Last updated: January 10, 2024

This Privacy Policy pertains to the websites owned and operated by BizDolphin Ltd., conducting business as Dolphin Passwords (referred to as Dolphin Passwords, We, Us, or Our). The policy outlines how Dolphin Passwords gathers and utilizes personal data acquired through the Website (including, but not limited to, dolphinpasswords.com) and Services accessible through Dolphin Passwords applications’ logins. Additionally, it elucidates individual rights concerning the utilization, access, and procedures for updating, rectifying, or deleting personal information. The utilization of information obtained through Our Services is strictly confined to the purpose of providing the Service for which Dolphin Passwords is enlisted.

If you have questions or complaints regarding this Privacy Policy or Our practices, please contact Us via email at support@bizdolphin.com.

We prioritize your privacy and uphold the right to privacy for each individual. This privacy policy articulates Dolphin Passwords’ collection and processing of personal data, outlining the methods, purposes, and safeguards associated with such processes. Our commitment to safeguarding the privacy and security of your personal data is further detailed in this Privacy Policy. Information gathered and utilized on Our Website strictly adheres to the guidelines outlined in this Privacy Policy. To provide insight into our data collection practices when you visit Our Site, we have formulated this Privacy Policy, elucidating the information gathered, the reasons behind its collection, and how it is utilized. Your usage of this website implies your consent to the data practices outlined in this Privacy Policy.

Your data is exclusively utilized to deliver the services you enroll in and enhance your user experience during visits to our website. As a company focused on providing Dolphin Passwords products and services to our customers, we have no intention or interest in using or transferring the limited data we collect for any purposes beyond the scope of our services.

Who are You

Unless otherwise noted, we refer you, the Customer, as an owner or organizer of an individual, family, team, or business account.

Information Collected Through the Dolphin Passwords Services

We gather certain data from you to facilitate the provision of Dolphin Passwords products and services, along with the usage of our website. You directly furnish certain information, such as when you establish a Dolphin Passwords account, register for events or webinars, or reach out to us for support – with this data being limited to your email address. Additionally, we acquire restricted data from your interaction with Dolphin Passwords products and services, encompassing your IP address and the make and model of the device used to access or utilize Dolphin Passwords products or services.

We leverage your personal data to furnish services related to the utilization of your Dolphin Passwords account, ensuring a comprehensive customer experience through our support services. Specifically, your data is employed for the provision of Dolphin Passwords services, encompassing tasks such as updates, security enhancements, troubleshooting, and delivering support.

The following is a more detailed description of the types of Dolphin Passwords account user data:

We process two kinds of user data to deliver our services: (i) Secure Data and (ii) Service Data. Both are treated securely with respect for customer privacy and data confidentiality, but there are important technical and usage differences.

(i) Secure Data

Secure Data refers to information within Dolphin Passwords accounts that remains inaccessible for decryption under any circumstance. This category includes all data stored within safes. The encryption of such data is executed using secure cryptographic keys solely possessed and controlled by our customers. We lack the means to access or furnish decrypted Secure Data, and no copies of unencrypted Secure Data are ever received by us.

Your Secure Data is unequivocally your property. We assert no rights over it beyond what is essential to provide services to you. You retain the freedom to add, modify, and delete Secure Data at your discretion. It’s important to note that without a Dolphin Passwords account, you are unable to furnish us with Secure Data.

(ii) Service Data

We inevitably collect Service Data pertaining to your usage of Dolphin Passwords, your account, and your payments as part of operating our services. We retain only the necessary amount of Service Data required for the operation and maintenance of our services. Importantly, these data are exclusively utilized for the purpose of operating and maintaining the services and are never employed for any other purpose.

Service Data is treated with utmost confidentiality. It is accessible solely to our staff and encompasses various elements, including but not limited to server logs, billing information, client IP addresses, the count of safes and items within safesSafe, company or family name, and email addresses. Additionally, Service Data incorporates the profile name you provide and any optional images uploaded as part of your profile at your discretion.

While you are utilizing our services, we reserve the right to retain and utilize Service Data to deliver our services, address issues, analyze the performance and demands on our services, and furnish our payment processors with the necessary information for payment processing. This retention and usage are strictly aligned with the operational requirements of providing and maintaining our services.

(iii) Diagnostic Data (Optional)

Diagnostic Data represents a subset of Service Data that is not automatically gathered or essential for the operation of our services.

There are instances where we may request diagnostic reports, troubleshooting details, bug reports, and crash reports from customers to aid in identifying and resolving issues with our products and services. This information is only shared with us on a case-by-case basis or by users who expressly opt into our beta software programs or explicitly choose to provide diagnostic data to us.

