About Your Privacy
As an anonymous suggestion box service, we know that privacy is paramount. Your privacy is very important to us, and it’s also important to us that you understand in plain English how we use your data and what your rights are.
Some basic things to know, before we get into the legal details:
For those submitting responses
- By default, Suggestion Ox does not request personally-identifying information such as name or email address. However, suggestion box owners may request that kind of information by setting up custom fields. It is your decision whether to submit personal information.
- No information about your web browser, IP address or anything related to your computer or web connection is saved with responses. The ONLY information that is saved is the text of your response.
- You will never be asked to create an account or perform any other action that would tie your response back to you. See Private Anonymous Replies, in the following section.
Private Anonymous Replies
- Box owners may choose to enable the private anonymous replies feature, which will request or require the suggestion-giver to include an email address. This email address will be encrypted within our database and made anonymous from the box owner. They can respond, but cannot see the email address. We will not share these email addresses with anyone unless compelled to do so by law enforcement or legal order.
For our customers creating suggestion boxes
- We require a valid email address to create a suggestion box and to receive your suggestions, but that email will NEVER be shared with any other party. Period.
- Your list of responses are saved in your password-protected account. No one besides you has access to those responses.
- Your password is encrypted in our database, and cannot be retrieved by anyone at Suggestion Ox. If you forget your password, you will need to use the Lost Password function on the Login screen to reset your password. No one at Suggestion Ox will ever ask you for your password.
- No other identifying information is saved with responses you receive. We don't have a "back door" or additional information about any response you receive. Even if we wanted to (which we don't), there is no way for us to provide any additional information about who or where the responses came from. This is truly anonymous.
Information we collect
When you visit our website: Our servers automatically log your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other standard data provided by your web browser.
When you register for an account: We ask for your email address. This information is mandatory, as we use it for account login, to email you suggestions you may receive, and to contact you about your account.
When you submit a response: No information about your web browser, IP address or anything related to your computer or web connection is saved with responses. The ONLY information that is saved is the text of your response.
Our legal bases for collecting and processing information
We only collect and process information about you only where:
- it’s necessary for us to provide you with service;
- it satisfies a legitimate interest, such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (eg. entering your email address so we can create an account and send you submitted suggestions); or
- we need to process your data to comply with a legal obligation.
When you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this won’t affect any service we have already provided to you.
We retain information for our sales records and to facilitate additional support. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
While we retain this information, we’ll protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.
Collecting and using information
We collect, hold, use and disclose information for the following purposes:
- to provide suggestion box service to you;
- to process your subscription payments;
- to enable you to access and use our website and associated applications;
- to contact and communicate with you about your account;
- for internal record keeping and administrative purposes;
- for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms; and
- to comply with our legal obligations and resolve any disputes that we may have.
Disclosure of personal information to third parties
Suggestion Ox is supported by third-party providers to facilitate the provision of a transactional website. These include DNS management, web hosting, subscription management, payment processing (Stripe) and Google Analytics.
We will comply with government and law enforcement requests for data, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.
We do not sell or rent your personal information to marketers or third parties.
International transfers of personal information
The data we retain is stored and processed in USA, and/or where we and our third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
Your rights as our user
Restrict: You may choose to restrict the collection or use of your personal information by contacting us using the details on our website. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below, and we will take reasonable steps to rectify the issue.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can perform certain functions and understand how you use our site. We use first-party and third-party cookies to enable Suggestion Ox service, subscriptions and payments.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
About this policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
At our discretion, we may update this policy to reflect current acceptable practices. We will take reasonable steps to let users know about significant changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around data and personal information.
If you have any concerns or questions about how we handle your data and personal information, feel free to contact us at firstname.lastname@example.org, or via any other method at http://www.suggestionox.com/privacy. We genuinely welcome your questions.
This policy was last updated on January 6, 2019.
Box holders entrust Suggestion Ox with their information. Here’s what we do to maintain that trust:
- Authentication: Your account data is logically segregated by account-based access rules – in other words your account has your account information only and not someone else’s, because that would be confusing. User accounts have unique usernames and passwords when you log on. Suggestion Ox issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
- Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed. This means if you want to uber-protect your box you can put in a complex password. We do not recommend “Passw0rd1”
- Data Portability: Suggestion Ox enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications, or print a copy and fax it to your Aunt Eugenia.
Data Residency: Suggestion Ox user data is limited to email address and password of the box owner only. All data is stored in the United States, where it enjoys a comfortable lifestyle and is confused over the political culture here.
- Valid Certificate: Suggestion Ox maintains a valid, trusted server certificate, which is renewed by a qualified certificate renewing expert.
- Secure TLS Connection: Suggestion Ox uses a strong protocol version and cipher suite.
- Patching: The latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities, and because Suggestion Ox likes to be trendy.
- We limit the number of employees who have access to customer data to a bare minimum. Each employee with access has carefully-monitored hardware and software to prevent malicious hijacking of information.
- All employees and contractors receive training on recognizing and avoiding social engineering and other attempts to gain access.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Suggestion Ox learns of a security breach, we will tell you about it so that you can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
Keeping your data secure also depends on you maintaining the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.
This policy was last updated on April 21, 2019.