SimpleLogin
SimpleLogin is an open-source email alias solution.
Score
Notes
No data is used for marketing purposes
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
Score
Citation
In SimpleLogin, you have the option to delete your account. Your account along with all your information are deleted immediately in the running database. All your information will be purged from our system in 7 days, including: - our database backups that are kept up to 7 days - our logs that are deleted after 7 days
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Score
Citation
When you pay for a SimpleLogin product, we ask for your credit card or PayPal and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers.
Currently we rely on Paddle to process credit card and PayPal transactions. Payments via our iOS app are processed by Apple. Anonymous cash, cryptocurrency payments and donations are accepted however.
Score
Citation
When required under applicable law. If the appropriate law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring we share data, we have to comply. And unless we’re legally prevented from it, we’ll always inform you when such requests are made. We have never received a such request from the government.
Score
Citation
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Most data are not encrypted while they live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest.
Our servers are provided by UpCloud and AWS. We are using datacenters that are located in Germany, Netherlands and France.
For more information on our server security, you can consult our security page.
Notes
Their security page (https://simplelogin.io/security/) outlines more in-depth info on all of their security practices and measures.
Score
Citation
Last updated: April 22, 2020
[...]
You can see a history of the changes to our policies on Github.
Notes
The GitHub repo is at https://github.com/simple-login/website
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
Score
Notes
There is no information provided that they would notify users of such breaches.
Score
Citation
We may update this policy as needed to comply with relevant regulations and reflect any new practices. You can see a history of the changes to our policies on Github. Whenever we make a significant change to our policies, we will also announce them on our company blog.
This includes the use of data brokers and independent verification authorities (such as background check providers).
Score
Notes
Data is not collected from third-parties.
Score
Citation
Identity & access
In order to create an account, we require your email address. We also give you the option to add a name and profile picture that displays in our products, but we do not normally look at or access these information. We’ll never sell your personal info to third parties, and we won’t use your name in marketing statements without your permission either.
Billing information
When you pay for a SimpleLogin product, we ask for your credit card or PayPal and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers.
Currently we rely on Paddle to process credit card and PayPal transactions. Payments via our iOS app are processed by Apple. Anonymous cash, cryptocurrency payments and donations are accepted however.
Voluntary correspondence
When you write to us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Score
Citation
Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data).
Notes
No data is processed for non-critical purposes.
Score
Citation
Identity & access
In order to create an account, we require your email address. We also give you the option to add a name and profile picture that displays in our products, but we do not normally look at or access these information. We’ll never sell your personal info to third parties, and we won’t use your name in marketing statements without your permission either.
Billing information
When you pay for a SimpleLogin product, we ask for your credit card or PayPal and billing address. That’s so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor and doesn’t ever go through our servers.
Currently we rely on Paddle to process credit card and PayPal transactions. Payments via our iOS app are processed by Apple. Anonymous cash, cryptocurrency payments and donations are accepted however.
Voluntary correspondence
When you write to us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.
Last Updated
June 24, 2020
Sources
Contributors