Last Modified January 5, 2023
Wickr is being sold by AWS. If you purchase or renew Wickr services from an AWS Contracting Party (excluding Wickr LLC), even if you originally purchased through Wickr Inc./LLC, the AWS Customer Agreement and Privacy Notice now apply to your use of such services instead of the terms and privacy policies published on the Wickr website. The AWS Privacy Notice governs AWS’s collection and use of the information you provide to us in connection with the creation or administration of your customer account. The Customer Agreement and any supplemental terms between you and AWS relating to the Wickr service apply to the data transferred to the AWS services for processing, storage, or hosting in connection with your use of the Wickr services. If you did not purchase Wickr services from an AWS Contracting Party, the following applies:
Thank you for using Wickr Pro! Wickr Pro is a vetted, simple-to-use end-to-end encryption platform built by an expert security team and designed to facilitate calls and video conferences and protect the transfer of high-value sensitive communications including messages and files. Wickr administers Wickr Pro through its messaging network and the application downloaded by the user (collectively, the “Service” or “Services”).
We work very hard to preserve your privacy and security, and we do our best to be as transparent as possible in explaining how we use your data in providing our Services. Not only is Wickr’s security architecture and proprietary encryption methodology designed to ensure that only users can gain access to their message content, we promise to never monetize you or your communications. Ever. Please contact us if you have any questions at firstname.lastname@example.org.
Our Privacy Practices in Brief
Wickr has to collect some information about you in order to provide our Services to you, but we work to do so in a limited and secure way, as follows:
What Information Does Wickr Collect?
We are committed to limiting our collection of your information to only what is necessary to provide you with the Services in accordance with applicable data protection and privacy laws. An administrator for the entity or organization with which you are affiliated (“Administrator”) may provide us with personally identifiable information about you, such as your e-mail address, for purposes such as sending you an e-mail with a link to download the Service. The entity or organization with which you are affiliated with may retain this information for as long as you are affiliated with that organization or entity or as long it uses the Service. We also collect information from users as described in greater detail below:
Mandatory User-Provided Information: You are required to provide limited information during the registration process to create a Wickr Pro account and to begin using the Service.
Optional User-Provided Information: We provide a few optional features for your convenience, and for the convenience of the entity or organization that you are affiliated with. Some of these features permit you to provide additional personal information at your or your organization’s election.
If you add your phone number to your account to facilitate contact searching, we utilize the same third party service to deliver a confirmation SMS to you, but we then store a cryptographically hashed (I.e., disguised) representation of your phone number on our servers in lieu of the actual phone number. Our contact search feature operates entirely on hashed representations of phone numbers and rate limited search functions.
Automatically-Collected Information: Wickr collects the following information automatically during your setup and use of the Service:
How Is Information Used and Disclosed?
The limited information that we collect, receive, or have access to is used to provide the Service, to allow you to send and receive messages and files, to respond to your requests, to enforce our Terms of Service (e.g., terminating an account for promoting child sexual exploitation or abuse) or as otherwise required by law (also see “Legal Process” section below), and to improve the Service, in line with the legitimate interest we have in delivering the Services to you. It may also be shared under valid legal process and with third party service providers for the limited purposes described below.
Wickr is committed to transparency and to limiting what we disclose in response to legal process. Please see our full Legal Process Guidelines, but here are the highlights:
When we receive a request for customer data related to the Service, we always attempt to redirect the third party to obtain the requested data from our customer. For valid requests that we are not able to redirect to the customer, we disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order. We will always notify our customers of any third party requests for their information unless we are legally prohibited from doing so. As soon as legally permissible, we will notify our users of requests for their information. We require a warrant before handing over the contents of communications; however, because of the nature of our technology, the contents of communications will be encrypted and undecipherable if obtained.
Third Party Service Providers
Here are the Partners with whom we work to provide the Service:
Each of these providers has its own policies for handling user data. Please review the respective privacy policies for Zendesk, Twilio, Mailgun, Recurly, Braintree, Bugsnag, Backtrace, Hubspot, TAK and Salesforce for additional detail on their specific practices.
