Service.

• Your ID: Your Wickr Enterprise ID is your e-mail address or other identifier chosen by your Provider. Other users of the Service within your network or in other federated networks will be able to look you up and contact you using your Wickr Enterprise ID.
• Your Password: We require you to have a password to use the Service, but we never store your password on our or the Provider’s servers and don’t store it in plain text on your device. You will be able to change your password at any time. In case you forget your password, you will be able to restore your access by resetting your account with a new password. You will be asked to verify your identity and/or email, depending on the settings set by your Provider. Please note that resetting your password will result in losing your existing conversations. For your security, we recommend that you use a long, unique password consisting of a mix of upper and lower-case letters, numbers, and symbols.

Optional User-Provided Information: We provide a few optional features for your convenience, and for the convenience of your Provider. Some of these features permit you to provide additional personal information at you or your organization’s election.

• Profile Information: The Service may allow you to set up your profile, which may include your Wickr Enterprise ID, name, or other information entered by you or your Administrator such as your avatar image. If you set an avatar, it will become visible to others on Wickr, so please do not add an avatar if you do not intend it to be viewed by other users.
• Push Notifications: When setting up your Wickr Enterprise account, the App will prompt if you want to receive notifications of new messages, software updates, and other administrative and technological developments. Push notifications are functions of your device’s operating system, so if you enable this feature, your device operating system’s manufacturer will know that you are using the Service, but will not be able to see the content of the messages you transmit using the Service.
• File Sharing: The Service will allow you to share files you have on your device. The Service will make encrypted copies of such files when sending them as Wickr messages, which will expire depending on the message expiration settings you select. Files you send may be downloaded locally on user devices, after which message expiration settings do not apply.
• Contacts: As you join the network with which you are affiliated, you will see all contacts within your network populate your Wickr Enterprise contact list. Depending on the settings selected by your Provider, you may be able to add contacts from outside your network to your Wickr Enterprise account. If you allow the Service to access your device’s contacts to see who among them is on Wickr, the App will send hashed representations of your contacts’ phone numbers and email addresses to the Service to ensure that the Service never accesses your actual contact list. We and/or the Provider never store your device contacts in any form on our servers.
• Customer Service: Any information provided to us by a user voluntarily when they request customer support or provide feedback (e.g., an email address, the contents of their request) will be used to respond to that individual request, and may be may be logged as part of our effort to improve our customer service, solve any product-related issues or improve our Service.

Automatically-Collected Information: The App collects the following information automatically during your setup and use of the Service:

• Device Information: The Service may collect hashed representations of your mobile device’s hardware ID and/or other platform-related information during registration. This information is used by the Service to associate your account with your device.
• Aggregate Usage Data: During the operation of the Service, the Provider may collect basic usage statistics, such as the number of messages sent by Wickr users daily, types of messages sent (e.g., voice messages more often than text), and other key performance indicators.

Your Provider may retain this information for as long as you are affiliated with that organization or entity or as long it provides the Service.

How Is Information Used and Disclosed?

The limited information that the App collects from you is used to provide the Service. For information about how your Provider uses this information, please consult directly with that entity or organization.

Legal Process

For information about how your Provider responds to legal process, please consult directly with that entity or organization.

Third Party Service Providers

To improve the App, we engage with various service providers (“Partners”) that may require access to some user information described in this Privacy Policy. We carefully select each of our Partners based on Wickr’s commitment to user privacy and security. Our security team meticulously vets each prospective partner to ensure its policies and practices are on par with Wickr’s standards.

Here are the Partners with whom we work to provide the App:

• To assist Wickr with improving our web content and advertising activities, as well as to optimize user experience during the onboarding process, we partner with Hubspot, a B2B Marketing Automation Platform, and Salesforce.
• To accelerate resolution of the most frequent customer inquiries, Wickr’s support is automated in collaboration with Zendesk, a customer support platform.
• To enable app distribution, we use the official App Stores or private app distribution methods preferred by the organization with which you are affiliated.
• To manage bug reports, we use Bugsnag and Backtrace, which are cloud-based bug reporting platforms.
• To enable Wickr chat in ATAK, we provide an end-user option to integrate with TAK apps provided by the U.S. Army.

Each of these providers has its own policies for handling user data. Please review the respective privacy policies for Zendesk, Hubspot, Bugsnag, Backtrace, TAK and Salesforce for additional detail on their specific practices.

