Privacy Policy

November 1st, 2017

This Privacy Policy describes how TunnelBear Inc. (“TunnelBear”), the company behind RememBear, handles your personal information when you use our RememBear services (“Services”).

By using our Services, you agree to let us collect, use, disclose and otherwise manage your personal information as we describe in this Privacy Policy.

TunnelBear is a global company with headquarters in Canada. When you use RememBear, your RememBear data is stored in Canada. By using our Services, you authorize TunnelBear to use your information according to Canada’s laws, regardless of which country you are located in.

If you have any questions or comments about this Privacy Policy, please contact us at: privacy (at) tunnelbear.com.

 Personal Information

As a provider of online privacy and security services, we ultimately strive to collect the minimal amount of Personal Information required to operate our Services. This often means difficult trade-offs between the information we collect and the performance of our Services.

We believe in an open dialogue because this Privacy Policy is an evolving document. We welcome your thoughts and feedback on how we're doing.

  1. What is Personal Information?
  2. As a provider of online privacy and security services, we ultimately strive to collect the minimal amount of Personal Information required to operate our Services. This often means difficult trade-offs between the information we collect and the performance of our Services.

    We believe in an open dialogue because this Privacy Policy is an evolving document. We welcome your thoughts and feedback on how we're doing.

    "Personal Information" means any information that can be used to identify you individually, and includes information about you that you provide while using our Services.

    The Personal Information we collect includes your Account Data, certain credit card or payment information and, in some circumstances may include Operational Data, as described below. We may also collect Personal Information you provide to us if you communicate with us, for example, to request support or information.

    We collect, use and disclose your Personal Information as necessary in order to provide you with the Services and for the other purposes identified below.

  3. Your RememBear data
  4. RememBear was carefully engineered so that you and only you can access the information stored in RememBear. All items, such as passwords, credit cards, notes and any other types of data, stored by you in RememBear are end to end encrypted. No RememBear staff, including our support team and engineers, can view or access the items you add.

    Your encrypted RememBear data will be stored on our servers in Canada so that you can sync between devices. Even though your data will be stored on our servers, it will only be accessible by you when you unlock it with your Master Password.

    TunnelBear does not own the data in your RememBear, this is your information and you can add to it, delete it and modify it anytime you choose.

  5. Account Data
  6. When you create or update your RememBear user account, we collect and store the following “Account Data”. The Account Data is listed below in its entirety and is used by us for the purposes described:

    Account Data
    What do we use it for?
    Email address

    Signing up for, providing support for and using your RememBear account.

    General communications, purchase receipts and occasional product news.

    Email confirmed
    Confirmation that your email address is valid

  7. Operational Data
  8. TunnelBear also collects and stores “Operational Data” required to operate our Services. This is data that we collect and store when you connect to our Services. Operational Data is listed below in its entirety and is used by us for the following purposes:

    Operational Data
    What do we use it for?
    OS Version

    e.g. iOS 7

    User support, troubleshooting and product planning
    RememBear App Version

    e.g. PC version 2.1.1

    User support and troubleshooting
    Feature activation

    e.g. Used RememBear extension

    Customer satisfaction, support and product planning
    Achievements

    e.g. Added a credit card

    Customer satisfaction, support and product planning
    Total number of items in RememBear

    e.g. 120 total items (no associated details)

    Customer satisfaction, support and product planning

  9. Personal and Financial Data Collected at Payment
  10. Making a purchase with a credit card on any of the Services will result in Personal Information being exchanged with payment processors.

    Credit Card Transactions

    TunnelBear processes credit card payment information securely through Stripe, a third party payment processor, whose use of your Personal Information is governed by their privacy policy. Stripe may store Personal Information associated with your financial transactions outside of Canada’s borders, in which case such information will be subject to the laws of the jurisdiction in which it is held.

    When you pay with credit card, RememBear collects and stores the following information, which is used for the purposes described:

    Payment Data
    What do we use it for?
    Cardholder last name

    e.g. Smith

    For use in credit card fraud prevention
    Date of card use

    e.g. 2014/01/01

    For use in credit card fraud prevention
    Last four Numbers of Credit Card

    e.g. 5555

    For use in credit card fraud prevention

    TunnelBear does not store, but can securely login and view, the following information through our third party payment processor Stripe:

    Payment Data
    What do we use it for?
    Card billing address
    For use in credit card fraud prevention
    Card expiry
    For use in credit card fraud prevention
    Last four Numbers of Credit Card
    For use in credit card fraud prevention

    TunnelBear never stores your complete credit card number. To protect the security of your payment information, we adopt all available security and multi-factor authentication measures available from our payment processors.

    TunnelBear operates exclusively with PCI compliant payment processors. Only our payment processors have the ability to collect, use and access your full credit card information and other financial information. They can use this information solely for the purpose of charging and invoicing you for our (paid) Services and as otherwise required by law.

  11. Other Data TunnelBear Just does NOT Collect or have Access to:
  12. TunnelBear explicitly does NOT collect, store or log the following data:

    • IP addresses visiting our website
    • Your IP address when you use RememBear

    TunnelBear explicitly cannot access the following data:

    • Any passwords or credit cards you choose to store in your RememBear

  13. Disclosure of Personal Information to Third Parties
  14. Except as described below or as required or permitted by law, TunnelBear will NOT disclose your Personal Information to any other third parties under any circumstance without your consent.

    Tunnelbear may disclose your Personal Information to third party service providers (e.g., payment processors as described above) to the extent necessary in order to provide you with the Services; in such case, we use contractual or other means to ensure that there is a comparable level of protection for any Personal Information that is processed for us by third parties.

    In the event TunnelBear is required to comply with law enforcement where subpoenas, warrants or other legal documents have been provided, valid under Canadian jurisdiction, we will disclose Personal Information only to the extent legally required.

