(Last Update December 8, 2011)
Because ZixCorp's computer systems are located in the United States but may be accessed elsewhere via the Internet, the personally identifiable information that you provide when you register for ZixMail™ or when you use the ZixCorp Services may be transferred to, processed, and held in the United States. ZixCorp complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. ZixCorp has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view ZixCorp's certification, please visit http://safeharbor.export.gov/companyinfo.aspx?id=13388.
Definition of Services
ZixCorp delivers its secure messaging services through the following offerings: ZixAccess™ , ZixConnect℠, ZixDirect™, ZixDirectory®, ZixMail®, ZixMessage Center™, ZixMobility™, ZixPort®, ZixGateway®, and ZixWorks™.
ZixAccess automatically decrypts inbound email from ZixCorp users and provides transparent communication for recipients who are not ZixCorp customers. With Transparent Email Encryption Services, no password is required to access secure email and the extra steps of push and pull messaging are removed to improve productivity for email users. ZixAccess also features the capability to automatically scan all outbound email with ZixCorp's proven lexicons. As a second line of defense against unsecure sensitive information in transit, ZixAccess will report all outbound risks to your security or compliance officer.
ZixConnect is a managed Transport Layer Security (TLS) service that enables companies to secure their email communication to multiple entities using a single TLS connection. ZixCorp handles the set up and maintenance of each secure connection. Users send and receive messages that are encrypted in transit - no passwords, no hardware, and no software required.
ZixDirect is a secure message delivery service that pushes an encrypted e-mail directly to a recipient's inbox, even if the recipient is not an existing user. With ZixDirect there is no additional client software to install or maintain. ZixDirect users receive secure emails directly in their inbox.
ZixDirectory, the largest email encryption directory in the world, facilitates secure email communications by providing a centralized directory for automated key exchange. The directory enables users to transparently send and receive encrypted emails without having to exchange encryption certificates. ZixDirectory also offers public key validation and distribution in real time for each message.
ZixMail is a secure messaging service that allows a user to send encrypted email to other ZixMail users without anyone else being able to decrypt the message. Each user must download and install the ZixMail client software on their PC. During installation of the software, the user generates a public and private key pair for use in encrypting, decrypting, digitally signing, and verifying the digital signature of ZixMail messages. Your public key is stored on the ZixCorp public key server and may be accessed by anyone who knows your email address and wishes to encrypt and send a ZixMail message to you. The sender and recipients must have installed the ZixMail client software and generated public and private key pairs. Your private key is kept on your PC and is stored encrypted with a PassPhrase known only to you.
ZixMessage Center (formerly "ZixMail.net") is a secure messaging (portal) service that allows a ZixMail message to be sent to recipients who do not have the ZixMail client software or ZixMail encryption keys. For these recipients, the ZixMail message is encrypted with the public key of our secure Web site. ZixMessage Center will store the incoming encrypted email and notify the recipient by email that a secure message is waiting. The email notification contains a link to the ZixMessage Center to access all unexpired secure email. In order to send or to view ZixMessage Center email messages, you will be required to provide your ZixMessage Center PassPhrase to ensure that you are the authenticated sender or recipient of the message. ZixPort is an enterprise version of ZixMessage Center with additional customizable features that otherwise operates and functions generally in the same manner as ZixMessage Center.
ZixMobility enables easy to use encrypted email on mobile devices and functions across all major smartphone platforms, including Android™, BlackBerry® and iPhone®. ZixMobility exceeds conventional email encryption standards for mobile support by offering seamless email encryption as users navigate from desktop to mobile device, optimized layouts designed for the user's environment, fully functional navigation maximized for the user's screen and maximum user convenience with no cumbersome steps.
ZixGateway is a server-based secure messaging service for enterprises that require high-level security and encryption for inbound and outbound email communications. With ZixGateway there's no need to create, deploy, or manage end-user encryption keys or software. It works seamlessly with a corporation's existing network infrastructure for hassle-free integration. Secure messages encrypted through the ZixGateway service are sent to the recipient the most effective way: to the recipient's ZixMail enabled computer, or to the ZixGateway serving the recipient's computer network, or through the ZixMessage Center secure messaging portal.
