This Privacy Policy (hereinafter referred to as the “Policy”) aims to clarify the relevant rules for Seclog Notebook Software (hereinafter referred to as the “Software”) for collecting, using, storing, transmitting, and disclosing users‘ personal information and data, to safeguard users‘ privacy rights and data security, to strictly comply with international general data protection guidelines (including, but not limited to, EU GDPR, U.S. CCPA, Brazilian LGPD, etc.), to comply with the “Privacy by Design” (PbD) principle, to integrate privacy protection into the entire life cycle of the software, and to suit the core functional scenarios of notebook software document editing, storage, and synchronization. This Policy applies to all users who use the Software (hereinafter referred to as “Users”), regardless of the device (computer, mobile terminal, etc.) through which users access or use the Software. The use of this Software is considered as if the user has fully read, understood and agreed to all the terms of this Policy; if the user does not agree to this Policy, they should immediately stop using this Software.
1. Definition and scope
1.1 Core Definitions
1.1.1 Personal Information: Means information that can identify a specific natural person individually or in combination with other information, including but not limited to names, email addresses, device identifiers, IP addresses, software usage records, notebook edits, document storage paths, and so on, conforming to the standards that define personal information in the International General Data Protection Regulations, covering the core definitions of personal data in the EU GDPR.
1.1.2 Non-Personal Information: Means information that cannot identify a specific natural person, including but not limited to software usage statistics, anonymized processing of user interaction behavior data, system execution logs, document declassification data, and so on. This type of data can be used for software optimization, functional iteration, and industry research, and will remain anonymized and not involve any personal identity associations.
1.1.3 Third-party services: refers to services provided by third parties that are integrated or linked to this Software (such as cloud storage, data synchronization, secure encryption, etc.), whose privacy policies are independent of this Policy, the user‘s use of third-party services is subject to the third-party privacy regulations, this Software does not assume any privacy-related responsibility for third-party services, and third-party services must comply with the data protection laws of their region.
1.2 Applicability Scope
1.2.1 This Policy applies to all functional modules, services, and related extended services of this Software, including but not limited to all service scenarios such as account registration, document editing, content storage, data synchronization, password protection, customer service consultation, privacy protection covering the entire life cycle of the Software, and suitable for core use scenarios of Notebook Software.
1.2.2 This Policy does not apply to third-party services. The third party is independently responsible for the privacy protection of third-party services. If users develop privacy-related issues due to the use of third-party services, they should communicate directly with the third party to resolve them. This Software provides only an access channel, does not participate in the operation of third-party services, and assumes no associated responsibility.
2. Information Collection
2.1 Collecting Principles
2.1.1 Legitimacy Principles: Collecting user information only when obtaining the user‘s explicit consent, necessary for the fulfillment of the service agreement, or in compliance with relevant international laws, regulations, and treaty provisions, strictly following the core requirements of “informed consent,” adopting the “opt-in” (active consent) mode, preventing unauthorized collection of information, and complying with the requirements of Article 6 of the EU GDPR regarding data processing legitimacy.
2.1.2 Minimum Required Principle: Collect only the user information necessary to achieve the core functions of this software (document editing, storage, synchronization, security protection), do not collect information that is not related to the service, control the scope of information collection to the minimum, implement the core requirements of “design as privacy”, avoid the privacy risks caused by redundant data collection, align with the notebook software‘s lightweight, privacy-first product positioning.
2.1.3 Transparency Principles: Clearly inform users of the purpose, scope, method, and use of information collected, ensure users are aware and have the freedom to choose whether to provide it, do not conceal any matters related to information collection, ensure users have the right to be informed, comply with the transparency requirements of international data protection, and clearly disclose all collection behaviors to users.
2.2 Scope and method of collection
2.2.1 Account Related Information: When users register for this Software account, they are required to provide a real, valid, and legitimate email address as a login credential. We will collect the email address provided by users for core purposes such as account verification, password recovery, service notifications, security alerts, etc. No additional non-personal information will be collected to ensure the authenticity and security of the account registration.
2.2.2 Software Usage and Documentation-Related Information: When users use this Software, data on the user‘s software operation behavior (including software startup times, feature usage records, device model, operating system version, IP address, log data) and Documentation-Related Information (document editing records, storage paths, encryption settings, etc.) will be collected to ensure the security of the Documentation, achieve data synchronization, optimize the editing experience and fix software bugs, all data collection in accordance with the minimum necessary principles.
