Below is the Privacy Policy ("Policy") of Opsmate, Inc. ("Opsmate"), the operator of SSLMate. This Policy covers our collection, use, and disclosure of all data that we collect through our website sslmate.com, the SSLMate service, and other related services (collectively, the "Service"). This Policy is incorporated into, and considered a part of, the SSLMate Terms of Service, located at https://sslmate.com/policies/tos. By using the Service, you agree to the terms of this Policy and you expressly consent to the handling of your data in accordance with this Policy.
If you have questions about this Policy, please email sslmate@sslmate.com.
Types of Data We Collect
- Server Logs. Like most website operators, Opsmate collects web server log data when you visit the SSLMate website. This data includes the request URL, the data and time of your request, your IP address, your operating system and web browser type (the "User-Agent" string), your language preference, and the referring URL. Also, when you connect to the Service using the sslmate command line program, your IP address is logged.
- Personal Information. When you sign up for the Service or later modify your account profile, you provide "Personal Information," including, but not limited to, name, email address, password, and contact information.
- Certificate Request Data. When you use the Service to request and manage SSL certificates, you provide "Certificate Request Data," such as certificate signing requests (CSRs), public keys, and domain names for which to obtain certificates.
- Approver Email Address. If you choose to approve a certificate request using email, you provide an "Approver Email Address".
- Correspondence. We collect other information you volunteer to us, in emails, live chats, phone calls, support tickets, or other communication or correspondence ("Correspondence"), as well as meta-data (such as IP addresses and caller ID) attached to such Correspondence.
Cookies
Like many websites operators, Opsmate uses "Cookies," which are small pieces of data that a website can save to your computer's hard drive while you are visiting a website. We associate the data we store in Cookies with the personally identifiable information you submit while on our site. Cookies can be disabled and deleted through your Web browser preferences. Please note that you will be unable to access your SSLMate account if you disable Cookies.
Use, Storage, and Disclosure of Data
Server logs are stored and are used only for improving, administering, and troubleshooting the Service. Old logs are periodically purged.
Passwords are never stored, except as a salted and strengthened irreversible cryptographic hash. Passwords are used only for authenticating you with the Service.
When you request a certificate, Opsmate will transmit Certificate Request Data to our third party SSL certificate vendor in order to obtain a certificate on your behalf. Our third party SSL certificate vendor will embed the Certificate Request Data in public certificate(s), which are public information and may be logged to public Certificate Transparency logs and other public ledgers by Opsmate, our SSL certificate vendor, or another third party. This disclosure is a technical requirement for your certificate to function.
When you request a certificate using email approval, Opsmate will transmit the Approver Email Address to our third party SSL certificate vendor. Our third party SSL certificate vendor will use the Approver Email Address to send email(s) requesting approval of the certificate.
Opsmate may transmit to, and store your data with, third party vendors who provide storage, database, or compute services to Opsmate. Opsmate retains full control of this data. No processing of your data is performed by third parties, except as otherwise described in this Privacy Policy.
Opsmate may disclose your data if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants served on Opsmate; or (b) protect or defend the rights or property of Opsmate or users of the Service.
If you are a company, then unless you opt out of this provision by emailing sslmate@sslmate.com, Opsmate may use your trade names, trademarks, service marks, logos, domain names, and other distinctive brand features in presentations, marketing materials, customer lists, financial reports, and Web site listings (including links to your website) for the purpose of advertising or publicizing your use of Opsmate products or services.
Opsmate does not otherwise sell, trade, share, or rent your data to third parties.
Collection of Data by Third Parties
Opsmate out-sources its credit card processing to a third party credit card processor. When you enter your payment details (such as credit card number) through our Service, our third party credit card processor collects and stores it on our behalf. Our credit card processor adheres to PCI compliance in the storage and handling of your payment details.
Opsmate may link to third party websites from our website. If you choose to follow such a link, the other website may collect personal data from you. Opsmate is not responsible for the data collection practices of the the third party website, and a link to another site is not an endorsement from Opsmate of their privacy practices.
Opsmate may embed social networking widgets on its site. These widgets are embedded in such a way as to not collect data unless you click or otherwise activate them. If you do so, data about you will be transmitted to the third party social networking site. Opsmate is not responsible for how this data is used.
Opsmate does not embed ads in its website.
