Protecting your privacy is important to us, which is why we have created the CIRCLES OF TRUST™ mobile application in standard or pro versions (“CIRCLES OF TRUST™”). CIRCLES OF TRUST™ permits you to send and receive encrypted email messages through Internet-based mobile devices, using your current email accounts. The content of these messages will be secret and only for those recipients you choose. Your messages will be destroyed following reading, after a pre-determined amount of time, or where the message is revoked by the sender (collectively, “Services”).

This privacy policy (“Policy”) explains how CryptoMill Inc. (“CryptoMill”, “we”, “our”) collects, uses and discloses the information you may provide to CryptoMill while signing up for or receiving the Services. Your use of the Services is also subject to the CIRCLES OF TRUST™ Terms of Use (www.CIRCLES OF TRUST.com/termsofuse).

1. CIRCLES OF TRUST™ AND YOUR PRIVACY – A SUMMARY
   

   It is our goal to protect your privacy, and privacy of your messages and information, and make sure you are aware when and how your messages and information are, processed, disclosed and stored. We only collect what information is strictly required to provide the Services, and will protect that information using strong, military-grade security and encryption. We are not able to read any messages you receive or send through the Services, as the messages are encrypted by CIRCLES OF TRUST™ on your device before being sent, and we do not store or receive your messages on our servers. You own your data. We do not share or sell any data about our users.

2. YOUR CONSENT
   

   By using CIRCLES OF TRUST™, you signify your consent to the collection, use, and disclosure of your information in accordance with this Policy.

3. SECURING YOUR INFORMATION
   

   We employ strong security safeguards to protect your information from unauthorized access, collection, use, disclosure, modification or similar risks. Our encryption is based on 256-bit AES encryption and transport layer security. All encryption occurs on your device before it is transmitted by the Internet. Your passwords and encryption keys are never stored in unencrypted form, and are uniquely salted and hashed in CryptoMill's database. When the encryption key protecting your email expires, it is deleted forever and cannot be recovered. Keys are also immediately deleted when you recall a message you have sent through CIRCLES OF TRUST™. We only store your Personal Information (as defined below) for as long as your account is active.
   Only the CIRCLES OF TRUST™ users you permit will be able to see your messages. You will be able to tell if any of your messages have been read. In the standard version of CIRCLES OF TRUST™, you can also revoke the ability for an unread message to be read at any time after sending, up until the key expires. In the pro versions of CIRCLES OF TRUST™, you can revoke the ability for an unread message to be read up until the key expires. The key expiry for messages sent from CIRCLES OF TRUST™ is one month, and from CIRCLES OF TRUST™ Pro is one year unless the sender recalls the message in which case the key will expire immediately.
   CryptoMill has taken reasonable technical precautions to prevent a recipient's mobile device from taking screenshots of a message, although there are limitations due to the requirements of a mobile device's operating system.
   It is important to note that security risks cannot ever be fully eliminated and CryptoMill cannot guarantee that your information will not be used or disclosed in ways not otherwise described in this Policy.



4. PERSONAL INFORMATION
   

   CryptoMill will need to collect some information from you to open an account (“Account”) in order to provide our Services to you, namely a user name, a user email address and password (“Credentials”). When creating an Account, your name is also sent to the CIRCLES OF TRUST™ server and stored with the user name (which is your email address) and password. We also may obtain some personal information about yourself, which may include your name, email address, phone number, and where applicable, information relating to in-app purchases provided by Apple, Google and Windows, for billing reasons (collectively, including your Credentials, “Personal Information”). We do not collect any Personal Information from you when you use the Services or CIRCLES OF TRUST™ unless you provide us with the Personal Information voluntarily.

   
   

   CIRCLES OF TRUST™ will request permission from you to access your contacts list or photo galleries on your mobile device in order for you to use email addresses and attach photos to your messages.

   
   

   In paying the fees and applicable taxes incurred by you or anyone using an Account registered to you, you will be required to provide certain information to us or a third party such as the Apple App Store or Google Play, which may include a debit card number, a credit card number, expiration date of the debit or credit card, bank account information, billing address, activation codes, and similar information (collectively, “Billing Information”). Such Billing Information would be collected and processed by a third-party payment vendor pursuant to the terms and conditions of its privacy policy. We would not obtain access to any Billing Information in connection with these transactions.

   
   
5. DISCLOSURE OF YOUR INFORMATION

   We will not disclose your Personal Information or any of your information or encryption keys, except pursuant to a court order or other lawful requirement. To the extent permitted by law, we will inform you of any requests for disclosure of such information. CryptoMill has no control over, or liability for, those persons’ use and disclosure of such information, and that use and disclosure is not subject to this Policy. However, it is important to note that because we do not store your messages, we will not be able to disclose the content of any your messages sent through CIRCLES OF TRUST™.

   
   CryptoMill will store and process your Credentials and encryption keys through servers in Canada or the United States, which information may be subject to disclosure laws of such countries.



6. ACCOUNT INFORMATION

   You may request access to your Personal Information and information about CryptoMill's collection, use and disclosure of that information by sending your request to CryptoMill's Privacy Officer at the address noted below. Subject to certain exceptions and limitations prescribed by applicable law, you will be given reasonable access to your Personal Information within a reasonable time, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate.

   
   

   You may edit your Account settings or delete your Account within CIRCLES OF TRUST™ to correct or update information about yourself. If you wish to delete your Account, please send an email request to privacysupport@CIRCLES OF TRUST.com, but note that we may retain certain information as required by law, for business purposes, or as part of our regular retention practices. We may also retain cached or archived copies of information about you for a certain period of time.



7. OTHER MATTERS
   • Children: We do not knowingly collect Personal Information from children under the age of 18 through the Services or CIRCLES OF TRUST™, nor do we collect any information regarding the age of our users at all. If you are under 18, you must only use the Services and disclose any Personal Information with the consent of your parent or guardian. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children to never use the Services or provide us Personal Information without their permission.
   • Other Websites: CIRCLES OF TRUST™ or the emails that you send or receive may contain links to other websites or Internet resources. When you click on one of those links you are contacting another website. CryptoMill has no responsibility or liability for or control over those other websites or their collection, use and disclosure of your Personal Information.
   • Policy Changes: To accommodate changes in CIRCLES OF TRUST™, changing technology, and legal developments, this Policy may be changed from time to time in CryptoMill's discretion and without any prior notice or liability to you or any other person. CryptoMill's collection, use and disclosure of your Personal Information will be governed by the version of this Policy in effect at that time. New versions of the Policy will be posted on CIRCLES OF TRUST™ website (http://www.CIRCLES OF TRUST.com/privacy) and are available upon request from CryptoMill. Your continued use of CIRCLES OF TRUST™ subsequent to any Policy changes will signify your consent to the collection, use and disclosure of your Personal Information in accordance with the changed Policy. Accordingly, you should check the date of this Policy and review any changes since the last version.
   • Contacting CryptoMill's Privacy Officer: CryptoMill's Privacy Officer may be contacted by email at privacy@CIRCLES OF TRUST.com.
   • This version in effect since July 15, 2014.