2.2.3 Voluntarily Provided Information: When users voluntarily provide additional information (such as encryption passwords, sync preferences, etc.) when using specific features of this Software (such as document encryption, cloud synchronization), we will only use it for the implementation of that specific feature, not for other purposes, and users can withdraw the voluntarily provided information at any time to exercise data control.
3. Information Use and Storage
3.1 Information Usage
3.1.1 Core Service Usage: Using the collected information to provide users with the core functions of this Software, including account login, document editing, content storage, data synchronization, password protection, etc., to ensure that the service operates properly and reliably, meets the user‘s notebook usage needs, and all usage behaviors comply with the user‘s authorized scope.
3.1.2 Optimize Service Usage: Based on user usage behavior information, document action records, analyze user usage habits, optimize software editing functionality, storage efficiency, synchronization stability, and interface interactions, improve service personalization and convenience, improve user usage experience, and process personal information sensitively during use without revealing any personally identifiable content.
3.1.3 Security Assurance Usage: Use of user information to identify unusual logins, malicious operations, document tampering, and other behaviors, prevent security risks such as account theft, information leakage, and document loss, protect the security of user account and document data, comply with international data security protection requirements, and implement security principles for the entire lifecycle of data.
3.1.4 Use Restrictions: Use of information not exceeding the scope of the user‘s consent, and do not use the user‘s personal information and document content for other purposes unrelated to this Software Services, unless expressly authorized by the user or in compliance with relevant international laws, regulations and treaty provisions, strictly prohibiting misuse of information and disclosure of document content.
3.2 Information Storage
3.2.1 Storage locations: User information and documentation data collected by this Software will be stored on servers that comply with international data protection standards (such as requirements of Article 48 of the EU GDPR), and the storage locations will be legal and non-regular. The specific locations will be dynamically adjusted according to service optimization requirements, ensuring compliance with local data protection regulations and cross-border data flow rules, ensuring compliance with data storage.
3.2.2 Storage Period: The storage period for personal information and document data is the minimum time required to achieve the purposes of the service. If a user signs out of their account, we will delete or anonymize all personal information and document data processed by that user within 15 business days after completing the account sign-out, except as otherwise stipulated by law, regulations and treaties, in accordance with the data minimization and storage limitation principles.
3.2.3 Storage security: Encrypt storage of user information and document data using internationally leading encryption technologies (such as SSL/TLS, AES-256), establish a well-established security management system, regularly conduct security testing, vulnerability remediation, and risk assessment, equip professional security teams to ensure the security of data storage, implement “design-for-privacy” security requirements throughout the lifecycle, and prevent document disclosure, tampering, and loss.
4. Information Transfer and Disclosure
4.1 Information Transfer
4.1.1 Transfer Principles: Transfer user information and document data only in order to achieve the purposes of this Software Services (such as document synchronization), obtain user consent, or comply with relevant international laws, regulations and treaty requirements. Encryption technologies are used during the transfer to ensure the security and integrity of the information, prevent it from being intercepted, tampered with, or disclosed, and comply with the relevant requirements of the EU GDPR regarding cross-border data transfer.
4.1.2 Transfer Scope: User information and Documentation data will be transferred only between the entity operating this Software and its authorized service providers (such as compliant cloud storage providers). The authorized service providers must strictly comply with this Policy and related confidentiality agreements. They are not allowed to use or disclose the content of user information and documentation without their permission. Cross-border transfers will comply with data protection regulations in the relevant country or region, notify the users in advance and obtain their consent, ensuring the free flow and security of the data.
4.2 Information Disclosure
4.2.1 Prohibition of Disclosure: Do not disclose the user‘s personal information and document content to any third party without the user‘s explicit consent, except as otherwise stipulated by law, regulations and treaties, strictly protect the privacy of the user‘s information and documents, adhere to the principles of data confidentiality, and align with the core requirements of notebook software users for document privacy.
4.2.2 Permitted Disclosure: Disclosure of relevant information and Documentation content to third parties designated by the User with the User‘s written consent; Disclosure of User information (excluding unauthorized Documentation content) necessary to comply with legal, regulatory, and contractual obligations, and in response to legitimate requirements of judicial or regulatory authorities; Disclosure of User information to authorized service providers for the implementation of this Software Service, and strictly limiting the scope of use, ensuring that the service provider complies with its confidentiality obligations.
