(Last Update November 17, 2008)

Zix Corporation ("ZixCorp," "we," "us" or "our") operates a Web site located at www.zixcorp.com (the "Site") from which users can register for secure messaging services provided by ZixCorp (the "ZixCorp Services"). This ZixCorp Privacy Policy ("Privacy Policy") covers our treatment of personally identifiable information that we collect when you access the Site and when you use the ZixCorp Services.

Because ZixCorp's computer systems are located in the United States but may be accessed elsewhere via the Internet, the personally identifiable information that you provide when you register for ZixMail™ or when you use the ZixCorp Services may be transferred to, processed, and held in the United States.

ZixCorp is a licensee under the TRUSTe Privacy Seal Program and the EU Safe Harbor Program. TRUSTe is an independent non-profit organization whose mission is to enable individuals and organizations to establish trusting relationships based on respect for personal identity and information by promoting the use of fair information practices. The TRUSTe program covers only information that is collected through this Site, and does not cover information that may be collected through software downloaded from the Site. TRUSTe periodically reviews ZixCorp's privacy and information practices and provides a forum for resolving privacy complaints. (see "Questions or Suggestions/Privacy Policy Complaints"). ZixCorp abides by the EU Safe Harbor framework as set forth by the Department of Commerce regarding collection, use, and retention of data from the European Union.

ZixCorp provides secure messaging services and electronic prescription services to various health care professionals and organizations. Consequently, it has access to personally identifiable health information, which it acquires in the course of providing these services. The Health Insurance Portability and Accountability Act of 1996 and the regulations thereunder ("HIPAA") regulate the use and storage of this personally identifiable health information. HIPAA requires that this personally identifiable health information be securely stored. It also prohibits the disclosure of this health information, except as permitted by law.

Definition of Services

ZixCorp delivers its secure messaging services through four primary service offerings: ZixConnect, ZixDirect, ZixDirectory, ZixMail®, ZixMessage Center™, ZixPort®, ZixVPM®, and ZixWorks™.

ZixConnect is a managed Transport Layer Security (TLS) service that enables companies to secure their email communication to multiple entities using a single TLS connection. ZixCorp handles the set up and maintenance of each secure connection. Users send and receive messages that are encrypted in transit - no passwords, no hardware, and no software required.

ZixDirect is a secure message delivery service that pushes an encrypted e-mail directly to a recipient’s inbox, even if the recipient is not an existing user. With ZixDirect there is no additional client software to install or maintain. ZixDirect users receive secure emails directly in their inbox.

ZixDirectory, the largest email encryption directory in the world, facilitates secure email communications by providing a centralized directory for automated key exchange. The directory enables users to transparently send and receive encrypted emails without having to exchange encryption certificates. ZixDirectory also offers public key validation and distribution in real time for each message.

ZixMail is a secure messaging service that allows a user to send encrypted email to other ZixMail users without anyone else being able to decrypt the message. Each user must download and install the ZixMail client software on their PC. During installation of the software, the user generates a public and private key pair for use in encrypting, decrypting, digitally signing, and verifying the digital signature of ZixMail messages. Your public key is stored on the ZixCorp public key server and may be accessed by anyone who knows your email address and wishes to encrypt and send a ZixMail message to you. The sender and recipients must have installed the ZixMail client software and generated public and private key pairs. Your private key is kept on your PC and is stored encrypted with a PassPhrase known only to you.

ZixMessage Center (formerly "ZixMail.net") is a secure messaging (portal) service that allows a ZixMail message to be sent to recipients who do not have the ZixMail client software or ZixMail encryption keys. For these recipients, the ZixMail message is encrypted with the public key of our secure Web site. ZixMessage Center will store the incoming encrypted email and notify the recipient by email that a secure message is waiting. The email notification contains a link to the ZixMessage Center to access all unexpired secure email. In order to send or to view ZixMessage Center email messages, you will be required to provide your ZixMessage Center PassPhrase to ensure that you are the authenticated sender or recipient of the message. ZixPort is an enterprise version of ZixMessage Center with additional customizable features that otherwise operates and functions generally in the same manner as ZixMessage Center.

ZixVPM (Virtual Private Messenger) is a server-based secure messaging service for enterprises that require high-level security and encryption for inbound and outbound email communications. With ZixVPM there's no need to create, deploy, or manage end-user encryption keys or software. It works seamlessly with a corporation's existing network infrastructure for hassle-free integration. Secure messages encrypted through the ZixVPM service are sent to the recipient the most effective way: to the recipient's ZixMail enabled computer, or to the ZixVPM serving the recipient's computer network, or through the ZixMessage Center secure messaging portal.

