Privacy Policy | Cubbit

Effective date: 27 December 2019
Cubbit takes data security and privacy very seriously, so please read carefully this Policy. If you do not agree with the following terms, please do not access or use our Services or Website.

Who we are

Cubbit Srl, (collectively " Cubbit" " we", or " us", " our") is an italian headquartered startup limited company (registered office in Via della Zecca 1, 40121 Bologna, VAT no. 03562001200) aiming to create the first collaborative and sustainable cloud storage service.

How this Policy applies

This Privacy Policy explains how Cubbit processes your data included personal information that may identify you as an individual and how you can control the collection, rectification, restriction and/or deletion of such information when you use our Software or browse our Website:www.cubbit.io, including on a mobile device, and/or our Web App and/or any other service to which this policy is linked, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
Our website may contain links to third-party websites or services. This policy does not extend to those external sites or companies, so please consider their privacy policy directly.

Who is the Data Controller and Processor

If you have a Cubbit account as natural person, for those to whom the GDPR applies, Cubbit is the “data controller” of processing of personal information as described below. In other cases, if you are a legal person (i.e. company or organisation), you will be considered as “data controller” and Cubbit will be a "data processor", acting on instructions given from the data controller.
With regard to the processing of files uploaded to our distributed cloud network by users, however, Cubbit is always to be considered the “data processor” and the user (person or company or organization) owning the Cubbit account is the data controller, until the account termination.
However, since we believe in the potential of our community, being part of our network gives both rights and duties. In this sense, users who are also Cubbit Cell holders are to be considered themselves as sub-processors on behalf of Cubbit under Art. 28 (4) GDPR.
You can find a legal definition of “data controller” and “data processor” according with the EU legislation at the following link here.

How we protect your personal data

  1. Data encryption and peer-to-peer network
    Your personal and non-personal encrypted data will be split in several chunks and distributed safely over the peer-to-peer network and stored globally.
    Thanks to an AES-256 key encryption system, the data you have chosen to store on our network are safe and secure.
    Once encrypted, every single file is divided into 24 chunks, which are processed into 36 redundancy chunks. Of the 36 chunks, only 24 are needed to recover the original encrypted file. These chunks are then distributed globally and stored on the network using a peer-to-peer connection between the hosting cells and the user.
    Only you, or eventually someone with whom you decided to share your account user-name and password, ave the keys to decrypt and to access the encrypted content of your file.
    We do not collect users passwords so we can’t have access to the files you stored in your account and therefore we are not even able to recover your password.
    However, even if we cannot access the content of files and folders uploaded to the cloud, we may still need to process some of your personal information to provide you with our service.
  2. Unencrypted Data
    By purchasing a Cubbit Cell and creating and using a Cubbit account, you also send some unencrypted data, which may also include personal data.
    Those data are stored in data centers located in Germany. These are third-party provided data centers in which Cubbit rents a designated space.

Which personal information we collect

We collect information that you provide to us directly or indirectly, from third parties and by automated means, when you interact with us
  1. Data you provide to us
    • Registration and billing information you provide by purchasing a Cubbit Cell or supporting our crowdfunding campaign. When you place an order, you are asked to provide some non-encrypted identification and contact data and billing information by completing our survey such as name, shipping address, country/city of residence, VAT number, SDI code for italian citizens only, phone number, email and product preferences.
    • Account information you provide by downloading and installing the Cubbit client software and creating your personal account, such as the name and email that is necessary for the provision and maintenance of your user account. However, Cubbit is unable to link such metadata information to the encrypted content or file names within the storage space, as Cubbit does not have access to your password or to the encrypted content or file names located there.
    • Additional information that you may decide to share with us, including your personal data, when you contact our Swarm Support Team, submit forms on our website or otherwise communicate with us. It is your sole decision to share with us, during such communications, detailed and non-aggregated logs (which may contain, for example, unencrypted file names), your screen or any other data, so our processing of such data will be based on your consent.
  2. Information that we collect from third parties
    • Our seller Personal information about you that the Indiegogo or Kickstarter crowdfunding platform shares with us as campaign owners.
    • Third party tools that we currently use: HotJar to record where people move their mouse on key web pages; Google Analytics to let us know about page visits which in turn allows us to decide if it needs to update certain pages; Typeform, to distribute surveys, which users complete after subscribing a Cubbit campaign on Indiegogo; Facebook Pixel, to monitor and target advertising campaigns through social media. Upon your consent, such partners provide us with information about your engagement with our website and online advertisements. If you want to learn more, please see our Website Cookie Policy.
  3. Information that we collect automatically
    When you use our service we may automatically collect certain information about and from your Cubbit Cell. This may include information about the software version, operating system, Internet protocol address, and the date and time of each request made to Cubbit. When you connect to the network, we may also receive information about the external drives connected, number and size of files transferred.
    This information allows us to better meet user needs, diagnose service issues, provide more effective customer support, inform you about operating systems that we no longer support and ensure the continued functionality of our products.

