Last Updated February 13, 2019

Who we are

Unless otherwise specified, Hush Communications Corporation and its subsidiary companies (“Hush”) are the corporate legal entities that publish Hushmail.com and related websites and services. In this Privacy Policy, “We”, “Us”, and “Our” means Hush.

Our office is located in Vancouver, B.C., Canada. Our servers where user data is stored are located in Vancouver, British Columbia and Calgary, Alberta, Canada, and operated by Hush Communications Canada Inc., a wholly owned subsidiary of Hush Communications Corporation, a private Delaware, USA company.

When you visit our website we may collect information about you, including your browser type, operating system and the Internet Protocol (“IP”) address of your computer. We use this information to facilitate your use of the website, gather market information and prevent abuse of our services.

In order to create an account and use our services, you consent to the collection and use of information as outlined in this Privacy Policy.

In the event of new information being acquired, or the information being used for a new purpose, we will notify you by email and you will be directed to our website to view the changes, and your consent will be noted to be continued to be given unless you withdraw it.

Your personal information

We take steps where possible to limit the personal information we collect. The following are the ways in which we may collect personal information:

  1. Visiting our website. We keep records of the activity that takes place on our website, including a record of IP addresses used by website visitors and account holders. We use this information to analyze market trends, gather broad demographic information, and to prevent abuse of our services.
  2. Creating an account. As part of the account creation process your IP address will be recorded. We may request that you provide other information, such as a phone number, as well. We use this information to analyze market trends, gather broad demographic information, and to prevent abuse of our services. We will not share this information with third-parties.
  3. Making a purchase. When you make a purchase through the Hush website, you will provide us with personal information that we use to process your payment such as your name, the account you are upgrading, the domain you wish to use for your email, alternate email address, your billing address and your credit card information. Additionally, we will record the IP address from where the payment is made. When we process your payment transaction, this payment information will be transmitted to our payment processor. We use third-party PCI compliant services to process your payment transaction. When we process your payment, we share your IP address, city, country, and postal code with a third – party anti-fraud service to determine the likelihood of the purchase being a fraudulent transaction. We do not store your credit card number on our servers.
  4. Signing in to your account and our record of your activity. When you sign into your account, either by using a web browser or using other software, we will record certain information about your activity. When you perform actions such as reading or moving an email, we will also record these actions. We record this information to help resolve customer support queries, maintain services, and for the purpose of preventing abuse. Information we record may include your IP address, your browser type, browser language, date and time of the action, account usernames, sender and recipient email addresses, file names of attachments, subjects of emails, URLs in the bodies of unencrypted email, and any other information that we deem necessary to record for the purposes of maintaining the system and preventing abuse.
  5. Communicating with us. When you communicate with us, you may provide us with personal information about yourself. Your communication with us may be retained in our system.

How we store your personal information

  1. When you sign up for an account, you consent to your account data and personal information being stored on the Hush servers.
  2. If you have an encrypted email in your account, it will be stored on the Hush servers encrypted. If you have an unencrypted email in your account, it will be stored on the Hush servers unencrypted.
  3. We do not store your passphrase on the Hush servers. Instead, a hashed value is stored for authentication. The original passphrase cannot be determined from that hashed value. As a result, we are unable to recover a forgotten passphrase. Please note, we may be required to store a passphrase for an account identified in an order enforceable in British Columbia, Canada. (See the Disclosure of personal information and account data section below.)