    If our organization structure changes (i.e., we undergo a restructuring or are acquired), we may need to migrate your Personal Information to a third party related to a business transaction, but, we will ensure that such a third party has entered into an agreement under which the use of your Personal Information is only related to purposes necessary for the transaction and the third party agrees to protect your Personal Information by appropriate security safeguards.

    TunnelBear does NOT store users originating IP addresses when connected to our Services and thus cannot identify users when provided IP addresses. Additionally, we cannot disclose information about the passwords, credit cards or other data our users store in their RememBear, as TunnelBear does NOT have access to this information.

    Commitment to Personal Information Principles

    Any Personal Information you provide to TunnelBear will be administered according to the following principles:

  1. Accountability
  2. TunnelBear is responsible for the Personal Information under our control and has designated one or more individuals to oversee Tunnelbear’s privacy compliance. Should you have any questions, concerns or complaints about how your Personal Information is handled or questions about our Privacy Policy, feel free to contact us at [email protected].

  3. Identifying Purposes
  4. TunnelBear will explain the purposes for which your Personal Information is collected before or when we collect it. If your Personal Information is to be used for a purpose not previously identified (i.e., a purpose other than those identified above), we will identify that purpose prior to use and, unless the new purpose is required by law, obtain your consent before using the information for that purpose.

  5. Consent
  6. Unless otherwise required by law, we will obtain your consent whenever we collect, use or disclose your Personal Information, or make changes to the Account Data we store. Your consent may be express or implied, depending on the circumstances. In certain circumstances your consent may be implied by your actions. For example, by providing us Personal Information to sign up for our Services, it is implied that we can collect, use and disclose such information as we outlined in this Privacy Policy.

    The form of consent sought by TunnelBear may vary depending on the nature of the information. In determining the appropriate form of consent, TunnelBear will take into account the sensitivity of the information and your reasonable expectations. Implied consent will generally be appropriate where information is less sensitive. You have the right to withdraw your consent to the collection, use or disclosure of your Personal Information. To exercise your right to withdraw consent, or ask questions about your Personal Information, please contact: [email protected].

  7. Limiting Collection
  8. We take great care to not collect Personal Information indiscriminately and limit collection to the minimum necessary information required to operate our Services. By limiting the collection of Personal Information, we help to protect the privacy and security of your Personal Information.

  9. Limiting Use, Disclosure, and Retention
  10. We will not use or disclose your Personal Information for any purpose that you have not consented to, except as required by law. TunnelBear will NOT sell or trade Personal Information for commercial purposes.

    We store your Personal Information only as long as is necessary for the purposes for which it is collected or as required by law. We erase or destroy the records containing Personal Information when they are no longer required; this will be done in ways that will protect your continued privacy.

  11. Accuracy
  12. It is your responsibility to inform TunnelBear of any relevant changes in your Personal Information by updating your account information.

  13. Safeguards
  14. TunnelBear uses strong safeguards to protect the privacy of all our records, including your Personal Information. We implement physical, business and technical security measures that are designed to prevent and protect against loss or theft as well as unauthorized access, disclosure, copying, use or modification to or of your Personal Information.

    Only TunnelBear’s employees or service providers with a business need to know or whose duties require access to Personal Information, are granted access to our customers’ Personal Information as outlined in sections 1.3, 1.4 and 1.5. All such employees are required as a condition of employment to respect the confidentiality of our customers’ Personal Information. No staff will ever be able to access, view or modify your RememBear data as outlined in section 1.2. We use contractual or other means to ensure that there is a comparable level of protection for any Personal Information that is processed for us by third parties.

    Your RememBear data is secured by a Master Password that you select. YOU ARE RESPONSIBLE FOR PROTECTING YOUR MASTER PASSWORD. If you forget your Master Password, TunnelBear can reset your account, but in doing so the backup of your RememBear on our servers will be deleted.

  15. Openness and Transparency
  16. So that you can be confident that we are handling your Personal Information appropriately, we take extraordinary measures to document our policies and provide openness and transparency around the Personal Information we collect, why we collect it and how we use, disclose and otherwise handle it. To find out more information about our policies and practices with respect to the management of your Personal Information, contact us at: [email protected].

  17. Individual Access
  18. If at any time you have a question about our records containing your Personal Information, we will do our best to answer it. Subject to limited exceptions as mandated by law, you have the right to be told what Personal Information we maintain about you, how it has been or is being used and to whom it has been or may have been disclosed, as well as the right to access that information.

    When you send us a written request, we’ll confirm your ownership of the account and then we will provide you with any information we have regarding our storage, use and disclosure of your Personal Information.

    You can request access to your Personal Information, or challenge its accuracy and completeness and request amendments, as appropriate, by contacting us at: [email protected].

  19. Addressing Comments and Concerns
  20. We believe in an open dialogue, and understand that this Privacy Policy is an evolving document. We welcome your thoughts and feedback on how we're doing. If you have any questions, concerns or complaints about this Privacy Policy or our privacy procedures, please contact us at [email protected].

    If your privacy concerns or complaints are not addressed to your satisfaction by TunnelBear you may contact the Office of the Privacy Commissioner of Canada for further guidance at:

    30 Victoria Street
    Gatineau, Quebec K1A 1H3
    Toll-free: 1-800-282-1376
    Phone: (819) 994-5444
    TTY: (819) 994-6591
    www.priv.gc.ca

  21. Changes to Our Privacy Policy
  22. We may need to change our Privacy Policy from time-to-time and all updates will be posted online at RememBear.com. Your continued use of our Services after the effective date of such changes constitutes your acceptance of such changes. We will post an effective date at the top of the page for your convenience.