Privacy Policy

SecureAppbox AB take your privacy seriously

We at SecureAppbox AB take your privacy seriously. Therefore, SecureAppbox AB has created this Privacy Policy that covers how SecureAppbox AB treats personal data that the service collects. Personal data is information about you, as a private person or as a person working within an organization, that is identiable such as your email address, name or phone number. We adhere to a minimal collection policy to only collect what we absolutely need to deliver the service, and do not share data with others. This Privacy Policy applies to both the SecureMailbox and SecureAppbox services. The SecureMailbox service is an application client on the SecureAppbox service. SecureMailbox and SecureAppbox are services from the SecureAppbox AB company. Secure Mailbox Sweden is a supplementary firm name of SecureAppbox AB.

Data collection and use

On our external website (the SecureAppbox AB home page) we analyze visitor statistics that are not related to SecureAppbox accounts/users, such as what pages are most visited in order to improve usability and contents. These statistics do not track anything related to SecureAppbox accounts/users. When you register as a user you are requested to provide us with personal data such as name, email address and phone number. This data is used purely to deliver the service to you, it is never shared with an external party. We may contact you in relation to delivering the service. If someone sends a message to someone who did not previously have an account, this newly created account, the message and associated data will be automatically deleted from the SecureAppbox service if the receiver does not verify their new account and accept the SecureAppbox Privacy Policy. I.e. we will not keep your data if you don’t allow us to do so even if someone else put it here. We temporarily log connection data for security analytics including the IP address to be able to for example detect an attacker causing many failed login attempts. These security connection logs are only available to the security team at SecureAppbox AB and are never shared. Message metadata (i.e. meta data here is that user A) sent a message to user B) is only available until the sender/receiver has deleted the message. Deleting the message also deletes the meta data. This meta data is only used to serve the correct message to the correct user and is never shared with anyone.

Data relating to the service is stored encrypted on our servers in the AWS Stockholm region or on City Networks in Stockholm. Messages are, if not separately agreed to, stored by default in Sweden and EU. Organization accounts can select to change the storage location for where the encrypted messages are stored (please see the FAQ. for information about regional storage or on-prem). Messages are encrypted by SecureAppbox using strong symmetric AES encryption before storage (please see the FAQ for more details about encryption and how we follow the latest EDPB recommendation).

Message Security

Messages are encrypted and not available to anyone except the sender and recipient. When a message is sent the recipient may, depending on his account settings, receive an email notication in his standard email about the message in SecureAppbox which may include the message subject. You can change your account settings so your notications do not include the message subject or name of the sender; to avoid exposing it in normal unsecure email systems.

Disclosure and Security

SecureAppbox AB will not lease, sell, or share personal data about you with other people or non-afliated companies, but only deliver products or services you have required, except under the following circumstances, (i) SecureAppbox AB will share personal data if this is requested by a court of law or if it is necessary in order to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. (ii) SecureAppbox AB will share data in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of SecureAppbox AB Terms of Service (TOS), or as otherwise required by law. SecureAppbox AB limits access to your personal data to SecureAppbox AB employees or contractors under secrecy agreement and will use personal data only to provide the services to you or in order to do their jobs.

The general data protection regulation (GDPR), data controller and personal data assistant

In order to protect your personal data against unauthorized access, modication or destruction we store your personal data securely. Personal data here only relates to data such as your email address, name or phone number you submit when you sign up, and not the contents of messages or message attachments which are not available to SecureAppbox AB. We may for these purposes use another entity in order to fulll our duties towards you as the controller of personal data. The entity we use is our personal data assistant. We have assured that the personal data assistant has in place the technical and organizational means to ensure security of your personal data. We will enter into a written agreement with the personal data assistant to ensure that all personnel follow the agreement and our instructions and that they at all times are informed of the GDPR. The personal data assistant may not process your personal data for any other purpose than to fulll its duties according to this agreement. If you, an authority or a third party requests data from the personal data assistant regarding your personal data, such request shall be immediately forwarded to us. The personal data assistant may not surrender personal data or other information without our clear consent, unless required by mandatory law. Neither we nor the personal data assistant can access the content in messages you send, the data that may be surrendered is personal data such as name, email address and phone number and meta data.

Cookies

SecureMailbox uses cookies in order to create secure connections (sessions) to the service by the use of one-time session identiers. These cookies are only valid while you are connected and are not used for other purposes than to secure your connection. If you do not wish to accept cookies, your web browser can be set to automatically deny the storage of cookies or to inform you each time a website requests permission to store a cookie. Previously stored cookies can also be deleted via the web browser. Visit the web browser’s help pages for more information. If you want more information from SecureAppbox AB regarding what types of cookies are used in its services, please contact us at info@securemailbox.com.

Your rights to access and modify personal data

Your information is available to you in your account where you can see the data we have stored about you. You may also request information on any registered personally identiable information about you.

Your information is available to you in your account where you can see the data we have stored about you and make corrections yourself. You may also contact us if you want to correct any entered or collected information about you.

Delete your account

You can at any time, without notice request a deletion of your account by, while logged in to your SecureMailbox account for identication purposes, sending a message to support@securemailbox.com with the request. Organizations are able to delete their own employee accounts themselves.

Changes to the Privacy Policy

If this policy is updated SecureAppbox AB will send you a notication about the change. You can also at any time review the latest version at the SecureAppbox AB website.

Contact Information

If you have any questions around the collection of personally identiable information, you are welcome to contact us.

Customer Service, SecureAppbox AB, Engelbrektsgatan 7, 11432 Stockholm, Sweden or info@securemailbox.com.