This privacy policy sets out how On In Time uses and protects any information that you give On In Time when you use our services.
On In Time is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, then you can be assured that it will only be used in accordance with this privacy statement.
On In Time may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
Any email address provided to On In Time through either our waiting list, optional email verification, or optional notification/recovery email setting in your account, is considered personal data.
Such data will only be used to contact you with important notifications about On In Time, to send you information related to security, to send you an invitation link to create your On In Time account, to verify your On In Time account, or to send you password recovery links if you enable the option. We may also inform you about new products in which you might have an interest. You are free, at any given time, to opt-out of those features through the account settings panel.
In order to maintain the integrity of the service, On In Time must take measures to avoid creation of accounts by spammers. This is because if spammers use On In Time to send messages, On In Time’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc.
In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, On In Time uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us.
On In Time's overriding policy is to collect as little user information as possible to ensure a completely private and anonymous user experience when using our services.
Service's user data collection is limited to the following:
Visiting our website: We do not make use of any analytics on our website and we do not log any user activity.
Account creation: We collect only the necessary information for billing and communication. We encourage all users to provide an anonymous email address through the use of services like AnonAddy.
Account activity: We make use of Migadu for our mail server. As such, you can rest assured that no analysis is done of your emails (except for the purpose of spam reduction as detailed below), and only the strict minimum is logged to help prevent and mitigate abuse.
Communicating with On In Time: Your communications with us, such as support requests, bug reports or feature requests may be saved. But you are welcome to do so anonymously.
We do not have any advertising on our site. Any data that that we do have (which is very little), will only be shared under extraordinary circumstances (such as through a court order).
We do not do any analysis on your emails except for the purpose of reducing spam. You can review the setup here. Rest assured that no personal data is retained during this process. You can easily avoid this by making use of Open PGP. We will also gladly assist you with setting this up.
All servers used in connection with the provisioning of our services are located in the United States through Amazon Web Services. Data is always encrypted at rest using the industry-standard AES-256 algorithm. You can read more about this here. Offline backups may be stored periodically, but these are also encrypted.
No data goes through any third party. All data is processed by our servers through Amazon Web Services.
Through our services, you can directly access, edit, delete or export personal data processed by On In Time.
If your account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
When an On In Time account is closed, data is immediately delete from production servers. Active accounts will have data retained as long as the user requests to have it. Deleted emails are also permanently deleted from production servers. Deleted data may be retained in our backups for up to 30 days.
We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent Canadian or United States authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
If a request is made for encrypted message content that On In Time does not possess the ability to decrypt, the fully encrypted message content may be turned over. If permitted by law, On In Time will always contact a user first before any data disclosure.
On In Time may from time to time, contest requests if there is a public interest in doing so. In such situations, On In Time will not comply with the request until all legal or other remedies have been exhausted.