Privacy Policy

Introduction

At Cacti, we respect your privacy. We believe that the less we know about you, the better; that is why we aim to limit the information we collect to the minimum necessary.

The purpose of this privacy policy (“Privacy Policy”) is to inform you in detail what personally identifiable information or personal information we collect from you when you use our application, how we use such information, and the choices you have regarding our use of, and your ability to review and correct, the information.

We reserve the right to change this policy, which we will do through online posting. We use your data solely to provide you with services in which you enroll.

For purposes of this Privacy Policy, the terms “Cacti”, “we,” “us” and “our” refer to the company Labyrinth Technologies LLP; the terms “application“, “service” and “product” refer to the Cacti software and related services including the Cacti Vault App website residing at cacti.ai; and “you” refers to you, as a user of the application as applicable.

Who We Are

Labyrinth Technologies LLP is an Indian company located in Prestige Atlanta, Koramangala 1st Block, Bengaluru, India 560034.

What Information We Collect and How We Use It

We only collect information that is necessary to provide you with our services and to improve our product.

Usage Data

To improve our services we periodically collect pseudonymized data about the type of device you use, the operating system and version installed on your device (e.g., iOS 13.5.1), the version of the app, the language setting, number of items in your vault, and number of suggestions made by the app’s on-device suggestions. This helps us get a pseudonymized view of how our app and its features are being used. We will use this data to only make decisions on adding new features and at no time will this be used to target or identify you. We will also not sell this data to a third party.

Diagnostic Data

To help identify and solve specific problems with our products and services, we occasionally solicit diagnostic reports and other troubleshooting data, bug, and crash reports from customers. This data will be anonymized.

Email Newsletter Subscription (Optional)

To inform our users about new features, releases, and blog posts, we provide a newsletter to which you can subscribe with your email address on our website. This cannot be done from the iOS app. Your app usage activity cannot be linked to your email address.

We use SquareSpace and SendGrid to manage our newsletter and other email lists. These services may provide us with data concerning your email activity, that is, the place, date and time where and when you open our messages, the device type you are using, and your interactions with our messages such as clicking a link.

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of the newsletter. You can also email support@cacti.ai to update or unsubscribe your email address, to request that we delete your email address, or that we stop tracking your email activity.

Feedback (Optional and Voluntary)

Any feedback you give us from within the iOS app is sent to us along with basic information such as your device model, device OS version, and app version. The feedback content itself could be the type of feedback you are providing, the text content of the feedback, and any attached images. This data can be shared with us only with your action, and if you wish to. There is no personally identifying information we collect during this process.

Email Communication (Optional and Voluntary)

Any data you share while you communication with us from our website — either through the form on the website’s Contact page, or through one of our public email addresses, will be stored with us. Your app usage cannot be linked with this data or email address.

Cookies and Other Technologies

Cacti’s website may use cookies and other such technologies. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

Where We Store Your Data

Personal Content

Your content, e.g., your images, videos, vault passphrase, preferences, etc., is not saved on our servers nor do we have access to this data. This data, if saved, is saved only on your iOS device as explained below.

• Media items (images, videos, etc) in your Vault: This content is only stored on the file system on your iOS device, within the Cacti Vault. This data is only ever stored encrypted (non-human readable) using your passphrase. When you are viewing your vault content, the decrypted versions of this data stays only in your device memory (RAM). Decrypted vault content is never stored on disk.

• Vault Passphrase: We never have access to your vault passphrase. This is not stored even on your device unless you choose biometric authentication (Touch ID or Face ID) for your vault. If you have chosen biometric authentication, your passphrase is stored on the Keychain on iOS which is an encrypted storage provided by iOS which is accessible only to the Cacti Vault App. If you have disabled biometric authentication, your passphrase is never stored anywhere. Either way, we do not ever gain access to your passphrase.

Diagnostic Data

Crash reports of the application are collected and sent to us by Apple anonymously as part of iOS crash reporting tools.

Feedback Data

The feedback that you provide from within the app is stored on backend systems operated and controlled by us. No third party has access to this data. This data may be sent on our internally communication platforms for further action on the feedback. Your data will be anonymous throughout.

Email Communication

If you email us on one of our publicly available email addresses, this data would be stored by GSuit whose email services we use.

Website Communication

If you communicate with us through our website, the communicated data may be stored by SquareSpace and GSuit. SquareSpace hosts our website and the forms that are present on it. Any form submissions are stored by SquareSpace and copies of the same are sent over to our emails as notifications which are stored by GSuit.

How Long We Store Your Data For

We store your data for as long as is necessary for the fulfillment or the initiation of a contract, or as long as we claim legitimate interests. After the expiration of that period, the corresponding data is routinely deleted or completely anonymized. In most cases, then data we already have in the first place is not personally identifiable. Statistical and diagnostic data is generally never deleted.

Data Processors

Depending on the usage of our services your personal data might be processed by the following services:

Apple

Data: Anonymized diagnostics, crash, and usage data of the app.

SendGrid

Email sending service provided by Twilio Inc.

Personal Data: Email address

AWS

Hosting service provided by Amazon Web Services, Inc.

Anonymized Data: Feedback Data

GSuit

Email server hosting provided by Google.

Personal Data: Email traffic

Your Privacy Rights

Right to Access

You can request us to provide you with information on how we collect, use, and store your personal information, and to provide you with a copy of your personal information we store. Note that this applies to only personally identifiable information we have about you.

Right of Rectification

You can request that we correct inaccurate information about you. Note that this applies to only personally identifiable information we have about you.

Right to Delete

You can request that we delete information collected about you, given that we are not required by law to preserve it, that it is not necessary for contract fulfillment and that we can still identify your records. Note that this applies to only personally identifiable information we have about you.

Right to Object

You can object to the processing of your information in certain cases, as well as request that Cacti does not use your personal information for direct marketing purposes. Note that this applies to only personally identifiable information we have about you.

Contact for Data Privacy

If you have any questions regarding your personal data as well as your privacy rights, please contact us at support@cacti.ai

Contacting You

We may use your contact information to communicate with you about our product, diagnostic data, and error reports, provide support, and send you other information such as product updates and announcements. You can opt out of news and announcements by unsubscribing from our newsletter.

Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. Such notices would be publicly posted on our website.

Consent for Underage Enrollment

Those under the age of 18 may not use the services without the consent or authorization of their parent or legal custodian.

Updates to Our Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to inform you of substantive changes via email. Previous versions of this page will be made available.

Glossary

Cacti

Cacti (or sometimes “we”, “us” or “our”) refers to the company Labyrinth Technologies LLP.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to an identified or identifiable natural person without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Last updated: 8th March 2022