End User App Privacy Policy

Last updated: January 12, 2026

SplitSecure Inc. (“Company”, “we”, “our”, or us”) respects your privacy and is committed to protecting it through compliance with this policy. This policy describes how we collect, process, retain, and disclose personal data about you when you use our website (our “Website”) and our practices for using, maintaining, protecting, and disclosing that information.

This policy applies only to information we collect:

  • through the Website; and 
  • in communications, including form submissions and any other electronic message, via the Website.

It does not apply to information collected by:

  • us through our subscription services;
  • us offline or through any other means, including on any website operated by Company or any third party that does not link to this policy; or 
  • any third party.

We may provide additional or different privacy policies that are specific to certain features, services, or activities. Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Website or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Website after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates. 

Children’s and Minors’ Data

Our Website is not intended for, and we do not knowingly collect any personal data from, children under the age of 18. If we learn we have collected or received personal data from a child under 18 years old without verification of parental consent, we will delete that information. 

The Personal Data That We Collect or Process

"Personal data" is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information any other identifier we may use to contact you online or offline).

The types and categories of personal data we collect or process include:

Category We Collect We Disclose We Sell or Share
1. Account and contact information
Name, email address, phone number, employment or company affiliation, IP address, device identifiers, and other information you provide to use the Service. 		Yes Yes, in accordance with this policy No
2. Data about protected assets
Third-party account numbers, identifiers, and asset metadata you add to the Service. 		Yes Yes, in accordance with this policy No
3. Cryptographic material
Keys, passwords, or cryptographic secrets. 		Yes Yes, in accordance with this policy No
4. Encrypted or protected arbitrary data
Files or data stored within the Service that cannot be decrypted by SplitSecure without affirmative action by you or your organization. 		Yes Yes, in accordance with this policy No
5. Usage and audit history
Records of actions taken in the Service, captured in immutable audit logs, including navigation and feature usage. 		Yes Yes, in accordance with this policy No
6. Protected classification characteristics
Race, color, ancestry, religion, age, disability, sex, gender identity, sexual orientation, marital status, military or veteran status. 		No N/A N/A
7. Biometric information
Fingerprints, facial recognition data, voiceprints, retinal scans, keystroke or gait patterns. 		No N/A N/A
8. Precise geolocation data
Exact physical location information. 		No N/A N/A
9. Sensory information
Audio, electronic, visual, thermal, olfactory, or similar data. 		No N/A N/A
10. Inferences
Consumer profiles or predictions derived from personal data, such as preferences, behavior, or abilities. 		No N/A N/A
11. Sensitive personal identifiers
Social Security number, driver’s license number, state ID, or passport number. 		No N/A N/A
12. Health information
Medical or health-related data regulated under HIPAA. 		No N/A N/A
13. Sexual life or orientation information No N/A N/A

To ensure we do not collect or have access to any data within categories 6–13, in the table above, you agree not to provide or enter any such data as part of your account details, for example in any free-form text entry fields within the Service, or in emails, chats, or other communications sent to us.

Your Organization may integrate the Services with additional third-party services (e.g., additional authentication mechanisms required to sign on through the Service) that collect other information from or about you. Output from those third-party services may be captured in the audit log. We do not have control over the kinds of information collected by integrated third-party services. 

Personal data” is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your account information, name, email address, telephone number, address, or employer identification information, or any other identifier we may use to contact you online or offline.

Data about you, your account, and the device(s) that you use to interact with the Service are personal data. Data about assets protected by the Service and your history of using and interacting with the Service may or may not include personal data, and we treat those categories of data assuming they comprise personal data in accordance with this policy.

We may also collect:

  • Statistics or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Service feature.
  • Technical information. Technical information includes information about your internet connection and usage details about your interactions with the Service through our app or web service, such as clickstream information to, through, and from our Service (including date and time), Service response times, and errors.

If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.

How We Collect Your Personal and Other Data

You Provide Information to Us

  • We collect information about you when you download and sign in to our app.

Automatically Through the Service

  • As you navigate through, interact with, and use the Service, we use automatic data collection technologies to collect information that may include personal data. Information collected automatically includes details of your interactions with our Service and may also include IP addresses, operating system, and traffic and other communication data, and which resources and Service features that you access and use.

Using automatic collection technologies allows us to deliver and improve our Service.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal data, to:

  • provide you with the Service and features that we make available through the Service;
  • fulfill any other purpose for which you provide it;
  • provide you with notices about your account and use of the Service;
  • improve the Service, including by analyzing your information and creating aggregated data derived from your information) to develop, maintain, analyze, improve, optimize, measure, and report on our Service and their features and how users interact with them;
  • carry out our obligations and enforce our rights arising from any contracts entered into between you or the entity on whose behalf you use the Service and us;
  • notify you when Service updates are available and about changes to the Service or features we offer or provide;
  • in any other way we may describe when you provide the information; and
  • for any other purpose with your consent.

Who We Disclose Your Information To

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction, except as otherwise provided in any contracts entered into between you or the entity on whose behalf you use the Service and us. We will not disclose personal data that we collect or you provide except under the following specific circumstances:

  • to our subsidiaries and affiliates and subject to this policy;
  • to contractors, service providers, and other third parties we use to support our organization and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of SplitSecure Inc.’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by SplitSecure Inc. is among the assets transferred;
  • to fulfill the specific purpose for which you expressly provide it;
  • for any other purpose disclosed by us when you provide the information; and 
  • otherwise with your consent.

We may also disclose your personal data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our Terms of Service and other agreements;
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, or others.

The categories of personal data we may disclose are described in the chart above.

Your Rights and Choices About Your Information

We do not use or disclose personal data for advertising, marketing, or promotional purposes. All of the information that we collect and access is either required for provision of the Service or information that you have voluntarily disclosed to us via the Service. You may elect not to disclose any personal data other than information that we specifically request to enable use of the Service.

Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal data, including: 

  • Access and Data Portability. You may confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request.
  • Correction. You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information’s nature and processing purpose.
  • Deletion. You may request that we delete personal data about you that we maintain, subject to certain exception under applicable law.  
  • Opt Out of Using Personal Data for Targeted Advertising, Profiling, and Sales. We do not use your personal data for these purposes.

Important: The exact scope of these rights vary by state. There are also several exceptions where we may not have an obligation to fulfill your request. 

To exercise any of these rights, please email privacy@splitsecure.com. To appeal a decision regarding a consumer rights request please contact us via email at privacy@splitsecure.com.

How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. Please refer to the contract entered into between you or the entity on whose behalf you use the Service and us for details on the security of the Service. The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access. 

How We Retain Your Personal Data

We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Service, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, personal data will be deleted, destroyed, or deidentified.

In particular, information in Categories 1, 2, and 5 in the chart above are recorded in an audit log that is a feature of the Service. The audit log is a secure and immutable record of actions within the Service and is governed by our agreement with your Organization. Your Organization has full access to the audit log, and we generally retain the audit log on behalf of your Organization for the duration specified in that agreement.

Changes to Our Privacy Policy

We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the “last updated” date and posting the updated policy on the Service. We may email or otherwise communicate reminders about this policy, but you should check our Service periodically to see the current policy and any changes we have made to it.

Contact Information

To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us at: privacy@splitsecure.com