Notice of Privacy Practices
Effective 15 October 2024
AgileBits Inc., doing business as 1Password, is committed to processing your information in ways that respect your privacy and keep it safe. This Privacy Notice explains what information we collect about you and why, how we use it and share it, your rights over it, and how to contact us if you have questions.
Privacy Notice Summary
This is a summary of our Privacy Notice. To review our Privacy Notice in full, please scroll down.
What does this Privacy Notice cover?
This Privacy Notice is designed to describe:
How and what type of Personal Information we collect and use
When and with whom we share your Personal Information
What choices you can make about how we collect, use, and share your Personal Information
How you can access and update your Personal Information
What is Personal Information?
As part of providing our Services to you, we may collect information from or about you, including information that is considered Personal Information. “Personal Information” is data that can be used to identify a person individually. That’s what this Notice is about – our collection, protection, use, retention, disclosure, and other processing of Personal Information and your rights relating to these activities.
What Personal Information do we collect and use, and how do we collect it?
We collect Personal Information when
You give it to us
We collect it automatically; or
We receive it from others
When you create an account on our site, or sign up to receive offers or information, you give us your Personal Information. We also collect such Personal Information through automated technology such as cookies placed on your browser, with your consent where applicable, when you visit our websites. We also receive Personal Information from business partners and other third-parties, which help us improve our product and associated services, update and maintain accurate records, potentially detect and investigate fraud, and more effectively market our services.
How is your Personal Information shared?
We share your information with trusted third-parties to help us operate and improve our products, services, and websites. The full Privacy Notice below details how Personal Information is shared.
What are your rights and choices?
You can exercise your data protection rights in various ways. For example, you can opt out of marketing by clicking the “unsubscribe” link in the emails, in your account as applicable, or by contacting 1Password at [email protected]. Our Privacy Notice has more information about the options and data protection rights and choices available to you.
How to contact us
You can contact us as described below in the Contact Us section to ask questions about how we handle your Personal Information or make requests about your Personal Information.
PRIVACY NOTICE
Introduction
This privacy notice explains the information we collect, how we use and share it, how to exercise rights you may have in connection with our websites (including, but not limited to, www.1Password.com, www.1Password.eu and www.1Password.ca) and the related applications and services (collectively, the “Services”) operated by Agilebits Inc. doing business as 1Password (“1Password”, “We”, “Us”, or “Our”) including our affiliated companies unless otherwise noted. Please also read our Terms of Service, which sets out the terms governing the Services.
1Password processes your information both for our own business purposes (as a “controller”) and in connection with our Services offered to business customers (as a “processor”). This privacy notice applies when 1Password is the controller of your personal data, unless otherwise noted. Where we provide our Services under contract with an organization (for example, your employer), that organization is the controller of your information processed by the Services. We refer to information processed in connection with our Services offered to organizations as “Customer Data.” For more information, please see the Notice to End Users, which explains our privacy practices when we are a data processor. This Privacy Notice does not apply to the extent we process your information in the role of a processor on behalf of such organizations.
Sometimes, we work with other companies and our affiliates to bring our customers and our customer’s end-users an unbeatable experience. This policy does not apply to products or services offered by third-parties, or services offered under the Kolide, Inc., brand, each of which has its own terms and conditions and privacy policies (see Kolide Privacy). You should carefully read each third-party’s privacy policies and any terms and conditions applicable to the product or service you use.
Who We Are and Our Commitment to Privacy
1Password is a Canadian company headquartered in Toronto, Ontario, Canada. As the controller of your information, we believe in holding ourselves accountable to you. If you have any questions or concerns about our privacy practices or this Privacy Notice, you can reach us by using the information provided in the Contact Us section.
Who are You
We collect personal information about three categories of people: Individuals, Business Account Owners, and Business End Users.
Individuals. These are people who visit our site, interact with our content or marketing, or use our Services directly using an individual or family account. This Privacy Notice applies to your information.
Business Account Owners. These are people who represent an organization that uses 1Password Services through Business accounts. We collect and use your contact information as described in this Privacy Notice.
Business End Users. These are people who use the Services as provided to them via an organization’s Business account. If you are a Business End User your use of the Services is subject to your organization’s privacy policy, please review the Notice to End Users for further information.