Diagnostic Data may include sensitive details about your devices and operating environment, along with personally identifying information. While there are instances where we may request Diagnostic Data to assist you with a problem, it’s important to note that you are never obligated to provide such information. The decision to share Diagnostic Data remains entirely at your discretion.

It’s crucial to emphasize that diagnostic data never encompasses decrypted Secure Data. Furthermore, we want to reassure you that we will never request your Master Password, prioritizing the security and confidentiality of your sensitive information.

Keeping Your Information Safe

We acknowledge and embrace our responsibility to safeguard both Service Data and Secure Data. Employing stringent access control mechanisms, network isolation, and encryption, we ensure that only authorized personnel have access to Secure and Service Data. Furthermore, it’s crucial to note that even those with access to Secure Data cannot decrypt it, reinforcing the security measures in place.

Information Collected from Your Use of Our Website

In specific sections of Our Website, we may request your personal information to enhance your site visit, offer technical support, or follow up with you after your visit. Participation in providing such information is entirely optional. Examples include:

  • Subscribe to a newsletter
  • Participate in promotional offers
  • BizDolphin uses your information for specific purposes. Your information may be used to:
  • Send you requested information about Dolphin Passwords
  • Provide support
  • Market Dolphin Passwords products or Services to you
  • Provide you with access to Dolphin Passwords Services
  • Personal information you provide will be kept confidential and used to support your customer relationship with Our company.

All email communication with you will be based on an Opt-In approach, entirely at your discretion. Periodically, we may send you email communications containing valuable information, including details about our products and services or offerings from affiliates or business partners. When you provide us with your email address for the first time, you’ll have the option to refrain from receiving such email communications. Our email messages will include instructions on how to unsubscribe if, at any point, you decide not to receive any future email communications. You have the flexibility to opt-out of further marketing from Dolphin Passwords at any time by reaching out to us at the address below and expressing your desire to have your name removed from our lists.

Information Sharing and Disclosure to Third Parties

Agents or contractors working on behalf of Dolphin Passwords may have access to your personal information to carry out specific services. Any such agents or contractors with access to your personal information are bound by data processing and confidentiality obligations. These obligations require them to maintain the confidentiality of the information and refrain from using it for any purpose other than executing the services they are performing for Dolphin Passwords.

Unless explicitly stated otherwise, or unless mandated by law, we do NOT sell or rent your personal information to any third parties. However, we may share your personal information with our service providers, such as our hosting services providers. In the event that you opt to participate in a survey, focus group, etc., we may also share de-identified data with our customers.

The information gathered from you is solely utilized for the purpose of completing and supporting your transactions with BizDolphin, as well as facilitating your use of the site, and to comply with legal obligations. BizDolphin may disclose personal information in situations where it is required by law or when there is a good faith belief that such action is essential to: (1) adhere to legal directives or comply with legal processes served on Dolphin Passwords or this site; (2) safeguard and uphold the rights or property of BizDolphin; or (3) respond to urgent circumstances to ensure the personal safety of Dolphin Passwords users, its websites, or the public. We may collect and, if necessary, share your information to investigate, prevent, or take action against illegal activities, suspected fraud, potential threats to the physical safety of individuals, violations of our terms and conditions posted on our websites, or as otherwise mandated by law.

In the event that BizDolphin engages in a merger, acquisition, or the sale of its assets, you will be informed through email and/or a conspicuous notice on our website about any alterations in ownership or the utilization of your personal information. This notification will also include any choices you may have concerning the handling of your personal information. Additionally, we may disclose your personal information to any other third party, but only with your explicit prior consent.

Compliance with the laws

BizDolphin fully complies with applicable data protection laws.

Data Location

Customer support system

Our customer support and email services are predominantly hosted in the United Kingdom. Any information you opt to send us via email or our customer support system may traverse through and be stored on various intermediate services. For added security, you have the option to encrypt your emails to us using our PGP public key.

Third-Party Data Processors

The data pertaining to your security and service is entrusted to third-party data processors, who furnish us with hosting and other infrastructure services. As mentioned earlier, the locations of these processors have been outlined. While we cannot guarantee this in all instances, in many cases, even the service data retained by these entities is encrypted, and the decryption keys are exclusively held by us.

Data needed to process payments is collected by our payment processor, Stripe, Inc., which conforms to the U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “DPF”). See https://stripe.com/legal/data-privacy-framework.

Contacting You

We may utilize the contact information you provided, including the contact email address, to communicate with you regarding service-related activities, offer support, and share additional information such as product updates and announcements. You have the option to opt-out of receiving communications from us, excluding crucial notifications like billing and account security alerts.

