Banktivity Privacy Statement

Revised January 21, 2016

IGG Software, Inc., recognizes the importance of protecting the privacy of all information provided by users of our software. We created this policy out of a fundamental respect for our customers' right to privacy and to guide our relationships with our customers. This Privacy Statement applies to all versions of Banktivity for Mac OS X.

  1. 1. Purchases Made Through Banktivity

    All versions of Banktivity include the ability to order a license for the software from our online store, by completing and submitting a form inside the application itself. Orders submitted in this manner are transmitted to us securely via an encrypted Transport Layer Security (TLS) connection. For billing purposes, we collect personally identifiable information including your name, email address, mailing address, and credit card details (such as account name, number and expiration date). The credit card information is used for our or our agent's billing purposes only, and is not otherwise shared. Payments are processed securely via Authorize.net, which you can visit online at https://www.authorize.net. After billing is complete, the only credit card details we retain are the last four digits of your credit card number. These and the rest of the information you submitted with your order are stored in a secure, restricted database for the purposes of order tracking and refunds.

    Access to all of our customers' information, not just the sensitive information mentioned above, is restricted. Only employees who need the information to perform a specific job (for example, a billing clerk or a customer service representative) are granted access to personally identifiable information. When accessed internally, the information is transmitted securely via TLS. Finally, the servers on which we store personally identifiable information are kept in a secure environment.

  2. 2. Software Licenses

    If you order a license for Banktivity through the software or from our website, your name and email address are used to generate a unique license code that allows you to register Banktivity and release its trial limitations. Your name, email address, and license code are saved locally in one or more preference files on your hard drive. As mentioned above, we retain a copy of this information in a secure database on our company servers. Should you ever lose your license code, you may retrieve it by using the lost license form on this page of our website: https://www.iggsoftware.com/support.php

  3. 3. Software Updates

    All versions of Banktivity include the ability to automatically check for updates. When this feature is enabled, Banktivity will communicate with our website each time it is launched to obtain the version number of the most recent software release and compare it against its own version number. When a newer version is found, Banktivity will alert you that an update is available for download from our website. No information is sent to IGG Software during this process, although the communication with our website is logged like any other visit to our site (see our website privacy policy for details). Automatic update notifications can be disabled by choosing "Preferences" from the Banktivity menu and unchecking the appropriate setting.

  4. 4. Crash reports

    Some versions of Banktivity include the ability to send reports to IGG Software when the software crashes. These reports are strictly voluntary and are only sent when the user expressly grants permission. Each report includes a date/time stamp, the name and version of the program that crashed, the user's operating system version, and the details of the crash as recorded in the Mac OS X system log. The user may optionally choose to send his/her email address and a description of the problem along with the non-personal information. The crash reports are analyzed by our development team in order to improve the quality and stability of our products, and may be reviewed by our customer support team in order to assist customers with technical inquiries. The details of a report are not shared with anyone outside of IGG Software other than the user who submitted the report.

  5. 5. Direct Download

    Some versions of Banktivity include the ability to download account data directly from your financial institutions via the Open Financial Exchange (OFX) protocol. In order to utilize this feature, your financial institution must offer support for OFX (sometimes referred to as Direct Connect) and typically must configure your financial accounts to allow access from personal financial managers such as Banktivity. To establish a direct download connection from Banktivity, the software first contacts our website to obtain the most recent contact information for your financial institution. No information is transmitted to us during this process. Banktivity then requests the username and password provided to you by your financial institution. Banktivity transmits this information directly to your financial institution over an SSL connection at the level of encryption required by your institution, and (once your identity has been verified) downloads your account data over the same encrypted connection. Your username and password do not pass through our servers at any point in time.

    Once a successful connection has been made, Banktivity saves your username in the current document file and saves your password in the Mac OS X Keychain. The Keychain is a tool that is built into the Mac operating system which provides secure, encrypted storage for sensitive information such as passwords. For more information about the Keychain, please consult the Mac OS X help files. These details are recorded so that you are not required to enter them each time you wish download account details from your financial institution. To remove configuration details for a direct download connection from your computer, launch Banktivity, select the account for which you want to remove the details, and choose "Disable Online Account Access" from the Account menu, then open the Keychain Access application and find and delete the password for that OFX connection.

  6. 6. Web Browsing

    Some versions of Banktivity include the ability to browse web pages within the Banktivity application. Banktivity's integrated web browser is built on WebKit, the same framework that underlies Safari and Chrome. WebKit provides support for all of the latest security standards, including SSL version 3, Transport Layer Security (TLS), and 128-bit SSL encryption. The specific security measures utilized by any given site are determined by the site and not the browser; for information about security measures employed by your financial institutions' websites, please contact your financial institutions.

    Any information you submit through a web form, such as the login details you enter to gain access to your financial accounts, is transmitted directly to its intended destination without passing through any servers belonging to IGG Software. Banktivity does not collect or record this information in any way.