INFORMATION WE COLLECT ABOUT YOU
We collect information from you when you provide it to us or when you use our Services, and from trusted third-parties as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise make it available directly to us through your use of our Services.
Contact Information. We collect your contact details and keep records of your interactions with us. For example, when you provide feedback, participate in a survey, attend our webinars, or request more information about our products and services. Our records may include the following: your name, email, address, phone number, preferred contact method, job title, company name, company size, your responses to our surveys, events attended, and any products or services where you have expressed your interest to us.
Secure Data is the data you pay us to protect. It includes the information you decide to store within your vaults in your 1Password accounts. Your Secure Data is your property. We claim no rights to it beyond those necessary to deliver Services to you. You may add, modify, and delete Secure Data at your discretion.
Secure Data is encrypted using secure cryptographic keys that exist only in the possession and under the control of users or admins of their accounts. We have no way of accessing or sharing Secure Data in a readable format or decrypting it, and we never receive copies of unencrypted Secure Data.
Service Data is the information 1Password collects or generates during the provision and administration of our Services and related technical support, excluding any Customer Data. Service Data includes, but is not limited to:
Account Information. We collect information you provide when creating your profile and setting up your 1Password account (for example, your name, email, administrator contact details, vault names, your location, and any images that you may have uploaded as part of your profile). If you set up trusted devices or browsers, we collect identifiers and details about them to distinguish them from any others you might use to access the Service. If you created a Family account, we collect details like family names, email addresses, and any other information your invited guests may have provided us to set up their accounts.
Payment Information. We use a Payment Card Industry (PCI) compliant third-party payment processor, to collect and secure your payment method, payment card details, and billing information when you sign up for the Services. Where required by law, we keep business records related to any contracts, charges, payments, refunds, taxes, or billing issues.
Support Data and Communications. We keep records of your communications with us. Our Services include technical support, so when you communicate with us (via email, phone, websites, social media, chatbots, or otherwise) we collect your contact information, a description or summary of your problem and any other documentation or technical information we might need to help diagnose or resolve your issue. If you communicate with us via a chatbot or use our automated communication tools to facilitate your communications with us, including those offered by a third-party, these tools may collect and record the contents of any communications you send through them. They may also collect analytics information, such as device and usage information. We may disclose this information to our relevant service providers for the purpose of providing these tools, improving our customer support, generating summaries, and internal marketing purposes.
Webinars, Trainings, Contests, and Event or Program Data. Data you provide to us when you register for any of our events, contests, webinars, whitepaper downloads, and surveys; or share your attendee information with us as part of a conference or seminar. This typically includes, but is not necessarily limited to, identifiers and employer information, such as your name, contact information, company details, and location.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services. In some cases, we may ask for permission before we collect your information automatically as described below.
Diagnostic Data is data we collect to protect, maintain, and improve our Services. Diagnostic Data may include the following information:
Technical Usage Information. We collect information from your browsers and devices, which provides us with technical usage information when you access or use the Services. This includes information about your devices, applications, operating systems, cookies, server logs, IP address, location data, analytics information, software errors and crash data, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain our Services. In some cases we may ask you for certain diagnostic reports and other information necessary to help us identify and solve problems with our products and Services. This information is sent to us only on a case by case basis, or by users who decided to participate in our beta software programs, or who otherwise explicitly choose to send diagnostic data to us.
Account Configurations. When you sign up for our Services, we collect information about how you have configured your account. For example, we record your preferred hosting configuration based on the location of your account creation (e.g., Canada, European Union, or United States). Additionally, we collect information about how you have set up your vaults, for example, the number of vaults, number and types of items in vaults, who may access your vaults, and when and from where vaults are accessed.
Product Usage Information. With your permission, we collect, in a privacy-preserving manner, information about how you interact with our site and Services, including but not limited to, IP address, pages visited, length of time on pages, features used, etc. It also includes aggregated and deidentified information we collect for marketing and sales purposes including Business Account contact information. Learn more about some of our privacy-preserving data collection practices.
Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, marketing platforms, public databases, and from our business partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, advertise to you, and suggest services that may be of interest to you. We receive information from the following sources:
Agilebits Inc. Companies. We receive information about you from other corporate affiliates, in accordance with their terms and policies.
