Privacy and Security

About Your Privacy

As an anonymous suggestion box service, we know that privacy is paramount. Your privacy is very important to us, and it’s also important to us that you understand in plain English how we use your data and what your rights are.

Some basic things to know, before we get into the legal details:

For those submitting responses
  • When you submit a response with Suggestion Ox, you are never asked to include your name, email or any other identifying information.
  • No information about your web browser, IP address or anything related to your computer or web connection is saved with responses. The ONLY information that is saved is the text of your response.
  • You will never be asked to create an account or perform any other action that would tie your response back to you.
  • Submitting a response with Suggestion Ox does not require the use of cookies.
For our customers creating suggestion boxes
  • We require a valid email address to create a suggestion box and to receive your suggestions, but that email will NEVER be shared with any other party. Period.
  • Your list of responses are saved in your password-protected account. No one besides you has access to those responses.
  • Your password is encrypted in our database, and cannot be retrieved by anyone at Suggestion Ox. If you forget your password, you will need to use the Lost Password function on the Login screen to reset your password. No one at Suggestion Ox will ever ask you for your password.
  • No other identifying information is saved with responses you receive. We don't have a "back door" or additional information about any response you receive. Even if we wanted to (which we don't), there is no way for us to provide any additional information about who or where the responses came from. This is truly anonymous.

Information we collect

When you visit our website: Our servers automatically log your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other standard data provided by your web browser.

When you register for an account: We ask for your email address. This information is mandatory, as we use it for account login, to email you suggestions you may receive, and to contact you about your account.

When you submit a response: No information about your web browser, IP address or anything related to your computer or web connection is saved with responses. The ONLY information that is saved is the text of your response.

When you choose a paid plan: We require your payment details, but all payment transactions are handled through Stripe, and are governed by Stripe’s privacy policy.

Our legal bases for collecting and processing information

We only collect and process information about you only where:

  • it’s necessary for us to provide you with service;
  • it satisfies a legitimate interest, such as for research and development, to market and promote our services, and to protect our legal rights and interests;
  • you give us consent to do so for a specific purpose (eg. entering your email address so we can create an account and send you submitted suggestions); or
  • we need to process your data to comply with a legal obligation.

When you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this won’t affect any service we have already provided to you.

We retain information for our sales records and to facilitate additional support. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

While we retain this information, we’ll protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.

Collecting and using information

We collect, hold, use and disclose information for the following purposes:

  • to provide suggestion box service to you;
  • to process your subscription payments;
  • to enable you to access and use our website and associated applications;
  • to contact and communicate with you about your account;
  • for internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms; and
  • to comply with our legal obligations and resolve any disputes that we may have.

Disclosure of personal information to third parties

Suggestion Ox is supported by third-party providers to facilitate the provision of a transactional website. These include DNS management, web hosting, subscription management, payment processing (Stripe) and Google Analytics.

We will comply with government and law enforcement requests for data, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.

We do not sell or rent your personal information to marketers or third parties.

International transfers of personal information

The data we retain is stored and processed in USA, and/or where we and our third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.

Your rights as our user

Choice and consent: By providing your information to us, you consent to us collecting, holding, using and disclosing it in accordance with this privacy policy. You are free to refuse our request for information, with the understanding that we may be unable to provide you with service. If you’re under 18 years of age, you must supply evidence of your parent or legal guardian’s knowledge and permission of you providing us with information.

Information from third parties: If we receive information about you from a third party, we’ll protect it as set out in this privacy policy. If you are a third party providing information about somebody else (eg. an agency operating on behalf of a client), you represent and warrant that you have that person’s consent to provide their information to us.

Restrict: You may choose to restrict the collection or use of your personal information by contacting us using the details on our website. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.

Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below, and we will take reasonable steps to rectify the issue.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Cookies

A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can perform certain functions and understand how you use our site. We use first-party and third-party cookies to enable Suggestion Ox service, subscriptions and payments.

If you do not wish to accept cookies from us, you should instruct your browser to refuse cookies from https://www.suggestionox.com, understanding that we may be unable to provide you with service without them.

Business transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.

About this policy

This privacy policy only covers suggestionox.com’s own collecting and handling of data. We only work with partners and third-party providers whose privacy policies align with ours, however we cannot accept responsibility or liability for their respective privacy practices.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

At our discretion, we may update this policy to reflect current acceptable practices. We will take reasonable steps to let users know about significant changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around data and personal information.

If you have any concerns or questions about how we handle your data and personal information, feel free to contact us at support@suggestionox.com, or via any other method at http://www.suggestionox.com/privacy. We genuinely welcome your questions.

This policy was last updated on January 6, 2019.


Security

Box holders entrust Suggestion Ox with their information. Here’s what we do to maintain that trust:

Users

  • Authentication: Your account data is logically segregated by account-based access rules – in other words your account has your account information only and not someone else’s, because that would be confusing. User accounts have unique usernames and passwords when you log on. Suggestion Ox issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
  • Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed. This means if you want to uber-protect your box you can put in a complex password. We do not recommend “Passw0rd1”
  • Data Portability: Suggestion Ox enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications, or print a copy and fax it to your Aunt Eugenia.
  • Data Residency: Suggestion Ox user data is limited to email address and password of the box owner only. All data is stored in the United States, where it enjoys a comfortable lifestyle and is confused over the political culture here.

Network Security

  • Valid Certificate: Suggestion Ox maintains a valid, trusted server certificate, which is renewed by a qualified certificate renewing expert.
  • Secure TLS Connection: Suggestion Ox uses a strong protocol version and cipher suite.

Vulnerability Management

  • Patching: The latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities, and because Suggestion Ox likes to be trendy.

Access Management

  • We limit the number of employees who have access to customer data to a bare minimum. Each employee with access has carefully-monitored hardware and software to prevent malicious hijacking of information.
  • All employees and contractors receive training on recognizing and avoiding social engineering and other attempts to gain access.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Suggestion Ox learns of a security breach, we will tell you about it so that you can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you maintaining the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

This policy was last updated on January 6, 2019.