ExaVault Privacy Policy

Last Updated: December 14, 2024

Thank you for visiting this web site of ExaVault, LLC (“we”, “our”, "ExaVault"). We recognize that your data is very personal and sensitive. This Privacy Policy explains our commitment to protecting your privacy, with regard to your use of the ExaVault product, and the associated sites (the “Product”).

By using this Product, you accept privacy practices contained in this Privacy Policy. You are encouraged to regularly review this Privacy Policy to make sure you understand how any personal information you provide will be used.

1. Information We Collect

Information You Provide to Us

• Registration and Billing Data: Names, addresses, phone numbers, email addresses, and sometimes payment information.
• Correspondence Data: Information you send to us via email, our contact form, our chat widget, or other means of correspondence.

Information We Automatically Collect When You Use the Product

• Usage Data: While using the Product, we also collect usage information customarily logged by such software, including activation information, license verification, the originating IP address, third party integrations, and other similar types of information.
• Device Data: We also collect information from and about the devices you use to access the Product. This includes things like the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices.
• Cookie and Other Tracking Data (aka “Cookie Data”): Use of the Product and certain features require support for cookies, small pieces of data that are stored on your computer’s hard drive and transmitted back to us with each web page request. A cookie simply identifies your browser to the Product by assigning it a unique ID number.

2. How Information Is Used

We treat different types of information differently, and have a legitimate use for each type of data.

• Usage Data and Device Data are used to help us understand how the Product is being used; improve the Product; ensure compliance with the Terms of Service; and, detect, investigate, and prevent fraud and abuse.
• Correspondence Data is used to communicate with you regarding any questions, comments, or concerns relating to the Product.
• Registration and Billing Data is used for billing purposes and to notify you about important service-related notices, include feature updates.
• Cookie Data can be used for a variety of purposes. Email or newsletters that we send electronically may use techniques such as web beacons or pixel tags to gather email metrics and information to improve the reader’s experience, such as the number of emails that are opened, whether they were forwarded or printed, the type of device from which they were opened, and the locations (e.g. city, state, and county) associated with the applicable IP address. Please note that you do have the option to configure most web browsers to not accept cookies. Because there is not yet a consensus of how to interpret web browser-based “Do Not Track” signals other than cookies, we do not currently respond to “Do Not Track” signals that are undefined.
• E-Mail addresses collected will be used to communicate with you regarding the Product. We communicate such things as announcements of new features, changes to Terms of Use/Privacy Policy, information about pricing changes or systems outages, and other Product-related announcements. You can cancel your participation in any of these email lists at any time by clicking the Unsubscribe link or other unsubscribe option that is included in the respective email. We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails, because we hate spam as much as you do. By submitting your email address, you also agree to allow us to use your email address for custom audience targeting on sites like Facebook, where we display custom advertising to specific people who have opted-in to receive communications from us.
• Telephones numbers you provide to us may used to contact you with any troubleshooting or billing issues, appointment scheduling, and appointment reminders. We may also use telephone number for multi-factor authentication if you use that feature.

All of the above information may be used to undertake accounting and administrative tasks, or manage legal claims.

All information may be disclosed when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the Terms of Use and policies governing the Product and applicable laws or to protect against misuse or unauthorized use of the Product.

If the ownership of all or substantially all of ExaVault, or individual business units associated with the Product, were to change, your user information may be transferred to the new owner so the service can continue operations. In any such transfer of information, your user information would remain subject to the promises made in this Privacy Policy. In the event of such transaction, we will alert ExaVault paying customers of such change via e-mail, and provide an opportunity to cancel or change your Product.

3. Third Parties

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies and other methods to help us study usage patterns on the Product and related sites. Information generated from your use of the Product will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of preparing reports regarding aggregate use of the Product.

We use Help Scout, a customer support helpdesk service, to manage and track customer requests.

We use other third parties to facilitate our business, such as server hosting, file hosting, customer communication, usage tracking, and payment processing. In connection with these offerings and business operations, our service providers may have access to your information for use for a limited time in connection with these business activities. Where we utilize third parties for the processing or storing of any information, we have ensured that they will fully comply with this Privacy Policy.

Other parties such as advertising partners and analytics companies may also be collecting information about your online activity across various websites over time. The information collected by those third parties may include identifiers that allow those third parties to tailor the ads that they serve to your computer or other device.

If you use OpenID or OAuth (such as Facebook or Google), you may also be sharing and integrating data with third-party social media sites, and we may track aggregate data about the number of visits to this site with an open ID, the number of items “liked” on this site, or items on this site that you choose to share with a third-party social media site.

Third party retargeting networks may also use cookies to display our advertisements to you on other sites. You can opt-put of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page, or you may try opting out at the websites of industry groups such as the Digital Advertising Alliance, or if located in the European Union, the European Interactive Digital Advertising Alliance. You may also be able to control advertising cookies provided by publishers, for example Google’s Ad Preference Manager. Note that even if you choose to opt out of receiving targeted advertising, you may still receive advertising, although it should not be tailored to your interests or activities.

If you use a third-party Sign-In Integration, then we will use your email address and profile data for purposes of authenticating and signing-in to the Product. If you use a third party integration, then you may provide certain information to enable and use the integration.

While information may be shared as described herein, we will not sell it to advertisers or other third parties.

