Locktera.com
Locktera.com

LOCKTERA PRIVACY POLICY

Last Updated: March 8, 2026

1. INTRODUCTION

Locktera, Inc. (“Locktera,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, integrity, and security of Personal Data and complying with applicable data protection, privacy, and information security laws and regulations, including, where applicable:

  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”)
  • The UK General Data Protection Regulation (“UK GDPR”)
  • The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”)
  • Applicable U.S. federal and state privacy laws
  • Other applicable international data protection and privacy laws (collectively, “Data Protection Laws”)

This Privacy Policy describes how Locktera collects, uses, discloses, processes, and protects Personal Data in connection with:

  • Our website located at https://www.locktera.com
  • The Locktera CORE API platform
  • Locktera Share and cryptographic container services
  • Encryption, storage, authorization, and data protection services
  • Applications, software, APIs, SDKs, and integrations
  • Customer accounts, support, and administrative systems
  • Any related websites, applications, and services that link to this Privacy Policy

(collectively, the “Services”).

This Privacy Policy also explains:

  • The types of Personal Data Locktera processes
  • The purposes and legal bases for processing
  • How Personal Data may be disclosed
  • The safeguards used to protect Personal Data
  • International data transfer protections
  • Your privacy rights and how to exercise them

This Privacy Policy applies to Personal Data processed by Locktera when acting as:

  • A data controller, where Locktera determines the purposes and means of processing; and
  • A data processor or service provider, where Locktera processes Personal Data on behalf of its customers in accordance with contractual obligations, including the Locktera Data Processing Addendum (“DPA”).

Where Locktera acts as a data processor or service provider, the customer is responsible for determining the purposes and legal basis for processing Personal Data.

Locktera does not sell or share Personal Data for cross-context behavioral advertising as defined under applicable U.S. privacy laws.

2. LOCKTERA’S ROLE: CONTROLLER VS PROCESSOR 

Locktera acts in different roles under applicable Data Protection Laws depending on the nature and purpose of the processing.

For purposes of this Privacy Policy, the terms “Controller,” “Processor,” “Business,” and “Service Provider” shall have the meanings assigned under applicable Data Protection Laws.

Locktera does not control the privacy practices of its customers.

Individuals whose Personal Data is processed by Locktera on behalf of a customer must direct privacy requests to the applicable customer acting as Controller.

Locktera will assist customers in fulfilling such requests in accordance with applicable law.

2.1 Locktera as Data Controller

Locktera acts as a Data Controller (or “Business” under the CCPA/CPRA) when Locktera determines the purposes and means of processing Personal Data.

Locktera processes Personal Data as a Data Controller for purposes including, but not limited to:

  • Account registration, account administration, and identity verification
  • Providing customer support and responding to inquiries
  • Billing, payment processing, and financial administration
  • Operating, maintaining, and securing the Services
  • Website operation, functionality, and performance analytics
  • Detecting, preventing, and responding to security incidents, fraud, abuse, or unauthorized access
  • Enforcing contractual rights and acceptable use policies
  • Complying with applicable legal, regulatory, and compliance obligations
  • Protecting the rights, property, and safety of Locktera, its customers, and third parties

In its role as a Data Controller, Locktera determines the legal basis and purposes for processing Personal Data in accordance with applicable Data Protection Laws.

2.2 Locktera as Data Processor / Service Provider

Locktera acts as a Data Processor (and “Service Provider” under the CCPA/CPRA) when processing Personal Data contained within Customer Data on behalf of customers using the Services.

In this role:

  • Locktera processes Personal Data solely on documented instructions from the Customer
  • Customers determine the purposes and means of processing Personal Data
  • Customers control what Personal Data is uploaded, encrypted, stored, shared, or processed using the Services
  • Locktera does not sell Personal Data or use Customer Data for its own independent commercial purposes
  • Locktera processes Personal Data only to provide, secure, maintain, and support the Services and as otherwise permitted by applicable law

Locktera’s processing of Personal Data on behalf of customers is governed by:

  • The Locktera Terms of Service
  • The Locktera Data Processing Addendum (“DPA”)
  • Applicable Data Protection Laws
  • Any applicable Standard Contractual Clauses or international transfer safeguards

Customers are responsible for:

  • Determining whether Personal Data is processed using the Services
  • Ensuring lawful collection and processing of Personal Data
  • Providing required notices to Data Subjects
  • Obtaining any required consents or authorizations

Where Locktera acts as a Data Processor or Service Provider, Locktera does not independently determine the purposes or legal basis for processing Personal Data.