ZixWorks is a comprehensive suite of hosted and managed services that provides anti-virus, anti-spam, content scanning, encryption, and archiving capabilities for e-messaging, combining all of the essential services for a secure e-messaging environment into a single solution.

Information Collection, Processing, and Use

ZixCorp can receive a variety of "personally identifiable information," including your email address, ZixMessage Center PassPhrase, and certain message content and information about your email account. ZixCorp also collects names, mailing addresses, email addresses, phone numbers, and credit card number digits from paying subscribers. We use this personally identifiable information as follows:

• When you register for ZixMail, we collect your email address. We also collect your public key if you create a public private key pair using the ZixSignature Manager™. The ZixMail client software will use email addresses to access the ZixCorp key servers using email addresses for the purpose of retrieving the public encryption keys.
• When you register with ZixMessage Center and with ZixPort, we collect your email address and your ZixMessage Center PassPhrase. However, only the hash of a modified PassPhrase is stored.
• The content of the messages sent through ZixMessage Center and ZixPort reside on a ZixCorp server in Dallas, Texas until retrieved by the recipient or until a user specified number of days elapses (generally less than 21 days), at which time they expire. The messages are encrypted while residing on the ZixCorp server.
• The ZixVPM service scans, using equipment at the subscriber's site, the content of outgoing email messages before sending them to determine whether, in accordance with the subscriber's policies, the messages are to be encrypted before being sent to the intended recipient.
• With respect to ZixWorks, all of the subscriber's incoming and outgoing email traffic is directed to the ZixCorp secure data center (the "ZixData Center™") in Dallas, Texas through a virtual private network connection. The content of outgoing e-mail messages is scanned by ZixCorp computers prior to being sent to determine whether, in accordance with the subscriber's policies, the messages are to be encrypted before being sent to the intended recipient. ZixCorp computers also scan the content of incoming e-mail messages to filter out computer viruses and incoming commercial bulk e-mail ("spam"). Encrypted messages sent to the ZixVPM module included in ZixWorks are automatically decrypted using a private key assigned to that subscriber. However, encrypted messages sent to individual ZixMail users in the subscribers network are not decrypted or scanned for viruses or spam, as ZixCorp does not have access to the recipient's private key. After being decryped and processed, as applicable, all incoming e-mail messages are then sent to the subscriber through a virtual private network connection. ZixCorp has access to the content of the messages processed through the ZixWorks service. ZixCorp does not copy or store any of these messages (except to the extent that they are sent through the ZixMessage Center or ZixPort).
• When you request technical support, ZixCorp will collect your name, email address, mailing address, and phone number to provide this requested service to you. ZixCorp requires that you provide your email address on the technical support page of the Site so that we are able to respond to your question(s) by email. You have the option of providing additional information including your demographic information (such as your state and country of residency), operating system, browser, Internet service provider ("ISP"), connection type and email program that you are using. You are encouraged to provide the other information so that we can determine specific regional problems (such as natural disasters or power outages caused by cuts through fiber optic cable) or to isolate problems relating specifically to your particular operating system, email program or browser, thus enabling us to provide a more accurate response to your support requests.
• ZixCorp also automatically receives and records certain non-personally identifiable information about you when you visit our Web site. Such information includes your IP address, browser type (such as Internet Explorer or Netscape), referring page, pages visited and time spent on our Web site. This information is not linked to your email address or ZixMessage Center PassPhrase. ZixCorp uses WebTrends Reporting Service Enterprise Edition ("WebTrends") to analyze traffic to our Web site. WebTrends does not create individual profiles for visitors - it only collects aggregate data. For more information about WebTrends' privacy policy for visitors to sites tracked by WebTrends.
• ZixCorp shares aggregated data with certain business partners. This data is not linked to any personal information that can identify any individual person. For example, ZixCorp uses WebTrends to analyze traffic to our Site. WebTrends does not create individual profiles for visitors - it only collects aggregate data. For more information about WebTrends' privacy policy for visitors to sites tracked by WebTrends.
• ZixCorp uses your email address for the following purposes:
  
  
  • to contact you about the ZixCorp Services or the Site,
  • to notify you when you receive a ZixMessage Center email message,
  • to notify you when a ZixMessage Center email message has failed or expired,
  • to notify you when multiple attempts to enter your ZixMessage Center PassPhrase have failed at the ZixMessage Center Web site,
  • to notify you, when requested, that an intended ZixMail or ZixMessage Center recipient has picked up the email message you sent, and
  • to communicate with you concerning problems or malfunctions you report.
  
