Privacy Policy

BOLDFX Corp. is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Information we collect

We collect information from you at different times depending on which sections of the website you make use of.

Customer Accounts

When you register within the customer system, either at the time of ordering or separately, we collect personal information which makes up your account. The information that we collect includes:

  • Username, password and e-mail address to uniquely identify you in the customer system.
  • Full name and company name.
  • Full postal address including postal/zip code, country and phone number.

You can keep your details up to date and make changes (with the exception of your username) by logging into the customer system.

Orders

Once an order is placed, fraud checks are automatically carried out as detailed later in this document. The following payment information is stored on our servers:

  • Payment type - PayPal or credit/debit card
  • Transaction result (e.g. successful or failed)
  • Transaction reference number provided by PayPal/card processor
  • Payment amount

Payment processing is handled by PayPal or Authorize.net.

Product Licenses

Each product license attached to an account stores the following information:

  • Hostname and IP address associated with the license.
  • License error logs with associated hostname and IP address.
  • Whether the license has been viewed and the agreement read in the Customer System.
  • All downloads of files available for the license and associated user IP address.

Shared Hosting

We keep the following information relevant to your account:

  • Account hostname and server username
  • Data transfer and disk space usage for billing purposes
  • All e-mails sent and received and logged as part of the standard operation of the mail server. The recipient and sender details, timestamp and message subject are logged for troubleshooting purposes only. Logs are rotated often as they fill up under no specific timeframe

All shared hosting accounts are backed up to onsite Network Attached Storage nightly and retained for 7 days.

Arctic Issue Tracker Hosting

We keep the following information relevant to your account:

  • Account hostname and server username
  • Default admin username and password
  • Data transfer and disk space usage for billing purposes

All Arctic issue tracker hosting accounts are backed up to onsite Network Attached Storage nightly and retained for 7 days.

Communication

When you e-mail us or submit a ticket, we keep a record of the communication sent to and from us. This is kept after the query is resolved for historical purposes to help with diagnosing future problems, staff training and as a record of interactions with customers. The full message is stored in our system which includes any remote access details you may provide us with for troubleshooting; as such we recommend you provide temporary login details if requested to do so.

Customer Forums

When you register within our forums, we collect personal information which makes up your account. The information that we collect includes:

  • Username, password and e-mail address to uniquely identify you in the forums.
  • Other details such as location and interests can be added to your profile once you are registered but are completely optional.

You can keep your details up to date and make changes (with the exception of your username) by logging into the forums.

Mailing List

When you register for our mailing list, we collect personal information which makes up your subscription. The information that we collect includes:

  • Full name and e-mail address.

You can unsubscribe at any time from the mailing list page as well as by following the link provided at the bottom of all mailings sent out

IP Addresses and Cookies

We collect information about your computer, including where available your IP address, for system administration, fraud preventation (see below) and statistical reporting. This is statistical data about our users' browsing actions and patterns.

For the same reason, we may obtain information about your usage of the website by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you log on to our site.

Data Storage

All data that we collect from you, with the exceptions noted below, is stored within the United States. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our servers. Data submitted as part of your customer account, as detailed above, is submitted under a connection secured by industry standard SSL. You can tell where this is the case by the padlock symbol in your browser.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Storage Exceptions - MaxMind Fraud Prevention

In order for us to carry out fraud checks, we utilise the MaxMind minFraud service for all orders which requires us to submit certain details to the MaxMind service. Data sent to MaxMind is stored on MaxMind servers located within the United States. Information that we send to them when you submit your order includes:

  • Your IP address
  • Your e-mail address in 2 parts - the domain associated with the address (e.g. gmail.com) and an MD5 hash of the full address. This allows lookups against known fraudulent e-mail addresses without revealing your full e-mail address.
  • Your postal address including city, region, postal/zip code, country and phone number but not street address.
  • An MD5 hash of your username and password. This allows lookups against known fraudulent usernames and passwords without revealing the full plaintext username and password.

The MaxMind Privacy Policy can be found on their website.

Data Retention

Inactive customer account data will be kept for a period of 12 months starting from the date of last access, which is defined as a successful login to the customer system. An exception to this rule exists where the customer has an active product license or service within the system in which case account data will be kept indefinitely (cancelled licenses/services will not trigger this).

Individual account holders may request the permanent deletion of their account and all associated data so long as no sales data is attached. Accounts with sales data will be retained for at least 6 years.

There are certain occasions when information needs to be preserved beyond any limits set out in this policy. Information may be retained beyond the period specified in the following circumstances:

  • Legal proceedings or a regulatory or similar investigation or obligation to produce information are known to be likely, threatened or actual.
  • A crime is suspected or detected.
  • Information is relevant to a company in liquidation or receivership, where a debt is due to BOLDFX.

In the case of possible or actual legal proceedings, investigations or crimes occurring, the type of information that needs to be retained relates to any that will help or harm BOLDFX or the other side's case or liability or amount involved.

Backup

Our backup policy means that data is backed up locally on the server itself with daily, weekly and monthly retention. Data is also backed up to onsite Network Attached Storage nightly and retained for 30 days. Additionally, 3 months of differential back-ups (weekly) are kept at an offsite location. This means that accounts deleted at the end of month 12 will not be physically removed from the backup system until the end of month 15.

3rd Parties

Several 3rd party companies to provide various services for us. As part of the provision of these services to BOLDFX, certain personal data may be accessed by their representatives at certain times. Details of these partnerships are explained below. With the exceptions noted, no account data is stored by any of these companies - all data remains on our servers and is accessed through the secure interfaces we provide.

Google Analytics

We use the Google Analytics service to track visitors to our website to determine how many visitors we are receiving and in conjunction with our marketing efforts. Access data is stored by Google. Google Analytics Privacy Policy.

MaxMind

MaxMind is used for fraud prevention - see above for details. MaxMind Privacy Policy.

PayPal

If you choose to pay using the PayPal service, payment data will be stored by them in accordance with their policies. PayPal Privacy Policy.

Authorize.net

If you choose to pay directly using a credit card, those transactions are processed through the Authorize.net payment gateway service and some data will be stored by them in accordance with their policies. Authorize.net Privacy Policy.

Disclosure of Your Information

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If BOLDFX or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of BOLDFX, our customers, or others.

Notice

The website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Contact

Questions, comments and requests regarding this data protection and privacy policy are welcomed and should be addressed here