Privacy Policy

 

Privacy Policy

Last updated: January 12, 2022

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. 

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application means the software program provided by the Company downloaded by You on any electronic device, named Mobilespy
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: Austria
  • Basic Encryption refers to the procedure that converts clear text into a hashed code using a key, where the outgoing information only becomes readable again by using the correct key. This minimises the risk of an incident during data processing, as encrypted contents are basically unreadable for third parties who do not have the correct key. Encryption is the best way to protect data during transfer and one way to secure stored personal data. It also reduces the risk of abuse within a company, as access is limited only to authorised people with the right key.
  • Advanced Encryption refers to the procedure that converts clear text into a hashed code using a key, where the outgoing information only becomes readable again by using the correct key. The user is the only person in possession of this key and all contents are unreadable for any and all third parties.
  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • Data Subject/The User is the identified or identifiable living individual to whom personal data relates.
  • Personal Data “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
  • Platform refers to the Android Client Application or the Website or both.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to mobilespy.at, accessible from mobilespy.at
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

COLLECTION AND USE OF YOUR PRIVATE DATA

Types of Data Collected

Personal Data

It is possible for everyone to access our Website without providing personal data.

The only purpose of processing your data While using Our Service is for the matter of purchasing the software and Login to the Website, in this case we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you in accordance with Article 6(1)(b) GDPR.
 Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data

Usage Data (PERSONAL DATA COLLECTION AND USE)

Usage Data is collected after accepting the disclaimer when using the Website for the first time.

Usage Data may include information such as browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, operating system and other diagnostic data.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

All of this data is fully anonymized and allows no connection between the actual user and this data. We are collecting and aggregating this data because this information is needed to (1) deliver the content of our homepage directly (responsiveness), (2) ensure the long-time viability of our IT-Infrastructure and (3) increase the security and performance of our IT-Infrastructure.

This means we are statistically analyzing anonymously collected data, with the main goals of increasing the security of our IT-Infrastructure and ensure the highest possible level of protection against all threats.

Please be advised, that at no point you are forced to share your personal data with us, it might be necessary though in order to create an account, purchase the software and start using the service.

The reason for all data processing done by us are 

  1. Consent
  2. Performance of Contract
  3. A legitimate interest

Data Subject Categories

We are processing the personal data of the following categories of data subjects:
 (i) Website Users;
 (ii) Service Users
 (iii) mobilespy.at Software Users

Target Devices Users DO NOT fall under the definition of Data Subjects, because these individuals

  • Can not be identified
  • Are not identifiable natural persons

 

based on the information which may be collected by Service Users, as they are encrypted on the target device with the users personal and private Secret Key to which we have no access to.

 

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on our Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. The technologies we use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here: Cookies Policy.

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

  • Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

  • Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

 

Scope and Categories of Personal Data

We are striving to be compliant with the GPDR and are following and have implemented the data minimization principles.
 The Data we are collecting consists of: (1) the full name, (2) email address in order to allow data subjects to purchase the software, (3) Anonymized Ip address – to prevent Denial of Service attacks and other abuse.

The personal data is not shared with any third parties, except when explicitly necessary in order to provide the mobilespy.at service, payment system or in case we are legally obliged to transfer this data because of the request of a government authorities.

All personal data is stored in a separate database in order to avoid any and all data subject identification with depersonalization features, in full compliance with the storage limit principle as outlined in the GDPR.

We do not authorize the use of your personal data by any third party (only under exceptional conditions as seen under “Legal Summary” below). We operate, maintain and improve a multitude of online security measures to maximize the safety and privacy of your personal data.

We will only ever use any personal data collected of you during the billing process and selected payment gateway, which is processed by the payment gateway of your choice and us, in order to provide the mobilespy.at service to you and e-mail you a “Thank you for your Purchase”-E-Mail or in order to transmit billing information.

After you purchase and starting using the mobilespy.at app, you may import various data you might collect from Android Target Devices. All of this information is encrypted and decrypted locally with various encryption implementations on your devices, with the encryption password that you specify during the setup of your account and login to the app. All data is transferred fully encrypted between your devices and our storage. This fully encrypted data is then stored on our server, protected by firewalls and other hardware implementations, access tokens and more security measures. When you access your encrypted data, the encrypted data gets transferred to your local device used to access and then decrypted in real time with your own hardware. This decrypted data is never and can technically be not returned to our storage and will disappear once you clean all cache and data from your local device browser. If you wish to do so you can download all your stored data to your accessing device and export a compressed archive containing all your data, from your browser with the click of a button in the dashboard. We have no direct relationship with any person other than you, except cases when you are the android device user, and for that reason, you are responsible for making sure you have legal access to a target device.

