Privacy Policy

Privacy Policy

Last modified on May 12th, 2022.


This document (“Privacy Policy”) explains the privacy rules applicable to all information collected or submitted when you access, install, or use our Services.

All definitions and capitalized words used in this Privacy Policy are defined here or in our General Terms.

By visiting our websites, by submitting your personal data to us, and by accessing, installing and/or using the Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. If you disagree with the rules of this Privacy Policy, please do not use our Services.

Information in this Privacy Policy is provided in layers, meaning that all information related to our general personal data processing practices is provided here. Meanwhile, additional Service-specific information applicable to separate CyStack products or websites are accessible via links in this Privacy Policy.

How does Locker obtain data?

Data you provide to us

Information for creating your account

  • Email address. We ask for your email address as part of your registration. It is necessary for establishing a Locker account, retrieving a lost password, and using our Services.
  • Master Password. It is used to generate the encryption keys that protect the information you store on the Services. CYSTACK DOES NOT STORE OR HAVE ACCESS TO YOUR MASTER PASSWORD, AND IF THE MASTER PASSWORD IS LOST, CYSTACK CANNOT UNLOCK YOUR ACCOUNT OR RETRIEVE YOUR INFORMATION.
  • Your Data. Secured Data is always encrypted when transmitted and stored and may only be decrypted locally on an authorized device. Secured Data on Locker servers cannot be accessed by Locker because we do not have access to the encryption keys as noted above. See our Security Whitepaper for detailed information about how Locker protects your Data.
  • Feedback. If you provide us with Feedback, including reviews posted on social channels, App Stores or through our website or suggestions made in connection with market research, we may use Personal Data provided with the Feedback to respond to you. We may use Feedback without limitation as described in the Terms.

Payment related information

  • Payment data (if using paid Services). This information is necessary to collect payments for our Services. In addition to the traditional payment methods, such as credit cards, users can buy our Service with cryptocurrency. Our payment processing partners process basic billing information for payment processing and refund requests (such as date of purchase, payer’s IP address, zip code, card owner's full name and credit card information). We also process some of the same payment information ourselves (e. g., card owner's full name, last few digits of your credit card) in cases of recurring payments.
  • We never have your complete payment information, nor do we receive or store any billing data if you pay for a Subscription through the Google Play or Apple App Stores (“App Stores”).
  • Country details. When providing your payment details, we ask our users to provide the country where they are registered, have a permanent address or usually live. This information is necessary for VAT calculation purposes.

Communication data

  • Email address. We use your email address to: i) send you important updates and announcements related to your use of our Services; ii) respond to your requests or inquiries; iii) send you offers, surveys and other marketing content (you can opt-out of those at any time).
  • Communication optimization data. We use various tools to help us optimize our emailing campaigns. These tools may track events you perform with an email, such as open and unsubscribe. We may also be able to see the user device’s operating system (e.g., windows, mac, ios, android) in order to optimize push notifications.
  • Chat-bot. If you contact us via our chat-bot on our website, in addition to collecting your contact information, we will be able to see your IP address. This additional information is necessary for our support to determine the user's country and to see if the user is connected to our servers or not.

Data collected by Technology

  • Access logs. As most websites on the internet, our website collects access logs (such as IP address, browser type, operating system, device identifier) to operate our services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning and similar hacking attempts.
  • Cookies. Cookies, pixels and other similar technologies are usually small text or image files that are placed on your device when you visit our website. Some cookies are essential for our website to operate smoothly; others are used to improve website functionality or analyze aggregated usage statistics to improve website performance (as in the case of Google Analytics cookies). We also use affiliate cookies to identify the customers referred to the website by our partners so that we can grant the referrers their commission. You can check what cookies we use in the detailed cookie table that is accessible.

Data obtained from Third Parties

  • If you process your access to CyStack Platform through other parties like Google, Facebook, Github,... the only information we require is Default Public Profile, which are email and/or avatar.
  • We receive information about users from our service providers (For Payment, those are Name and Billing Address to validate an Account; For Google Analytics, to monitor App Performance with analytics services.

How does Locker use your personal data?

We use the information you provide to process your order, provide the service and other issues at your request. In addition, we will use that information to manage accounts, verify, conduct online transactions, improve layout and content of the website, and adjust until reach the user’s requirement.

You will receive information about new products, warning of Locker… via email. If you do not wish to receive this information, please click on the reject link in any email we send. Within 7 days of receiving the instruction, we will stop sending the information.

How does Locker share your data with others?

Sharing your personal data

We do not share your personal information with third parties except as described in this Privacy Policy.

