Your privacy is important to us. Psono follows some fundamental principles:
We do not ask for any information that we do not really need.
We do not share your information with anyone except to comply with the German law, protect our rights and develop our product.
No sensitive data like your passwords will ever leave your computer without being encrypted before.
Your personal data is processed by us only in accordance with the German data privacy law. The following passages describes the type and purpose of the use of the gathered personal data.
Any data (name, address, billing information, IP-address, ...) is only used to fulfill the service and without a legal basis or your explicit consent, not given to any third parties.
Psono collects personal-identifying information like for example the IP address while using our service, to ensure the service availability and to protect your account. Psono may use that information for statistical analysis and may display this anonymized statistical analysis publicly or provide it to others.
Account holders in addition must specify some additional information during registration, like for example their e-mail address. That information is used to prevent service disruptions and to inform users about security relevant information.
For technical reason (login, sessions, ...) we are using browser storage (e.g. cookies, local storage, ...), which stores data in your browser.
Psono uses the GA's "anonymizeIP()" function, to truncate IPs before processing them to prevent direct associations to persons.
This service offers the use of YubiKey OTP for multi-factor authentication. When using this feature the server will send your OTP token to the Yubico Validation Service to authenticate your token.
This service also offers the use of Duo for multi-factor authentication. When using this feature the server will register a user with your username with duo at the beginning. Later when you use Duo (e.g. during the login process), the server will send requests to the Duo service to identify you with them and protect your account.
This service is using Mailgun as a service to handle all e-mail traffic, that includes registration emails, support emails and potential security notifications.
This service uses Freshdesk to handle support requests. Whenever you are opening a new ticket, via email or support form it will be processes by Freshdesk including all information that you may provide in the process (IP, email address, all data of your support request, ...).
This service uses Sentry (from sentry.io) to handle errors. Whenever an error is recorded it's sent to sentry so problems can be fixed quickly. This is necessary to ensure the integrity, reliability and availability of the service for all users as testing cannot check all potential OS / browser / devices / version combinations.
Psono offers the possibility to check all passwords in the datastore against "haveibeenpwned.com", an online database containing the passwords of various data breaches. If you use this option, then a checksum (the first 5 digits of the sha1 hash) of every password will be sent to haveibeenpwned.
Psono's PGP feature requires to lookup the public keys for email addresses (to validate signatures or to encrypt a message for a recipient). HKP (HTTP Keyserver Protocol) server receive usually the email address of the recipient and will return the public key. The default configured HKP server is keyserver.ubuntu.com but can be changed in the settings.
Psono is using Cloudflare to protect it's server from DDoS attacks, offer reduced load times for users and decrease the general server load. All requests are proxied by servers that are closest to the user. An overview of Cloudflares data privacy commitment can be found here Cloudflare
Google Cloud Storage
Psono is offering the use of Google Cloud Storage as file repository. If configured, the client will upload encrypted files there. It's a direct communication between the Psono web client and Google Cloud Storage, so Google has access to metadata e.g. your ip, which bucket did you access, when did you access it. More information can be found in Google's Terms of Service and Google's Data Processing and Security Terms
Amazaon Web Services S3
Psono is offering the use of AWS S3 as file repository. If configured, the client will upload encrypted files there. It's a direct communication between the Psono web client and AWS, so AWS has access to metadata e.g. your ip, which bucket did you access, when did you access it. More information can be found in AWS Service Terms
Digital Ocean Spaces
Google Cloud Platform
This service is hosted by Google on the Google Cloud Platform. Google itself has the highest standards of privacy. Yet as the platform provider, Google has access to all information that the application itself has access to (e.g. your ip, email address, browser information, ...).
More information about how Google handles informations and what measures have been applied can be found for example in Google's Terms of Service and Google's Data Processing and Security Terms
Psono may update it's privacy statement from time to time and we encourage everyone to check regularly. It has last been updated Sept 28th, 2019.