ZixWorks is a comprehensive suite of hosted and managed services that provides anti-virus, anti-spam, content scanning, encryption, and archiving capabilities for e-messaging, combining all of the essential services for a secure e-messaging environment into a single solution.
Information Collection, Processing, and Use
ZixCorp can receive a variety of "personally identifiable information," including your email address, ZixMessage Center PassPhrase, and certain message content and information about your email account. ZixCorp also collects names, mailing addresses, email addresses, phone numbers, and credit card number digits from paying subscribers. We use this personally identifiable information as follows:
- When you register for ZixMail, we collect your email address. We also collect your public key if you create a public private key pair using the ZixSignature Manager™. The ZixMail client software will use email addresses to access the ZixCorp key servers using email addresses for the purpose of retrieving the public encryption keys.
- When you register with ZixMessage Center and with ZixPort, we collect your email address and your ZixMessage Center PassPhrase. However, only the hash of a modified PassPhrase is stored.
- The content of the messages sent through ZixMessage Center and ZixPort reside on a ZixCorp server in Dallas, Texas until retrieved by the recipient or until a user specified number of days elapses (generally less than 21 days), at which time they expire. The messages are encrypted while residing on the ZixCorp server.
- The ZixGateway service scans, using equipment at the subscriber's site, the content of outgoing email messages before sending them to determine whether, in accordance with the subscriber's policies, the messages are to be encrypted before being sent to the intended recipient.
- With respect to ZixWorks, all of the subscriber's incoming and outgoing email traffic is directed to the ZixCorp secure data center (the "ZixData Center™") in Dallas, Texas through a virtual private network connection. The content of outgoing e-mail messages is scanned by ZixCorp computers prior to being sent to determine whether, in accordance with the subscriber's policies, the messages are to be encrypted before being sent to the intended recipient. ZixCorp computers also scan the content of incoming e-mail messages to filter out computer viruses and incoming commercial bulk e-mail ("spam"). Encrypted messages sent to the ZixGateway module included in ZixWorks are automatically decrypted using a private key assigned to that subscriber. However, encrypted messages sent to individual ZixMail users in the subscribers network are not decrypted or scanned for viruses or spam, as ZixCorp does not have access to the recipient's private key. After being decryped and processed, as applicable, all incoming e-mail messages are then sent to the subscriber through a virtual private network connection. ZixCorp has access to the content of the messages processed through the ZixWorks service. ZixCorp does not copy or store any of these messages (except to the extent that they are sent through the ZixMessage Center or ZixPort).
- When you request technical support, ZixCorp will collect your name, email address, mailing address, and phone number to provide this requested service to you. ZixCorp requires that you provide your email address on the technical support page of the Site so that we are able to respond to your question(s) by email. You have the option of providing additional information including your demographic information (such as your state and country of residency), operating system, browser, Internet service provider ("ISP"), connection type and email program that you are using. You are encouraged to provide the other information so that we can determine specific regional problems (such as natural disasters or power outages caused by cuts through fiber optic cable) or to isolate problems relating specifically to your particular operating system, email program or browser, thus enabling us to provide a more accurate response to your support requests.
- ZixCorp uses your email address for the following purposes:
- to contact you about the ZixCorp Services or the Site,
- to notify you when you receive a ZixMessage Center email message,
- to notify you when a ZixMessage Center email message has failed or expired,
- to notify you when multiple attempts to enter your ZixMessage Center PassPhrase have failed at the ZixMessage Center Web site,
- to notify you, when requested, that an intended ZixMail or ZixMessage Center recipient has picked up the email message you sent, and
- to communicate with you concerning problems or malfunctions you report.
- If you no longer wish to receive information from ZixCorp, you can opt-out by (1) following the instructions provided in the initial or billing emails, as applicable; (2) sending an email to firstname.lastname@example.org; or (3) visiting the Site at http://www.zixcorp.com/support/contact-support/.
