Philosophy

We are interested in collecting and retaining only the information that is necessary to effectively run our business. We strive to protect that information with the same degree of rigor with which we protect our own proprietary and confidential information.

Information Security

An important part of information privacy is information security. We, and our e-store agents, employ current industry-standard strategies and technologies to help achieve information security. In addition, we also use strong encryption to help physically secure all confidential and proprietary information that resides on our systems and our system backups. This helps protect your information (and ours) in the unlikely event that a system or backup is stolen or a backup is lost during off-site transportation.

Web Site

When required, industry-standard secure communications protocols are utilized to help ensure information privacy.

Except for keeping web-page view-counts and in the Vendor Services login area, our web site does not use cookies, but some of the sites to which we link do use cookies. Our site uses only session-level cookies (i.e., they expire after each session) to implement a session-level ID that's part of the underlying "active page" delivery mechanisms.

Of course, we use industry-standard logging on various system components (e.g., firewall and web server) to support normal system administration, troubleshooting and security requirements. Logs may be retained in backups as a normal course of business, but no attempt is made to correlate any logged information with customer information except as may be required to support unusual circumstances (e.g., security issues and troubleshooting efforts). We also have a counter on each web page that provides us a simple total of the views for that page. The counts are only available to us, internally, and we do not capture any other information (such as the browsing system's address) with the counts. Product documentation pages that are also delivered as part of certain product releases do not include the counters (i.e., we only track page loads that reside on our Web server, not those that may reside on your system as documentation).

Customer Information

For product purchases, we receive the information sent to us by Kagi, PayPal or, in the case of our LicenseControl Vendors, whatever e-store agent(s) that Vendor uses. For our own products, we chose Kagi and PayPal because of their excellent reputation in the industry, a reputation earned through positive actions over time. See Kagi's privacy page and PayPal's privacy page for more information. We have also documented the information we receive from Kagi and PayPal's privacy policy documents the information they supply to us. In particular, note that we do not receive any credit-card information in any instance (our e-store agents require this information, but we don't).

We are not in the business of selling information about our customers. We have no plans to enter such a business in the future. Furthermore, Canadian privacy laws would prevent us, or anyone else, from doing so without your permission. We think these are good laws.

Licensing Information

When a product is licensed, the licensing server collects the following:

• information required to help us uniquely identify the system for which the software is licensed
  
  
• the License ID (the code you received when the product was purchased)
  
  
• the (encrypted) Re/Un/License Requests and/or Unlicense Confirmation information we generate to support the licensing, relicensing, and unlicensing processes
  
  
• the IP address reported for the transaction, which may or may not be the originating system's address (e.g., depending upon whether NAT is being employed)

There is a relationship maintained between the License ID, the customer information supplied with that purchase, the license(s) granted for a given License ID and the licensing-transaction history for a given License ID.

We have documented the licensing process and provided details about the information supplied to the licensing server. Furthermore, we have provided instructions to enable you to verify what's being communicated to the licensing server.

Communicate With Us

If you have concerns, questions, comments, etc. about our information privacy, please don't hesitate to tell us about them. While we've been around long enough to know that we won't always please everyone, we do promise to try.

We attempt to run an honest, above-board business. We value our own personal privacy. As we believe in the "do unto others as you would have them do unto you" doctrine, we will strive to help protect your personal privacy, as well.

Unfortunately, personal and corporate greed seems to overcome integrity all too often, these days. As such, we'll understand when you believe only our actions, not what we say. We wish it could be otherwise.

We think that the Canadian Standards Association’s Model Code for the Protection of Personal Information is an excellent piece of work and provides a good and workable set of principles by which to run a business. The Standard addresses the ways in which organizations collect, use and disclose personal information. It also addresses the rights of individuals to have access to their personal information and to have it corrected, if necessary. This is also the basis for Canada's privacy laws by which we are bound (and we believe these are good laws).

The code’s 10 principles are:

Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.

Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate [e.g., criminal investigation].

Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.

Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfillment of those purposes.

Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance.