AgileBits Privacy Policy

Much more than just a policy – 1Password is Private by Design

legal cat

Last updated: September 8th, 2017.

Introduction

Here at AgileBits we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have.

And since our business model involves selling a product for a reasonable price, we don’t need to harvest information as we never sell your data or use ads. Thanks to your support we have been able to say “no” to acquisitions and venture capitalists, which means we only answer to you, our customers.

We have developed this Privacy Policy to provide you with the information you need to know about how we collect and handle information, and outline your responsibilities to help you keep yourself safe using our products. Just a quick note: when we talk about “Services” we mean any and all of our websites, products, and services.

Information We Hold and How We Use It

We hold two kinds of information from our users to deliver Services: Secure Data, and Service Data. We treat both Secure Data and Service Data with the same high level of security and assurance, and both kinds of data are always confidential.

Secure Data is data that we cannot access under any circumstance, and includes any information you store in your 1Password account vaults. This data is encrypted using secure cryptographic keys that exist only in the possession and under the control of our customers. We have no way of accessing or providing decrypted Secure Data and we never receive copies of unencrypted Secure Data. Secure Data is your property, in which we claim no rights, title, or interest beyond that necessary to deliver Services to you. You may add, modify, and delete Secure Data at your discretion. If you do not have a 1Password account you cannot provide us with Secure Data.

Service Data is information that is not encrypted and is necessary for us to provide Services. Service Data includes but is not limited to server logs, billing information, number of vaults and number of items in vaults, company or family name, and email addresses. We do retain rights to Service Data.

In some cases we may collect Diagnostic Reports and other troubleshooting, bug, and crash reporting information from customers to help determine problems with Services. If you elect to use beta software, some troubleshooting, bug, and crash reporting data may automatically be transmitted to us. You may decide not to use beta software at your discretion. This data may contain sensitive and personally identifying information, but will never contain Secure Data. Copies of Diagnostic Reports and other information transmitted to us become our property which we may use to continually enhance and improve our Services. We consider Diagnostic Reports, bug, and crash reporting data, and all other troubleshooting information to be Service Data.

We may use your contact information to communicate with you about Service activity, provide support, and send you other information such as product updates and announcements. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.

Keeping Your Information Safe

We have implemented strict access controls to limit who can access Service Data. Only certain employees, vendors, and contractors of AgileBits have the ability to access or review Service Data, and Service Data is only accessed for valid business needs such as but not limited to providing customer service, evaluating Service performance and use, and monitoring and improving our infrastructure. We utilize nondisclosure agreements, firewalls, cryptographic protections, two factor authentication, and other standard measures to prevent unauthorized access to your information.

Under no circumstances do we ever use your Secure Data for any purpose other than transferring your encrypted Secure Data between your devices and delivering it to you, maintaining a copy in our databases to ensure that your devices are up to date and that you have a backup, and ensuring the integrity of your data.

The most important aspect of preserving the security of your data is that you can take it with you. You can export your 1Password data at any time you wish during the life of your account. If your account is ever suspended or terminated due to abuse or violation of our terms of service, we’ll work with you on a case by case basis to ensure you can export your data in a format that does not require a 1Password subscription to access.

Your Responsibilities for Protecting Your Data

When you create a 1Password account you will receive an Secret Key and create a Master Password. Your Secret Key is generated on your computer and your Master Password is something you create yourself. For your protection, you should create a strong Master Password to ensure that it is not easily guessed.

It is extremely important that you understand that anyone with both your Secret Key and Master Password can access your Secure Data. It is equally important that you keep a copy in a safe place for your own reference, because future access to your Secure Data depends on having access to both your Secret Key and your Master Password. We will never ask you for your Master Password or your full Secret Key, and you should never send either to us.

Due to the nature of our design and the sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to help you with certain customer service requests unless you are listed as an account owner and are communicating from your verified email address. In the event that you change your email address, is very important that you update your email on your 1Password account(s) or you may eventually lose access.

Cookies

We set and use cookies on our own domains and subdomains to provide an enhanced experience. We also use certain third party analytics packages that may set cookies on your computer. However both of these are optional. You can therefore disable cookies in your browser and continue to use our Services without impact.

Designed Primarily for Adults

We do not produce our Services for nor market our Services to children, including those thirteen years old or younger. However you may add your own children as users to our Services, but you are solely responsible for their use of our Services.

Disclosure

We have both policy and technological protections to prevent the unauthorized disclosure of information. However we do reserve the right to disclose any information we have if compelled to do so by a court of law with competent jurisdiction, and in such an event we will hand over requested Secure Data and Service Data. If permitted by the order issued by the court, we will notify you of such a request and whether or not we have complied. However your Secure Data should remain private as long as you keep to your Responsibilities for Protecting Your Data as outlined above. If we have a reasonable and good faith belief that a disclosure is necessary to prevent criminal activity or damage to life or property, we may disclose Service Data to the authorities.

In the case of 1Password Families and Teams, we may provide Administrator, Owner, or Organizer contact information to verified members of a 1Password Team or Family. In such cases we may also communicate Service Data specific to particular requests between users and Administrators, Owners, and Organizers.

We have never and will never sell customer information. We use your Secure Data for no purpose other delivering it to your devices.

If you send us email or Service Data, that information will be maintained on servers provided by our vendors in the United States.

Updates to our Privacy Policy

At our discretion we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. Previous versions will be made available from this page.

A Quick Note

We love you, our customers, so we don’t want to saddle you with endless agreements and contracts. This Privacy Policy is an internal and binding Policy at AgileBits, it is not an agreement or contract with you. From the ground up, our software design puts encryption before policy, and makes sure that even a policy change cannot enable us to access your Secure Data. If you would like to learn more about our security design and how we view your privacy, we invite you to explore our Security and Privacy knowledge base.

Contact Us

If you have any questions about this Policy, you can contact our support team or write us by mail at:

317 Adelaide Street West, Suite 910
Toronto, Ontario
M5V1P9, Canada

🙌 Thanks for reading! ❤️

Change log

2017-09-08:

We clarified how we help you keep your data when we part ways.

We also expanded on how your Secure Data is handled on our end.
Archived revisions.