How we use your personal information

  1. We do not analyze the email in your account for the purpose of displaying advertisements.
  2. We do not and will never share your personal information with any third-party except as specified in this policy. We will never sell your personal information under any circumstances.
  3. We do not and will never share your email address with mailing lists. We will never initiate contact with you unless the communication is account related, or unless you have consented to such communication.
  4. You have the option to report email you receive as spam. Doing so will transmit a copy of the message you are reporting to the provider of the software we use on our servers to filter spam. Reporting email as spam improves the filter’s ability to detect email as spam.
  5. If you send an email using Hushmail, your IP address will not appear in the headers of the email. The IP address that will appear in the headers of the email will be that of our servers. We keep a record of your IP address when you sign in to your account and send an email.
  6. When you are signed into your account, Hush displays your recent sign-in activity including the time, date, approximate geographic location, and the IP address of the ISP you used to access the Internet. We do this to assist you in identifying any unauthorized access to your account by a third party. The information we use to display this is gathered from our records; we do not track your actual location.
  7. We use third-party services for some parts of our website such as our help system. When you use these services your account name and your name will become part of your user account on that service.
  8. We store sales, marketing, and customer care information with third-parties that support these business processes, which means that information such as your name, email address, phone number, and company name, as well as the history of communications related specifically to the sales or customer care process, may be stored there. If you include other sensitive information in your communications to sales, marketing, and customer care, this information will be stored with these services. As a result, we do not accept any responsibility for any loss or damages suffered by any person as a result of such other sensitive information being sent to sales, marketing, or customer support.
  9. We may temporarily share information that is not personally identifiable with third-party services for the limited purpose of supporting our advertising, sales and marketing activities. Those third parties are not permitted to use the information for any other purpose.

If you have any questions about how we use your personal information please use this form to contact our customer care team.

How long do we retain your personal information?

The following outlines how our data retention policy affects the email in your account and your personal information:

  1. Email in your account will stay in your account as long as your account is active. If you delete an email, or the entire contents of your account, it will be removed from your account at that time.
  2. If you delete your account or request we delete your account for you, your account and the email in the account will be removed from our servers at the time of deletion. Deleting your account will not delete records of your activities.
  3. The records we keep of your activities are permanently deleted after approximately 18 months. Records that are stored for statistical purposes may be kept indefinitely.
  4. Your email and personal information may reside in our backups for a period of approximately three weeks subsequent to an email or an account being deleted.
  5. Free accounts are deactivated if unused for a period of three weeks. Any email in the account will be deleted approximately 12 months after the account has been deactivated. Accounts that have been created and are never used may be deleted sooner. You can reactivate your account, and recover your email any time within 12 months by purchasing a subscription.

    For information on how you can close and delete your free account, please read:

    https://help.hushmail.com/hc/en-us/articles/213268303-close-your-free-account-close-your-free-account

  6. Trial accounts are deactivated after two weeks if not converted to a paid subscription. Any email in the account will be deleted approximately 12 months after the account has been deactivated. Accounts that have been created and are never used may be deleted sooner. You can reactivate your account, and recover your email, any time within 12 months by purchasing a subscription.
  7. If you let your paid subscription lapse then your account will be downgraded to free account status approximately one week after your subscription has expired and will then be subject to the data retention rules for free accounts.

    For information on how you can cancel your subscription and delete your account, please read:

    https://help.hushmail.com/hc/en-us/articles/213268863-close-your-hushmail-premium-account

  8. Hushmail Business customers are encouraged to delete their user accounts prior to canceling. If you do not, Hush may delete your user accounts three weeks after cancellation.

    For information on how you can close and delete your Hushmail Business services, please read:

    https://help.hushmail.com/hc/en-us/articles/213269823-how-do-i-cancel-my-hushmail-business-services

  9. Hushmail Business customers whose Hushmail Business accounts have been deactivated for non-payment will have their user accounts deleted approximately six months from the date of deactivation.

Disclosure of personal information and account data

Under normal circumstances, we do not and will never disclose personal information and account data to anyone other than the owner of an account. We will always attempt to authenticate any requests that require the disclosure of personal information and account data to ensure they come from the account owner. If we are unable to successfully authenticate a request, we do not disclose any personal information or account data.

