pixel

Sylo Privacy Policy

August 2019

This Policy forms part of the Terms of Service dated 1 August 2019 for the Sylo App (the Sylo App Terms) and the Terms of Service dated 1 August 2019 for the Sylo Website Terms of Service (the Sylo Website Terms). In this Policy, capitalised terms have the meanings given to them in the Sylo App Terms if not otherwise defined.

The Sylo difference

We are fully committed to your privacy. That is why Sylo is private by design and puts you in control of your own data.

Sylo enables you to communicate directly with your peers using end-to-end encryption. We cannot see or decrypt your communications in the Sylo app. Only the contacts you choose to communicate with are able to decrypt your messages.

Your Sylo data – that is, the encrypted content of communications – is distributed across a network of nodes. Since your data is encrypted, the node operator cannot decrypt it either, so it remains confidential. This system of distributed node storage also means your data is highly resistant to cyberattacks.

What information do you have to provide to use Sylo?

Sylo has no requirement for you to provide an email address or phone number to create an account.

To use Sylo, you simply establish an account by registering a “name” (which can be a pseudonym, alias or nickname) and choosing an avatar. You will share this information with your contacts, not with Sylo.

To be a verified user of Sylo, you need to establish an account (as outlined above) and also provide additional personal information so that we can verify your identity and meet the requirements of applicable anti-money laundering and similar legislation (together, KYC information). We may also require payment information if you elect to sign up for any fee-based premium Services (payment information). Note that any third parties we engage with in relation to the collection, processing, storage, verification or review of your KYC information or payment information will be bound by confidentiality obligations and other restrictions about how they deal with your personal information. Note that, if you share your personal information directly with the third party, and not with Sylo, then the third party’s privacy policy – and not this Policy – will govern the third party’s dealings with your personal information. You acknowledge that Sylo will not be responsible for that third party’s compliance with its privacy policy or privacy laws.

What other information might we collect about you?

If you use the Services, we may also collect the following information about you when you visit our App or website (generic data):

  • The IP address of your device when connected to the internet.
  • The operating system and the browser your device uses, and any search engine you are using.
  • Information about your country and the language setting on your device.
  • The domain name of your internet service provider.
  • Any specific page you visit on our website, content you view, features you use, the date and time of your visit and other clickstream data.
  • Other attributes about your browser, mobile device and operating system.

Your personal information and Sylo

In this Policy, ‘personal information’ is information (including data) about an identifiable, natural person.

As outlined above, we may collect generic data about all of our users.  We will also collect KYC information and payment information from our verified users or arrange for a third party to do so on our behalf. In addition, any user may choose to share an email address or other contact information with us.

The remainder of this Policy sets out why we collect this personal information, and the terms on which we deal with that information.

Purposes for which we collect your personal informationThe primary purposes for which we collect personal information is to provide Services to you and to comply with our legal and regulatory obligations in connection with the provision of certain Services. In addition, we may collect personal information about you, such as generic data, for the following additional purposes:

  • To validate, update and/or enhance our Services.
  • To undertake research, analytics and/or benchmarking, including to measure the number of users of any of our Services.
  • To identify and understand our users’ needs.
  • For our business development and marketing purposes.
  • For internal record keeping, audit and compliance purposes.

Together, these are the ‘Purposes’.

Who can we share your personal information with?

If you are a verified user, then:

  • KYC information: We will not share your KYC information with any person other than (a) a third party that undertakes KYC on our users on our behalf in accordance with applicable anti-money laundering laws or with any third party that verifies that KYC information; (b) any governmental agency or regulator with whom we are required to share the KYC information in accordance with mandatory applicable law; and (c) our staff and advisers that need access to the KYC information as part of their work, subject to confidentiality restrictions.
  • Payment information: We will not share your payment information with any person other than the third party payment processor that manages the payment transaction, and our staff and advisers that need access to payment records as part of their work, in each case subject to confidentiality restrictions.