Your Responsibilities for Protecting Your Data

Given the nature of our design and the sensitivity of the information you confide in us, even in encrypted form, there might be limitations in assisting with certain customer service requests unless you are explicitly listed as an account owner and communicate from your verified email address. It is crucial that, in the event of an email address change, you promptly update the email associated with your Dolphin Passwords account(s) to avoid potential loss of access.

Data Protection Principles that We Practice

(i) Data Portability

Our goal is to have satisfied customers, not ones feeling restricted. We have no intention of locking you out of your own data. It’s important to note, though, that while we won’t impede your access, we are unable to decrypt your Secure Data; you will require your Master Password to decrypt it.

You are empowered to export your Dolphin Passwords data at any time while your account is active. If you choose to discontinue payment, your account will enter a frozen (read-only) state for a minimum duration of six months. During this period, you maintain the capability to retrieve and export your data.

It’s important to note that the export is limited to your Secure Data. Safe permissions, the structural aspects of groups of individuals, and other information pertaining to the relationship between individuals and data are not guaranteed to be included in the export.

(ii) Your Right to Know to What We Know

You possess the right to be informed about the information we have regarding you and to observe how that data is managed. If desired, you can request a screenshot displaying the information we have about you in our back-office systems. However, to safeguard customer privacy, such requests must undergo thorough authentication, extending beyond merely demonstrating control of the customer’s email address.

(iii) Your Right to Have Your Data Erased

As stewards of your data, account owners possess the authority to direct us in permanently erasing their data from our systems. To safeguard against the inadvertent deletion of anyone’s data without explicit consent, it is imperative to initiate the account deletion process during an authenticated session. Subsequent to the successful deletion of your account, the account owner retains the option to reach out to us, requesting the expunging of their data. Upon authentication of the request, the data will be promptly removed from our active systems within a 72-hour timeframe.

The imperative for disaster recovery and adherence to data availability standards establishes BizDolphin’s legitimate interest in maintaining secure and immutable backups. Our backup retention policy spans 90 days. It is crucial to note that erasure requests, while honored for active data, will not impact the integrity of our backups. Data removal from backups will only occur when legally mandated, ensuring compliance with applicable laws and regulations.

(iv) Your right to access and control your personal data

For the management of your personal data and the exercise of your data protection rights, please feel free to contact BizDolphin at support@bizdolphin.com.

Moreover, you hold the capability to add, remove, edit, or modify any data within the Dolphin Passwords service. If you are affiliated with an organization granting you access to a Dolphin Passwords account and related services, please be aware that certain restrictions may apply based on your affiliate organization’s privacy policies or similar regulations. For more detailed information, kindly refer to the section under Dolphin Passwords Product or Account provided by your Organization.

Chat Bots

We employ chatbots and automated communication tools to enhance your interactions with us through our Services. These tools have the capability to collect and retain the contents of any communications you transmit through them. Additionally, they may gather analytics information, including device and usage details. For the purpose of tool provision, enhancing customer support, and internal marketing efforts, we may share this information with our pertinent service providers.

Cookies and Other Tracking Devices

First of all, we do not use third-party trackers in our web application (my.Dolphin Passwords.com), or our client applications for macOS, Windows, Linux, Android or iOS. However, we set and use cookies (small text files placed on your device) and other tracking devices on our own domains and subdomains to store settings that assist with identifying your account for sign-in. For the purposes of this section, we will call both cookies and other tracking devices “cookies.” We also use third-party packages and trackers for our public pages that may set cookies on your computer. These cookies collect identifiable information that allows us to better understand our audience and serve more relevant advertisements to visitors once they leave the Dolphin Passwords website. We also use these cookies to understand broad and anonymous user behavior when you visit the Dolphin Passwords.com websites. Such user behavior includes time spent by a visitor on the website, most visited webpage, etc.

What Types of Cookies Do We Use and Why?

The following information lists the different types of cookies implemented on Dolphin Passwords.com websites, examples of who serves those cookies, and links to the privacy notices of those cookie servers. Because the specific cookies we use may vary over time, as well as differ by the specific page you are browsing, the information below is illustrative only.

Essential Cookies

Purpose : These cookies are essential for the website to function properly. They enable basic website functionality, such as account permissions and security.

Who Serves these Cookies : Dolphin Passwords, Google

Functional Cookies

Purpose : Functional cookies are used to support and enhance website functionality. Information collected through functional cookies may be available to third parties.

Who Serves these Cookies : Dolphin Passwords

Analytics Cookies

Purpose : Analytics cookies help us understand how visitors interact with our website, enabling us to improve user experience and optimize our content. Information collected through analytics cookies may be available to third parties.