We will only disclose personal information and account data in the following circumstances:

  1. If we receive an order enforceable under the laws of British Columbia, Canada, compelling us to disclose personal information and account data for a specific user account. The records we disclose may include data in an unencrypted format. Because such orders generally state that we are not permitted to disclose the existence of the order to a user, we will not disclose to any user the existence, or nonexistence, of any order we may have received.
  2. Where there are exigent circumstances, such as where the safety or well-being of an individual or individuals is in imminent danger, and we believe in good faith that the disclosure of personal information and account data is reasonably necessary to protect against such harm, we will disclose the records. This may include but is not limited to the welfare of a child, or an act of terrorism.
  3. We comply with Canadian Bill C-22 as enacted into law in Canada. “An act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service”. This means that should we become aware of a user that is using the Hush service for the transmission or storage of Internet child pornography, we are required to report this to the appropriate authorities and preserve the records in the user’s account. As a result of this notification, we may receive an order enforceable in British Columbia, Canada, requiring the disclosure of personal information or account data.

Cookies

We use cookies to manage your sessions, to remember your essential settings, and to help us better understand how people are using our services. This helps us provide a better experience to visitors of our website and to people using the service. In some cases where we use third-party services, such as our help system, these services may also use cookies.

We do not include any personal information in cookies. We do not share cookie information with other websites under any circumstances.

We take reasonable steps to ensure that the third-party services we use do not share information with other third parties. You should, however, verify this yourself by reviewing each site’s Privacy Policy.

Most web browsers give you the ability to accept or decline the use of cookies through the browser preferences. If you disable the use of cookies you will be able to browse our website. You will, however, be unable to sign in to your account. If you have enabled your browser’s Do Not Track option, you will still be able to sign in to your account.

Communications from us

We may send emails to you with respect to: the creation and maintenance of your Hushmail account, information that may be useful in your usage of the account, and the provision of notification in the event of a breach of safeguards involving personal information under our control. We will include instructions on how to unsubscribe from receiving the informational emails if you decide you do not want to receive any such future emails from us.

Advertising

We do not use any third-party advertising providers on our website.

Content analysis

We do not analyze your email for the purpose of displaying advertisements. Our spam filters analyze email for the purpose of preventing spam, viruses, and abuse.

Access to your personal data

We only collect personal information from users that is relevant to the purposes outlined above. We take reasonable steps to ensure that the personal information we collect is reliable, accurate, and complete. Customers have the ability to view their personal information and to request that it be corrected or deleted. This can be done by using this form to contact our customer care team.

In the event you are not satisfied with the response of our customer care team, you can contact our Chief Privacy Officer by clicking here

Users have the ability to access the billing personal information held in their customer record by logging into the billing section of our website. To request corrections or deletions of inaccurate information, contact us: https://www.hushmail.com/contact.

Withdrawal of Consent

A customer can withdraw their consent to our Privacy Policy by using this form to contact our customer care team. As the information that we collect is necessary for the operation of our service, the account will be closed following the withdrawal of consent to our Privacy Policy. We will always attempt to authenticate the request to ensure that it comes from the account owner. If we are unable to successfully authenticate a request, we cannot process the withdrawal of consent.

Temporary access to personal information and account data by third-party services

There are some cases when, due to malicious web traffic, we may temporarily employ a third-party service to ensure that our services continue to be available to our users. During these times, some of your personal information and account data will be subject to that service provider’s data disclosure policy.

For more information, please read:

https://help.hushmail.com/hc/en-us/articles/213267743-Security-Analysis

Canada and the European Union

The European Commission has recognized that the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) provides adequate protection for the transfer of personal information and health information from the EU to Canada.

More information on this can be found here:

http://europa.eu/rapid/pressReleasesAction.do?reference=IP/02/46&format=HTML&aged=1&language=EN&guiLanguage=en

Constant improvement

This privacy policy is under constant review and may be modified and updated in the future.

Contact us

We value your opinions and appreciate your comments. If you have any questions or concerns, please contact us: https://www.hushmail.com/contact.

Or by mail to the following address:

Hush Communications Canada Inc.
Attn.: Chief Privacy Officer
Suite 360 – 580 Hornby Street
Vancouver, BC
V6C 3B6
Canada

From the Blog

VPNs and HIPAA compliance for small healthcare practices

Published on November 15, 2024

If you access work emails using public Wi-Fi, you could be putting your practice at risk of a privacy breach. Using a VPN can help. Find out how. Read more.