Locktera’s processing of Personal Data on behalf of customers is governed by:

  • Applicable Subscription Agreements or Order Forms;
  • The Locktera Terms of Service;
  • The Locktera Data Processing Addendum (“DPA”);
  • Applicable Data Protection Laws; and

Any applicable Standard Contractual Clauses or international transfer safeguards.

3. PERSONAL DATA WE COLLECT 

Locktera collects and processes Personal Data in its capacity as either a Data Controller or a Data Processor, depending on the context described in Section 2 of this Privacy Policy.

The categories of Personal Data processed may include the following:

3.1 Account and Registration Information (Controller Data)

When you create an account, access the Services, or communicate with Locktera, Locktera may collect Personal Data including:

  • Full name
  • Email address
  • Company or organization name
  • Telephone number
  • Account login credentials and authentication information
  • Billing information, including billing address and payment-related details
  • Account preferences and configuration information

Locktera processes this information as a Data Controller for purposes including account administration, billing, support, security, and compliance.

3.2 Customer Data Processed on Behalf of Customers (Processor Data)

Locktera processes Personal Data contained within Customer Data solely on behalf of customers and in accordance with customer instructions.

Such Customer Data may include:

  • Files, documents, images, videos, and other digital content encrypted into Locktera containers
  • Metadata associated with cryptographic containers
  • Access authorization policies and authorization records
  • Audit logs and access activity records
  • User identifiers, including usernames or email addresses
  • Technical identifiers such as IP addresses
  • Any Personal Data submitted by customers through use of the Services

Locktera does not independently determine the content of Customer Data and does not use Customer Data for its own commercial purposes.

Processing of Customer Data is governed by the Locktera Terms of Service and Data Processing Addendum.

3.3 Automatically Collected Technical and Usage Information (Controller and Processor Context)

When you access or use the Services, Locktera may automatically collect certain technical and usage information, including:

  • IP address and network identifiers
  • Device identifiers and device configuration data
  • Browser type and version
  • Operating system and system configuration
  • Access timestamps and session activity
  • API usage records and system interaction logs
  • Authentication events
  • Security logs and system audit records
  • Usage metrics and performance data

Locktera processes this information to:

  • Provide and operate the Services
  • Authenticate users and enforce access controls
  • Maintain security and integrity of the Services
  • Detect, prevent, and investigate fraud, abuse, or unauthorized access
  • Maintain audit logs for compliance and forensic purposes
  • Monitor performance, reliability, and availability

Where such data relates to Customer Data access, Locktera processes such data on behalf of customers as a Data Processor.

3.4 Viewer and Cryptographic Container Access Audit Information (Processor Data)

When individuals access, attempt to access, or interact with Locktera-protected containers, Locktera may collect audit and access activity information, including:

  • Access timestamps and session duration
  • IP address and approximate geographic location derived from IP address
  • Device identifiers and device characteristics
  • Browser type and operating system
  • Authentication and authorization events
  • Access attempts, including authorized and denied access attempts
  • Container interaction activity and access audit logs

This information is collected and maintained to enforce cryptographic access controls, maintain security, and provide audit records.

This information is collected solely on behalf of the customer controlling the container and is made available to the customer through the Services.

Locktera does not use such access audit information for its own independent commercial purposes.

3.5 Cryptographic Access Enforcement

Locktera’s Services are designed to enforce access authorization cryptographically.

Locktera personnel do not access Customer Data except where:

  • Access is authorized by the Customer;
  • Access is necessary to provide technical support requested by the Customer;
  • Access is required to maintain, secure, or operate the Services; or
  • Access is required to comply with applicable law.

Customer Data remains encrypted and access-controlled in accordance with Customer-defined authorization policies.

