This Privacy Policy explains how Riddlock Information Systems Private Limited ("Riddlock") stores, administers and manages your data that you provide to us by using our website 'www.riddlock.com', progressive web app (PWA) and/or mobile app 'Riddlock' ("Products"). For the purpose of this Privacy Policy, 'we', 'us' and 'our' refers to Riddlock, 'you' and 'your' refers to you as the user of our Products, and 'data' refers to your data, pictures, video files, audio files, documents, messages and all other information you may enter into our Products.
In new user sign-up, the only data we ask for is a private key and a personal riddle. The private key can be any identifier or data you decide to use so long as it is unique among all our users. Your personal riddle can similarly be any set of question-answer you decide to have. As your data grows, we prompt you to add more riddles in your account to enhance your data's security.
We recommend that you use something about your life as your private key and riddle so that you can remember them easily as we do not have any mechanism to extract them from inside your account in case you forget and seek our assistance. We store your private key and riddle answers in self-encrypted form. This means their decryption key is their value itself which must therefore be re-entered in every login. The riddle question in turn is encrypted using your private key.
What you enter into our Products is encrypted and stored in the database on our servers. Our encryption mechanism uses your private key, riddles and other dynamically generated keys to encrypt. To this extent data encryption is unique for every user.
When you connect a data item with another user, we change that item's encryption using a public-private key pair between you two. As a result the encryption of every connected data item becomes unique as well.
We store your dynamically generated data encryption keys in the database in encrypted form. They are encrypted with your private key and riddles, which in turn are self-encrypted as explained before.
The only way for a user to expose oneself to other users is by creating a share handle and disclosing it to them. First, we recommend that you do not use your name or other personal data as your share handle to ensure your identity is not revealed. Secondly, we strongly recommend that you disclose your share handle to only trusted users when they need to connect a data item with you. In the same way, when you need to connect an item with another user, you can do so only if you know their share handle.
If you do not want to connect with any user, you do not need to create your share handle at all. Once created, you may change it any time but not delete.
In general, your data remains secure with us for perpetuity, except when you delete it or delete your account itself. We do not keep your data after you have deleted it. If you delete your account, all data belonging to that account is also deleted. However, please note that your data in another user's items connected to you will continue to exist as those items belong to the other user and not you.
All deleted items are permanently removed ("purged") from our database and servers periodically through automated processes. Presently the frequency of such data purge is once in 24 hours, but this may change from time to time without intimation.
Also note that we may ourselves delete user accounts that remain inactive for a period of 6 months or more. Such action will also purge all data contained in them.
Web browsers typically make available general browsing information of users, like the websites they visit, their language preference, the history of web pages displayed, and so on. These qualify as non-personal data as they do not disclose the user's identity or profile. We aggregate such information for data analytics to determine our product's usage and areas of improvement. We may also publish such aggregate non-user-specific data to our investors, affiliates or the public at large from time to time.
The only cookies we use are server-side cookies meant for our Products to run effectively. We do not store cookies for any type of user profiling or advertising. We recommend that you do not block our cookies in your web browser settings as you may not be able to use our Products if you do so.
Our Products or your data may contain links to other websites. You must note that since we do not have any control over such other websites, we cannot be responsible for their user and data protection policies.
Your data may be transmitted to and stored on servers in your home country or elsewhere. We choose our data hosting locations based on technical, administrative and financial parameters with the objective of providing unhindered and high-quality service to our users. We may also similarly delegate the maintenance, administration and management of data to employees, affiliates and third parties in different locations.
In order to prevent unauthorized access or leakage of user data, we have used several measures and tools to ensure adequate security in data access, storage and transmission. We continue to enhance these on an ongoing basis to the best of our ability as data security is a forever evolving field that cannot be fully guaranteed in all respects at all times.
This privacy policy is part of our Terms of Use and must be read and understood in conjunction with those terms.
We may change this privacy policy from time to time. We strongly recommend that you check it regularly for changes.