Posted and effective as of 4 June, 2016


Please read this privacy policy carefully. It applies to all interactions you have with SpiderOak’s web services and apps.

Note that SpiderOak has several different products and services:

  • SpiderOakONE, a consumer-focused cloud storage
  • SpiderOak Groups, cloud storage for teams
  • Enterprise Backup, cloud-based backup for companies
  • SpiderOak Semaphor, a team collaboration tool
  • SpiderOak Kloak, a private communications network
  • SpiderOak Encryptr, a cloud-based password manager

When we collect, store, use, or share information differently among these products, we’ll note that below.

The Information We Collect

Account Information. When you create a SpiderOak account, we ask you to choose a username and passphrase. You may use your email address as your username, but it’s not required.

If you select a SpiderOak plan that requires payment, we’ll also ask you for billing information.

Information About Your Use of SpiderOak. We receive some information automatically when you use any SpiderOak product. This includes data about your device, software, and the operating system you use when accessing our service, approximate amount of data stored on our service, your Internet Protocol address, system-generated error messages for your account, and the date and time of each request you make to SpiderOak. Additionally, some of our products have access to your team or group name and the number of members in a team.

How We Use Your Information

We use your personal information to keep SpiderOak running, understand how you use our service, customize your experience, prevent abuse, provide customer support, sell and market our products, and improve SpiderOak. We use your information internally only as necessary to accomplish these goals.

How We Disclose Your Information

We share your personally identifiable information only in the limited circumstances below. SpiderOak never sells your information or shares it with third-party advertisers.

With your permission. We may share you information with your consent, after letting you know what information will be shared and with whom.

In response to the law. We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order (e.g., an order under 18 U.S.C. § 2705(b)). We may disclose your information without giving you prior notice if we believe it’s necessary to prevent imminent and serious bodily harm to a person. Nothing in this policy is intended to limit any legal objections or defenses you might have to demands to compel disclosure of your information, including demands from the government.

With third parties helping us provide SpiderOak. We may share you information with third-party services helping us provide our products and services. Those third parties access and use the information we share with them only on our behalf. They include Stripe, PayPal, ZenDesk, and Base CRM. Please note that this Privacy Policy explains SpiderOak’s practices only, and doesn’t cover the practices of other services. Take a look at those companies’ privacy policies to learn more about their data practices.

With Groups, Enterprise Backup, and Semaphor admins. If you use our Groups, Enterprise Backup, or Semaphor products, your administrator may be able to access and control your account. Refer to your organization’s internal policies for more information.

With other users. When you share files with others through SpiderOak, your username, share id and/or first and last name may be visible to other people.

Aggregate information. We may disclose aggregate, non-identifying information about how our users use SpiderOak products.

Sale or merger. If all or part of SpiderOak is sold, merged, or otherwise transferred to another company in the future, your information may be transferred as part of that transaction. If that happens, SpiderOak will take reasonable steps to make sure your information continues to be treated consistently with this privacy policy.

Web Tracking Policy

We are proud that we don’t use Google Analytics. We don’t allow other third-party tracking on our service, either.

We use cookies to enable our servers to recognize your web browser and tell us how and when you use the SpiderOak websites. We use cookies to identify whether you have logged in and recognize that your web browser has accessed our servers before, and we may associate that information with your account. Most browsers have an option for disabling cookies, but if you disable them you may not be able to log into your SpiderOak account.

Account Termination

You can disable your SpiderOak account at any time by signing in and canceling it either online or in the application itself. This means your user account will no longer be active on our service, and your data will be automatically deleted in the normal course of business with no further notice to you.

Data Security

SpiderOak products are designed to have several layers of security.

  • We encrypt files that you upload to SpiderOak servers using the AES- 256 algorithm. You control your encryption keys, and SpiderOak does not have access to them.
  • We use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to create a secure tunnel to protect data in transit between SpiderOak apps and servers.
  • We don’t store your account passphrase on our servers in any form. Your passphrase is only on your device, and we hash and salt it to help protect it against possible compromise.
  • We limit the number of SpiderOak employees who have access to user data through policy and technical access controls.

No transmission over the internet is completely secure, so we can’t absolutely guarantee that unauthorized parties won’t be able to defeat our security measures. You use SpiderOak at your own risk, and are responsible for taking reasonable measures to secure your account (such as choosing a strong, unique passphrase and keeping it secret).

We are always on the lookout for vulnerabilities in SpiderOak. If you discover a vulnerability in our service, we would be grateful for your report and encourage you to let us know immediately. If you give us reasonable time to respond to your report before making any information public, and make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not pursue any legal action against you or ask law enforcement to investigate your actions.

To report a security vulnerability, please email

Changes to This Policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at If we make changes that we believe will substantially alter your rights, we will post the revisions 7 days before they take effect so you can review them.


We would love to hear from you. SpiderOak welcomes questions, concerns, and feedback about this policy. If you have suggestions for us, let us know at