Locktera does not access Customer Data for advertising, profiling, or independent commercial purposes.

3.6 Website Visitor Information

When individuals visit the Locktera website (www.locktera.com), Locktera may collect Personal Data and technical information, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and navigation behavior
  • Referring URLs
  • Access timestamps
  • Cookie identifiers

Locktera collects this information to:

  • Operate and secure the website
  • Detect and prevent fraud or abuse
  • Maintain website functionality and performance
  • Analyze usage trends and improve website usability

Locktera does not use website visitor data for cross-site tracking or third-party advertising.

Locktera’s website may contain links to third-party websites.

Locktera is not responsible for the privacy practices of such third parties.

We encourage users to review the privacy policies of those websites before providing Personal Data.

3.7 Recruitment and Employment Data

If you apply for employment with Locktera, we may collect Personal Data including:

  • Resume and employment history
  • Education history
  • Contact information
  • Background check information, where permitted by law

This data is used solely for recruitment and employment purposes.

4. HOW WE USE PERSONAL DATA 

Locktera uses Personal Data solely for legitimate business purposes, including providing, securing, maintaining, and improving the Services, and complying with applicable legal obligations.

Depending on the context, Locktera processes Personal Data as a Data Controller or as a Data Processor acting on behalf of customers, as described in Section 2 of this Privacy Policy.

Locktera limits processing of Personal Data to what is necessary and proportionate for the purposes described in this Privacy Policy.

Locktera uses Personal Data for the following purposes:

4.1 Communications and Marketing

Locktera may use contact information to communicate with you regarding:

  • Account and service notifications
  • Security alerts
  • Product updates
  • Service-related communications

Where permitted by law, Locktera may send marketing communications.

You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in emails; or
  • Contacting legal@locktera.com

Locktera will continue to send service-related and legally required communications.

4.2 Service Delivery and Operation

To provide, operate, and maintain the Services, including:

  • Providing cryptographic container, encryption, storage, and access authorization services
  • Enforcing cryptographic access control policies defined by customers
  • Processing customer requests and executing authorized operations
  • Authenticating users and validating authorization credentials
  • Providing audit logging, compliance reporting, and access activity tracking
  • Supporting customer applications and integrations using the Locktera CORE API
  • Maintaining service availability, performance, and operational integrity

Where Locktera processes Customer Data for these purposes, Locktera acts as a Data Processor on behalf of customers.

4.3 Security, Integrity, and Fraud Prevention

To protect the security, confidentiality, and integrity of the Services and Customer Data, including:

  • Detecting, preventing, and investigating unauthorized access attempts
  • Enforcing cryptographic access authorization mechanisms
  • Monitoring systems for security threats, vulnerabilities, and abuse
  • Preventing fraud, misuse, or malicious activity
  • Protecting Locktera infrastructure, systems, personnel, and customers
  • Maintaining security logs, audit records, and forensic data

This processing is necessary to ensure the security and integrity of the Services.

Locktera uses cryptographic container technology designed to enforce access controls and protect Customer Data independently of storage location or infrastructure.

Locktera cannot decrypt Customer Data except in accordance with Customer authorization policies.

4.4 Legal, Regulatory, and Compliance Purposes

To comply with applicable legal and regulatory obligations, including:

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from courts, regulators, or government authorities
  • Enforcing the Locktera Terms of Service, Acceptable Use Policy, and contractual agreements
  • Protecting Locktera’s legal rights, property, and security
  • Meeting compliance, audit, and regulatory requirements

4.5 Account Administration and Customer Support

To manage customer relationships and provide support, including:

  • Creating and managing customer accounts
  • Authenticating users and managing access credentials
  • Providing customer support, troubleshooting, and technical assistance
  • Processing billing and payment transactions
  • Communicating with customers regarding service operation, security, or updates

4.6 Service Improvement, Reliability, and Performance

To improve, maintain, and optimize the Services, including:

  • Monitoring system performance, availability, and reliability
  • Identifying errors, bugs, or operational issues
  • Improving service functionality, scalability, and security
  • Conducting internal analytics and operational reporting
  • Developing new features, capabilities, and service enhancements

Locktera may use aggregated, anonymized, or de-identified data for these purposes. Such data does not identify any individual or customer.