Service providers. We use third-party service providers to help us with various operations, such as payment processing, email automation, website and app diagnostics, analytics and other. As a result, some of these providers may process personal information.

Some of our main long-term service providers:

  • Live chat and support service platform – Intercom (provided by Intercom, Inc.);
  • Emailing service providers – Sendgrid (provided by Twilio Inc.);
  • Application analytics and diagnostics – Google Analytics, Firebase Analytics (provided by Google);
  • Payment gateway - Stripe (provided by Stripe, Inc.);
  • Social Login - Google, Facebook, Apple, Github;
  • Notification Integration - Slack (provided by Slack Technologies, LLC).

Sometimes our service providers, for example, distributors, resellers, and app store partners, will be independent controllers of your data. Their terms and conditions and privacy policies will apply to such relationships.

Your personal information may be processed in any country in which we engage service providers. When you use our Services, you acknowledge the transfer of your personal information outside of the country where you reside.

Data Security

We undertake that only CyStack shall have the right to acquire and use your information in accordance with the terms and conditions stipulated in this “Privacy Policy”. We are committed to protecting your information in all possible ways to prevent this information from being in searching, in use or unexpected disclosure. Information relating to the server account, payment card will not be saved on the system of CyStack. We may disclose your personal information in cases which stipulated by law or at the request of a jurisdictional court.

Your rights regarding your personal data

Right to Access – You have the right to obtain information about the processing activities of a data controller and the personal data of yours that they are processing.

Right to Rectification – The right to rectification concerns the ability to correct any inaccurate data concerning the data subject.

Right to Erasure – This is also known as the right to be forgotten, and gives you the right to request deletion of your personal data held by the controller. If you delete your Account, your data will be deleted automatically.

Cookie policy

Our cookies are categorized in the following categories:

  • Essential cookies.These cookies are essential for enabling user movement around our website. These cookies do not gather information about you that could be used for marketing purposes and do not remember where you have been on the internet. This category of cookies cannot be disabled.
  • Functionality cookies.Functionality cookies are used to remember information you have entered or choices you made (e. g. language) on the website, so the next time you visit the website you will not have to set them again.
  • Analytics cookies.These cookies are set to collect information about how visitors use our website. Because of them we can make improvements to our website and report our performance.
  • Advertising cookies.These cookies are placed by third-party advertising platforms or networks to deliver ads and track ad performance. In some cases, these cookies enable advertising networks to deliver ads that may be relevant to you based upon your activities on our website and other websites (in such cases, ad serving might be based on automated decision-making).


Information for users in the European Economic Area (EEA)

Please note that unless expressly noted otherwise, CYSTACK (as defined in General Terms) shall act as the responsible personal data controller for any data processed.

Grounds for data processing

Your personal data is mainly processed for the purpose of providing you the best Services under the legal basis of performance of the contract between you and CYSTACK, as provided in our General Terms.

We also process your personal data under the legal basis of our legitimate interest:

  • to properly administer business communication with users;
  • to operate our services and ensure their secure, reliable, and robust performance;
  • to receive knowledge of how our website and applications are being used.

CYSTACK may process your personal data for marketing purposes in the following cases: when we obtain your consent for such processing (the legal basis for processing, in this case, is your consent) or when applicable law permits us to contact you without separate consent (under the legal basis of a legitimate interest).

Term for storing personal data

We keep your personal data for as long as reasonably necessary for the purposes set out in this Privacy Policy. The data might be kept longer if required for tax, accounting, payment processing purposes, to ensure we would be able to defend or raise a claim, or where we have a specific need - though we will generally not keep personal data for longer than two years following the last date of communication with you, unless the data is necessary in order to provide the Service.

International transfers

CYSTACK is based outside the EEA and has service providers established in various countries. These locations may not guarantee the same level of protection of personal data as the one in which you live. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your personal data will remain protected in accordance with this Privacy Policy. If necessary, we use standard contractual clauses approved by the European Commission to transfer your personal information from the EEA to other countries.

Your rights

Users based in the European Economic Area (EEA) receive additional rights related to their personal data. You may:

  • request us to erase your personal data;
  • object to the processing of your personal data which is done on the basis of our legitimate interests (e. g. for marketing purposes);
  • request us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);
  • restrict the processing of your personal data (when there is a legal basis for that);
  • withdraw your consent where processing is based on a consent you have previously provided;
  • exercise your rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.

Change of information and privacy policy

The content of this “Privacy Policy” may change to suit CyStack’s needs as well as the requirement and feedback from customers. When updating this policy, we will set up the “last updated time”.

Contact information

If you have any claims, opinions, contact or feedbacks on this “Privacy Policy”, please contact via email address: [email protected].