If you use a computer in a public place or share a computer with others, remember to log out/sign out and close your browser window when you finish accessing our Website and mobilespy.at Services in order to prevent others from accessing your personal information. You are solely responsible for the control and use of each password you create.

Payment Details

We cooperate with various different payment service providers for the best possible convenience of all users. All services partners are choosen after due diligence to fully comply with all our policies. During the payment process you provide us with the following information

  • Your First and Last Name
  • Credit/debit card number and exp date, Paypal Account or Iban
  • Your e-mail

This information is further stored on the payment providers IT-infrastructure.

Automatically Collected Data 

We collect and store several information that is automatically generated while browsing through the website with the means of tracking technologies like Cookies and Pixel-Tags.

We use this information to analyze trends, administer the website, improve the website performance, user movement on the website, and collect very broad statistical information for aggregated use.

Our Website uses Cookies

A cookie is a piece of data from a website that is stored within a web browser that the website can retrieve at a later time. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display selected settings and targeted content. Cookies also store information such as your login credentials, and user preferences. This is done so that when you revisit our websites, you do not have to log into your account again. We mostly use Session cookies that store information you are visiting the website. These cookies are deleted once you close the session. There is also the need for some persistent cookies which are stored for a longer amount of time. These cookies remain on your device until they expire or are deleted. Persistent cookies are sometimes called tracking cookies because they are used to collect user information such as browsing habits and preferences. If you accept the cookie-disclaimer then Third-party cookies might be loaded with the purpose of performance analyzation for maintaining and improving the quality of the website.

Advanced Encryption Security

In order to protect your privacy with all measures possible, after registering an account and logging in for the first time after connecting a device to your account, you must set and remember your own personal encryption/decryption password

This encryption password is not stored on and never transmitted to the mobilespy.at servers, but is exclusively used locally on your devices for encryption and decryption of data.

There is no way to restore your data if you lose your encryption password and you have to input it every time you use the mobilespy.at-platform.

 

Encrypted Data

There are a multitude of measures taken and put in place by us in order to secure and safeguard all information, including personal data, under our control and do everything possible to either meet or exceed generally accepted security standards. This is accomplished by utilizing a combination of multiple firewalls, cdn, special software, secure hardware and standardized procedures for software and firmware updates. We work with third party service providers for payment processing that use encryption and authentication to maintain the confidentiality of your personal data. The only data stored in a way that is accessible to select limited personal, is personal information submitted during the ordering process and subscription renewal.

All personal data of all users is stored encrypted. 
 For this we are deploying multiple different asymmetric and symmetric encryption algorithms. The PBKDF2-HMAC-SHA512 Password Storage Scheme provides the mechanism for locally encoding the users’ encryption password using the PBKDF2-HMAC-SHA512 message digest algorithm. This encoded user encryption password is exclusively generated on the users’ devices for decryption or encryption and will absolutely never be transmitted to our servers or anyone else and is exclusively used locally on the user devices.
 This generated encryption hash is then used as secret in the symmetric-key algorithm AES256. Due to the usage of individual salts for every user, the generated secret will be unique for every user and also allows for no dictionary attacks.

The login credentials consisting of e-mail, username and hashed password are stored in a Database. Passwords are hashed using the state of the art and award winning ARGON2ID key derivation function. 

After the login to the dashboard, a local client application gets downloaded in the users browser and all decryption of encrypted data is processed completely locally, using the method mentioned above to generate the secret with neither the key or any other associated information ever leaving the local client. 
 
 Data is fully encrypted on the android user device using a hash of the encryption password provided by the user upon setup of the app using the PBKDF2-HMAC-SHA512 message digest algorithm. The PBKDF2-HMAC-SHA512 hash is then used as secret for the AES256 encryption of all data before it gets transmitted via a secure https connection. This data can only ever be decrypted by the user and we perform the service of temporarily storing it.

The decryption of the above-mentioned data can only be performed by the user locally without ever transmitting anything over the internet, using his AES256 encryption secret and his unique PBKDF2-HMAC-SHA512 encryption password hash and salt. The locally decrypted information is then shown to the user. 

 

 

Use of Your Personal Data

We are striving to be compliant with the GPDR and are following and have implemented the data minimization principles.
 The Data we are collecting consists of: (1) the full name, (2) email address in order to allow data subjects to purchase the software, (3) Anonymized Ip address – to prevent Denial of Service attacks and other abuse.

The personal data is not shared with any third parties, except when explicitly necessary in order to provide the mobilespy.at service, payment system or in case we are legally obliged to transfer this data because of the request of a government authorities.