Use of Your Email Address
When you sign up for the Service, you provide your email address to us. As long as your account is active, we may use your email address in the following ways:
- To send you automated transactional emails related to activity on your account, including, but not limited to, invoices, payment receipts, and security alerts.
- To send you updates to the Terms of Service and Privacy Policy, and other legal notices.
- To send you email notifying you of Service status, scheduled downtime, new features, new Opsmate products and services, tips on how to use SSLMate, and promotions of Opsmate products and services which may be of interest to you. You can opt out of such emails at any time by following the unsubscribe link at the bottom of the emails or by visiting your account email preferences.
You may change the email address at which you receive emails by logging into the Service and visiting your account preferences.
To cancel your account and receive no future automated emails from us, email sslmate@sslmate.com. After your account is canceled, we retain the right to contact you via email for necessary legal or billing purposes.
You may also sign up for the SSLMate newsletter without being a user of the Service. When you sign up for the newsletter, you provide your email address to us, and consent to the reception of emails promoting SSLMate and other Opsmate products and services. You can unsubscribe from future mailings at any time by following the unsubscribe link at the bottom of the emails.
Your email address is never sold and is never divulged except as otherwise provided in this Policy.
Deleting or Modifying your Data
You may change the Personal Information associated with your account by editing your profile within the account section of our website, or by emailing sslmate@sslmate.com.
We will retain your Personal Information for as long as your account is active, or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
You may request deletion of Personal Information associated with your account by filling out this online form or emailing sslmate@sslmate.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it, indefinitely or for a certain time (in which case we will comply with your deletion request only after we have fulfilled such requirements).
When we delete or modify your Personal Information, it will be deleted from/modified in the active database, but may remain in archives. Archives are periodically purged.
Testimonials
With your consent, we may post a customer testimonial authored by you on our website which may contain personally identifiable information. If you later want your testimonial removed, please email sslmate@sslmate.com.
California Privacy Rights
Customers who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we shared with third parties for direct marketing purposes, and the identities of the third parties (if any) with whom we shared such data during the immediately preceding calendar year.
California residents may request and obtain from us, free of charge, the categories and specific pieces of personal information about them that we have collected.
California residents may request and obtain from us, free of charge, the categories of sources from which we collect personal information, the business or commercial purpose for collecting personal information, and the categories of third parties with whom we share personal information.
California residents may request that we delete personal information about them that we have collected from them.
We will not discriminate against California residents for exercising the rights described in this section, such as by denying services or charging a different price.
Designated Methods for Requests
If you are a California resident and would like to make one of the requests described in this section, please:
- Fill out this online form, or
- Email sslmate@sslmate.com.
Categories of personal information collected about consumers in preceding 12 months
- Identifiers, such as real name, alias, email address, or similar
- Personal information described in subdivison (e) of California Civil Code 1798.80
- Characteristics of protected classifications under California or federal law
- Commercial information
- Internet and network activity information
- Professional or employment-related information
- Inferences drawn from the above
Categories of personal information sold about consumers in preceding 12 months
Opsmate has not sold personal information about consumers in the preceding 12 months.
Categories of personal information disclosed about consumers for a business purpose in preceding 12 months
- Identifiers, such as real name, alias, email address, or similar
- Personal information described in subdivison (e) of California Civil Code 1798.80
- Characteristics of protected classifications under California or federal law
- Commercial information
- Internet and network activity information
- Professional or employment-related information
- Inferences drawn from the above
A Note About Children
Opsmate does not intentionally collect Personal Information about children under the age of 13.
Security of your Data
Opsmate is committed to protecting the security of your Personal Information and Service Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Information and Service Data from unauthorized access, use, or disclosure. Despite these measures, you should know that Opsmate cannot fully eliminate security risks, and mistakes and security breaches may happen. If you have any questions, please email us at sslmate@sslmate.com.
Business Transfers
If Opsmate, or substantially all of its assets, were acquired, or in the unlikely event that Opsmate goes out of business or enters bankruptcy, user data would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Opsmate may continue to use your Personal Information as set forth in this Policy.
Changes to this Policy
Although most changes are likely to be minor, Opsmate reserves the right, at its sole discretion, to modify or update this Policy from time to time by posting an updated version of such Policy on this page (https://sslmate.com/policies/privacy). When we change this Policy, we will update the "last revised" date at the top of this page. If there are material changes to this Policy, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. Your continued use of the Service after any such change constitutes your acceptance of the new Policy.