- ZixCorp receives and records your name and the credit card information that you supply if you pay to use the ZixCorp Services. ZIXCORP WILL NOT SELL OR RENT YOUR NAME, CREDIT CARD INFORMATION OR ADDRESS TO ANY THIRD PARTY unless as otherwise stated in this privacy statement.
Information Sharing and Disclosure
- ZixCorp will not sell or rent your email address, ZixMessage Center PassPhrase, name, phone number, mailing address, credit card information or other personally identifiable information you provide. ZixCorp will not share your email address, ZixMessage Center PassPhrase, first or last name, mailing address, credit card information or other personally identifiable information you provide with anyone, except as stated below.
- If your use of the ZixCorp Service is being paid for by your employer or other enterprise, we may disclose your email address and information about your ZixCorp account usage to your employer and/or to compliance review committees for billing and auditing purposes. (Information about your account usage could include such information as the number of email messages and attachments, if any, that you sent using ZixMail and the list of recipients, subject and size of the combined text body of those email messages and attachments.)
- We may disclose personally identifiable information about you as legally required in order for us to respond to subpoenas, court orders, warrants, or other legal process.
- We may disclose personally identifiable information about you (a) with your consent or (b) where disclosure is necessary in order to complete a transaction to which you have consented.
- We may partner with third parties to obtain specific services for you. If you sign up for these services, we will share information that is necessary in order for the third party to provide these services. Third-party service providers are not permitted to use personally identifiable information except for the purpose of providing these services.
- Your credit card information is used by credit card authorization processors or third-party financial institutions to verify the credit card numbers and process the credit card payment transaction.
- Where required to do so pursuant to contractual obligations, we may disclose information about your ZixCorp account and account usage (except for credit card information) on a confidential basis to third-party auditors and to measurement and analysis firms. These parties are not permitted to use personally identifiable information except for the purpose of providing their services to ZixCorp.
- In the event that ZixCorp is, or substantially all of its assets are, acquired, customer information will, of course, be one of the transferred assets. In such circumstances, we will notify users by posting a notice on the Site for 30 days.
Customer information remains secure after the customer's service terminates.
- We will use testimonials from our clientele on our web site in order to show our clients how our services have benefited others. Prior to posting a clients testimonial on our site we receive expressed consent from that individual to do so.
Your Ability to Manage Your ZixMail or ZixMessage Center Account Information
- ZixCorp gives you the ability to set or change your ZixMail PassPhrase and encryption codes or ZixMessage Center PassPhrase at any time. If you forget or would like to change your ZixMessage Center PassPhrase, you may create a new or ZixMessage Center PassPhrase by registering again.
- You may request deletion or deactivation of your ZixMail or ZixMessage Center account by sending an email to email@example.com. Please click here to read about data storage after your account has been deleted.
- Subject to certain exceptions, upon request and provided you provide us sufficient information to confirm your identity, we will provide you the personally identifiable information that we have collected about you for the purpose of enabling you to correct, amend, or delete any inaccuracies. You may make this request to us via email at firstname.lastname@example.org or visit the Site for online help at http://www.zixcorp.com/support/contact-support/. If we are not able to provide the information that you are requesting within 30 days of receipt of your request, we will provide you a timeline for providing the requested information. If we deny access to your personally identifiable information, we will explain why access was denied and give you contact information for further inquiries regarding the denial of access.
- ZixCorp maintains physical, electronic, and procedural safeguards to guard user information. Credit card information, which is shared with the authorization companies that process our customer's credit card transactions, is transmitted securely.
- ZixCorp has implemented reasonable security measures to protect your email address and the ZixMessage Center PassPhrase associated with your email address from unauthorized access or disclosure, alteration, unlawful destruction or accidental loss.
When appropriate, ZixCorp uses industry-standard SSL-encryption to protect data during transmission. For example, SSL is used to encrypt certain data transmissions to and from browsers, including transmissions of credit card numbers.
- The servers on which we store your information are kept in a secure environment that is environmentally controlled and monitored 24 hours per day, 7 days per week.