4.7 Processing on Customer Instructions

Where Locktera processes Customer Data on behalf of customers, Locktera processes Personal Data solely:

  • In accordance with customer instructions
  • As necessary to provide the Services
  • As required by applicable law
  • In accordance with the Locktera Data Processing Addendum

Locktera does not sell Customer Personal Data or use Customer Personal Data for advertising or independent commercial purposes.

4.8 No Advertising or Profiling

Locktera does not use Personal Data or Customer Data for advertising, behavioral profiling, or marketing analytics unrelated to providing the Services.

Locktera does not track individuals across third-party websites or services.

4.9 Website Operation and Security

  • Operating and securing the Locktera website
  • Detecting abuse, fraud, or security threats

Improving website functionality and performance

5.0 LEGAL BASIS FOR PROCESSING (GDPR) 

Where the General Data Protection Regulation (EU) 2016/679 (“GDPR”) or UK GDPR applies, Locktera processes Personal Data only where it has a valid legal basis to do so.

Depending on the context, Locktera relies on one or more of the following legal bases:

5.1 Performance of a Contract

Locktera processes Personal Data where necessary to perform a contract with you or your organization, including to:

  • Provide the Services and enforce cryptographic access controls
  • Create and manage customer accounts
  • Authenticate users and authorize access
  • Provide customer support and technical assistance
  • Process billing and payment transactions
  • Fulfill Locktera’s contractual obligations under the Terms of Service

This legal basis applies where processing is necessary to deliver the Services requested by the customer.

5.2 Legitimate Interests

Locktera processes Personal Data where necessary for its legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms.

These legitimate interests include:

  • Maintaining the security, integrity, and reliability of the Services
  • Detecting, preventing, and responding to fraud, abuse, or unauthorized access
  • Protecting Locktera systems, infrastructure, and customers
  • Maintaining audit logs and security monitoring
  • Improving service functionality, performance, and reliability
  • Enforcing contractual rights and acceptable use policies

Locktera carefully balances its legitimate interests against individual privacy rights.

5.3 Compliance with Legal Obligations

Locktera processes Personal Data where necessary to comply with applicable legal obligations, including:

  • Complying with applicable laws and regulations
  • Responding to lawful requests from courts, regulators, or government authorities
  • Meeting compliance, audit, and reporting obligations
  • Enforcing legal claims and protecting legal rights

5.4 Consent

Where required by applicable law, Locktera processes Personal Data based on your consent.

This may include:

  • Certain website analytics or tracking technologies
  • Optional communications or features requiring consent

Where processing is based on consent, you may withdraw consent at any time, subject to legal and contractual restrictions.

5.5 Processing on Behalf of Customers

Where Locktera processes Personal Data on behalf of customers as a Data Processor, Locktera processes Personal Data solely on documented instructions from the customer, and the customer is responsible for establishing an appropriate legal basis for processing Personal Data under applicable Data Protection Laws.

Locktera’s processing of such Personal Data is governed by the Locktera Data Processing Addendum.

6. HOW WE SHARE PERSONAL DATA 

Locktera does not sell Personal Data and does not disclose Personal Data to third parties for advertising or independent commercial purposes.

Locktera discloses Personal Data only as necessary to provide, secure, and maintain the Services, comply with legal obligations, or as otherwise permitted by applicable law.

Locktera does not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning individuals.

6.1 Service Providers and Subprocessors

Locktera may disclose Personal Data to trusted third-party service providers and subprocessors that perform services on Locktera’s behalf, including:

  • Cloud infrastructure providers
  • Hosting and data storage providers
  • Security monitoring and threat detection providers
  • Payment processors and billing providers
  • Customer support and service providers
  • Technology and infrastructure providers

These service providers are authorized to process Personal Data solely to provide services to Locktera and are contractually bound by:

  • confidentiality obligations
  • data protection obligations
  • security requirements consistent with applicable Data Protection Laws

Locktera remains responsible for its subprocessors’ compliance with applicable data protection obligations.