Cookies and Other Technologies. 1Password and our marketing partners use cookies and other tracking technologies to collect information about your interactions with our websites and products for essential, functional, analytical, and advertising purposes. For more information, please see our Cookie Policy, which includes information on how to control or opt out of these cookies and tracking technologies.
1Password Partner Network. We work with channel partners, technology partners, system integrators, and hyperscalers who provide consulting, implementation, training, and other services around our products. Some of these partners also help us to market and promote our Services, generate leads for us, and resell our Services. We may receive information from these partners, such as billing information, billing and technical contact information, company name, what Services you have purchased or may be interested in, evaluation information you have provided, what events you have attended, your region or country, and other service data.
HOW WE USE INFORMATION
We use the information we collect for the following purposes:
To provide our Services to you. We use your information to create an account, which allows you to create and store passwords, Passkeys, and other information in a vault. We use your information to provide you with a rich customer experience that includes troubleshooting and support services. In particular, we use your information to provide you with insights, usage reports and other information related to your account and use of our Services. We use your contact and billing information to process and accept payments for our Services.
To assist and communicate with you. We use your contact information to provide emergent and proactive service notifications, product updates, schedule calls, and to market and promote the Services, and other commercial products to you, using email, mail, phone, and system notifications in accordance with your permissions. We also use information we collect and receive to provide support services in response to your questions or requests for information. Depending on your request, we may use information we collect about your use of our Services to troubleshoot your concern.
We may use your communications with us for training and quality assurance, such as to understand and help manage the number of requests received, to ensure the quality and accuracy of the responses that were provided to you, and for dispute resolution purposes. We use automated technology to review your communications and improve your support experience. For example, we may use chatbots or other automated technology to help identify the nature of your request, suggest articles or content to facilitate our responses to you, and obtain feedback from you.
To market our products and Services. We use information about how you use our sites and Services, such as products or features used, trainings attended, content requested, promotions you’ve engaged with and browsing activity to optimize the delivery of our advertisements and measure the effectiveness of our marketing initiatives. Our Cookie Policy further explains how we use cookies and similar tracking technology to help us market our products to you.
To operate and improve our Services. We use information we collect and receive about you to conduct surveys, product research, and to measure the effectiveness of our training programs and Services. We may use third-party services to help us collect data or analyze data that we have collected about you. We also use aggregated or otherwise deidentified data to develop insights into how our Services are used.
To secure our Services. We use information we collect and receive about you to enforce our Terms, prevent, detect, and investigate fraud, combat spam, control access to the Services, and to monitor, enforce, and improve the security of the Services we provide.
To comply with our legal obligations. We use information we collect and receive about you to protect our and our users’ rights and interest, defend ourselves, and respond to law enforcement, other legal authorities, and requests that are part of a legal process. We also use information we collect to comply with security and anti-terrorism, anti-bribery, customs and immigration, and other such due diligence laws and requirements.
Legal Bases
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for collecting and using personal data as described in this Privacy Notice depends on the personal data and the specific context in which we collect it. In some cases, we may rely on multiple legal bases to process your data. For example, our legal bases to process your personal data include:
Performance of contract with you, such as to provide and maintain our Services for your use. It is necessary for us to process your Contact Information, Secure Data, Service Data and Diagnostic Data to provide, improve, and secure our Services for you.
In furtherance of our legitimate interests, we process your Contact Information, Service Data, and Diagnostic Data, to develop and train new technology, to analyze and improve our existing services, and to customize content used for our marketing purposes. Where we are using your information because we or our customers (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
With your consent, such as when you tell us we may use your location or non-essential cookies and similar technologies. When we process your information based on your consent you may revoke your consent at any time, in some cases this may not affect any processing that has already taken place.
To comply with a legal obligation, including to prosecute, exercise, or defend a lawsuit, arbitration, or similar legal proceeding, or to respond to lawful requests by public authorities (including national security or law enforcement requests).
We take reasonable steps to ensure that the information we collect is reliable, accurate, complete, and current for its intended use. If you would like to find out more about the specific legal basis we rely on to process your data for a particular purpose (including any legitimate interests we have in processing that information), please contact us as detailed in the Contact Us section.
HOW WE SHARE INFORMATION
We share your Personal Information as described below and in this Privacy Notice, and as permitted by applicable law.
