Legal Information

IDrive Inc. has created this Privacy Policy in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices.

Users can access IDrive Inc. services (the "Services") through our websites, applications on Devices, through APIs, and through third parties. A "Device" is any computer used to access the Services, including without limitation a desktop computer, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access to IDrive Inc. Services, regardless of how you access it, and by using our Services you consent to the collection, transfer, processing, storage, disclosure, and other uses described in this Privacy Policy. All of the different forms of data, content, and information described below are collectively referred to as "information".

What Information Do We Gather? User Provided Information - Due to the nature of our Services, we must collect personal information from users during the registration process including first and last names, a valid credit card to process payment for service, home and/or business postal addresses, an email address, mobile number, and a password. In addition to required member information, we may conduct surveys and ask users to volunteer demographic information to be used on an aggregate basis for internal market research and/or joint research projects with outside companies involved in product development. You may also ask us to import your contacts by giving us access to your Device(s), third-party services (for example, your email account), or to use your social networking information if you give us access to your account on social network connection services. If you choose to enable these backup features, you may grant the app permission to access your SMS (messages), Call logs, and Calendar events for the sole purpose of backup. These permissions are optional and can be revoked at any time in your device settings.

Files - We collect and store the files and data you transmit between your Devices and IDrive Inc. infrastructure using our Services. We do not intentionally collect or process special categories of personal data (sensitive data under GDPR Article 9, such as health, biometric, or racial data), except where such data is included by you in files or backups. In those cases, processing is based on your explicit consent when using our Services.

Session Records - To maintain our quality of service and to assist in the analysis of product performance, we may also gather data on connection information, including the timing and size of all packets sent over the Internet during a session, session date and times, Device Internet Protocol ("IP") address, browser type, Device name and/or identification number, and other interactions with the Service. The gathered information is used to ensure the highest quality experience possible.

IP Addresses - We may collect and process IP addresses for purposes such as system administration, service security, analytics, and to help detect or prevent misuse of our Services. In limited circumstances, we may use IP addresses to identify account activity or enforce our Terms of Service. Some account-related communications or system logs may also record IP addresses as part of standard operations.

Cookies- We use "cookies" to collect information and improve our Services. A cookie is a small data file that we transfer to your device. We may use "persistent cookies" to save your registration ID and sign-in password for future sign in to the Service. We may use "session ID cookies" to enable certain features of the Service, to better understand how you interact with the Service, and to monitor aggregate usage and web traffic routing on the Service. The cookies are used solely for identifying user sessions and do not store any personal information regarding the user. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.

What Do We Do With Gathered Information? Information gathered by us may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to develop new technologies and services, (iv) to personalize and improve your experience, (v) to provide or offer software updates, (vi) to send critical reminders and (vii) to provide product announcements. This may include, for example, use of automated systems and algorithms to analyze account data to detect malware and/or illegal content or recognize patterns to aid us in improving our Services.

We may send SMS/emails/push notifications to update you on any product reminders, updates, events, and promotions we may be running. We may use the email addresses and mobile numbers provided by you to send periodic information about our Services and related products. The message/email frequency varies. Message and data rates may apply. In order to present the best possible product to the public, we track the category of services selected by our individual users as well as all information pertaining to user satisfaction. We reserve the right to maintain evaluation and feedback records indefinitely.

Our website provides users the opportunity to opt out of receiving email communications from us at the point where we request information about the visitor. If you wish not to receive future email communications or to no longer receive our service, you can go to your personal profile (after signing in to our Service) and uncheck the option to receive communications regarding our services or use the unsubscribe link within email communications.

Legal Bases for Processing (GDPR, UK GDPR, LGPD) Where we process personal data subject to the EU General Data Protection Regulation (GDPR), the UK GDPR, or the Brazil LGPD, we rely on one or more of the following legal bases:

• Contract performance – when we provide our backup, storage, and related services to you.
• Legal obligation – when we are required to comply with applicable laws, such as tax or law enforcement requests.
• Legitimate interests – when we process limited data for purposes such as service improvement, fraud prevention, or operation of referral and partner programs.

