Privacy & Anonymity

Updated November 15, 2014

Welcome to Canary - Anonymous Company Chatter from Canary Mobile Development LLC ("Canary," "we," "us" or "our").

This privacy policy explains how we collect, use and disclose information about you when you use our mobile application (the "App"), our Web site (the "Site") and other online products and services that link to this privacy policy (collectively, the "Services"). By using the Services, you consent to our collection, use and disclosure of your personal information as described in this privacy policy.

Through the Services, you can anonymously share messages, pictures, comments and other content ("Posts") with certain other users of the Services. When you share a Post through the app, you are anonymously sharing your Post with other users of the Services, regardless of their company affiliation.

Anonymity is the cornerstone of Canary. We've gone to great lengths to ensure that your anonymity can never be compromised. Posts, comments, likes, even viewing things: all of it is entirely anonymous. We securely encrypt every communication, we never save your email address and if we detect anyone trying to compromise your security (such as a proxy server) we cease communications until you've moved to a secure network.

There's no way to connect posts to specific users whatsoever.

Seriously. We have no way to know who made a post (or a comment, or a like) once it's been made.

Modifications

We may change this privacy policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, provide you with additional notice (such as adding a statement to our homepage). We encourage you to review the privacy policy periodically to stay informed about our practices and the ways you can help protect your privacy.

November 15, 2014: Minor typo fix; no substantive changes.

No Accounts

When you register to use Canary, we do not create an account in the traditional sense wherein various settings, preferences, data, and usage history would be saved and linked together in a database. Instead, we generate a secret token that is linked to your verified company's name, and provide that token to your app. Nothing else is ever associated with that token; all that it tells us is that a given device is associated with a given company.

To the extent that you request services that require us to maintain further records (for instance, to receive push notifications), that data is stored under a separate device identifier that is completely unrelated, and not relatable, to the secret token.

Collection of Information

Information You Provide to Us

We collect no personally identifying information about you. When you sign up for our Services, we do not save your email. We associate a secret token with your company that enables you to anonymously post within that company's threads without us being able to individually identify you. We do not collect your phone number, your friends' phone numbers, or any other personal information. When you invite people, we send them a single email and immediately discard their email address.

Further, when you create a Post or Comment, we use a one-off secret token specific to that thread, so nothing links your already-anonymous secret token to posts or comments.

Information We Collect Automatically When You Use the Services

When you access or use our Services, we collect some basic information about you. This information is solely used by us for debugging and analytical purposes (e.g., to enhance the Services), and it includes:

  • Log Information: We log only basic information about your use of the Services, including app launches.
  • None of the information we collect can be connected to your posts or comments.

Use of Information

We may use information about you for various purposes, including to:

  • Provide, maintain and improve our Services;
  • Provide and deliver the Services you request, process transactions and send you related information, including confirmations;
  • Send you technical notices, updates, confirmations, security alerts and support and administrative messages;
  • Respond to your comments, questions and requests and provide customer service;
  • Communicate with you about products, services, offers, promotions, rewards and events offered by us and others, and provide news and information we think will be of interest to you;
  • Monitor and analyze trends, usage and activities in connection with our Services and improve and personalize the Services;
  • Personalize and improve the Services and provide advertisements, content or features that match user profiles or interests; and
  • Link or combine with information we get from others to help understand your needs and provide you with better service;

Storage of Information

The information you provide to Canary is encrypted and stored on Amazon Web Services servers. Specifically:

  • Canary is hosted on Amazon Web Services. It is written in Python using Django and the very excellent Django Rest Framework;
  • All requests are via secure http, and our certificate is pinned to prevent man-in-the-middle attacks;
  • Secret tokens are generated using the SHA256 hashing algorithm;
  • To ban abusive users, our mobile applications look for flags embedded in posts, and cease working if they see such a flag in one of their own posts. This enables us to moderate the community without tracking users on our servers;
  • Canary will warn you if you're using an unsecure network, and immediately cease communications with our servers.

How We Respond to Subpoenas from Courts

It is technically impossible for us to connect your Posts with your email address, phone number, or other personal data. Further, it is impossible for us to connect Posts with each other, i.e. we cannot identify Posts as having a common author. As such, while we will respond to subpoenas as required, it is not technically possible for us to provide any materially relevant information beyond what we display publicly.

Analytics Services Provided by Others

We may allow third parties to provide analytics services to us. These entities may use cookies, web beacons and other technologies to collect information about your use of the Services, including your IP address.

Again, in no circumstances is any of this information tied to your activities on the Services.

Account Information

If you wish to delete your account, just select Delete/Uninstall from the app's settings. We will delete the secret token that we use to confirm your affiliation with your company.

Because we do not know which content you created, any posts, comments, or likes you've created will remain on the service.

Push Notifications and Alerts

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

Contact Us

If you have any questions or concerns about this privacy policy or any privacy issues, please email us at privacy@canaryapp.net. We will respond to concerns and complaints within a reasonable time after receipt (usually no more than 30 days).

info@canaryapp.net

© 2015 Canary Mobile Development LLC. All rights reserved.