4. Data Retention

Registration and Billing Data, Correspondence Data, Cookie Data, Device Data, and Usage Data will respectively be deleted or anonymized upon your termination of use of the Product, and when we have no ongoing legitimate business need to process your information. We take reasonable steps to limit the minimize the volume of data we collect from you and the length of time we retain your data. You have the right to obtain our confirmation of whether we maintain personal information relating to you. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. Your right to access your personal data may be restricted in exceptional circumstances or vary based on where you reside. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination.

If you are an individual and you believe that we have your personal information, you may contact us using the email or contact form below regarding how your information is used and shared, including to exercise your data protection and privacy rights at any time.

For people residing in the EU, the GDPR provides certain rights. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Product. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal information in reliance upon any other available legal bases). Requests should be submitted by contacting us using the contact details below. If you are within the EU and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.

5. Minors

The Product is not intended for use by children, especially those under 13. We do not knowingly collect personally identifiable information from children under 18 years of age. If your minor child has provided us with personally identifiable information, you may reach us using the contact information below if you want this information deleted from our records.

6. Other Provisions

Your use of the Product is governed by a Terms of Use, and potentially additional documents (e.g. a BAA or DPA) which will prevail in the event of a conflict with this document, except as required by law.

This Privacy Policy does not describe information collection practices on other third party sites, including those linked on our sites or through the Product. We do not control and are not liable for actions of any third parties who we may promote and/or link to from our sites or the Product.

We take reasonable steps to ensure that your personally identifiable that we control is limited to that which is reasonably necessary in connection with the purposes set out in this Privacy Policy or as required to provide you services or access to the Product.

You agree that by submitting your telephone contact information on the web site and/or registering to receive the Product, such act constitutes a purchase, an inquiry, and/or an application for the purposes of the Amended Telemarketing Sales Rule (ATSR), 16 CFR ‘310 et seq. and any applicable state and local “do not call” regulations. We retain the right to contact you via telemarketing in accordance with the ATSR and the applicable state regulations.

7. EU-US Data Privacy Framework (successor of Privacy Shield)

The EU-US Data Privacy Framework officially launched, and replaced Privacy Shield as an approved mechanism for transferring data from the EU to the US.

ExaVault complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Files.com has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework programPrinciples (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov

In compliance with the EU-US Data Privacy Framework program's Principles, Files.com commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union individuals with DPF inquiries or complaints should first contact privacy@exavault.com.

Files.com has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Our commitments under the DPF are subject to the applicable enforcement powers of the U.S. Federal Trade Commission (FTC).

Files.com engages a limited number of third-party service providers to assist the Service, including related support functionality. We are responsible for the processing of personal data we may receive under each Data Privacy Framework, including subsequent transfers to third parties we engage who are acting on our behalf, including the onward transfer liability provisions for applicable frameworks. Files.com may be liable in cases where those third parties we engage do not meet the obligation to process personal data in accordance with the Data Privacy Framework Principles or other applicable EU data protection requirements, unless we prove that we are not responsible for the event giving rise to the violation.

Files.com collects information via the use of the Service as described herein, and by our business customers who store data on, or transfer data through, the Service. Accordingly, we may not have a direct relationship with an individual whose personal data our business customers process through the Service. As an individual, if you have concerns about your personal data being processed, or if you seek access or want to correct, amend, or delete inaccurate data, please contact us at privacy@files.com and we will work with connecting you with the organization responsible for processing your personal data within a reasonable timeframe.

ExaVault's compliance with the EU-U.S. DPF is as a subsidiary of Action Verb LLC.

8. Note to California Residents

If you live in the State of California, under the California Civil Code, you have the right to request that companies who conduct business in California provide you with a list of all third parties to which the company has disclosed Personal Information during the preceding year for direct marketing purposes.

Alternatively, the law provides that if a company has a Privacy Policy that gives either an opt-out (often referred to as “unsubscribe”) or opt-in choice for use of your Personal Information by third parties (such as advertisers or affiliated companies) for marketing purposes, that the company may instead provide you with information on how to exercise your disclosure choice options. This site qualifies for the alternative option; it has a comprehensive Privacy Policy and provides you with details on how you may either opt-out or opt-in to the use of your Personal Information by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of the third parties that received your Personal Information for marketing purposes during the preceding year.

If you are a California resident and want to request information about how to exercise your third party disclosure choices, you must send a request using the online contact form listed in the Contact Us section below.

All requests must be labeled “Your California Privacy Rights” on the subject of the actual request. For all requests, please include your name, street address, city, state, and zip code. Please include your zip code for our own record-keeping. Requests that are improperly labeled or that are missing the required information will not be processed.

9. Contact Us

ExaVault regularly reviews its compliance with this policy. Questions regarding the Privacy Policy or privacy-related requests should be sent by e-mail to legal@exavault.com. Alternatively, you may call us at +1 (800) 286-8372 or write to us at ExaVault, ATTN: Privacy Policy, 222 S Mill Ave, Suite 800, Tempe, AZ 85281, United States.

Our Data Protection Officer may be contacted at privacy@exavault.com.

10. Changes to This Privacy Policy

ExaVault reserves the right to change this Privacy Policy at any time by posting a new Privacy Policy at this location. Any change(s) to this Privacy Policy will take effect within thirty (30) days after such changes have been posted. Your continued use of the Product following such changes will indicate your acceptance of those changes.