Privacy Policy

Introduction

Keyn BV processes some personally identifiable information to be able to provide the services of Keyn BV, and/or because you provided the information directly to Keyn BV, for instance by filling out the contact form on the website. Keyn BV processes the following personally identifiable information about you:

  • Username
  • Email address
  • IP-address

Chiff is designed with privacy and data security as a foundation. In this privacy policy you can find what information we need from you, why we need it and how we ensure its confidentiality.

Company information

Keyn BV has been founded to develop Chiff. Chiff allows you to log into any website using your phone, making logging in safer and simpler. We leverage the biometric authentication mechanisms on your phone, so you don’t have to remember a single password anymore. Moreover, since your password are only stored locally on your phone, it is an extra factor in the login process. If you have any questions regarding Chiff’s privacy policy, you can contact us at:

Keyn BV
Langegracht 70
2312NV Leiden
The Netherlands
privacy at chiff dot app

Purpose data collection

Chiff has several purposes why your data is needed:

  • Email marketing: If you subscribe to our mailing list, we use your email address to keep you informed about Chiff’s progress and development. Each email contains a link where you can unsubscribe from the mailing list.
  • Mobile application: If you download the Chiff app, an application on your phone, you will be presented a seed consisting of twelve random words. This seed is unique for each person and serves as the key to encrypt all your personal data. Since the seed never leaves your phone and passwords are only stored locally, your data is inaccessible to us. To make sure you can restore your accounts if you would lose your phone, Chiff needs to store some data (websites and usernames) remotely. This data encrypted with a cryptographic key that is derived from your seed. This ensures that we cannot read this data. Since we do not have the technical ability to decrypt your information, we are unable to hand over your data to third parties in an unencrypted form.
  • Improvement: To constantly improve Chiff, we measure how and when Chiff is used. This helps us to improve Chiff. The IP-address will be logged to determine the geographical distribution.
  • Website optimization: Keyn BV uses Google analytics to keep track how visitors use the website and how effective Adwords campaigns of Keyn BV are. The collected information is transferred together with your IP-address to Google, which stores the data on servers in the USA. Google uses the information to inform and provide reports to Keyn BV about the usage of the website. Google might transfer this information to third parties, if they are legally obliged to do so, or as far as third parties process the information on behalf of Google. Keyn BV has no influence on this process. Keyn BV has granted Google permission to use the analytics data, which is collected via Keyn BV, for other Google services. For more information, you can read Google’s privacy policy.

Data recipients

There are some third parties Keyn BV transfers personally identifiable information to:

  • Mailchimp: Keyn BV uses Mailchimp as a service for email marketing. Therefore, Mailchimp processes your email address and optionally (if you have provided it), your name. Learn more about Mailchimp's privacy practices here.
  • Apple: Apple processes push notifications that are sent to your Apple device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Apple. Learn more about Apple's privacy practices here.
  • Google: Google processes push notifications that are sent to your Android device. All content with personally identifiable information that is sent to your device is encrypted with the session keys, so it cannot be read by Google. Learn more about Google's privacy practices here.
  • Amazon: Keyn BV uses Amazon Web Services for its serverless backend infrastructure. Amazon processes your IP-address if requests are made to the backend. All communication between the browser extension and the mobile application is handled by Amazon. Furthermore, your backup data is stored with Amazon, but encrypted with a key that is derived from your seed, so it cannot be read by Amazon. Learn more about Amazon's privacy practices here.
  • GitHub: Keyn BV uses GitHub to host the website chiff.app. This means that GitHub may process your IP-address whenever you visit the website. Learn more about GitHub's privacy policy.

User’s rights

Following the GDPR legislation, users have the right to access, change or delete personal identifiable information. Your backup data can be deleted by navigating to Settings -> Privacy -> Delete data in the Chiff app. This will delete all data locally and on the server. If you have any additional needs for accessing, changing or deleting your data, please send us an email to privacy at chiff dot app. Keyn BV will respond as soon as possible, but always within four weeks, to answer your request. If you have a complaint about the way your data is processed, you can object via Autoriteit Persoonsgegevens.

Security

For Keyn BV information security is of major importance. Keyn BV takes all possible measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unwanted modification of personal information. The website of Keyn BV uses TLS to encrypt communication for the website and backend. Additionally, all communication between your device and the browser extension is end-to-end encrypted with cryptographic keys that are only accessible to the user. Keyn BV does not have the technical ability to decrypt your information and as a result, Keyn BV is unable to hand your data over to third parties in a decrypted form. If you are interested in the details of Chiff’s security, please read Bas's blog post.