AgileBits Inc. Affiliated Companies. We may share your information within the AgileBits companies and in some cases, with prospective affiliates to operate, improve, and market affiliated services to you. This includes affiliate companies that own, operate, or enable us to provide the Services to you. Unless you are notified otherwise, information shared with corporate affiliates will remain subject to this Privacy Notice.
Account Organizer. Our Services allow you to create accounts on behalf of other individuals though Family accounts. When you create an account on behalf of someone else, we refer to you as an account organizer. If you were invited to use an account created by someone other than yourself, we share certain information we collect about you and your use of our services with your account organizer. For example, we may share whether or not you have accepted an invite, when you last signed in, the number of devices you’ve signed in with, the number of items in your vaults, including private vaults, whether you have enabled two-factor authentication, and other insights as configured by your account organizer.
Third-parties Designated By You. We may share your information with other 1Password users, invited guests, or third-parties you have otherwise authorized or provided your consent for us to share information with. For example, when you invite a guest to access your vaults or invite an individual to join your family.
Business Account Owners. If you signed up for the Services using an email domain owned by one of our business customers, we may share your contact information with the business account owner that requested that you participate in the Services under a separate agreement.
Service Providers. We share information with third-parties in connection with the delivery of Services to you and the operation of our business. These third-party service providers are required to protect information we share with them and may not use any identifying information other than to provide services we contracted them to provide. They are not allowed to use the information we share for purposes of their own direct marketing (unless you have separately consented with the third-party under the terms provided by the third-party).
Marketing Partners. We may disclose your information to third-party marketing services which help us advertise our services to you. This may be considered a sale or sharing personal information data under applicable privacy laws. Depending on where you live, you may have the right to opt out of having your information shared for this purpose. View our Cookie Policy for more information on our use of tracking technology for the purposes of targeted advertising.
Legal Obligations. We may disclose your information and associated records to enforce our terms; as necessary to satisfy our tax or other regulatory reporting requirements, including the remission of certain taxes in the course of processing payments; or where we are permitted (or believe in good faith that we are required) to do so by applicable law, such as in response to a subpoena or other legal request, in connection with actual or proposed litigation, or to protect our rights or interests.
We will comply with applicable laws and the contracts with our customers to provide Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form.
Corporate Transactions. We may share your Personal Information in connection with any anticipated or actual corporate transaction, such as a divestiture, merger, consolidation, assignments, or asset sale, or in the unlikely event of bankruptcy. In the case of any acquisition, we will inform the buyer it must use your information only for the purposes disclosed in this Privacy Notice.
KEEPING YOUR INFORMATION SAFE
We understand and accept our responsibility to protect your information. We use strict access control mechanisms such as network isolation and encryption to ensure that your information is only available to authorized personnel. Learn more about how 1Password protects your Secure Data.
RETENTION AND DELETION
We will retain your personal information for as long as necessary to fulfill the purposes set forth in this Privacy Notice, unless a longer retention period is required or permitted by law, or you instruct us to delete your information. We will deidentify, aggregate, or otherwise remove or mask your personal information if we intend to use it for analytical purposes or trend analysis over longer periods of time. Please note that copies of information that you have updated, modified, or deleted may continue to reside in our systems for a period of time, and we may maintain copies of this information as part of our business records.
INTERNATIONAL DATA TRANSFERS
Secure Data is hosted where an Individual or Business customer chooses (currently either in the EU, US, or Canada), except to the extent a user utilizes the Item Sharing function in which case the data will be stored in the EU as long as the item is shared.
Service Data, Diagnostic Data, and other information we process may be accessed from, processed, or transferred to countries other than the country in which you reside or in which the data is hosted. Our employees may access your information from various countries around the world. Those countries may have data protection laws that are different from the laws of your country.
Our customer support and email services are hosted primarily in the United States and Canada. Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services. If you wish, you may encrypt email to us using our PGP public key.
We have taken appropriate steps and put safeguards in place to help ensure that any access, processing, or transfer of your information remains protected in accordance with this Privacy Notice and in compliance with applicable data protection law. Such measures provide your information with a standard of protection that is at least comparable to that under the equivalent local law in your country, no matter where your data is accessed from, processed, or transferred.
Such measures include the following:
Adequacy decisions of the European Commission confirming an adequate level of data protection countries outside the European Union.