A cookie is a small text file that is placed in visitors’ browsers to help us learn when users arrive at our site, how they use the site, when they leave, and when they come back. These cookies can never be used to identify user accounts within the Wickr App.
Here is an example of how we may use information collected via cookies: we may think that one of our new features would be very useful to the Wickr community, but cookies may tell us that very few users fully read that feature’s description on our site. That insight would help us to rethink the way we explain that product on our site or present it in an advertisement so that we can better communicate our services to our users.
We make every reasonable effort to minimize the information we collect. For example, we enforce IP masking for the website analytics purposes to conceal the last 4 digits of IP addresses which ensures that visitor’s full IPs are not collected via Google Analytics service.
We provide the utmost transparency on and up-to-date overview of cookies used on our website including the ability for website visitors to check, withdraw or modify consent for non-necessary cookies at any time.
Data Retention on Wickrʼs Servers
Depending on which Wickr-hosted business product you are using, our servers store the encrypted messages that you send and receive for up to 30 days to ensure their reliable delivery to each device associated with your account and the accounts to which you transmit messages.
We retain certain account data (i.e., when a user account was provisioned, when a user registered, and account settings changes). User profile information is stored on our servers for as long as you use the Service, or until account deletion by an Administrator.
Data Retention by Your Entity or Organization
The entity or organization with which you are affiliated with may retain information about you and your use of the Service, such as your profile information, for as long as the entity or organization desires. Please consult the entity or organization with which you are affiliated with for additional detail about its specific data retention policies.
Data Retention on Your Device
All messages are stored in encrypted form on user devices. Users select a retention policy for their messages by choosing how long a message is viewable before it is deleted (via the expiration time, burn-on read time). The “expiration” time is a length of time before content is destroyed on all devices from the time it is sent (this is the maximum time-to-live). The “burn-on-read” time is a length of time before content is destroyed across all user devices once it has been read by that user (this will never extend the “expiration” time). Your content may be available to you and the recipient(s) locally, on your device(s) until it expires even after we delete it from our servers; however, you will not be able to download pre-existing content to a new device. Note that our application controls cannot destroy exported or maliciously retained messages, so you should always ensure that you are communicating with people you trust.
In addition, Wickr’s “secure shredder” technology uses forensic deletion techniques to help reduce the risk of deleted messages and temporary data being recovered.
Users for Whom the Service Is Intended
The Service is designed for communication purposes by individuals associated with an entity or organization. The Service is not designed for children under the age of 16. If we learn that we have collected personally identifiable information from a child under 16, we will take appropriate steps to promptly remove such account and delete all information associated with such account.
Users Outside the US
If you use our Services and reside outside the U.S., your information will be transferred to the U.S. and will be processed and stored there under U.S. data protection and privacy regulations which may vary from those of your country of residence. By using the Services, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
You are responsible for complying with any laws or regulations in your country that govern use of applications and services like Wickr.
We Are Serious About Security
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, within our organization, we limit access to information about you and your use of the Service to authorized employees who need to know that information in order to operate, develop, or improve the Services. As described herein, we take every reasonable step to ensure that message contents are not retrievable by us or anyone else.
However, we know that no security system can prevent all potential security breaches. Therefore, we have limited the potential implications of such a breach by designing our system so that in the event of a breach, we would have only limited information about you. Please note that all user communications on the Wickr Service are protected between devices and are never stored unencrypted hence are undecipherable to Wickr or other third parties.
Learn more about AWS security policies here.
Contact Us if You Have Questions or Account-Related Requests
If you have additional questions regarding our privacy protection practices while using our Services or otherwise, please contact us via email at email@example.com.
If you live in the European Region please note the following:
You may contact us at firstname.lastname@example.org on any questions you may have about your personal data and our use of such personal data under the GDPR.