C2X

Privacy Policy

Last Revised: March 24, 2014

Definitions

C2X: "Contacts to Excel & Email", "we", "our" or "us"

Device: A phone or tablet, that runs Android or iOS, that can access Google Play Store or Apple App Store and can download and run C2X.

Platform: One of the two smartphone operating systems, Android or iOS.

Client: Part of the service that runs on a device

Server: Part of the service that isn't visible to the user, communicates with the clients and web interfaces and does the job of communicating, processing and storing data.

Web Interface: Part of the service that allows a user to manage their data

Service: A collection of clients, server and the web interfaces offered by C2X which allow a user to export and import his/her contacts and manage his/her data on the server.

Prolog

This document explains the policies and practices of C2X on the collection, use and disclosure of your information on its web interfaces, server and client applications. The service may collect information related to a user from various sources, including its client applications, web interfaces and third party websites and services. When you use the service, you are agreeing to the collection, transfer, manipulation, storage, disclosure and other uses of your data as described in this document.

This document covers the treatment of personally identifiable information ("Personal Information") gathered when you are using or accessing the service. This document also covers our treatment of any Personal Information that our business partners share with us or that we shares with our business partners.

This document does not apply to the practices of third parties that we do not own or control, including but not limited to any third party websites, services and applications ("Third Party Services") that a user may access through the service or to individuals that we do not manage or employ. We cannot take responsibility for the content or privacy policies of those Third Party Services. We encourage you to carefully review the privacy policies of any Third Party Services you access.

1. Introduction

1.1. C2X is a service that extracts contacts from a device, converts them into an MS Excel file, and emails the file to the email address provided by the user.

1.2. The Excel file is also cached on the server for 7 days to facilitate import, which can be manually deleted by the user if he/she likes.

1.3. C2X service has two important parts: a client application which runs on a device and interfaces with the user, and a server application which performs the actual operations of import and export. The service also has a web interface which offers some additional tools to the user to enhance their control over their data.

1.4. C2X server generates a unique export code (UUID) against each export request, which can be used by a C2X client to restore the exported contacts back into any device, regardless of which platform was used to export them at first place.

1.5. If an Excel file is either automatically expired from the server, or manually deleted by the user, and then the user wants to restore their contacts on a device, they can upload their Excel file through the web interface. The server will generate a new export code (UUID) for this file which can be used by a client to import contacts. Also, this uploaded file will be treated like any Excel file in the system, as in, it will be expired in 7 days and user will be given control to delete it manually any time before.

2. What Data Is Collected?

2.1. C2X clients communicate with server through simple HTTP. There are three requests a client can make to server: export, import and feedback. Apart from call-specific data, each call sends these items to the server: ApiKey and Internet Protocol (IP) address.

2.2. From a C2X client, an export request also sends a list of all properties of all contacts from the host device and the email address provided by the user to the Service. The contact list is used to generate an Excel file and the email address is used to dispatch the Excel file to the user.

2.3. From a C2X client, an import request also sends a unique export code, which helps C2X server identify cached Excel file. Server then extracts contacts from the cached Excel file and sends them back to the client. Client in turn writes those contacts into the device.

2.4. From a C2X client, a feedback request also sends a message to the server written by a user for C2X team.

2.5. If a user uploads an Excel file, as described in 1.5, the Excel file along with the IP address are transmitted to the server.

3. How Data Is Used?

3.1. Each request from C2X client carries an ApiKey and an IP address. ApiKey helps server determine which client version is making the request, so server can respond accordingly. IP address helps server prevent itself from abuse. Both ApiKey and IP address is stored on server anonymously along with timestamp of the request.

3.2. On each export request generated by a C2X client, C2X server generates a unique export code (UUID), which is saved at server along with number of contacts and data mentioned in 3.1. Number of contacts against each export request are stored anonymously for the sake of statistics. The contacts are converted to an Excel file which is stored on server for upto 7 days to facilitate import. However, if a user likes, he/she can delete his/her Excel file from server by following steps mentioned in c2x.eastros.com/help. An Excel file is removed permanently from C2X server, whether it was manually deleted by the user or it was automatically expired after 7 days.

3.3. An import request from a C2X client stores nothing on server other than data mentioned in 3.1.

3.4. A feedback request from a C2X client stores user's message along with data mentioned in 3.1.

3.5. If a user uploads an Excel file, as described in 1.5.

4. How Data Is Shared With Third Parties?

4.1. C2X does not share users' private data with any third parties. However, a user's anonymously collected number of contacts summed up with all number of contacts ever exported through the service can be used to display as a statistic on C2X public website [c2x.eastros.com]. Also, a user's public rating and review about a C2X client on a device store can be used on C2X website for display and for the purpose of its own advertisement on third party platforms.

5. To What Degree Data Is Protected And What Are The Risks Involved?

5.1. Because of limited funds, C2X cannot afford an SSL certificate for data transmission via HTTPS, that is why communication between clients and the server takes place via regular HTTP. Hence communication is prone to sniffing attacks.

5.2. The Excel files and other data are stored in a virtual server at Digital Ocean Inc. Physical security of the server is subject to Digital Ocean's policies.

5.3. The virtual server is password protected and accessible by only authorized people in C2X team.

5.4. The Excel files and other data are stored without encryption.

5.5. Nobody in C2X team is allowed to view any Excel file without explicit authorization by the owner of the data.

5.6. If an excel file is stored on server, it is publicly available via a URL and a unique export code (UUID). The export code is reasonably difficult to guess, so it is almost impossible for anyone to guess a specific person's Excel file unless the person himself/herself shares the URL with anyone else.

6. What Control A User Shall Have On His/Her Data?

6.1. A user can anytime delete their Excel file stored on server by following steps mentioned in c2x.eastros.com/help.

6.2. A user cannot delete data other than their Excel file, such as request timestamps, IP address and number of contacts exported etc. For the sake of record, everything other than the Excel file is stored anonymously.

7. How To Ask Questions Or Share Concerns?

7.1. If any user has any questions or concerns, they should write a detailed email to support@eastros.com. C2X team will do their best to answer the questions and resolve concerns.