Who Serves these Cookies : Google

Marketing Cookies

Purpose : We use marketing cookies to personalize your experience, show you targeted ads, and analyze the effectiveness of our marketing campaigns. Information collected through marketing cookies may be available to third parties.

Who Serves these Cookies : Google

We do not use cookies in a manner that discloses to third parties that a specific person viewed specific video materials. However, we may use embedded video content that provides you access to content hosted on third party websites. The hosts of such embedded videos may place cookies on your device when you view their content. Any cookies or other information collected through such embedded videos are subject to the terms of the provider’s privacy policy.

How Long Do Cookies Stay on My Device?

Some cookies operate from the time you visit the Dolphin Passwords websites until the end of that particular browsing session. These cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser. Some cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These cookies are called “persistent cookies” and the length of time they will remain on your device will vary from cookie to cookie. Persistent cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Website, how your use of the Services may change over time, and the effectiveness of advertising efforts.

Managing Cookies

You may disable cookies in your browser at any time. Please note that disabling all cookies may result in performance issues on our website. Client applications, including web browsers, will store information about your account to assist with future sign-ins and keep some information available to you when you are not signed in. Users may remove all such information from their devices, but doing so will require that they provide complete information (account details, Master Password) on subsequent sign-ins. We also provide you with the ability to opt-out of non-essential cookies through the tools available in the footer of our webpage.

Consent for Underage Enrollment

Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers and team owners are responsible for that authorization when they add someone under the age of 16 to an account.

Disclosure

We are committed to adhering to relevant laws and contractual agreements with our customers when it comes to disclosing Service Data and encrypted Secure Data to law enforcement agencies. If legally permissible, we will notify you of such requests and whether compliance has been met. It’s important to note that your Secure Data remains encrypted with keys that are not within our possession, hence, any disclosure of Secure Data will only occur in encrypted form.

Certain Service Data is accessible to family account organizers and team owners. Under specific and limited circumstances, we may provide certain information to non-owner members of these accounts. Account owners will receive notification in such instances.

Breach Notification

In the event of a breach, we acknowledge our responsibility to our customers and the public. We are committed to promptly disclosing the nature of the risk and providing a transparent account of the events without unnecessary delay. Our actions align with relevant legal requirements, specifically adhering to the Canadian data privacy breach notification requirements and the GDPR-related obligations for data breach notification.

Updates to our Privacy Policy

We reserve the right to make changes to this Policy at our discretion, and the date of the last revision will be indicated. If you wish to stay informed about updates to our Privacy Policy, it is advisable to check here regularly. Additionally, we retain the right to notify you via email in the case of significant changes. Previous versions of the policy will be accessible from this page.

Contact Us

If you have any questions about this Policy, you can contact us at support@bizdolphin.com

Supervisory Authority

If you have concerns or complaints about this policy or practices with regard to that you do not feel you can resolve through contacting us, you should bring those concerns to your local regulatory authority.

Glossary

BizDolphin, we, our, Service Provider

BizDolphin Ltd., a United Kingdom company. Owners and operators of Dolphin Passwords. As Data Processors, we include BizDolphin’ employees and subcontractors appointed by BizDolphin.

Data Processor

Data Processor as defined by the GDPR. We and the subprocessors (hosting services, payment processors) we appoint are the Data Processors.

Master Password

A user secret that, is necessary to decrypt Secure Data.

BizDolphin staff, staff

Our Directors, employees, and subcontractors

GDPR

European Union’s General Data Protection Regulation

Decrypt

Decryption transforms encrypted data back to its original form. It cannot be performed without the appropriate cryptographic key.

Encrypt, Encryption

Encryption transforms usable data into a form that conceals all information contained in the original data. This data transformation uses a cryptographic key.

Owner, Organizer

Business and Family accounts, which allow for multiple members, will have Owners or Organizers. Owners and Organizers have some rights over the data belonging to members of the Business or Family.

Personal Data

As defined under applicable data protection laws.

Subprocessor

Anyone other than us who we have appointed to process customer data. Subprocessors can see no more data than we can see. Examples include our data hosting providers and payment processors.

Supervisory Authority

A local regulator under the GDPR which has the job of seeing that we protect your data properly.

Secure Data

Data encrypted with keys derived from the user’s Master Password. This data cannot be decrypted by BizDolphin.

Service Data

Data about a user account, which is available to BizDolphin.

You, Data Subject

You are the Data Subject as defined in the GDPR. In general, we are addressing “you” as the Owner or Organizer of an Individual, Family, Team, or Business account.