  
• If you no longer wish to receive information from ZixCorp, you can opt-out by (1) following the instructions provided in the initial or billing emails, as applicable; (2) sending an email to support@zixcorp.com; or (3) visiting the Site at http://www.zixcorp.com/support/contact.php.
• ZixCorp receives and records your name and the credit card information that you supply if you pay to use the ZixCorp Services. ZIXCORP WILL NOT SELL OR RENT YOUR NAME, CREDIT CARD INFORMATION OR ADDRESS TO ANY THIRD PARTY unless as otherwise stated in this privacy statement.

• ZixCorp will not sell or rent your email address, ZixMessage Center PassPhrase, name, phone number, mailing address, credit card information or other personally identifiable information you provide. ZixCorp will not share your email address, ZixMessage Center PassPhrase, first or last name, mailing address, credit card information or other personally identifiable information you provide with anyone, except as stated below.
• If your use of the ZixCorp Service is being paid for by your employer or other enterprise, we may disclose your email address and information about your ZixCorp account usage to your employer and/or to compliance review committees for billing and auditing purposes. (Information about your account usage could include such information as the number of email messages and attachments, if any, that you sent using ZixMail and the list of recipients, subject and size of the combined text body of those email messages and attachments.)
• We may disclose personally identifiable information about you as legally required in order for us to respond to subpoenas, court orders, warrants, or other legal process.
• We may disclose personally identifiable information about you (a) with your consent or (b) where disclosure is necessary in order to complete a transaction to which you have consented.
• We may partner with third parties to obtain specific services for you. If you sign up for these services, we will share information that is necessary in order for the third party to provide these services. Third-party service providers are not permitted to use personally identifiable information except for the purpose of providing these services.
• Your credit card information is used by credit card authorization processors or third-party financial institutions to verify the credit card numbers and process the credit card payment transaction.
• Where required to do so pursuant to contractual obligations, we may disclose information about your ZixCorp account and account usage (except for credit card information) on a confidential basis to third-party auditors and to measurement and analysis firms. These parties are not permitted to use personally identifiable information except for the purpose of providing their services to ZixCorp.
• In the event that ZixCorp is, or substantially all of its assets are, acquired, customer information will, of course, be one of the transferred assets. In such circumstances, we will notify users by posting a notice on the Site for 30 days.
• Customer information remains secure after the customer's service terminates.
• We will use testimonials from our clientele on our web site in order to show our clients how our services have benefited others. Prior to posting a clients testimonial on our site we receive expressed consent from that individual to do so.

• ZixCorp gives you the ability to set or change your ZixMail PassPhrase and encryption codes or ZixMessage Center PassPhrase at any time. If you forget or would like to change your ZixMessage Center PassPhrase, you may create a new or ZixMessage Center PassPhrase by registering again.
• You may request deletion or deactivation of your ZixMail or ZixMessage Center account by sending an email to support@zixcorp.com. Please click here to read about data storage after your account has been deleted.
• Subject to certain exceptions, upon request and provided you provide us sufficient information to confirm your identity, we will provide you the personally identifiable information that we have collected about you for the purpose of enabling you to correct, amend, or delete any inaccuracies. You may make this request to us via email at support@zixcorp.com or visit the Site for online help at http://www.zixcorp.com/support/contact.php. If we are not able to provide the information that you are requesting within 30 days of receipt of your request, we will provide you a timeline for providing the requested information. If we deny access to your personally identifiable information, we will explain why access was denied and give you contact information for further inquiries regarding the denial of access.

• ZixCorp maintains physical, electronic, and procedural safeguards to guard user information. Credit card information, which is shared with the authorization companies that process our customer's credit card transactions, is transmitted securely.
• ZixCorp has implemented reasonable security measures to protect your email address and the ZixMessage Center PassPhrase associated with your email address from unauthorized access or disclosure, alteration, unlawful destruction or accidental loss.
• When appropriate, ZixCorp uses industry-standard SSL-encryption to protect data during transmission. For example, SSL is used to encrypt certain data transmissions to and from browsers, including transmissions of credit card numbers.
• The servers on which we store your information are kept in a secure environment that is environmentally controlled and monitored 24 hours per day, 7 days per week.
• ZixCorp has earned the American Institute of Certified Public Accountants SysTrust certification for system reliability for effectiveness of controls over the security, availability, processing integrity, and confidentiality of the ZixData Center.

• ZixCorp may amend this Privacy Policy from time-to-time. If we decide to change our Privacy Policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If, however, we are going to use users' personally identifiable information in a manner different from that stated at the time of collection, we will notify users by posting a notice on the Site for 30 days.
• We will use information in accordance with the privacy policy under which it was collected.

• Users are encouraged to take precautions to secure their passwords and access to their personal computers.
• Users may be asked for authentication, in some cases, before certain account transactions are performed. Users are encouraged to participate in this added layer of security to protect their accounts.
• Authenticated users may request their information be deleted from ZixCorp's servers by emailing support@zixcorp.com.

