Tinfoil Security, Inc. ("Tinfoil Security " or "We"), a corporation duly established and registered in Delaware, USA, is the owner and operator of https://www.tinfoilsecurity.com (the "Website"), which is intended to supply various services as more fully described in the Website (the "Services").
When visiting the Website and/or using the Services, you may provide us with certain types of information, as described below. Except as described in this Policy, Tinfoil Security never collects personally identifying information from the user.
In order to use the Services, a user must first complete the registration form. During registration, a user may be required to give contact information such as first and last name, company name, address, email address, job function, phone number, mobile number, URL and/or IP addresses. We use this information to verify the ownership of servers, URL, and IP addresses, to do non-invasive informational testing of users' servers, and to contact the user about Services for which they have expressed interest. In order to use the Services, users must provide a username and password.
User Payment Information
When users order the Service, they must provide payment information (such as credit card number and expiration date). This information is used for one-time and recurring billing purposes according to the type of Services ordered and the terms pertaining thereto , and to fulfill users' orders. If we have trouble processing an order, personal information is used to contact the user. Payment information is stored in encrypted format, as more fully detailed below (see Security) and is used only to send to our credit card processor, for the purposes of collecting payment for Services rendered or to be rendered. We never make this information visible to anyone other than our credit card processor and never communicate it over a non-encrypted connection. The full credit card number is never seen by anyone inside our company, once entered and submitted, except by the credit card processor for the purposes of authorizing, clearing and reversing charges to your credit card.
Delivery of Services
Tinfoil Security's Services collect information about servers connected to the IPs or URLs given by the users during the registration process. IP's and URL's are checked to verify users' authority to require security vulnerability testing. No security vulnerability data is collected until the user requests it. Users can start and stop the Tinfoil Security's scan and data collection process by changing their settings in their Account Settings web page available on the Website to users. Tinfoil Security only collects information that can be accessed from the internet about users' computer(s) and/or that is provided by users via phone and/or e-mail and does not install software on the users' computer for this purpose.
We store personally identifying information that we collect, and log files to create a profile of our users. Users' profile is used to tailor users' visit to our Website and to direct pertinent marketing promotions to them.
Like most standard Web site servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. Session's Ids, IP addresses, etc. are not linked to personally identifying information in our database, except as entered by the user during registration. Session IDs and IP addresses entered during registration time by the user are tied to personally identifying information to enable the provision of our Services.
When you send email or other communications to Tinfoil Security, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. When you send and receive SMS messages to or from one of our services that provides SMS functionality, we may collect and maintain information associated with those messages, such as the phone number, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction. We may use your email address to communicate with you about our services.
From time-to-time our Website requests information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code). Survey information will be used for purposes of monitoring or improving the use and satisfaction of the Website and/or the Services.
Supplementation of Information
In order for the Website to properly function, it is necessary for us to supplement the information we collect with information from certain 3rd party sources, including Google Analytics and our credit card processor. We use www.namecheap.com as a certificate authority to process our users' credit card and virtual check transactions. We may also use other third party processors. We do not honor Do Not Track requests.
In addition to the above, we may use the information we collect from you, your website(s), and your computer to:
Aggregate Information (non-personally identifying)
We share aggregated demographic and security vulnerability information with our users, partners and advertisers. This is not linked to any personally identifying information.
Information Sharing and Disclosure
We do not commercialize or share any personally identifying information with 3rd parties, unless:
It is often necessary to send out a strictly Service-related announcement. For instance, if our Service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.
We communicate with users on a regular basis via email to provide requested Services, offers, or information. In regards to issues relating to their account, we reply via email or phone.
The Website contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our Website and to read the privacy statements of each and every Web site that collects personally identifying information. This privacy statement applies solely to information collected by the Website.
Tinfoil Security takes reasonable measures in order to safeguard users' personally identifying information.
Payment information (such as credit card number and/or social security number) and information about the security vulnerability of users' website is protected, by using Secure Sockets Layer (SSL) software, which encrypts the aforementioned information when viewed online.
While on a secured page, such as our order form, the lock icon on the bottom of Web browsers such as Firefox and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when users are just surfing.
In addition, we limit access to personally identifying information to employees who we believe reasonably need to receive such information to provide our Services or in order to do their jobs and take other precautions we deem reasonable to protect the security of users' personally identifying information.
However, users should be aware that we cannot fully guarantee the security of their personally identifying information. As in many computer systems, internet applications and software programs, unauthorized use, failure of hardware or software, etc. may be injuriousness to the confidentiality of users' personally identifying information.
If users have any questions about security, please contact us.
If a user's personally identifying information changes (such as zip code, phone, email or postal address), or if a user no longer desires our Service, we provide a way to correct, update or delete/deactivate users' personally identifying information. This can usually be done at the Registered User account settings page or by emailing our Customer Support through our contact page.
When a request for user deletion is received, we will make all reasonable efforts to purge said data from our systems. However, due to the nature of our service, some information may not be fully removed due to backups or archived copies.