Cookie Policy

We tirelessly work on improving our services and raising awareness about our products, which are designed to ensure our users’ security and privacy. To accomplish these goals, we use cookies on the Wickr website that enable us to learn how visitors navigate our content and interact with our marketing materials so we can be more effective at informing our users about product developments.

A cookie is a small text file that is placed in visitors’ browsers to help us learn when users arrive at our site, how they use the site, when they leave, and when they come back. These cookies can never be used to identify user accounts within the Wickr App.

Here is an example of how we may use information collected via cookies: we may think that one of our new features would be very useful to the Wickr community, but cookies may tell us that very few users fully read that feature’s description on our site. That insight would help us to rethink the way we explain that product on our site or present it in an advertisement so that we can better communicate our services to our users.

We make every reasonable effort to minimize the information we collect. For example, we enforce IP masking for the website analytics purposes to conceal the last 4 digits of IP addresses which ensures that visitor’s full IPs are not collected via Google Analytics service.
We provide the utmost transparency on and up-to-date overview of cookies used on our website including the ability for website visitors to check, withdraw or modify consent for non-necessary cookies at any time.

More information on our Cookie Policy can be found here.

Data Retention

Data Retention on Wickrʼs Servers
Wickr does not collect and retains no information about you and your use of the App.

Data Retention by Your Entity or Organization
Your Provider may retain information about you and your use of the Service, such as your profile information, for as long as the entity or organization desires. Please consult you Provider for additional detail about its specific data retention policies.

Data Retention on Your Device
All messages are stored in encrypted form on user devices. Users select a retention policy for their messages by choosing how long a message is viewable before it is deleted (via the expiration time, burn-on read time). The “expiration” time is a length of time before content is destroyed on all devices from the time it is sent (this is the maximum time-to-live). The “burn-on-read” time is a length of time before content is destroyed across all user devices once it has been read by that user (this will never extend the “expiration” time). Your content may be available to you and the recipient(s) locally, on your device(s) until it expires even after we delete it from our servers; however, you will not be able to download pre-existing content to a new device. Note that our application controls cannot destroy exported or maliciously retained messages, so you should always ensure that you are communicating with people you trust.

In addition, Wickr’s “secure shredder” technology uses forensic deletion techniques to help reduce the risk of deleted messages and temporary data being recovered.

Users for Whom the App Is Intended

The App is designed for communication purposes by individuals associated with an entity or organization. The App is not designed for children under the age of 16. If we learn that the App has collected personally identifiable information from a child under 16, we will promptly notify the Provider.

User and Provider Locations

Depending on where your Provider chooses to host the Service, your information may be transferred to, processed and stored under data protection and privacy regulations which may vary from those of your country of residence. By using the App, you agree to this transfer, storing or processing. Please consult you Provider for additional detail about its choice of Service location and the applicable data protection and privacy regulations to which they comply.

You are responsible for complying with any laws or regulations in your country that govern use of applications and services like Wickr.

We Are Serious About Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. As described herein, we take every reasonable step to ensure that message contents are not retrievable by us or anyone else.

However, we know that no security system can prevent all potential security breaches. Therefore, we have limited the potential implications of such a breach by designing our system so that in the event of a breach, the Service would have only limited information about you. Please note that all user communications on the Wickr Service are protected between devices and are never stored unencrypted hence are undecipherable to Wickr or other third parties.

Revisions to the Privacy Policy

We may change this Privacy Policy, which pertains solely to our Wickr Enterprise Products, from time to time, for any reason. When we do, we will be sure to let you know one way or another by revising the date at the top of the Privacy Policy that’s available on our website and mobile application or we may provide you with additional notice (such as adding a statement to our websites’ home pages or providing you with an in-app notification). Your continued use of the App following the posting or notice of any changed terms will denote your acceptance of such changes.

Contact Us if You Have Questions or Account-Related Requests

If you have additional questions regarding our privacy protection practices while using our Services or otherwise, please contact us via email at wickr-privacy@amazon.com.

If you live in the European Region please note the following:

• Opt-out. You may contact us anytime to opt-out of:
  (i) direct marketing communications or
  (ii) the transfer of your personal data outside the European Region. Please note that your use of some of the Service may become ineffective upon opt-out.
• Access. You may access the data we hold about you at any time by contacting us directly.
• Amend. You can also contact us to update or correct any inaccuracies in your personal data.
• Erase and forget. In certain situations, for example, when the data we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

We may refer you to your Provider to respond further to these requests. You may contact us at wickr-gdpr@amazon.com on any questions you may have about your personal data and our use of such personal data under the GDPR.