• ZixCorp receives your IP address each time you view a Web page from the Site. Your IP address is not linked to your email address or ZixMessage Center PassPhrase.
• Your IP address may be used for various purposes, including:
  
  
  • to diagnose service or technology problems reported by you that are associated with your IP address, or
  • to estimate the total number of users visiting the Site from specific locals, countries or regions of the world

• When a Web page on the Site is requested, that request (including the date and time) is logged on our servers with information including the IP address of the computer that requested the page.
• We use log files for debugging and troubleshooting purposes. IP addresses and access times are not linked to your email address or ZixMessage Center PassPhrase.

• If you request certain services from us, ZixCorp may then attempt to set cookies on your computer and later access those cookies. You can normally refuse cookies by setting preferences in your browser.
• A cookie is a small amount of data, which often includes a unique identifier that is sent to your browser from a Web site's computers and then stored on your computer's hard drive. A cookie cannot obtain information from your hard drive, destroy files or send you viruses.
• Each Web site can send its own cookie to your browser, if your browser's preferences allow it, but (to protect your privacy) your browser normally only permits a Web site to access the cookies that it has previously sent to you, but not the cookies sent to you by other sites.

• You can normally configure your browser to accept all cookies, reject all cookies or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.)
• If you reject all cookies, you will still be able to use the ZixCorp Services.
• Cookies are only used as an option selected by you that allows us only to recall your email address from the cookie that we sent to your computer. The only personally identifiable information about you that is associated with the cookie is your email address.

• The Site may contain links to other Web sites. We have no access to or control over cookies used by our business partners or other Web sites to which we link.
• In the event that a banner ad is provided by a third-party advertiser, it is possible that the third-party advertiser may attempt to store a cookie on your computer's hard drive. For information on your browser preference options, see "Choices about Cookies" above.
• Advertisers' and other Web sites' use of cookies is subject to their own privacy policies, not the ZixCorp Privacy Policy. ZixCorp is not responsible for the privacy practices of such other sites. We encourage you to check the privacy policies of these sites before disclosing any personal information. The ZixCorp Privacy Policy applies solely to information collected by this Site.

• ZixMail Account Information
  
  
  • Most ZixMail account information (including email addresses, public keys, names and mailing addresses) is stored on multiple redundant disk storage systems. No removable offline copies or backups are made.
  • If you request deletion of your ZixMail account, your account will be deactivated within 30 days, and your personal information will be removed from our user registration database.
• ZixMessage Center Account Information
  
  
  • All ZixMessage Center account information (excluding any credit card information received) and content of ZixMessage Center email messages are stored on multiple redundant disk storage systems. No removable offline copies or backups are made.
  • If you request deletion of your ZixMessage Center account, your account will be deactivated, and your ZixMessage Center email address and personally identifiable information will be removed from our user registration database within 30 days.
  • All ZixMessage Center email message are stored encrypted and only accessible by the intended recipient through the recipient's ZixMessage Center. A hyperlink to the recipient's Message Center is supplied in the notification email. When using the hyperlink, the intended recipient must also know the ZixMessage Center PassPhrase registered for that recipient's email address.
  • ZixMessage Center email messages that you send to or receive from ZixCorp will ordinarily expire and be permanently deleted from our disk storage systems based on the expiration time set at the time the email was sent (typically 1 to 21 days from the day the email message was sent).

Questions or Suggestions/Privacy Policy Complaints

If you have questions or suggestions, complete the form on the technical support page of the Site or send an email to privacy@zixcorp.com or privacy@support.zixcorp.com. You can also contact ZixCorp at the following postal address and phone number: 2711 N. Haskell Avenue, Suite 2300, LB 36, Dallas, Texas 75204-2960.

ZixCorp takes its privacy policy seriously and has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe (http://www.truste.com). TRUSTe will periodically review ZixCorp's information practices to ensure adherence to its privacy policy.

Should you believe there has been any breach of this privacy policy, you may email us at support@zixcorp.com; call the ZixCorp Support Center at 888-576-4949 or send a facsimile to 214-370-2074; or send mail to ZixCorp at 2711 N. Haskell Avenue, Suite 2300, LB 36, Dallas, Texas 75204-2960. ZixCorp's Trust Compliance Officer will investigate your inquiry. If you do not receive acknowledgment of this inquiry or the inquiry is not satisfactorily addressed, you should then contact TRUSTe through the TRUSTe Watchdog Dispute Resolution Process (http://www.truste.org/consumers/watchdog_complaint.php). TRUSTe will serve as a liaison with ZixCorp to resolve your concerns.