LAST MODIFIED: June 24, 2016

Haystack allows you to share files with your partners, colleagues, and friends with cryptographic end-to-end security. We place great importance to the protection of your personal information and your right to self-determination.

This Privacy Policy (this “Policy”) applies to the Haystack website located at (the “Site”) and the Haystack mobile application (the “App”; collectively with the Site, the “Service”) by you and any third party or entity you are using/purchasing the Service on behalf of (“You” or “Your”), so please read this Policy carefully before using the Service. The Service is provided by (“Haystack”, “we”, “our”, “us”). This Policy describes our policies and procedures for collecting, storing, using, processing, and disclosing your personal information.

By downloading, installing, registering, copying or otherwise using the Service, You accept and agree to be bound and abide by this Policy and the Terms and Conditions of Use, located at [] (our “Terms”). If you do not agree with our policies and practices, you may not use the Service.

We may revise this Policy from time to time in our sole discretion. We will notify you by email or through in-App notifications of any material change to this Policy, and we will post any change on this page, so that you can make your own decision whether or not to continue using the Service in light of any such change. If you are concerned about how your information is collected, stored, used, processed, or disclosed, you should periodically check this page. All changes are effective immediately when we post them, and apply to all access to or use of the Service thereafter. Your continued use of the Service following the posting of a revised Policy constitutes your acceptance of that revised Policy.

If you have any questions or feedback on this Policy or our privacy practices, please let us know by sending an email to

I. Scope of Data Collection

Haystack may collect, store, use, process, and disclose your Personal Data (as defined below) and other information only in accordance with this Policy. The types of information we collect from you include the following:

Personal Data and other information you give us: We require you to give us certain information by which you may be personally identified (your “Personal Data”). Personal Data may include your email address, phone number, first name, last name, and a certificate created in relation with such information (“Your Haystack ID”).

Your Encrypted Content: You may upload and store files and directories using the Service (“Your Encrypted Content”).

Support Request / Community Features: You may contact us by email, the in-App Help feature, or other means. By contacting us for support, you may provide information regarding your request (“Support Data”). The Support Data is stored in a non-encrypted format to allow us to review your request and provide you support. If you contact us for support by email, we cannot encrypt your return email address or Support Data during transit; if you contact us for support through the in-App Help feature, your Support Data will be in a non-encrypted format. If your Support Data or other messages you send to us include any Personal Data or other sensitive information, you transmit such information at your own risk. If you contribute information on our public community site or other public areas of our Service, you contribute such information at your own risk. You should be aware that any information you provide in these areas may be collected, stored, used, processed, and disclosed by others who access them.

Monitoring / Website / Cookies: In order to improve our Service, we collect information for monitoring and debugging purposes. Please note that this information is collected automatically as a result of your use of the Service or through the use of web analytics services, cookies, and other tracking technologies as described below. Such information may include your internet protocol address, anonymously aggregated error statistics, the type of browser you use, the site you visit immediately prior to visiting the Site, or similar information. We automatically collect information on the type of device you use, operating system version, and the device identifier. We do not collect, access, or track any location information from your mobile device at any time while downloading or using our App without your consent. We do not automatically collect unencrypted or invertible passwords, encryption keys or files, and the App does not monitor your usage of other applications on your device, except the file changes in folders you explicitly choose to sync. Cookies are small text files that are placed on your computer by websites that you visit. These text files can be read by these websites and help to identify you when you return to a website. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your computer when you go offline, while session cookies are deleted as soon as you close your web browser. The use of cookies by our partners, affiliates, and service providers is not covered by this Policy. We do not have access or control over these cookies.

Communications between our users: As a part of the Service, we deliver invitations between users and we collect, store, use, process, and may disclose the content of such invitations pursuant to this Policy.

California Do-Not-Track Disclosure

Various browsers allow you to issue Do-Not-Track signals to websites you visit. Haystack takes your privacy and security very seriously, and protects your information in accordance with this Policy, but does not currently respond to Do-Not-Track signals from browsers.


The security of your information is important to us. When you use the Service, we attempt to encrypt transmissions of your information through the Service using Secure Socket Layer (SSL) or similar technology.

We also attempt to apply additional, client-side encryption on Your Encrypted Content. We have implemented commercially reasonable security standards both during transmission and once we receive Your Encrypted Content.

The safety and security of your information also depends on you. You are responsible for keeping your email, password, encryption keys, and other credentials confidential. Even though we do our best with such data, no method of transmission over the Internet, or method of electronic storage, is 100 percent secure. Any transmission of information using the Service is at your own risk. We are not responsible for the circumvention of any privacy or security measures implemented on our Service. If you have any questions about our security policies, please contact us at

II. Purpose of Data Collection

We use the information we collect to provide and improve the Service, and we do not sell any of the information we collect from you.

