CODE 42 SOFTWARE, INC
PRIVACY STATEMENT

We self-certify adherence to

Validate TRUSTe privacy certification

Effective: 1/17/2011

This Statement describes how Code 42 collects, uses, and discloses certain personally identifiable information that it receives in the United States from European Union users and United States users ("Personal Data"). In particular, Code 42 recognizes that the European Union has established strict protections regarding the handling of EU Personal Data, and Code 42 therefore has elected to adhere to the US-EU Safe Harbor Privacy Principles (the "Safe Harbor") with respect to such EU Personal Data that it receives in the United States. For further background and information about the Safe Harbor, and to see Code 42’s representation on the Safe Harbor List, please refer to the U.S. Department of Commerce's website at https://safeharbor.export.gov/list.aspx.

Categories of Individual Data Subjects

In general, Code 42 may obtain personal information about several different types of individuals, including (i) Web site visitors, (ii) clients. Code 42’s practices with respect to each of these types of individual data subjects are described below.

Web Site Visitors

Code 42 generally collects, uses, and discloses information about website visitors located in the US or EU in accordance with the Website Privacy Policy at http://www.code42.com/privacy/.

Clients

Code 42 may obtain various types of Personal Data about our clients and Web Site visitors. Such data may include contact information names, address, phone number, and email address; information about products and services ordered or provided; payment information(such as credit card number, cardholder name, credit card verification number and expiration date), passwords, and information collected through Internet-based and e-commerce activities, and other transaction-related data.

The personal information we collect through our downloadable software is: name, email address, and password.

Code 42 may use these types of Personal Data for business purposes, including to deliver or provide products or services; to establish or maintain client and business relationships; to provide access to Internet-based and e-commerce activities; to perform accounting functions; and to conduct other activities as necessary or appropriate in connection with the servicing and development of the business relationship.

Our clients may update, access, delete inaccuracies, or correct their Personal Data by making the change within their account once logged into the site or by contacting us at privacy@code42.com to do so. We will respond to your request to access within 30 days. Also, to the extent that any of these individuals receive marketing communications from Code 42, and wish to unsubscribe or otherwise stop receiving such communications, they can contact us at privacy@code42.com.

If you are not a client but have submitted your personal data through the contact us link and wish to have your information updated or wish to have us delete inaccuracies please contact us at privacy@code42.com.

If you wish to save your payment method to your account we allow you to do so. You may at any time delete your payment information by logging into your account. We do not have access to this information. This is stored on an SSL encrypted page.

Clients

Code 42 provides a wide variety of services and solutions to its business clients ("Clients") that facilitate services including backing up and restoring files and copying backup archives to external hard drives for the purposes of allowing Clients to restore archives for individuals ("Data Subjects"). In some instances, Code 42 may obtain access (when the Client purchases a service in which the backup archive is external hard drives for the purposes of allowing Clients to restore archives for individuals. Personal Data about such Data Subjects in the course of providing the services and solutions. In other specific instances, Code 42 may also obtain access to data about our Clients' end users in the course of providing support services to the Clients ("End Users"). Such data may include email address, CrashPlan system configuration, log files and other information, depending on the particular Client and application at issue.

Wherever we obtain access to Personal Data about Data Subjects or End Users, we are acting as a mere data processor on behalf of our Clients, and we therefore conduct such activities strictly in accordance with their instructions and pursuant to our contractual arrangements with them. If you are an End User with an existing relationship with one of our Clients, you should refer to the Client's website to understand the privacy practices that apply to Personal Data that we may maintain about you. Moreover, if you would like to access and review your Personal Data, you should contact our Client with any such requests. We will cooperate as appropriate with requests from our Clients to assist with such responses.

Communications from the Site

We will occasionally send you information on products, services, or promotions. Out of respect for your privacy, we present the option not to receive these types of communications. You may opt-out from receiving these types of communications by following the instructions included in each communication, within your account settings, or by emailing us at privacy@code42.com.

Service-related Announcements

We will send you service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.

Other Necessary Disclosures

Code 42 may disclose Personal Data to business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need. Service providers include Zendesk (for Support ticket management), Basecamp (for project management) and Twitter (for receiving backup related notifications). We use PayPal Manager and Google Checkout. Code 42 is its own email provider and does not use any 3rd party provider for email services. Code 42 may also disclose Personal Data as necessary in connection with the sale or transfer of all or part of the business. In these situations, Code 42 will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbors, or otherwise take steps to ensure that the EU Personal Data is appropriately protected. Code 42 may also disclose Personal Data where required or permitted by law, or where Code 42 believes that such disclosures are appropriate in connection with a law enforcement request.

Code 42 will not sell, share, rent or trade your personal data with third parties other than as disclosed within this privacy policy.

