We take your personal data privacy very seriously. It is exactly why we built RelyPass in the first place and our mission is to allow you to make your personal data more convenient, private and secure.
What personal data do we collect and why?
There are two ways in which you can use RelyPass as long as you abide by our Terms Of Use:
1) You can use our app, free of charge, on any supported device for secure storage of your data.
2) You can use our syncing and backup services, for an annual subscription fee, to securely backup and recover your encrypted data or to sync your secure data across more than one device.
When you use our app, free or paid, we may record and analyze data for the purpose of providing better service, understanding how our app is used, and managing usage. Specifically, we may record your IP Address, country/location, device type, usage statistics and patterns, and some of your settings and preferences such as language selection and your use of syncing and backup services.
When you use our paid subscription backup and syncing services, we need to be able to identify you and match you to your encrypted data. For this purpose, we collect, validate, and store
your email address
that you provide (you must have access to this email for validation and messaging purposes) - you may change your email address via the app as long as you have access to the email address you use and as long as you realize that the only way we can identify you and your data is by your email address.
If you pay for and setup a Family Account, we will also collect and store
your family member email addresses
that you provide and we will associate them with your Family Account.
Other than the Email Addresses that you might provide, RelyPass does not require or collect any personal information that can be used to personally identify you.
We do use Third Party Payment Systems, such as those by the Apple App Store and Google Play, and those systems may collect and store more of your personal information when you purchase our service subscriptions, however those third party systems do not share your personal information with us and they adhere to their own strict data collection and privacy policies for which we cannot be held accountable.
We do not collect or store any credit card or payment information directly. We will also may use third party payment services to directly handle payments for any products or services purchased via our website. These third-party systems will store any personal data collected in a safe and secure manner consistent with Payment Card Industry - Data Security Standards (PCI-DSS) and they will adhere to their own data security practices and not share your personal data with us.
Any Personal Data we collect is not shared with third parties, except for the purposes of validating or refunding a subscription payment.
We will never intentionally share your personal information with others and we will never ask you for your personal or payment information via email, text, or phone call unless you contact us for assistance.
Who can see your main passphrase and data?
Only you. Your main passphrase and data are encrypted on your device and never leave your device without being securely encrypted in a way that requires knowledge of your main passphrase for decryption. The entire purpose and intent of our application is to allow you to securely store your data for your own personal use without your having to worry about other people accessing your private data.
What personal information might we ask for and how?
It is your responsibility to keep your main passphrase confidential and recoverable by you. You can change your main passphrase if you know your current one, but it cannot be reset or recovered if you forget it, nor can your secured data be recovered without your main passphrase.
However, we can never help you recover your main passphrase and because of the limitations of our ability to identify you, we will not use anything but your email address for verification.
If you receive any communication (e.g. via email, electronic message, or phone call) that claims to come from RelyPass and asks for your main passphrase or personal information, please do not provide such information and either ignore the communication or report it to us via our website or via the "Contact Us" functionality in the RelyPass app.
Who can see your credit card number or payment information?
Nobody at RelyPass. We use very trustworthy and secure third party systems provided by Apple and Google and they directly encrypt your credit card info and they do not share your personal information with us.
How can you use RelyPass?
You are granted a non-exclusive and revocable license to use RelyPass for storing your own personal data. You agree to not abuse our product and services by storing information to which you do not have rights or for any purposes other than your own personal data storage.
You further agree that you are solely responsible for choosing and remembering your main passphrase. You agree to not try to access our services other than through the application as we've built it and to not try to reverse-compile or hack our applications or services in any way.
If you have improvements to suggest for our apps or services, we would very much like to hear them.
Who else has access to your unencrypted data?
Nobody, unless someone else gains unauthorized access your encrypted data and knows or is able to discover your main passphrase.
The whole purpose of RelyPass is to secure your data with your main passphrase in a way that requires your main passphrase to recover your data. Without your main passphrase, your data cannot be recovered, so if you use a main passphrase that is sufficiently strong and difficult for others to guess, then you are as safe as is practically possible with currently accepted encryption technologies.
Who else has access to your encrypted data?
If you do not use our syncing and backup services, your data remains encrypted and stored on your device. However, in such circumstances, if your device is lost or fails in some way, your encrypted data will be lost and we cannot help you recover it. With our syncing and backup services, we store your encrypted data in the cloud using Amazon Web Services (AWS). Amazon controls physical and virtual access to their server locations. Your data remains encrypted with your main passphrase at all times when it is transmitted from your device and stored in the cloud so even if someone were to compromise the RelyPass server, they would not have access to any of your unencrypted data.
We use firewalls and secure private keys when accessing AWS servers for our IT services via SSH, and we protect our AWS console passwords locally with, of course, RelyPass. We also analyze traffic and risks and keep an eye out for malicious abuse.
How is your data protected from another customer’s data in the cloud?
All of our customers’ data resides in the same database but is encrypted with each customer's main passphrase which resides encrypted on your device. Even if you somehow accessed another customer's data it would be useless to you (just as it is to us and just as your encrypted data would be useless to another user) because it is encrypted with another customer's main passphrase and custom encryption keys.
How are we protecting your data from hacker attacks?
We are Information Technology professionals and are very concerned and experienced with data security, however, even we cannot guarantee that your encrypted data will be completely and forever be inaccessible to others. However, for your data to be compromised by another person, such a person would have to be very knowledgeable about coding and encryption and very patient and very determined to access your personal data because we've used military and bank level encryption. Such encryption makes it impractical for most sophisticated hackers to compromise your encrypted data, even if they could access it. However, should you feel concerned, there are further ways of securing your data (e.g. storing useful password hints and not the full passwords themselves, etc.).
Sadly, there is no way to electronically store your personal data without some very small risk of compromise. Really determined and sufficiently knowledgeable people will probably, in most cases, be able to get your data much more easily in ways other than actually discovering your main passphrase and decrypting your data - for example with surveillance or access to your devices. What we offer with RelyPass, is a tool to store your data securely in a way that would deter all but the most sophisticated and determined hackers. It is for everyday personal data security for most people. If you have reason to further protect your data then you probably are not using the devices we support for such purposes, or you are using RelyPass as part of a combination of data security practices. Please see our FAQ and website for more information, ideas, and references.
What guarantees are offered by RelyPass?
We guarantee to do our best to provide secure and reliable personal data encryption apps and services. Due to all sorts of possibilities beyond our control, we cannot guarantee the ultimate safety of your data or the reliability of our app or services. We pride ourselves on providing top-quality Information Technology services and we build apps and services that we use ourselves personally and professionally. However, to the extent allowed by applicable laws in San Francisco, California, U.S.A., you agree that our liability for any loss of data or service while you use RelyPass is limited to the amount of money you pay us to use our services.