Who we are
Our offices and our servers where user data is stored are located in Vancouver, British Columbia, Canada, and operated by Hush Communications Canada Inc., a wholly owned subsidiary of Hush Communications Corporation, a private Delaware, USA company.
We take steps where possible to limit the personal data we collect. The following are the ways in which we may collect personal data:
- Visiting our website. We keep records of the activity that takes place on our website, including a record of Internet Protocol Addresses (IP addresses) used by website visitors and account holders. We use this information to analyze market trends, gather broad demographic information, and to prevent abuse of our services.
- Creating an account. As part of the account creation process your IP address will be recorded. We may request that you provide other information, such as a phone number, as well. We use this information to analyze market trends, gather broad demographic information, and to prevent abuse of our services. We will not share this information with third-parties.
- Making a purchase. When you make a purchase through the Hush website, you will provide us with data that we use to process your payment such as your name, the account you are upgrading, the domain you wish to use for your email, alternate email address, your billing address and your credit card information. Additionally, we will record the IP address from where the payment is made. When we process your payment transaction, this payment information will be transmitted to our payment processor. We use third-party PCI compliant services to process your payment transaction. When we process your payment, we share your IP address, city, country, and postal code with a third – party anti-fraud service to determine the likelihood of the purchase being a fraudulent transaction. We do not store your credit card number on our servers.
- Signing in to your account and our record of your activity. When you sign into your account, either by using a web browser or using other software, we will record certain information about your activity. When you perform actions such as reading or moving an email, we will also record these actions. We record this information to help resolve customer support queries, maintain services, and for the purpose of preventing abuse. Information we record may include your IP address, your browser type, browser language, date and time of the action, account usernames, sender and recipient email addresses, file names of attachments, subjects of emails, URLs in the bodies of unencrypted email, and any other information that we deem necessary to record for the purposes of maintaining the system and preventing abuse.
- Communicating with us. When you communicate with us, you may provide us with personal data about yourself. Your communication with us may be retained in our system.
How we store your data
- When you sign up for an account, you consent to your account and any other account data being stored on the Hush servers.
- If you have an encrypted email in your account, it will be stored on the Hush servers encrypted. If you have an unencrypted email in your account, it will be stored on the Hush servers unencrypted.
- We do not store your passphrase on the Hush servers. Instead, a hashed value is stored for authentication. The original passphrase cannot be determined from that hashed value. As a result, we are unable to recover a forgotten passphrase. Please note, we may be required to store a passphrase for an account identified in an order enforceable in British Columbia, Canada. (See the Disclosure of account data section below.)
How we use your data
- We do not analyze the email in your account for the purpose of displaying advertisements.
- We do not and will never share your account data with any third-party except as specified in this policy. We will never sell your account data under any circumstances.
- We do not and will never share your email address with mailing lists. We will never initiate contact with you unless the communication is account related, or unless you have consented to such communication.
- You have the option to report email you receive as spam. Doing so will transmit a copy of the message you are reporting to the provider of the software we use on our servers to filter spam. Reporting email as spam improves the filter’s ability to detect email as spam.
- If you send an email using Hushmail, your IP address will not appear in the headers of the email. The IP address that will appear in the headers of the email will be that of our servers. We keep a record of your IP address when you sign in to your account and send an email.
- When you are signed into your account, Hush displays your recent sign-in activity including the time, date, approximate geographic location, and the IP address of the ISP you used to access the Internet. We do this to assist you in identifying any unauthorized access to your account by a third party. The information we use to display this is gathered from our records; we do not track your actual location.
- We use third-party services for some parts of our website such as our help system. When you use these services your account name and your name will be come part of your user account on that service.
How long do we retain your data?
The following outlines how our data retention policy affects the email in your account and your account data:
- Email in your account will stay in your account as long as your account is active. If you delete an email, or the entire contents of your account, it will be removed from your account at that time.
- If you delete your account or request we delete your account for you, your account and the email in the account will be removed from our servers at the time of deletion. Deleting your account will not delete records of your activities.
- The records we keep of your activities are permanently deleted after approximately 18 months. Records that are stored for statistical purposes may be kept indefinitely.
- Your email and data may reside in our backups for a period of approximately three weeks subsequent to an email or an account being deleted.
- Free accounts are deactivated if unused for a period of three weeks. Any email in the account will be deleted approximately 12 months after the account has been deactivated. Accounts that have been created and are never used may be deleted sooner. You can reactivate your account, and recover your email any time within 12 months by purchasing a subscription.
For information on how you can close and delete your free account, please read:
- If you let your paid subscription lapse then your account will be downgraded to free account status approximately one week after your subscription has expired and will then be subject to the data retention rules for free accounts.
For information on how you can cancel your subscription and delete your account, please read:
- Hushmail Business customers are encouraged to delete their user accounts prior to canceling. If you do not, Hush may delete your user accounts three weeks after cancellation.
For information on how you can close and delete your Hushmail Business services, please read:
- Hushmail Business customers whose Hushmail Business accounts have been deactivated for non-payment will have their user accounts deleted approximately six months from the date of deactivation.
Disclosure of account data
Under normal circumstances, we do not and will never disclose account data to anyone other than the owner of an account. We will always attempt to authenticate any requests that require the disclosure of account data to ensure they come from the account owner. If we are unable to successfully authenticate a request, we do not disclose any account data.
We will only disclose account data in the following circumstances:
- If we receive an order enforceable under the laws of British Columbia, Canada, compelling us to disclose account data for a specific user account. The account data we disclose may include data in an unencrypted format. Because such orders generally state that we are not permitted to disclose the existence of the order to a user, we will not disclose to any user the existence, or nonexistence, of any order we may have received.
- Where there are exigent circumstances, such as where the safety or well-being of an individual or individuals is in imminent danger, and we believe in good faith that the disclosure of account data is reasonably necessary to protect against such harm, we will disclose account data. This may include but is not limited to the welfare of a child, or an act of terrorism.
- We comply with Canadian Bill C-22 as enacted into law in Canada. “An act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service”. This means that should we become aware of a user that is using the Hush service for the transmission or storage of Internet child pornography, we are required to report this to the appropriate authorities and preserve data in the user’s account. As a result of this notification, we may receive an order enforceable in British Columbia, Canada, requiring the disclosure of account data.
We do not include any personal data in cookies. We do not share cookie information with other websites under any circumstances.
We do not use any third-party advertising providers on our website.
We do not analyze your email for the purpose of displaying advertisements. Our spam filters analyze email for the purpose of preventing spam, viruses, and abuse.
Access to your personal data
We only collect personal data from users that is relevant to the purposes outlined above. We take reasonable steps to ensure that the personal data we collect is reliable, accurate, and complete. Users have the ability to access the personal data held in their customer record by logging into the billing section of our website. To request corrections or deletions of inaccurate data, contact us: https://www.hushmail.com/contact.
Temporary access to data by third-party services
There are some cases when, due to malicious web traffic, we must temporarily employ a third-party service to ensure that our services continue to be available to our users. During these times, your data will be subject to that service provider’s data disclosure policy.
For more information, please read:
Compliance with EU Data Protection Directive 95/46/EC
The European Commission recognizes that the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) provides adequate protection for the transfer of personal information and health information from the EU to Canada.
More information on this can be found here:
We value your opinions and appreciate your comments. If you have any questions or concerns, please contact us: https://www.hushmail.com/contact.
Or by mail to the following address:
Hush Communications Canada Inc.
Attn.: Compliance Officer
Suite 360 – 580 Hornby Street