Legal grounds for use of your information for European Economic Area residents

If you are a person (both a website visitor or a Cubbit user) located in the European Economic Area ("EEA"), we collect and process your personal information as described above only on the following legal basis: 1) Consent - we will normally collect your personal information only where we have your consent to do so; 2) Performance of contractual obligations - when it is necessary in order to provide our services; 3) Legal obligations - when we need to fulfill a legal obligation arising from European law, regulation or legislation; 4) Vital interests - when it is necessary to safeguard the interests of the data subject or of another person; 5) Legitimate interest - when there’s a legitimate business reason behind; 6) Public interest - when it is necessary to pursue legitimate interests of the controller or of a third party, as long as interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a minor, do not prevail.
For example, but not limited to:
  • the processing of data relating to the management of the relationship with users is based on the fulfilment of a contract between you and Cubbit (for example, when you place a purchase order, create an account, receive your Cell), or on our legitimate interest (stability, sustainability and security of the network);
  • the processing of data related to the sending of commercial communications, is based on your specific consent;
  • when you send us a request relating to our service, or for the management of requests for assistance, in order to identify any server problems or other IT or network issues the processing of your data will be based on your specific consent;
  • the processing related to the ergonomics of our website and the development of statistical data, is based on our legitimate interest in the use of cookies to improve our website and to ensure that it functions properly and is safe and secure, or is based on your specific consent for all other cookies (e.g. those related to the sending of targeted advertisements, or the provision of tailor-made services or the processing of statistics). For more information, please read the Web Site Cookie Policy
If you have any questions or need further information regarding the legal basis on which we collect and use your personal information, please contact us at hello@cubbit.io

Email Communications

From time to time, Cubbit will communicate with you via email. There are two types of email you may receive:
  1. Service Emails: These are service related emails such as technical notices, updates, security alerts, support and administrative messages. You cannot opt out of receiving these messages, including necessary security alerts and legal notices, Push notifications (in-app) may be also sent to your device to notify you of Cubbit Cell disconnection or malfunctions as well as certain events or user actions regarding the user account or the user’s data, as they are part of the service which Cubbit provides to you.
  2. Marketing Emails: These will include Cubbit news, promotions and similar. Upon creating a Cubbit account you will be able to manage your email preferences, including opting out of receiving all Marketing Emails. You will also be able to unsubscribe at any time by using the unsubscribe link provided in any given email.

Who we share your personal information with

Your personal data will be processed by our team and will never be sold to third parties. However, we may also need to share certain information, including personal data, with third parties, who, in accordance with this policy, will be required to follow, in any case, the specific instructions we provide to them to ensure the security and confidentiality of your data.

  1. Complying with legal requirements
    Cubbit may disclose your personal data if the applicable legal provisions so require, or when such action is necessary to comply with any laws, including to meet national security or law enforcement requirements. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud and abuses, in accordance with the applicable laws.
    In some cases, it may be necessary to comply with national security or law enforcement requirements, provide personal data to authorities: (a) if required by law or regulation, a court order or other judicial authorization, (b) in response to legitimate requests from public authorities, including to meet national security and law enforcement requirements; (c) in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganization of a business; (d) to protect or defend our rights, interests or property or that of a third party; (e) to investigate any unlawful act in connection with our products and services; and (f) to protect the vital interests of an individual.

  2. Using third-party service providers
    Users are aware that we may need to share certain information, including personal data, with our third party service providers that we use for development, backup, archiving, analysis and other services. In such cases, we require our third party service providers to use the personal information we share with them exclusively in connection with the services they provide to us.

  3. Business relations
    We may assign or transfer this policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge, or subsidiary companies, or member of the same group. Regardless of any changes that might happen in our company, your personal data will be protected the same way as it is right now.

Where do we transfer your data?

Your personal unencrypted data are stored and processed by us primarily within the EU territory.

Those data may also be transferred to countries outside the EU if permitted under national or EU data protection law.

We work in particularly close cooperation with some service companies, such as in the area of marketing strategies development, with technical companies (e.g. producer and supplier of electronic components) or with logistics companies (e.g. couriers). In principle, these companies are only allowed to process your data under special conditions and on our behalf. Insofar as we use these companies as processing companies on behalf of us, service companies will only be granted access to your data for the scope and for the period necessary for the provision of the respective service.

You can find a list of our current sub-processors here below:

  1. Technical service companies

    Amazon Web Service (AWS)
    Our largest third-party provider is Amazon since Cubbit Coordinator runs onAWS datacenters located in Germany. You can find more information on the processing of personal data by AWS at this link.

    Globalscale Technologies Inc.
    Cubbit Cells are manufactured and assembled by Globalscale Technologies Inc. based in Anaheim, California. You can find more information on the processing of personal data by Globalscale at this link.

    Mailchip
    For our communications and newsletter mailing we use the Mailchimp servicewww.mailchimp.com. You can find more information on the processing of personal data by Mailchimp at this link.

