Posted and effective as of 4 June, 2016
Note that SpiderOak has several different products and services:
When we collect, store, use, or share information differently among these products, we’ll note that below.
Account Information. When you create a SpiderOak account, we ask you to choose a username and passphrase. You may use your email address as your username, but it’s not required.
If you select a SpiderOak plan that requires payment, we’ll also ask you for billing information.
Information About Your Use of SpiderOak. We receive some information automatically when you use any SpiderOak product. This includes data about your device, software, and the operating system you use when accessing our service, approximate amount of data stored on our service, your Internet Protocol address, system-generated error messages for your account, and the date and time of each request you make to SpiderOak. Additionally, some of our products have access to your team or group name and the number of members in a team.
We use your personal information to keep SpiderOak running, understand how you use our service, customize your experience, prevent abuse, provide customer support, sell and market our products, and improve SpiderOak. We use your information internally only as necessary to accomplish these goals.
We share your personally identifiable information only in the limited circumstances below. SpiderOak never sells your information or shares it with third-party advertisers.
With your permission. We may share your information with your consent, after letting you know what information will be shared and with whom.
In response to the law. We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, our policy is to provide you with notice unless we are prohibited from doing so by law or court order (e.g., an order under 18 U.S.C. § 2705(b)). We may disclose your information without giving you prior notice if we believe it’s necessary to prevent imminent and serious bodily harm to a person. Nothing in this policy is intended to limit any legal objections or defenses you might have to demands to compel disclosure of your information, including demands from the government.
With Groups, Enterprise Backup, and Semaphor admins. If you use our Groups, Enterprise Backup, or Semaphor products, your administrator may be able to access and control your account. Refer to your organization’s internal policies for more information.
With other users. When you share files with others through SpiderOak, your username, share id and/or first and last name may be visible to other people.
Aggregate information. We may disclose aggregate, non-identifying information about how our users use SpiderOak products.
You can disable your SpiderOak account at any time by signing in and canceling it either online or in the application itself. This means your user account will no longer be active on our service, and your data will be automatically deleted in the normal course of business with no further notice to you.
SpiderOak products are designed to have several layers of security.
No transmission over the internet is completely secure, so we can’t absolutely guarantee that unauthorized parties won’t be able to defeat our security measures. You use SpiderOak at your own risk, and are responsible for taking reasonable measures to secure your account (such as choosing a strong, unique passphrase and keeping it secret).
We are always on the lookout for vulnerabilities in SpiderOak. If you discover a vulnerability in our service, we would be grateful for your report and encourage you to let us know immediately. If you give us reasonable time to respond to your report before making any information public, and make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not pursue any legal action against you or ask law enforcement to investigate your actions.
To report a security vulnerability, please email firstname.lastname@example.org.
We would love to hear from you. SpiderOak welcomes questions, concerns, and feedback about this policy. If you have suggestions for us, let us know at email@example.com.