  7. 7. Cloud Sync

    Some versions of Banktivity include the ability to sync your financial data with our Cloud Sync server so that the data can be shared between multiple Macs and mobile devices. Using this service requires that you sign up for a Banktivity ID, which you can read about in our website privacy policy. When you use Cloud Sync, your data is encrypted on your Mac or mobile device using a password that you provide, then transmitted to our Cloud Sync server over a secure connection. Because it is encrypted before it reaches our servers, there is no way for IGG staff to access your data while it is in storage, and you can use Banktivity to delete your data from the Cloud Sync server at any time. We do not share your synced data with third parties under any circumstances.

  8. 8. Legacy iOS Syncing

    Some versions of Banktivity include the ability to sync your financial data with Banktivity for iPad and Banktivity for iPhone via WiFi/Bonjour and WebDAV. When you choose to sync your data via WiFi/Bonjour, Banktivity encrypts the data using the Blowfish algorithm and transmits it to your mobile device via a direct socket connection. When you choose to sync via WebDAV, Banktivity does not encrypt the data but transmits it over a secure connection if your WebDAV server supports SSL. The security of the data residing on your WebDAV server depends on the policies of the administrator of that server and is not covered by this Privacy Statement; please contact your WebDAV server admin for more information.

  9. 9. Syncing With Banktivity Investor

    Some versions of Banktivity include the ability to sync your financial data with Banktivity Investor, a mobile iOS app designed to be companion utility for Banktivity for Mac. Banktivity for Mac syncs with Banktivity Investor via IGG's own cloud service, which retains a copy of your data on our secure servers that can only be accessed by you and our server administrators. Using this service requires that you sign up for a Banktivity ID, which you can read about in our website privacy policy. When you sync your data, Banktivity transmits your login information and then the data over an encrypted TLS connection. Your data is only accessed by our staff for purposes of server administration and technical support. We do not share your synced data with third parties under any circumstances.

  10. 10. Direct Access Subscriptions

    Direct Access is an optional third-party subscription download service used by Banktivity 5 and Banktivity for iPad that requires you to create a Banktivity ID. To establish a Banktivity ID, we collect your name and email address, then ask you to choose a username, password, and security questions and answers to protect your account. All of this information is transmitted securely via an encrypted TLS connection and stored on secure servers that can only be accessed by you and server administrators. Any time you log in to access your Banktivity ID, whether by our website or by one of our software products, the authentication process is conducted over an encrypted TLS connection. For more information about Banktivity ID's, please read our website privacy policy.

    In addition, Direct Access utilizes login information for each of your accounts located at a financial institution. This data is stored on highly secure third-party servers that allow for bank connections worldwide. Login details and financial information are never accessible to IGG or its employees, nor is customer data ever aggregated or analyzed for any purpose. For more detail about the privacy and security of Direct Access, please see our support article about Direct Access security.

  11. 11. Data Storage

    All versions of Banktivity store the financial data you record in one or more document files on your local hard drive. Banktivity versions 2.0 and higher let you choose where you want to save each document file; be sure to choose a secure location in which to save your files if you wish to keep the contents private. All versions of Banktivity provide a password feature that can be used to prevent other users of your Mac from viewing your account data. This feature does not encrypt your data, however, and will not prevent determined hackers from accessing your data. For increased security, we recommend saving your Banktivity documents in your Mac OS X home folder and turning on FileVault, a built-in encryption feature that protects all data in your home folder. Please note that if you lose your FileVault password, the data in your home folder will be irretrievable. You can read more about FileVault in the Mac OS X help files.

    Some Banktivity versions also include a backup feature that allows you to automatically save a copy of your data to another folder on your local hard drive, or to a network drive. These backups are compressed, but are not encrypted, and thus should be kept in a secure location if you wish to keep their contents private. The security of third-party, offsite storage solutions is determined by those providers and does not fall within the scope of this Privacy Statement. Backup utilities such as Apple's Time Machine can be used to backup your Banktivity data; we recommend that you use at least one method of backing up your data, but please be aware that the security of all third-party backup tools is outside the control of IGG Software.

  12. 12. Customer Support

    If you contact IGG Software for assistance with a technical problem, our customer support department will attempt to resolve the problem without accessing your Banktivity data. If the problem cannot be solved easily, however, they may request a copy of your data in order to continue troubleshooting the problem. In such cases, a support representative will provide you with a tool to encrypt your data file before sending it to us via email, and request that you send the password to decrypt the file in a separate email. These safety measures, while not foolproof, deter hackers by making your data indecipherable unless both emails are intercepted. Our support staff follow the same protocols when sending data files back to you. While your financial data is in our possession, it is kept on computers that are dedicated to IGG Software business use, transmitted securely between employees who are working on the problem, and deleted immediately after the problem has been resolved to your satisfaction. We do not share your financial data with third parties under any circumstances.

  13. 13. Customer Communications

    We reserve the right to contact you via email under certain circumstances that we consider to be of high importance. These may include, but are not limited to, changes to our privacy policies or terms of service, business decisions that affect product availability, changes in company ownership, and security breaches. We will not contact you for marketing purposes or general announcements without your prior consent.

  14. 14. Contact Us

    For questions about this Privacy Statement or our information practices, please contact IGG Software support by visiting https://www.iggsoftware.com/support/.

Copyright ©2018 IGG Software, Inc.