Data Security and Integrity

Code 42 has global hosting centers that store and process EU Personal Data in various locations in the United States. US hosting centers include facilities in Minneapolis and Atlanta. Code 42 takes reasonable precautions to protect EU Personal Data in these centers and in other locations in the United States from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Code 42 also makes reasonable efforts to keep EU Personal Data reliable for its intended use, accurate, current, and complete.

The security of your personal information is important to us. When you enter sensitive information (such as credit card number) on our order forms, we encrypt that information using secure socket layer technology (SSL).

We follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our Web site, you can email us at privacy@code42.com.

Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this site. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.

Older portions of our web application use a Session Id that is stored in a cookie and expires when the browser is closed. The JSessionId is used to connect the client with the client's server-side state. When the client changes the page, the same server-side state can be used for the next page. Passwords or demographic data are not stored as part of this process. Only the data about the page is stored in the server memory, such data telling the system which user is logged in so the user doesn’t have to log in again in each time they hit a new page.

In the case of the orgId that the user currently has open, the cookies are retained so when the user clicks the "Edit" button we can use that orgId to build the Org Edit page with the correct data. Our upcoming application will store virtually no server-side state, but will use a rotating token for authentication purposes.

Newer portions require an encrypted authorization token that is stored in a cookie between requests.  This cookie expires every 30 minutes.  It is not currently possible to use our site without having cookies enabled, however we are in the process of rewriting all of our web applications so they will not require the use of cookies.

If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited. We currently do not store the shopping cart in a cookie.

Third Party Cookies

The use of cookies by our tracking utility company is not covered by our privacy statement. We do not have access or control over these cookies. Our tracking utility company use session ID cookies to make it easier for you to navigate our site, in order for you to use the shopping cart, and so that we can track web traffic.

User Forums

If you use a forum on this Web site, you should be aware that any personal data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personal data you choose to submit in these forums. You may remove your post along with your personal information you submit within these forums by contacting us at privacy@code42.com.

Tell a Friend

If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s email address. We will automatically send your friend a one-time email inviting him or her to visit the site and download CrashPlan. Code 42 stores this information for the sole purpose of sending this one-time email, and inviting this friend to use you as backup destination and / or asking the friend's permission to back up to him or her.

Import Contacts

We utilize an import contacts feature to allow you to invite friends to join the site. We make it easy for you to invite people from your address book to help you import your contacts to our site. At your request we will populate the email box will all the addresses in your email address book. You can select and delete any addresses to whom you do not want to send an invitation. Code 42 stores this information for the sole purpose of sending this one-time email, and inviting this friend to use you as backup destination and / or asking the friend's permission to back up to him or her. The From: field will contain the sender's first name and email address. The message includes the sender's backup code that the receiver can supply in his or her own downloaded CrashPlan. This code allows the recipient to use the sender's computer as a backup destination.

Support

If you wish to upload a photo of yourself in the support section of the site, please be aware that this will be viewed by other users of the support section. If you wish to remove your photo you may do so at any time by logging into your support account and editing your profile.

Notifications via Twitter

If you wish to receive backup notifications via Twitter, you will asked sign in using your twitter credentials. When you click on “Authorize”, you will be prompted to provide your Twitter PIN to allow CrashPlan to connect to Twitter. By proceeding, you are allowing the Code 42 sites to access your information and you are agreeing to the Twitter Terms of Use in your use of Code 42 sites.

Links to Other Sites

If you click on a link to a third party site, you will leave the Code 42 site that you are visiting and be redirected to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal data by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as Code 42. We encourage you to review the privacy policies of any other service provider from whom you request services. If you visit a third party Web site that is linked to a Code 42 site, you should read that site’s privacy policy before providing any personal data.

Questions

If you have any questions about this safe Harbor Privacy Statement, or if you would like to request access to the Personal Data that we may maintain about you, please contact us as follows:

Code 42 Software, Inc
1 Main Street SE, #400
Minneapolis, MN 55414
privacy@code42.com

TRUSTe

Code 42 Software, Inc has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program covers the Web sites www.code42.com and www.crashplan.com. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at privacy@code42.com. If you are not satisfied with our response you can contact TRUSTe here.

Dispute Resolution

Code 42 Software, Inc participates in the EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of data from the European Union.  Information regarding the E.U. Safe Harbor Framework can be found at: http://export.gov/safeharbor. As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us (as provided above). If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet at http://watchdog.truste.com/pvr.php?page=complaint&url= fax at 415-520-3420, or mail at Watchdog Complaints, TRUSTe, 55 2nd Street, 2nd Floor, San Francisco, CA, USA 94105. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, see http://watchdog.truste.com/pvr.php?page=complaint&url= or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English.