5. User Rights
5.1 Core Rights
5.1.1 Access rights: Users can log in to this Software account at any time to view their personal information (such as email, usage records, etc.) and the contents of documents, understand how information is collected, used, and stored, ensure that users have the right to be informed about their information and documents, and comply with the core rights granted to data subjects by the EU GDPR.
5.1.2 Correction Right: If users find that their personal information is inaccurate or incomplete, they may request a correction through the relevant features of this Software or by contacting Customer Service at kansikis@kavaorange.com. We will review and process the information within 3 working days to ensure the sourcing circumstances of the user’s information.
5.1.3 Right to delete: Users can request to delete some or all of their personal information and document content. If the deletion of information affects the normal provision of the service (such as the synchronization function), we will inform the user of the relevant impact, and the user will confirm before performing the deletion operation. We ensure that the user‘s right to delete information and documents complies with the requirements of international data protection regulations for the right to delete.
5.1.4 Right to sign out and right to withdraw consent: Users can apply to sign out their account, and after the account is signed out, the related data and documents will be processed according to regulations; Users can withdraw their consent to the collection, use, transmission, and disclosure of information at any time, and upon withdrawal, the related information processing behavior will stop, and does not affect the legality of information processing activities that were completed based on the user‘s consent before withdrawal.
5.2 Rights Relief
5.2.1 If users believe that their privacy rights have been infringed, or object to the processing of personal information and documents, they can submit a complaint or complaint through the contact email agreed in this Policy. We will receive and provide feedback on the processing results within 5 working days to provide effective rights relief channels for users to ensure that their rights are realized.
6. Third-party services and policy updates
6.1 Third-party services
6.1.1 This Software may integrate or link to third-party services (such as cloud storage, data synchronization, secure encryption, etc.), third-party services may collect information related to users, their information processing behavior must comply with their own privacy policies and international data protection rules, must not violate relevant laws and regulations and the core requirements of this policy, and must not obtain the content of user documents without authorization.
6.1.2 This Software provides only links or access channels to third-party services, does not control the information collection and use behavior of third-party services, and does not assume any privacy-related responsibility arising from third-party services. Users should carefully read their privacy policies before using third-party services, make their own decision whether to use them, and avoid privacy risks caused by third-party services.
6.2 Policy Update
6.2.1 As international laws, regulations and treaties are updated, software functions are optimized, operational requirements are changed, etc., this Policy may be revised. After revisions, update notifications will be published in prominent locations of this Software (such as the login page, settings page) to inform users of the changes in the Policy, ensuring that users are aware of the changes in the Policy and comply with the general standards of the international Privacy Policy updates.
6.2.2 After updating this Policy, the user‘s continued use of this Software, effective from the date of publication, is considered to agree to the updated Policy; if the user does not agree to the updated Policy, they should immediately stop using this Software, through which the user can view the historical version of the Policy, ensuring the user‘s right to be informed.
7. Contact information and disclaimer
7.1 Contact information
7.1.1 If users have any questions, complaints, complaints about this Policy, or need to exercise their rights or consult on matters related to Document Privacy Protection, please contact us via the following email address: kansikis@kavaorange.com. We will respond and handle them promptly, providing users with a convenient and efficient communication channel in accordance with the relevant requirements of International Data Subject Rights Relief.
7.2 Disclaimer
7.2.1 The Software assumes no responsibility for the leakage, loss, or tampering of user information and documents caused by irresistible forces (such as natural disasters, network disruptions, hacking attacks, etc.). The irresistible forces must comply with standards defined by international common law, and the Software will promptly take remedial measures after the irresistible force occurs to minimize user losses as much as possible.
7.2.2 Users are solely responsible for information security risks and document leaks resulting from their own improper actions (such as leaking account passwords, improperly sharing documents, using unofficial versions of the Software, etc.), and this Software assumes no related responsibility.
7.2.3 This Software assumes full security responsibility only for user information and document data collected, processed, and stored by itself, not for information security from third-party services, clearly demarcates responsibility, and complies with the general principles of disclaimer for international software operations; if there are privacy risks resulting from users violating the terms of this Policy, users assume full responsibility on their own.
This policy comes into effect from the day of publication. The final interpretation rights belong to the entity operating the Seclog notebook software. It does not fulfill its duties. It is implemented according to international general data protection laws, regulations, and treaties. It strictly conforms to core international data protection standards such as the EU GDPR, and fully protects user privacy and document security.