    Zendesk
    Our Swarm Support Team uses Zendesk. User email addresses and the support tickets are stored in Zendesk. Cubbit is using the support product of Zendesk for tracking, prioritizing and solving customer support tickets. You can find more information on the processing of personal data by Zendesk at this link.

    Typeform
    By purchasing a Cubbit Cell through the Indiegogo platform you will be asked to answer and complete a survey, including your personal information, automatically generated by means of the service offered by Typeform. You can find more information on the processing of personal data by Typeform at this link.

  2. Marketing tools and consulting company

    Google Analytics
    We use Google Analytics. to learn how visitors interact with our website and for marketing-related purposes.

    Google AdWords
    Google AdWords. is Google's advertising system in which advertisers bid on certain keywords in order for their clickable ads to appear in Google's search results. We use Google Adwords to promote our content, products and services.

  3. Social Media Network

    Facebook
    We use Facebook Ads Manager. to promote our company, content, products and services to different audiences.

    Youtube
    We use embedded Youtube. videos on our website, blog and knowledge base. When you play these videos, your visitor data and cookies are processed by YouTube as well.

How long will we retain your information?

  1. Your Personal Data
    Your personal data will be kept only for the time necessary for the purposes described in this document, after which they will be kept only to comply with legal obligations (tax, accounting or other legal requirements).
    When there is no legitimate need to process your personal data, we will delete or anonymize them, according to technical possibilities.
  2. Your stored Encrypted Content
    Each user can access, edit or delete the encrypted content within the storage space.
    For reasons of stability and technical sustainability of the network, the user's account only remain active as long as the Cubbit Cell stays connected to a working internet router.

    IF THE CUBBIT CELL IS DISCONNECTED, FOR ANY REASON, YOU WILL RECEIVE WITHIN 36 HOURS ONE OR MORE NOTIFICATIONS FROM OUR SWARM SUPPORT TEAM BUT YOUR FILES WILL CONTINUE TO BE ACCESSIBLE TO YOU FOR A LIMITED PERIOD OF 30 DAYS FROM THE DATE OF THE FIRST WARNING.

    AT THE END OF THE 30 DAY PERIOD, WITHOUT THE CUBBIT CELL BEING RECONNECTED TO THE NETWORK AND WITHOUT THE USER HAVING CONTACTED THE SWARM SUPPORT TEAM AND OPENED A TICKET, PROVIDING ADEQUATE REASONS, ALL YOU FILES STORED ON CUBBIT NETWORK WILL BE DELETED AND WILL NO LONGER BE ACCESSIBLE TO THE USER.

Your right of control and choice

Those to whom the personal unencrypted data refer have the right at any time to obtain confirmation of the existence or otherwise of such data from the Data Controller or Data Processor and to know the content and origin, verify its accuracy or request its integration, updating, cancellation, limitation, to request transformation into anonymous form or blocking of data processed unlawfully, and to oppose in any case, for legitimate reasons, their treatment.
If you are from a country where the GDPR applies or other jurisdictions, may have additional rights such as:
  • In some cases, you may have a wider right to have your personal data deleted if, for example, it is no longer necessary in relation to the purposes for which it was originally collected. However, it may be necessary to retain certain information for registration purposes in order to fulfil our legal obligations;
  • You may have the right to have the right to opt-out of all of our processing of your personal data for direct marketing purposes;
  • You may have the right to request to restrict the personal data process in certain circumstances (for example, where you believe that the personal data we hold about you is inaccurate or unlawfully held).
  • In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer personal data to another data controller without hindrance.
In accordance with applicable law, if you wish to exercise such rights, please write to hello@cubbit.io. We may ask you to verify your identity.

Complaints

In case the GDPR applies to you, we also remind you that pursuant to Art. 77 you have the right to lodge a complaint to the National Authority for the Protection of Personal Data (please find a list of the Data Protection Authorities here) or bring an action to the court if you consider that your rights have been infringed as a result of the processing of your personal data pursuant to Art. 79.
In all other cases, disputes concerning this Privacy Policy will be referred to the exclusive jurisdiction of the Court of Bologna (Italy).
However, in order to find a quick and friendly resolution of any issues related to the processing of personal data, please get in touch with us first and we will do our best to solve your issue.

Withdrawal of consent

When the processing of your personal data is based on your consent, you can withdraw your consent at any time by changing your privacy settings. In addition, you can also contact us at hello@cubbit.io. In the event of withdrawal of consent, we will no longer process your personal data for the relevant purpose, however this does not affect the lawful processing based on the consent previously given.

Policy changes

In order to provide our users the highest possible standard of protection in the processing of personal data, we may change this Privacy Policy to cover new technologies, software features, industry practices, regulatory requirements or other purposes.
We will inform you if such changes are material and, where required by applicable law, you will be asked for your consent.
The notice may be sent by email to the email address you provided to us during registration, posting the notice of such changes on our site and on our application, in accordance with applicable law.

Contact us

If you have any further questions about this Privacy Policy, the practices of this site and service, please contact us hello@cubbit.io or at Via della Zecca 1, Bologna - 40121 (Italy).