We may share generic data and any other personal information we hold about you (subject to the restrictions noted above) with the following parties:

  • Our service providers – such as technology suppliers/contractors, analytics and advertising service providers, storage facilities, lawyers, accountants and auditors, and all other parties who need to have access to your personal information to provide their services to us.
  • Our employees or contractors to the extent reasonably necessary to provide the Services and otherwise fulfil our obligations to you.
  • Any person considering acquiring an interest in our business or assets.
  • Any other person to the extent reasonably necessary for the Purposes.
  • Any law enforcement, legal, government or regulatory agency, where such disclosure is required or authorised by law.

These parties may be located outside New Zealand. This may mean your personal information is held and processed outside New Zealand.

How we use your personal information

We will never sell your personal information.

We will only disclose your personal information when we consider it to be necessary in view of the Purpose(s) for which it was collected or where it is required by applicable law or directive.

We may use your personal information to contact you in the future about Services we believe may be of interest to you. If we do so, each communication we send will contain instructions permitting you to "unsubscribe " from any future communications from us. In addition, if at any time you do not wish to receive any future communication or you wish to have your name deleted from our mailing lists, please contact support@sylo.io.

Third parties in the Sylo marketplace

To enhance the Services available to you, we may introduce other third party applications into the Sylo marketplace from time to time. These third party applications may also collect personal information from or about you with your consent. 

Please note that, in such circumstances, the relevant third party application’s privacy policy – and not this Policy - will apply to any personal information it collects from or about you. You acknowledge that Sylo will not be responsible for that third party’s compliance with its privacy policy or privacy laws.

Can anyone else see your personal information?

To optimise our app and website, we may share your generic data with third party analytics companies or allow third parties to access that generic data or to use tracking technologies like “cookies” to collect statistical information about our users. The information collected is anonymous (that is, it does not include your Sylo name or avatar or other personal information which could identify you). However, you have the ability to opt out by disabling cookies in your browser or mobile settings.

Also, any third party service provider that we engage will be bound by confidentiality obligations and other restrictions with respect to their use and collection of collected information. This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third-parties’ privacy policies. You acknowledge that Sylo will not be responsible for that third party’s compliance with its privacy policy or privacy laws.

Protecting your personal information: storage and security

As we explain at the start of this Policy, your Sylo data – that is, the encrypted content of your communications – is distributed across a network of nodes. Sylo does not hold or store this data.

However, in relation to any personal data that Sylo may hold about you, such as KYC information or payment information if you are a verified user (subject to the earlier terms of this Policy), we will take all reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach involving any personal information, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with applicable privacy law requirements.

Any personal information about you that Sylo holds or controls will be erased as soon as it is no longer necessary to achieve the Purpose(s) for which it was collected unless we are required by applicable law to store it for a longer period of time, in which case it will be erased after the relevant time period has elapsed.

How you can help keep your information safe

Please take care when deciding what personal information you send to us via email. No internet or email transmission is ever fully secure or error free. In particular, email sent to or from the services may not be secure so if you provide us with personal information over the internet, the provision of that information is at your own risk.

When accessing the Sylo website, look for the 'padlock' symbol in your web browser. The 'padlock' symbol is a certificate of authenticity and ensures the site is secure.

Secure Socket Layer (SSL) is the most accepted way of ensuring the security of transmitted information to and from internet sites worldwide. It operates in all pages of our website. We use SSL with Comodo Authentication Certificates with RC4 128 bit encryption.

Your right to access your personal information

You may request access to any of the personal information we hold about you at any time. To request access to the personal information that we hold about you, please contact us at support@sylo.io. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.

We will respond to your request within a reasonable period of time and, where reasonable and practicable, grant access to the information in the manner requested. An explanation will be provided to you if we deny you access to your personal information we hold.

If any information we hold about you is incorrect, please contact us at support@sylo.io.

How to contact us

If you have any queries about this Policy, please feel free to contact us at support@sylo.io or write to Sylo Licensing Limited, PO Box 90334, Victoria St West, Auckland 1142, New Zealand.

Privacy laws still apply

This Policy does not limit our rights and obligations under applicable privacy laws, including the Privacy Act 1993 for our New Zealand-based users.

Changes to this Policy

We can amend this Policy from time to time in accordance with the Sylo App Terms. If you continue to access the Services then you will be bound by the amended Policy.