We use your Personal Data to identify and contact you, and as necessary to create and maintain your account. We use your Personal Data to deliver invitation messages and to track our user groups. When you send an invite to an invitee who is not already a Haystack user, we store the invitee’s contact details you provide us in order to notify the invitee about your invitation. We don’t sell any invitee data, and invitees can choose not to receive more messages from us at any time by using the unsubscribe link included in these communications.

We store automatically-collected information regarding the usage of our Service, which is essential for improving and debugging the Service.

III. Disclosure to third parties

We do not sell your information to third parties. We may share your Personal Data, Encrypted Content, or other information we obtain from your use of the Service in the following circumstances:

Your Haystack ID may be viewed by invitees to whom you send an invitation, or inviters from whom you accept an invitation. If you accept an inviter’s invitation, the inviter will be able to access your Personal Data to the degree to which you select. You are free to decline any invitation, and if you do so, we will not give the inviter access to your Personal Data.

We collect, store, use, process, and disclose Your Encrypted Content in order to provide the Service, such as by allowing you to access Your Encrypted Content, transmitting Your Encrypted Content across networks, or modifying the storage location of Your Encrypted Content.

Haystack may disclose Personal Data, Encrypted Content, or other information we obtain from your use of the Service when such action is necessary to comply with any laws, legal processes, court orders, or government or regulatory requests, or to enforce or apply this Policy or our Terms, or for the protection of the rights, property, interests, or safety of Haystack, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk protection.

If Haystack is involved in a merger, acquisition, or sale of all or a portion of its assets, we may disclose your Personal Data, Encrypted Content, or other information we obtain from your use of the Service to a buyer or successor.

Haystack may also share your Personal Data, Encrypted Content, or other information we obtain from your use of the Service: (i) with our subsidiaries and affiliates, (ii) to fulfill the purpose for which you provide it, (iii) for any other purpose disclosed by us when you provide the information, or (iv) with your consent.

Using third party services

You understand and accept that the Service may contain or implement applications, APIs, tokens, extensions, interfaces, or links to third party content that may be necessary for the operations of the Service, including but not limited to those of the third parties processing payment transactions. We may share your Personal Data, Encrypted Content, or other information we obtain from your use of the Service with these companies as necessary to provide the Service.

Sharing content

When you share content with a third party using our Service, some of your Personal Data, Encrypted Content, or other information we obtain from your use of the Service will be disclosed to the receiving party.

IV. Amendment, deletion and destruction of data

Personal Data

If you are a registered user, you can view the Personal Data stored by us at any time at the Settings/Account page of the Site. You can request that we edit or delete this data from our database through the same Account/Profile page of the Site or by contacting us at To request removal of your personal data from our blog or community forum, contact us at

You understand and accept that the deletion of your Haystack account does not mean the immediate deletion of all of your Personal Data stored by us. Other than described below, we will take reasonable efforts to delete the information stored by us. However, we will retain and use your Personal Data, Encrypted Content, or other information we obtain from your use of the Service as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements including this Policy and the Terms. For identification purposes, Haystack reserves the right to store your email address for 1 year after your user account has been deleted. Haystack may store contact information related to invitations you have sent to other users or potential users for at least 90 days, but not more than 1 year after such invitation has expired. In some cases, we may not be able to remove your personal information.

You also understand and accept that your Personal Data and related information may remain accessible to invitees to whom you have sent an invitation, or inviters from whom you received and accepted an invitation, even if your Haystack account is deleted.

Your Encrypted Content

If you are a registered user, you can access, edit or delete Your Encrypted Content. Once your Haystack account is deleted for any reason, Haystack will delete Your Encrypted Content from our servers. Please note that there are various ways that other users may save Your Encrypted Content or other information through a number of techniques, such as through screenshots or any other image-capture technology. It is also possible, as with any digital information, that someone might be able to access any of your information forensically or find them in a device’s temporary storage. While our systems are designed to carry out our deletion practices automatically, we cannot promise that deletion will occur within a specific timeframe. We may also retain certain information in backup for a limited period of time or as required by law.

Please note, in accordance with the Terms, we may delete or revoke access to Your Encrypted Content or to your account any time if you are in violation of Terms or otherwise in accordance with the termination provisions of the Terms.

V. Additional information

Our Site includes links to other websites whose privacy practices may differ from those of Haystack. If you navigate to those sites or submit information to any of those sites, your information is governed by the privacy policies maintained by those third parties. We encourage you to read carefully the privacy policy of any web site you visit. If you have any questions about such third parties’ privacy practices, you must contact them directly.

VI. Your California privacy rights

California Civil Code Section § 1798.83 permits users of our Service that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to

VII. Children under the age of 13

The Service is not intended for children under 13 years of age. No one under age 13 may provide any Personal Data to us through or otherwise use the Service. We do not knowingly collect Personal Data from children under 13. If you are under 13, do not use or provide any information on the Service or provide any information about yourself to us. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at

Available Now for Download on

Responsive Menu Clicked Image