SSLMate Privacy Policy

Last revised: July 5, 2021

Below is the Privacy Policy ("Policy") of Opsmate, Inc. ("Opsmate"), the operator of SSLMate. This Policy covers our collection, use, and disclosure of all data that we collect through our website sslmate.com, the SSLMate service, and other related services (collectively, the "Service"). This Policy is incorporated into, and considered a part of, the SSLMate Terms of Service, located at https://sslmate.com/policies/tos. By using the Service, you agree to the terms of this Policy and you expressly consent to the handling of your data in accordance with this Policy.

If you have questions about this Policy, please email sslmate@sslmate.com.

Types of Data We Collect

Cookies

Like many websites operators, Opsmate uses "Cookies," which are small pieces of data that a website can save to your computer's hard drive while you are visiting a website. We associate the data we store in Cookies with the personally identifiable information you submit while on our site. Cookies can be disabled and deleted through your Web browser preferences. Please note that you will be unable to access your SSLMate account if you disable Cookies.

Use, Storage, and Disclosure of Data

Server logs are stored and are used only for improving, administering, and troubleshooting the Service. Old logs are periodically purged.

Passwords are never stored, except as a salted and strengthened irreversible cryptographic hash. Passwords are used only for authenticating you with the Service.

When you request a certificate, Opsmate will transmit Certificate Request Data to our third party SSL certificate vendor in order to obtain a certificate on your behalf. Our third party SSL certificate vendor will embed the Certificate Request Data in public certificate(s), which are public information and may be logged to public Certificate Transparency logs and other public ledgers by Opsmate, our SSL certificate vendor, or another third party. This disclosure is a technical requirement for your certificate to function.

When you request a certificate using email approval, Opsmate will transmit the Approver Email Address to our third party SSL certificate vendor. Our third party SSL certificate vendor will use the Approver Email Address to send email(s) requesting approval of the certificate.

When you request an Extended Validation certificate, Opsmate will transmit your Personal Information to our third party SSL certificate vendor. Our third party SSL certificate vendor will use your Personal Information to validate the certificate request, and may embed your Personal Information in public certificate(s), which are public information and may be logged to public Certificate Transparency logs and other public ledgers by Opsmate, our SSL certificate vendor, or another third party. This disclosure is a technical requirement for your certificate to function.

Opsmate may transmit to, and store your data with, third party vendors who provide storage, database, or compute services to Opsmate. Opsmate retains full control of this data. No processing of your data is performed by third parties, except as otherwise described in this Privacy Policy.

Opsmate may disclose your data if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on Opsmate; or (b) protect or defend the rights or property of Opsmate or users of the Service.

If you are a company, then unless you opt out of this provision by emailing sslmate@sslmate.com, Opsmate may use your trade names, trademarks, service marks, logos, domain names, and other distinctive brand features in presentations, marketing materials, customer lists, financial reports, and Web site listings (including links to your website) for the purpose of advertising or publicizing your use of Opsmate products or services.

Opsmate does not otherwise sell, trade, share, or rent your data to third parties.

Collection of Data by Third Parties

Opsmate out-sources its credit card processing to a third party credit card processor. When you enter your payment details (such as credit card number) through our Service, our third party credit card processor collects and stores it on our behalf. Our credit card processor adheres to PCI compliance in the storage and handling of your payment details.

Opsmate may link to third party websites from our website. If you choose to follow such a link, the other website may collect personal data from you. Opsmate is not responsible for the data collection practices of the the third party website, and a link to another site is not an endorsement from Opsmate of their privacy practices.

Opsmate may embed social networking widgets on its site. These widgets are embedded in such a way as to not collect data unless you click or otherwise activate them. If you do so, data about you will be transmitted to the third party social networking site. Opsmate is not responsible for how this data is used.

Opsmate does not embed ads in its website.

Use of Your Email Address

When you sign up for the Service, you provide your email address to us. As long as your account is active, we may use your email address in the following ways:

You may change the email address at which you receive emails by logging into the Service and visiting your account preferences.

To cancel your account and receive no future automated emails from us, email sslmate@sslmate.com. After your account is canceled, we retain the right to contact you via email for necessary legal or billing purposes.

You may also sign up for the SSLMate newsletter without being a user of the Service. When you sign up for the newsletter, you provide your email address to us, and consent to the reception of emails promoting SSLMate and other Opsmate products and services. You can unsubscribe from future mailings at any time by following the unsubscribe link at the bottom of the emails.

Your email address is never sold and is never divulged except as otherwise provided in this Policy.

Deleting or Modifying your Data

You may change the Personal Information associated with your account by editing your profile within the account section of our website, or by emailing sslmate@sslmate.com.

We will retain your Personal Information for for as long as your account is active, or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

You may request deletion of Personal Information associated with your account by filling out this online form or emailing sslmate@sslmate.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it, indefinitely or for a certain time (in which case we will comply with your deletion request only after we have fulfilled such requirements).

When we delete or modify your Personal Information, it will be deleted from/modified in the active database, but may remain in archives. Archives are periodically purged.

Testimonials

With your consent, we may post a customer testimonial authored by you on our website which may contain personally identifiable information. If you later want your testimonial removed, please email sslmate@sslmate.com.

California Privacy Rights

Customers who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we shared with third parties for direct marketing purposes, and the identities of the third parties (if any) with whom we shared such data during the immediately preceding calendar year.

California residents may request and obtain from us, free of charge, the categories and specific pieces of personal information about them that we have collected.

California residents may request and obtain from us, free of charge, the categories of sources from which we collect personal information, the business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.

California residents may request that we delete personal information about them that we have collected from them.

We will not discriminate against California residents for exercising the rights described in this section, such as by denying services or charging a different price.

Designated Methods for Requests

If you are a California resident and would like to make one of the requests described in this section, please:

Categories of personal information collected about consumers in preceding 12 months

Categories of personal information sold about consumers in preceding 12 months

Opsmate has not sold personal information about consumers in the preceding 12 months.

Categories of personal information disclosed about consumers for a business purpose in preceding 12 months

A Note About Children

Opsmate does not intentionally collect Personal Information about children under the age of 13.

Security of your Data

Opsmate is committed to protecting the security of your Personal Information and Service Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Information and Service Data from unauthorized access, use, or disclosure. Despite these measures, you should know that Opsmate cannot fully eliminate security risks, and mistakes and security breaches may happen. If you have any questions, please email us at sslmate@sslmate.com.

Business Transfers

If Opsmate, or substantially all of its assets, were acquired, or in the unlikely event that Opsmate goes out of business or enters bankruptcy, user data would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Opsmate may continue to use your Personal Information as set forth in this Policy.

Changes to this Policy

Although most changes are likely to be minor, Opsmate reserves the right, at its sole discretion, to modify or update this Policy from time to time by posting an updated version of such Policy on this page (https://sslmate.com/policies/privacy). When we change this Policy, we will update the "last revised" date at the top of this page. If there are material changes to this Policy, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. Your continued use of the Service after any such change constitutes your acceptance of the new Policy.