Ensuring that the third-party partners, vendors, and service providers to whom data transfers are made have appropriate mechanisms in place to protect your Personal Information. For instance, our agreements signed with our third-party partners, vendors and service providers incorporate strict data transfer terms (including, where applicable, model clauses issued by the European Commission or the United Kingdom for restricted transfers to third countries), and require all contracting parties to protect the Personal Information they process in accordance with applicable data protection law. Our agreements with our third-party partners, vendors, and service providers may also include, where applicable, their certification under approved privacy frameworks, or reliance on the service provider's Binding Corporate Rules, as defined by the European Commission.
Carrying out periodic risk assessments and implementing various technological and organization measures to ensure compliance with relevant laws on data transfer.
YOUR RIGHTS AND CHOICES
You have certain rights and choices with respect to your information, we’ve explained your rights and how to exercise them below:
Access to Information. You can ask us to confirm if we are processing your personal information, provide you with details about our processing, and access much of the information you have provided us when you log into your account. To request access to information contact us using the methods provided in the Contact Us section.
Correct Your Information. You can update your information within your settings and modify content you have provided from your account. To edit your personal information, visit your profile in your account settings. You may also contact us about correcting or updating your information using the methods provided in the Contact Us section.
Download Your Information. We want happy customers, not trapped ones. We will not lock you out of your own data. However, we are unable to decrypt your Secure Data; you will need your Account Password and Secret Key to decrypt it. You may export a copy of your Secure Data from your 1Password account.
Delete Your Information. Individuals and Family account owners have the right to instruct us to remove data permanently from our systems and backups. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, we will begin removing your information from our active systems. To request permanent deletion of your personal information, please contact us using the methods provided in the Contact Us section. Please note we may retain versions of your information in accordance with our retention policy or until they are overwritten.
Object to Certain Uses. You can object to any processing of your personal information that is done on the basis of our legitimate interests, unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process your information for the establishment, exercise, or defense of a legal claim. In some cases, if you object to our use, it may mean no longer using the Services. To exercise this right, contact us using the methods provided in the Contact Us section of this Privacy Notice.
Limit How We Use Information.
You can ask us to restrict the processing of your personal information under certain circumstances (e.g., when you wish to contest the accuracy of your data). You can also ask us to freeze your account at any time by contacting us as described in the Contact Us section of this Privacy Notice. When your account is frozen, you will not be able to provide ongoing or future data to us that is associated with your account.
Withdraw Consent. You can withdraw your consent where our processing is based on a consent you have previously provided us. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so, or if your withdrawal of consent was limited to certain processing activities. For example, you may withdraw your consent to allow us to collect your Product Usage Information. Please note, withdrawal of your consent will not affect the lawfulness of any processing carried out before your withdrawal.
Manage Communications We Send You. You may change your communication preferences at any time by clicking here and you may also opt-out of marketing emails from us directly through the email. You may opt-out of sales and marketing phone calls from us by letting us know during the call or by contacting us as described in the Contact Us section. Please be aware that you cannot opt-out of receiving necessary account- and privacy-related messages from us.
Cookie Preferences. You may opt-out of certain cookies set via our websites through our consent banner or your browser settings. Please see the Cookie Policy for more information.
Complaints. If you would like to raise a concern about our use of your information, please contact us first as described in the Contact Us section. We respond to all requests we receive from individuals wishing to exercise their data protection or privacy rights in accordance with applicable data protection laws. Please note, we may also ask you to verify your identity in order to help us respond to your request securely and efficiently. Depending on the laws in your local jurisdiction, you may be able to appeal any decisions made regarding your rights. For individuals in Europe, the United Kingdom, and Switzerland, you may lodge a complaint about the collection and use of your personal data with a data protection authority in relation to the General Data Protection Regulation and other applicable laws. Should you have the right to appeal a decision to not take action on a request under applicable law, instructions on how to make that appeal will be included in our response to you.
CONSENT FOR UNDERAGE ENROLLMENT
Our Services are not intended for minors. Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers are responsible for that authorization when they add someone under the age of 16 to an account.
UPDATES TO OUR PRIVACY NOTICE
At our discretion, we may make changes to this Notice and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Notice. We maintain the right to send you an email or in app notification informing you of substantive changes. Previous versions will be made available. View archived privacy policies for the 1Password password manager.