A current list of subprocessors is available at:
https://locktera.com/legal/locktera-subprocessors-policy/

6.2 Customer-Directed Sharing

Locktera may disclose Personal Data where directed or authorized by a customer, including:

  • When customers configure access authorization policies
  • When customers share encrypted containers with authorized recipients
  • When customers integrate third-party services with the Locktera CORE API
  • When customers request technical support involving Customer Data

In such cases, Locktera acts solely as a Data Processor on behalf of the customer.

6.3 Legal and Regulatory Disclosures

Locktera may disclose Personal Data where required to do so by law or where Locktera reasonably believes such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from courts, law enforcement, or government authorities
  • Protect Locktera’s legal rights or defend against legal claims
  • Enforce Locktera’s agreements, including the Terms of Service and Acceptable Use Policy
  • Protect the security, integrity, and safety of Locktera, its customers, or others

Locktera reviews such requests for validity, legality, and scope and discloses only the minimum information required.

Locktera reviews all government and law enforcement requests for legality and scope and discloses Personal Data only where legally required. Where permitted by law, Locktera will notify affected customers prior to disclosure.

6.4 Affiliates and Corporate Transactions

Locktera may disclose Personal Data to its affiliates and corporate subsidiaries, subject to this Privacy Policy and applicable Data Protection Laws.

Personal Data may also be disclosed or transferred in connection with a corporate transaction, including:

  • Merger
  • Acquisition
  • Corporate reorganization
  • Financing
  • Sale of assets
  • Bankruptcy or insolvency proceeding

In such cases, Personal Data will remain subject to confidentiality protections and applicable data protection requirements, and any successor entity will be bound by obligations no less protective than those set forth in this Privacy Policy.

6.5 Aggregated and De-Identified Data

Locktera may disclose aggregated, anonymized, or de-identified data that does not identify any individual or customer for purposes including:

  • Service improvement
  • Security analysis
  • Operational reporting
  • Compliance and audit purposes

Such information does not constitute Personal Data.

6.6 No Sale or Unauthorized Disclosure of Customer Data

Locktera does not sell, rent, or disclose Customer Data to third parties for their own marketing, advertising, or commercial purposes.

Locktera processes and discloses Customer Data solely:

  • On documented instructions from customers
  • As necessary to provide the Services
  • To comply with legal obligations
  • As required under the Locktera Terms of Service and Data Processing Addendum

6.7 CCPA / CPRA Service Provider Role

Where applicable, Locktera acts as a “Service Provider” under the California Consumer Privacy Act and California Privacy Rights Act.

Locktera:

  • Processes Personal Data solely for business purposes defined by customers;
  • Does not sell or share Personal Data;
  • Does not retain, use, or disclose Personal Data outside the scope of providing the Services;

Does not combine Personal Data with data from other customers except as permitted by law.

7. INTERNATIONAL DATA TRANSFERS 

Personal Data may be processed in the United States and other jurisdictions.

Locktera operates globally and may process Personal Data in the United States and other jurisdictions where Locktera or its subprocessors maintain facilities or operations.

These jurisdictions may have data protection laws that differ from those in your jurisdiction.

Where required by applicable Data Protection Laws, Locktera implements appropriate safeguards to ensure that Personal Data remains protected in accordance with applicable legal requirements.

7.1 Transfer Safeguards

When transferring Personal Data from the European Economic Area (“EEA”), United Kingdom, or Switzerland to jurisdictions that have not been deemed to provide an adequate level of data protection by applicable authorities, Locktera relies on appropriate transfer safeguards, including:

  • The European Commission’s Standard Contractual Clauses (“SCCs”), as incorporated into the Locktera Data Processing Addendum
  • The UK International Data Transfer Addendum or UK-approved SCC equivalents, where applicable
  • Appropriate contractual and technical safeguards with subprocessors
  • Technical and organizational security measures designed to protect Personal Data

These safeguards are designed to ensure that Personal Data receives a level of protection consistent with applicable Data Protection Laws.