- ZixData Center and ZixPort are recognized as compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). ZixCorp has achieved the highest standard with Level 1 compliance based on DSS version 2.0.
- ZixCorp has earned the American Institute of Certified Public Accountants SysTrust certification for system reliability for effectiveness of controls over the security, availability, processing integrity, and confidentiality of the ZixData Center.
- Users are encouraged to take precautions to secure their passwords and access to their personal computers.
- Users may be asked for authentication, in some cases, before certain account transactions are performed. Users are encouraged to participate in this added layer of security to protect their accounts.
- Authenticated users may request their information be deleted from ZixCorp's servers by emailing email@example.com.
When your Web browser or email application requests a Web page from another computer on the Internet, it automatically gives that computer the address where the requested information should be sent. This is called your computer's "IP address." (IP stands for "Internet protocol.") For most users accessing the Internet from a dial-up ISP, the IP address may be different every time you log on.
Information Collection and Use Practices
- ZixCorp receives your IP address each time you view a Web page from the Site. Your IP address is not linked to your email address or ZixMessage Center PassPhrase.
- Your IP address may be used for various purposes, including:
- to diagnose service or technology problems reported by you that are associated with your IP address, or
- to estimate the total number of users visiting the Site from specific locals, countries or regions of the world
- When a Web page on the Site is requested, that request (including the date and time) is logged on our servers with information including the IP address of the computer that requested the page.
- We use log files for debugging and troubleshooting purposes. IP addresses and access times are not linked to your email address or ZixMessage Center PassPhrase.
- A cookie is a small amount of data, which often includes a unique identifier that is sent to your browser from a Web site's computers and then stored on your computer's hard drive. A cookie cannot obtain information from your hard drive, destroy files or send you viruses.
- Each Web site can send its own cookie to your browser, if your browser's preferences allow it, but (to protect your privacy) your browser normally only permits a Web site to access the cookies that it has previously sent to you, but not the cookies sent to you by other sites.
Choices about Cookies
- You can normally configure your browser to accept all cookies, reject all cookies or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.)
- If you reject all cookies, you will still be able to use the ZixCorp Services.
- Cookies are only used as an option selected by you that allows us only to recall your email address from the cookie that we sent to your computer. The only personally identifiable information about you that is associated with the cookie is your email address.
Links; Other Companies' Cookies on the Site
- The Site may contain links to other Web sites. We have no access to or control over cookies used by our business partners or other Web sites to which we link.
- In the event that a banner ad is provided by a third-party advertiser, it is possible that the third-party advertiser may attempt to store a cookie on your computer's hard drive. For information on your browser preference options, see "Choices about Cookies" above.
- ZixMail Account Information
- Most ZixMail account information (including email addresses, public keys, names and mailing addresses) is stored on multiple redundant disk storage systems. No removable offline copies or backups are made.
- If you request deletion of your ZixMail account, your account will be deactivated within 30 days, and your personal information will be removed from our user registration database.
- ZixMessage Center Account Information
- All ZixMessage Center account information (excluding any credit card information received) and content of ZixMessage Center email messages are stored on multiple redundant disk storage systems. No removable offline copies or backups are made.
- If you request deletion of your ZixMessage Center account, your account will be deactivated, and your ZixMessage Center email address and personally identifiable information will be removed from our user registration database within 30 days.
- All ZixMessage Center email message are stored encrypted and only accessible by the intended recipient through the recipient's ZixMessage Center. A hyperlink to the recipient's Message Center is supplied in the notification email. When using the hyperlink, the intended recipient must also know the ZixMessage Center PassPhrase registered for that recipient's email address.
- ZixMessage Center email messages that you send to or receive from ZixCorp will ordinarily expire and be permanently deleted from our disk storage systems based on the expiration time set at the time the email was sent (typically 1 to 21 days from the day the email message was sent).
If you have questions or suggestions, complete the form on the technical support page of the Site or send an email to firstname.lastname@example.org or email@example.com. You can also contact ZixCorp at the following postal address and phone number: 2711 N. Haskell Avenue, Suite 2300, LB 36, Dallas, Texas 75204-2960.