IGG Software, Inc., recognizes the importance of protecting the privacy of all information provided by users of our software. We created this policy out of a fundamental respect for our customers' right to privacy and to guide our relationships with our customers. This Privacy Statement applies to all versions of Banktivity for Mac OS X.
All versions of Banktivity include the ability to order a license for the software from our online store, by completing and submitting a form inside the application itself. Orders submitted in this manner are transmitted to us securely via an encrypted Transport Layer Security (TLS) connection. For billing purposes, we collect personally identifiable information including your name, email address, mailing address, and credit card details (such as account name, number and expiration date). The credit card information is used for our or our agent's billing purposes only, and is not otherwise shared. Payments are processed securely via Authorize.net, which you can visit online at https://www.authorize.net. After billing is complete, the only credit card details we retain are the last four digits of your credit card number. These and the rest of the information you submitted with your order are stored in a secure, restricted database for the purposes of order tracking and refunds.
Access to all of our customers' information, not just the sensitive information mentioned above, is restricted. Only employees who need the information to perform a specific job (for example, a billing clerk or a customer service representative) are granted access to personally identifiable information. When accessed internally, the information is transmitted securely via TLS. Finally, the servers on which we store personally identifiable information are kept in a secure environment.
If you order a license for Banktivity through the software or from our website, your name and email address are used to generate a unique license code that allows you to register Banktivity and release its trial limitations. Your name, email address, and license code are saved locally in one or more preference files on your hard drive. As mentioned above, we retain a copy of this information in a secure database on our company servers. Should you ever lose your license code, you may retrieve it by using the lost license form on this page of our website: https://www.iggsoftware.com/support.php
Some versions of Banktivity include the ability to send reports to IGG Software when the software crashes. These reports are strictly voluntary and are only sent when the user expressly grants permission. Each report includes a date/time stamp, the name and version of the program that crashed, the user's operating system version, and the details of the crash as recorded in the Mac OS X system log. The user may optionally choose to send his/her email address and a description of the problem along with the non-personal information. The crash reports are analyzed by our development team in order to improve the quality and stability of our products, and may be reviewed by our customer support team in order to assist customers with technical inquiries. The details of a report are not shared with anyone outside of IGG Software other than the user who submitted the report.
Some versions of Banktivity include the ability to download account data directly from your financial institutions via the Open Financial Exchange (OFX) protocol. In order to utilize this feature, your financial institution must offer support for OFX (sometimes referred to as Direct Connect) and typically must configure your financial accounts to allow access from personal financial managers such as Banktivity. To establish a direct download connection from Banktivity, the software first contacts our website to obtain the most recent contact information for your financial institution. No information is transmitted to us during this process. Banktivity then requests the username and password provided to you by your financial institution. Banktivity transmits this information directly to your financial institution over an SSL connection at the level of encryption required by your institution, and (once your identity has been verified) downloads your account data over the same encrypted connection. Your username and password do not pass through our servers at any point in time.
Once a successful connection has been made, Banktivity saves your username in the current document file and saves your password in the Mac OS X Keychain. The Keychain is a tool that is built into the Mac operating system which provides secure, encrypted storage for sensitive information such as passwords. For more information about the Keychain, please consult the Mac OS X help files. These details are recorded so that you are not required to enter them each time you wish download account details from your financial institution. To remove configuration details for a direct download connection from your computer, launch Banktivity, select the account for which you want to remove the details, and choose "Disable Online Account Access" from the Account menu, then open the Keychain Access application and find and delete the password for that OFX connection.
Some versions of Banktivity include the ability to browse web pages within the Banktivity application. Banktivity's integrated web browser is built on WebKit, the same framework that underlies Safari and Chrome. WebKit provides support for all of the latest security standards, including SSL version 3, Transport Layer Security (TLS), and 128-bit SSL encryption. The specific security measures utilized by any given site are determined by the site and not the browser; for information about security measures employed by your financial institutions' websites, please contact your financial institutions.
Any information you submit through a web form, such as the login details you enter to gain access to your financial accounts, is transmitted directly to its intended destination without passing through any servers belonging to IGG Software. Banktivity does not collect or record this information in any way.
Some versions of Banktivity include the ability to sync your financial data with Banktivity for iPad and Banktivity for iPhone via WiFi/Bonjour and WebDAV. When you choose to sync your data via WiFi/Bonjour, Banktivity encrypts the data using the Blowfish algorithm and transmits it to your mobile device via a direct socket connection. When you choose to sync via WebDAV, Banktivity does not encrypt the data but transmits it over a secure connection if your WebDAV server supports SSL. The security of the data residing on your WebDAV server depends on the policies of the administrator of that server and is not covered by this Privacy Statement; please contact your WebDAV server admin for more information.
In addition, Direct Access utilizes login information for each of your accounts located at a financial institution. This data is stored on highly secure third-party servers that allow for bank connections worldwide. Login details and financial information are never accessible to IGG or its employees, nor is customer data ever aggregated or analyzed for any purpose. For more detail about the privacy and security of Direct Access, please see our support article about Direct Access security.
All versions of Banktivity store the financial data you record in one or more document files on your local hard drive. Banktivity versions 2.0 and higher let you choose where you want to save each document file; be sure to choose a secure location in which to save your files if you wish to keep the contents private. All versions of Banktivity provide a password feature that can be used to prevent other users of your Mac from viewing your account data. This feature does not encrypt your data, however, and will not prevent determined hackers from accessing your data. For increased security, we recommend saving your Banktivity documents in your Mac OS X home folder and turning on FileVault, a built-in encryption feature that protects all data in your home folder. Please note that if you lose your FileVault password, the data in your home folder will be irretrievable. You can read more about FileVault in the Mac OS X help files.
Some Banktivity versions also include a backup feature that allows you to automatically save a copy of your data to another folder on your local hard drive, or to a network drive. These backups are compressed, but are not encrypted, and thus should be kept in a secure location if you wish to keep their contents private. The security of third-party, offsite storage solutions is determined by those providers and does not fall within the scope of this Privacy Statement. Backup utilities such as Apple's Time Machine can be used to backup your Banktivity data; we recommend that you use at least one method of backing up your data, but please be aware that the security of all third-party backup tools is outside the control of IGG Software.
If you contact IGG Software for assistance with a technical problem, our customer support department will attempt to resolve the problem without accessing your Banktivity data. If the problem cannot be solved easily, however, they may request a copy of your data in order to continue troubleshooting the problem. In such cases, a support representative will provide you with a tool to encrypt your data file before sending it to us via email, and request that you send the password to decrypt the file in a separate email. These safety measures, while not foolproof, deter hackers by making your data indecipherable unless both emails are intercepted. Our support staff follow the same protocols when sending data files back to you. While your financial data is in our possession, it is kept on computers that are dedicated to IGG Software business use, transmitted securely between employees who are working on the problem, and deleted immediately after the problem has been resolved to your satisfaction. We do not share your financial data with third parties under any circumstances.
We reserve the right to contact you via email under certain circumstances that we consider to be of high importance. These may include, but are not limited to, changes to our privacy policies or terms of service, business decisions that affect product availability, changes in company ownership, and security breaches. We will not contact you for marketing purposes or general announcements without your prior consent.
For questions about this Privacy Statement or our information practices, please contact IGG Software support by visiting https://www.iggsoftware.com/support/.
Copyright ©2018 IGG Software, Inc.