7.2 Technical Safeguards Supporting Transfers

Locktera implements strong technical safeguards to protect Personal Data during international transfers, including:

  • Encryption of Personal Data in transit and at rest
  • Cryptographic container architecture enforcing access authorization
  • Strict access controls and authentication mechanisms
  • Secure key management and authorization enforcement
  • Logical separation of customer environments in multi-tenant infrastructure

These measures help protect Personal Data against unauthorized access, disclosure, or misuse during international transfers.

7.3 Subprocessor Transfers

Locktera may transfer Personal Data to authorized subprocessors located in various jurisdictions.

All subprocessors are contractually required to:

  • Implement appropriate data protection safeguards
  • Comply with applicable Data Protection Laws
  • Process Personal Data only on Locktera’s documented instructions
  • Maintain confidentiality and security of Personal Data

7.4 Customer Rights Regarding Transfers

Customers may request additional information regarding Locktera’s international transfer safeguards, including copies of applicable Standard Contractual Clauses, by contacting:

legal@locktera.com

8. DATA SECURITY

Locktera implements and maintains appropriate technical and organizational security measures designed to protect Personal Data against unauthorized access, disclosure, alteration, destruction, or loss.

These safeguards are designed to ensure a level of security appropriate to the risk, taking into account the nature of the Personal Data and the risks associated with processing.

Customer authorization policies are enforced cryptographically at the container level and are not solely dependent on application-layer controls.

Locktera’s security measures include, but are not limited to:

8.1 Cryptographic Protection

  • Encryption of Personal Data in transit using industry-standard cryptographic protocols
  • Encryption of Personal Data at rest
  • Cryptographic container architecture enforcing access authorization at the file level
  • Secure cryptographic key management systems
  • Cryptographic enforcement of access policies defined by customers

Locktera does not possess or control Customer cryptographic keys except as necessary to provide key management services explicitly configured by the Customer. Customer-defined authorization policies and key management configurations govern access to encrypted Customer Data. Locktera cannot decrypt Customer Data except in accordance with Customer-defined authorization policies or as required by applicable law.

8.2 Access Controls and Authentication

  • Role-based access control mechanisms
  • Authentication and authorization enforcement systems
  • Access restriction to authorized personnel with a legitimate business need
  • Credential management and authentication safeguards
  • Logical separation of customer environments in multi-tenant infrastructure

8.3 Monitoring, Logging, and Security Detection

  • Audit logging of access and processing activity
  • Security monitoring and threat detection systems
  • Detection of unauthorized access attempts
  • Security event logging and analysis
  • Incident detection, investigation, and response procedures

8.4 Infrastructure and System Security

  • Secure cloud infrastructure and hosting environments
  • Network security controls, including firewalls and segmentation
  • Secure system configuration and hardening
  • Vulnerability management and security patching
  • Infrastructure redundancy and resilience measures

8.5 Organizational Security Measures

  • Confidentiality obligations for personnel with access to Personal Data
  • Security training and awareness programs
  • Internal security policies and operational procedures
  • Access control reviews and least-privilege access enforcement

8.6 Incident Response

Locktera maintains incident response procedures designed to detect, investigate, and respond to security incidents affecting Personal Data.

Where required by applicable law, Locktera will notify affected customers of confirmed security incidents involving Personal Data in accordance with applicable legal and contractual requirements.

Where Locktera acts as a Data Processor, Locktera will notify customers of confirmed Security Incidents affecting Personal Data without undue delay and in accordance with the Locktera Data Processing Addendum and applicable Data Protection Laws.

Where Locktera acts as a Data Processor, Locktera shall notify affected customers of confirmed Security Incidents involving Personal Data without undue delay and in accordance with applicable Data Protection Laws and the Locktera Data Processing Addendum.

8.7 Customer Security Responsibilities

Customers are responsible for:

  • Managing access policies and authorization settings
  • Protecting account credentials and API keys
  • Configuring access controls for Customer Data
  • Ensuring secure use of the Services

8.8 Security Limitations

While Locktera implements robust security safeguards, no method of transmission over the internet or electronic storage system can be guaranteed to be completely secure.

Locktera continuously evaluates and enhances its security measures to protect Personal Data.

