Data Policy

Comprehensive information about how we handle, process, and protect your data.

Last Updated: December 2024

Data Collection and Processing

This Data Policy provides detailed information about how Oculock collects, processes, stores, and protects your personal data. We are committed to transparency and ensuring you understand exactly how your information is handled.

Types of Data We Process

Personal Data

  • Account Information: Email addresses, names, and profile information
  • Vault Data: Passwords, usernames, URLs, notes, and other sensitive information you choose to store
  • Payment Information: Credit card numbers, billing addresses, and transaction history
  • Contact Information: Phone numbers, addresses, and emergency contacts

Technical Data

  • Device Information: Device identifiers, operating system, hardware specifications
  • Usage Analytics: App usage patterns, feature interactions, session duration
  • Performance Data: App performance metrics, memory usage, crash reports
  • Network Data: IP addresses, network identifiers, connection quality

Biometric Data

  • Authentication Data: Touch ID/Face ID templates and authentication results
  • Security Metrics: Authentication success/failure rates and patterns

Data Processing Purposes

Data Processing Flow

1

Data Collection

We collect only the data necessary to provide our password management services

2

Encryption

All sensitive data is immediately encrypted using AES-256 encryption before storage

3

Secure Storage

Encrypted data is stored locally on your device with additional security layers

4

Processing

Data is processed only for legitimate business purposes with your consent

5

Access Control

Access to your data is strictly controlled and monitored

Core Service Functions

  • Password Management: Storing, organizing, and retrieving your passwords securely
  • Data Synchronization: Syncing your vault data across multiple devices
  • Authentication: Providing secure access to your vault using biometrics
  • Backup and Recovery: Creating encrypted backups of your data

Premium Service Functions

  • Snap Vault: Temporary sharing of vault items between trusted devices
  • Cloud Backup: Secure cloud storage of encrypted vault backups
  • Breach Monitoring: Monitoring for compromised credentials
  • Advanced Analytics: Usage insights and security recommendations

Data Security Measures

Encryption Standards

  • AES-256 Encryption: Military-grade encryption for all sensitive data
  • End-to-End Encryption: Data encrypted before transmission
  • Key Management: Secure key generation and storage
  • Perfect Forward Secrecy: Unique encryption keys for each session

Access Controls

  • Multi-Factor Authentication: Multiple layers of identity verification
  • Role-Based Access: Access permissions based on user roles
  • Audit Logging: Comprehensive logging of all data access
  • Session Management: Secure session handling and timeout

Infrastructure Security

  • Secure Servers: Data centers with physical and digital security
  • Network Security: Encrypted connections and secure protocols
  • Regular Audits: Ongoing security assessments and penetration testing
  • Incident Response: Rapid response procedures for security incidents

Data Retention and Deletion

Retention Periods

  • Vault Data: Retained until you delete it or close your account
  • Account Information: Retained for the duration of your account
  • Analytics Data: Aggregated and anonymized, retained for 2 years
  • Crash Reports: Retained for 90 days for debugging purposes
  • Transaction Records: Retained for 7 years for accounting purposes

Data Deletion

  • User-Initiated Deletion: Immediate deletion of selected data
  • Account Closure: Complete data deletion within 30 days
  • Automated Cleanup: Regular deletion of expired temporary data
  • Secure Deletion: Cryptographic erasure of deleted data

Data Sharing and Third Parties

No Data Sales

We do not sell, rent, or trade your personal data to third parties for marketing or commercial purposes.

Limited Sharing

  • Service Providers: Trusted partners who assist in app functionality
  • Legal Compliance: When required by law or legal process
  • Business Transfers: In case of merger, acquisition, or asset sale
  • Emergency Situations: To protect user safety or prevent harm

Third-Party Services

  • Apple Services: Touch ID, Face ID, iCloud Keychain integration
  • Analytics Providers: Anonymous usage analytics (with consent)
  • Payment Processors: Secure payment processing
  • Cloud Storage: Encrypted cloud backup services

Your Data Rights

Access Rights

  • Data Access: View all personal data we hold about you
  • Data Portability: Export your data in standard formats
  • Data Correction: Correct inaccurate or incomplete data
  • Data Restriction: Limit how we process your data

Control Rights

  • Consent Withdrawal: Withdraw consent for data processing
  • Data Deletion: Request deletion of your personal data
  • Processing Objection: Object to certain data processing activities
  • Automated Decision Making: Opt out of automated processing

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your data.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Notify relevant authorities as required by law
  • Provide detailed information about the breach and its impact
  • Take immediate steps to contain and remediate the breach

Contact Information

For questions about this Data Policy or to exercise your data rights, contact us at:

  • Email: corporate@oculock.com
  • Data Protection Officer: corporate@oculock.com
  • Address: 123 Security Street, San Francisco, CA 94105

Policy Updates

We may update this Data Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.