Privacy PolicyTerms of Use
  • Introduction
  • Definitions
  • Information We Collect
  • How We Use Your Information
  • Data Security and Key Storage
  • Data Retention and Deletion
  • Third-Party Integrations
  • Security Incident Procedures and Data Breach Notification
  • International Data Transfers
  • Children's Privacy
  • Your Rights
  • Changes to this Policy
  • Contact Information

GoodKey Privacy Policy

Effective Date: 14 of March 2025

Introduction

GoodKey ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service to authenticate and encrypt digital assets, manage cryptographic keys, and facilitate team-based key management. By accessing or using our service, you agree to the practices described herein.

Definitions

  • Credentials:

    Login and authentication data you provide to access the service.

  • Cryptographic Keys:

    Digital keys used to encrypt and decrypt data.

  • Token Metadata:

    Information such as serial numbers, manufacturer details, model information, usage frequency, and lifecycle status of your tokens.

  • Logs and Analytics:

    Data collected about how your organization and its users interact with the service.

  • Team:

    A group designated by your organization within GoodKey to collaborate on managing keys and related tasks.

  • Team Member:

    An individual who is authorized as part of a team to access and use the GoodKey service.

Information We Collect

  • Personal Data:

    When you register or contact us, we may collect your name, email address, and other contact details.

  • Usage Data:

    We automatically collect information such as your IP address, browser type, operating system, and pages viewed.

  • Credentials and Keys:

    To deliver secure key management, you may provide credentials and cryptographic keys; in some cases, GoodKey will have access to these.

  • Token Meta Data:

    We collect metadata about your tokens (e.g., serial numbers, make/model, usage frequency, lifecycle status).

  • Logs And Analytics:

    We gather logs and analytics regarding how your organization and its users (including team members) utilize keys to help monitor performance, optimize service delivery, and support compliance.

How We Use Your Information

  • Providing Services:

    To deliver, maintain, and secure the GoodKey service.

  • Customer Support:

    To respond to inquiries and provide technical assistance.

  • Service Improvement:

    To analyze usage patterns, token performance, and logs/analytics data for ongoing improvements.

  • Notifications:

    To inform you about updates or changes to our services, policies, and security practices.

Data Security and Key Storage

We use commercially reasonable measures to protect your information.

  • Key Storage:

    Where technically possible, keys are stored using Hardware Security Modules (HSMs) that meet FIPS 140-3 standards. Where this is not technically possible, keys are stored in our Key Management System (KMS), which is isolated, encrypted, and access-controlled.

  • Attestations

    Attestations are available to enable you to verify how keys are stored.

  • Best Practices:

    Our systems adhere to industry best practices, including least privilege access, service isolation, and tenant isolation.

  • No Absolute Security:

    While we take steps to secure your data, no method is completely secure.

Data Retention and Deletion

We retain personal data, logs, analytics, and metadata as long as necessary to provide our service and comply with legal obligations. Upon account termination or when required by law, data will be deleted or anonymized according to our retention policies.

Third-Party Integrations

GoodKey integrates with various third-party services (e.g., GitHub, Google Workspace, Microsoft 365, Slack, Teams) to enhance functionality. Data processed via these integrations is subject to the third party’s own privacy practices.

Security Incident Procedures and Data Breach Notification

In the event of a security breach affecting personal or sensitive token data, we will follow our incident response protocols and notify affected users as required by applicable law.

International Data Transfers

If your data is transferred or stored outside Washington State or the United States, appropriate safeguards will be maintained in accordance with applicable laws.

Children's Privacy

Our service is not directed to children, and we do not knowingly collect personal data from individuals under the applicable age of consent.

Your Rights

  • Access and Correction:

    You may request access to or correction of your personal data.

  • Cookie Control:

    Manage your cookie preferences through your browser settings.

  • Contact:

    For privacy-related questions or requests, please contact us at [email protected].

Changes to this Policy

We may update this Privacy Policy from time to time. Any changes will be posted here with an updated effective date.

Contact Information

For privacy-related inquiries, please contact us at: Email: [email protected]