Customer Data remains encrypted and protected by cryptographic access controls defined by the Customer. Locktera does not access Customer Data except as necessary to provide, secure, or maintain the Services, or as authorized by the Customer.

9. DATA RETENTION 

Locktera retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected and processed, including providing the Services, complying with legal obligations, resolving disputes, enforcing agreements, and protecting the security and integrity of the Services.

Retention periods vary depending on the nature of the Personal Data and the context in which it is processed.

9.1 Customer Data Retention (Processor Data)

Where Locktera processes Personal Data on behalf of customers as a Data Processor, Locktera retains Personal Data only as directed by the customer and in accordance with the Locktera Terms of Service and Data Processing Addendum.

Customers control the retention, deletion, and access policies governing Customer Data, including encrypted containers and associated authorization policies.

Upon termination of the Services or upon customer request, Locktera will delete or return Customer Data in accordance with applicable contractual and legal requirements, unless retention is required by applicable law.

9.2 Account and Service Administration Data (Controller Data)

Locktera retains Personal Data associated with customer accounts, billing, support, and service administration for as long as necessary to:

  • Maintain customer accounts
  • Provide customer support
  • Comply with legal, tax, and accounting obligations
  • Enforce contractual rights and obligations
  • Maintain security and audit records

9.3 Security Logs and Audit Records

Locktera retains audit logs, access records, and security-related information for as long as necessary to:

  • Maintain security and integrity of the Services
  • Detect, investigate, and prevent unauthorized access or abuse
  • Support compliance, audit, and forensic requirements
  • Comply with applicable legal obligations

Where such audit records relate to Customer Data access, they are retained on behalf of the customer.

Locktera may retain website access logs, authentication logs, and system audit records for security, fraud prevention, compliance, and operational integrity purposes, consistent with applicable legal and contractual requirements.

9.4 Backup and Residual Data

Personal Data may remain in encrypted backup systems for a limited period consistent with Locktera’s backup and disaster recovery policies.

Such data remains protected by applicable security safeguards and is deleted in accordance with Locktera’s data retention and deletion procedures.

9.5 Legal Retention Requirements

Locktera may retain Personal Data for longer periods where required by applicable law, regulation, legal process, or government order.

10. CHILDREN’S PRIVACY 

The Services are not directed to individuals under the age of 16, and Locktera does not knowingly collect Personal Data from children.

If Locktera becomes aware that Personal Data of a child has been collected without appropriate authorization, Locktera will take steps to delete such data.

11. YOUR PRIVACY RIGHTS 

Depending on your jurisdiction and applicable Data Protection Laws, you may have certain rights regarding your Personal Data.

These rights may include the following:

11.1 Right of Access

You may have the right to request confirmation as to whether Locktera processes your Personal Data and to request access to such Personal Data.

11.2 Right to Correction

You may have the right to request correction of inaccurate or incomplete Personal Data maintained by Locktera.

11.3 Right to Deletion

You may have the right to request deletion of your Personal Data, subject to certain legal exceptions, including where retention is required by law or necessary for legitimate business purposes.

11.4 Right to Restrict Processing

You may have the right to request restriction of processing of your Personal Data under certain circumstances.

11.5 Right to Object to Processing

You may have the right to object to Locktera’s processing of your Personal Data where such processing is based on legitimate interests or applicable legal provisions.

11.6 Right to Data Portability

You may have the right to request a copy of your Personal Data in a structured, commonly used, and machine-readable format, and to request transfer of such data to another service provider where technically feasible.

11.7 Right to Withdraw Consent

Where Locktera relies on consent as the legal basis for processing Personal Data, you may withdraw consent at any time.

Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal.

11.8 Additional Rights Under Applicable Laws

Depending on your jurisdiction, you may have additional rights, including:

  • The right to know what Personal Data is collected and how it is used
  • The right to request deletion of Personal Data
  • The right to request correction of Personal Data
  • The right to non-discrimination for exercising privacy rights

Locktera does not sell Personal Data.