All personal Data is stored in a separate database in order to avoid any and all data subject identification with depersonalization features, in full compliance with the storage limit principle as outlined in the GDPR.
 The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain anonymized Website Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Data Removal

All data uploaded from a target device is encrypted without exception. This encrypted data is stored for a period of 3 months.

Upon expiry of 3 months or your mobilespy.at-subscription all associated data will be deleted for security reasons and because mobilespy.at is not a permanent data-storage but mere temporary storage provider.

If you wish to remove all logs and information from a target device, simply press the “Trash” icon in the mobilespy.at dashboard of your account. By doing so all data associated with this target device is removed immediately.

Transfer of Your Personal Data

Your information, including Personal Data, is stored on our servers in Germany or Finland. It means that this information may be transferred to — and maintained on — Devices located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

 

Acknowledgement of us as Data Processor for you as Data Controller

Controlled Android Device Data

After you again accept und guarantee that you have read the Terms of Service, End User License Agreement and Privacy Policy and log into the app, set your personal encryption key and press the “Continue” Button your phone starts to locally encrypt data to your account in the dashboard, which could include personal data relating to you, third parties or the controlled android device’ user, including but not limited to software infos about the controlled device, contacts, used websites and apps, message and notifications and more

In compliance with all applicable privacy law, to the degree it applies to our service, you are the Data Controller of your Controlled Android Device Data and appoint us as a Data Processor of such data, for the sole purpose of providing our services.

Your Responsibilities as Data Controller

As Data Controller you take full responsibility for your Android Device Data and you pledge to have all necessary legal and lawful authority to collect and process its data. You warrant that you exclusively use the Android Device Data as in accordance to all applicable laws, the Terms of Service, End User License Agreement and this Privacy Policy. You guarantee that you will not submit any personal data relating to any individual that has not explicitly authorized any processing of their personal data.
 It is your responsibility to protect the confidentiality and secrecy of you password and encryption password and of any accessible Android Device Data and prevent all access to third parties. In case of a data breach or any problems with your Android Device Data you will inform us within 24 hours. You will be furthermore responsible for all illegal use of another person’s private and personal data or any use with dishonest malicious intentions via our data processing service, including all use not in accordance with all applicable laws or this Privacy Policy.

Our Responsibilities as Data Processor

To the extent that we fulfil the position as Data Processor for you we continuously implement necessary organizational and technical measures to protect all Android Device Data against theft, misuse, unauthorized and unlawful access to the fullest extent.
 Due to the importance of the privacy and security of your data, it is impossible for our employees or data processors to access your personal Android Device Data, as it is indistinguishable from other data and always reaches or leaves our Server-Infrastructure as uninterpretable, encrypted datablobs, hence absolutely no processing of your Android Device Data, besides temporarily storing and transmitting it to you is possible. We fully guarantee that your data cannot be used for any purpose other than those related to the usage of this service, and either upon request by clicking the “Remove” Icon in the Dashboard, letting your license subscription expire or deleting your account. We will never disclose your encrypted Android Device Data to any third party under any circumstance, except in order to fulfil our legal obligations.

Warranty

You are personally and solely responsible for any and all collecting, analyzing and storying of personal data from your Android Target Device. You choose yourself which features and configurations are given, and we automatically process your decisions and you are solely responsible for all misuse linked to your Account.

Indemnity

You agree to fully indemnify and hold us harmless of all claims, demands, actions, suits, damages, liabilities, losses, settlements, judgments, costs and expenses we may suffer relating or caused by the processing for your Android Device Data and further third-party data, personal or not, during the length and use of your mobilespy.at subscription 

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, you will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time so please check it out regularly to not miss any changes. 

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

Governing Law

This Privacy Policy is governed by the laws of Austria and applicable provincial and international laws including the Austrian Data Protection Act (“DSG”), the Datenschutz-Grundverordnung (EU) 2016/679, effective as of 25. Mai 2018, which implements the Data Protection Directive (95/46/EC) and Regulation 2016/679 in regards to the protection of natural people during the processing of personal Data, the free movement of this data and repeals the Data Protection Directive 95/46/EC.
 
 All jurisdiction to settle any claim or dispute which might arise in connection with this Privacy Policy shall exclusively lie with Austrian courts 
 
 Everyone accessing this Website and Service from outside Austria and the EU are solely responsible for their compliance with all applicable local laws.
 
 Please send all questions and requests related to privacy matters and personal data to privacy[at]mobilespy.at


The most advanced smartphone spy in the world | Mobilespy.at