CONTACT US
If you have any questions about this Notice or our practices, you can contact us or our Data Protection Officer at [email protected] or write us by mail at:
Privacy Office
4711 Yonge St, 10th Floor, Toronto, Ontario, M2N 6K8 Canada
To exercise your rights and choices, email [email protected].
To send us an encrypted email, use 1Password’s PGP public key.
If you’re not satisfied with our response, you have the option of contacting the Office of the Privacy Commissioner of Canada.
SUPERVISORY AUTHORITY
If you have concerns or complaints about this Notice or practices with regard to that you do not feel you can resolve through contacting us, you should bring those concerns to your local regulatory authority.
NOTICE TO END USERS
This notice is designed to provide you with important information about your business managed account. 1Password is a processor of personal data that we process on behalf of our business customers. If you use 1Password services with an account provided by your employer or an organization that you are affiliated with, that organization is the controller of your information and the administrator of your account. We refer to personal data processed in connection with our Services offered to businesses as “Customer Data.” We only process Customer Data to fulfill our contractual obligations, or as otherwise instructed by our business customers. If you have questions about the processing of your information or would like to exercise your data protection rights, please contact your account administrator. Please note, the 1Password Privacy Notice does not apply to business products or services.
As an end user of a Business product, your information is subject to the privacy information provided to you by your organization. We recommend that you review your internal privacy policies prior to creating an account with us.
Your account administrator manages your 1Password account and any information associated with your account. This means that your account administrator can access and process your data, including insights derived from how you use and interact with the Services and any privacy controls associated with your account. Your account administrator controls which services you may access using your account, and can turn off particular services at their discretion. Your account administrator can also delete your account, recover your account and vault contents, or restrict you from accessing any data associated with your account.
If you have created a free Family or Individual account provided by your account administrator, your personal account is covered by the 1Password Terms and Privacy Notice and cannot be accessed or processed by your account administrator. If you lose access to the organization that you are affiliated with (for example, if you change your employment), you may lose access to 1Password Business products, including your employee vaults and the information contained within those vaults. Your Individual or Family 1Password account and data associated will remain yours, subject to the 1Password Terms.
Change log
2024-10-15
The new Privacy Notice includes a concise summary of the main points, making it easier to understand the scope and purpose of the document.
We clarified that we process information both as a controller and a processor and where our Privacy Notice applies.
We added more detailed descriptions of the types of data we collect, including contact information, payment information, support and communications, and more.
We provided detailed information on how we share data with third parties, including service providers, account organizers, and more is now included.
We included comprehensive details on how we handle international data transfers and the safeguards in place to protect your data.
We added a more comprehensive list of your rights, such as accessing, correcting, downloading, deleting your information, and managing communication preferences, is now provided.
We added a specific section to provide business end users with information about their data and the responsibilities of their account administrators.
2024-01-02:
We have added a section explaining the use of Chatbots and have amended the section on Cookies and Tracking
2023-11-01:
We have updated various communication channels for questions and data subject access right requests
We have updated specific references to GDPR and Canadian privacy laws, with applicable data protection laws.
We have updated the references to US Privacy Shield to the “DPF.”
We have removed an outdated Supervisory Authority.
2023-06-22:
We have amended the “Data Location and Transfer” section to remove an unnecessary restriction on Service Data access.
2021-12-07:
We have added language regarding our use of third-party trackers on our web pages only (no in-app tracking)
2021-10-21:
We have added language clarifying the use of your 1Password websites' visits related data.
2021-04-15:
We changed our office address.
2019-07-03:
Added clarifying language related to GDPR.
2018-10-26:
We changed our office address.
2018-05-11:
List GDPR Supervisory Authority
Typographical error corrected. No change in meaning.
More explicitly include data processing agreement (GDPR)
Status of AgileBits contractors and employees wrt to data processing (GDPR)
More GDPR terms in the glossary.
Open with a statement of purpose of this document
Business accounts
Explicitly discuss philosophy that customer has rights to their own data (spirit of GDPR)
Right of Erasure (GDPR)
Right to Access (GDPR)
Breach notification (GDPR)
2017-09-07:
We clarified how we help you keep your data when we part ways.
We also expanded on how your Secure Data is handled on our end.