Residents of certain U.S. states, including California, Texas, Virginia, Colorado, Connecticut, and Utah, may have additional privacy rights under applicable state privacy laws, including the right to access, correct, delete, or restrict processing of Personal Data. Locktera honors such rights in accordance with applicable law.

11.9 Customer-Controlled Data

Where Locktera processes Personal Data on behalf of customers as a Data Processor, Locktera processes such Personal Data solely on customer instructions.

Requests relating to Personal Data contained within Customer Data should be directed to the applicable customer (the Data Controller).

Locktera will assist customers in responding to such requests as required by applicable law.

11.10 Exercising Your Rights

You may submit privacy rights requests by contacting:

legal@locktera.com

Locktera may take reasonable steps to verify your identity before responding to requests.

Locktera will respond to requests within the timeframe required by applicable law.

11.11 Right to Lodge a Complaint

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe your Personal Data has been processed in violation of applicable law.

For individuals located in the European Economic Area, this is typically the supervisory authority in your country of residence, place of work, or place of the alleged violation.

12. COOKIES AND TRACKING 

Locktera uses cookies and similar tracking technologies, including session cookies, persistent cookies, and related technologies, to operate, secure, and improve the Services.

Locktera does not currently respond to browser “Do Not Track” signals. However, Locktera does not use Personal Data for behavioral advertising or cross-site tracking.

These technologies are used for the following purposes:

Service Operation and Security

  • Maintaining secure user sessions
  • Authenticating users
  • Preventing unauthorized access
  • Detecting fraud, abuse, and security threats

Service Functionality

  • Enabling core platform functionality
  • Maintaining user preferences and settings
  • Supporting login and authentication workflows

Performance and Reliability

  • Monitoring system performance
  • Diagnosing technical issues
  • Improving service reliability and availability

Analytics and Service Improvement

  • Understanding how users interact with the Services
  • Improving usability, performance, and security

Cookies and Similar Technologies

  • Maintain session security
  • Authenticate users
  • Operate and provide the Services
  • Improve website functionality and performance
  • Protect against fraud and unauthorized access

Locktera does not use cookies for behavioral advertising or cross-site tracking.

Users may control cookies through browser settings. Disabling cookies may affect functionality of the Services.

Locktera does not use cookies to sell Personal Data or for third-party advertising purposes.

12.1 Customer-Controlled Tracking

Customers using Locktera Services may configure audit logging, access tracking, and security monitoring features. These features operate under the Customer’s control and are governed by the applicable customer agreement and Data Processing Addendum.

12.2 Cookie Controls

Users may control or disable cookies through their browser settings. However, disabling cookies may affect the functionality, security, or availability of certain features of the Services.

Browser vendors provide instructions for managing cookies, typically found in browser settings or help menus.

13. DATA PROTECTION OFFICER AND CONTACT INFORMATION 

Locktera is committed to protecting Personal Data and complying with applicable Data Protection Laws.

For questions, requests, or concerns regarding this Privacy Policy or Locktera’s data protection practices, please contact:

Locktera, Inc.
Dallas, Texas
United States

Email: legal@locktera.com
Website: https://locktera.com

13.1 Data Protection Officer

Where required under applicable Data Protection Laws, Locktera will designate a Data Protection Officer (“DPO”) or privacy contact responsible for overseeing Locktera’s data protection program.

Privacy inquiries, data subject requests, and security concerns may be directed to:

legal@locktera.com

13.2 Supervisory Authority Contact Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe Locktera has not complied with applicable Data Protection Laws.

14. CHANGES TO THIS PRIVACY POLICY 

Locktera may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, security practices, or data processing activities.

If we make material changes to this Privacy Policy, Locktera will provide notice through one or more of the following methods, as appropriate:

  • Posting the updated Privacy Policy on our website at https://locktera.com
  • Providing notice within the Services or Customer account portal
  • Sending notification to the email address associated with your account
  • Providing other reasonable notice consistent with applicable law

The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.

Unless otherwise required by applicable law, the updated Privacy Policy will become effective upon posting.

Continued access to or use of the Services after the effective date of the revised Privacy Policy constitutes acceptance of the updated Privacy Policy.

If you do not agree to the revised Privacy Policy, you must discontinue use of the Services.