You have the right to object to processing based on legitimate interests as described in the “Access Rights and Choices to Limit Sharing” section below.

Who Do We Share Information With? We do not sell personal information and do not share it for third-party direct marketing. We may share personal information with service providers and trusted partners as described in this Policy or unless compelled by applicable state and federal laws (see below). We practice a no-sharing policy for subscriber information to third-party policies for their direct marketing purposes. We do not control the practices of our affiliates. If you have questions about how affiliates use the information gathered when you link to them, please read their privacy policies. Our site may contain links to other sites. We are not responsible for the privacy practices or the content of such websites.

Processing of customer personal data under our service agreements is governed by the IDrive Data Processing Addendum ( DPA ).

Users We will display your personal information in your profile page. You can review and revise your profile information at any time by accessing your account settings. We may also share or disclose your information with your consent, for example, if you use a third-party application to access your account (see below).

Service Providers, Business Partners, and Others - We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to database management, web analytics, payment processing, and improvement of the Service's features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. For a current list of our service providers and sub-processors, please visit our Sub-processor Page.

Third-Party Applications - We may share your information with a third-party application with your consent, for example, when you choose to access our Services through a third-party application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you.

Compliance with Laws and Law Enforcement Requests; Protection of IDrive Inc. Rights - We may disclose to parties outside IDrive Inc. files stored in your account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (i) comply with a law, regulation or compulsory legal request; (ii) protect the safety of any person from death or serious bodily injury; (iii) prevent fraud or abuse of our Services or its users; or (iv) to protect our property rights.

Business Transfers - If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email and/or a prominent notice on our website) of any change in control or use of your personal information or files, or if either become subject to a different Privacy Policy. We will also notify you of choices you may have regarding the information.

Non-private or Non-Personal Information - We may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Service. Our Service may also offer publicly accessible community services such as blogs, forums, and wikis. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account.

Partner and Referral ProgramsIf you register for an IDrive account through a referral or partner link, we may share limited personal information (such as your name and email address) with the referring Partner and/or our partner program platform provider, for the purposes of commission tracking, reporting, and program administration. Our partner program platform provider acts as our service provider under the CCPA and may not use your information for any purpose other than providing services to us. We rely on our legitimate interests (Article 6(1)(f) GDPR) to process and share this information for the operation of our partner and referral programs, and we have assessed our legitimate interests and determined that they are not overridden by your data protection rights and freedoms. You have the right to object to such processing as described in the “Access Rights and Choices to Limit Sharing” section below. This sharing does not include access to your personal files or backup content. Partners and service providers are contractually required to use such information only for these limited purposes and to comply with applicable data protection laws, including GDPR and CCPA. Where required, such transfers are safeguarded through the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, or other applicable mechanisms.

Partner and Referral Programs for BMR Accounts If you have a BMR appliance associated with your IDrive account through a referral or Partner, we may share limited personal information (such as your name, email address, account details, BMR appliance identifiers, endpoint backup reports, and related usage information for supported platforms including hypervisors and VMware environments) with the referring Partner and/or our partner program platform provider. Partners are also granted administrative access to your BMR appliance and related account settings in order to provide support, perform account management, and facilitate service delivery. Such administrative access is granted under IDrive’s Data Processing Addendum, and Partners act as processors or sub-processors bound by contractual data protection obligations. Partners and service providers are contractually required to use such access only for these limited purposes and to comply with applicable data protection laws, including GDPR and CCPA. Where required, such transfers are safeguarded through the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, or other applicable mechanisms. Partners’ rights to access or use such information terminate when your relationship with IDrive or the Partner ends.

Access Rights and Choices to Limit Sharing You have the right to request access to all personal information IDrive^® collects about you by contacting privacy@idrive.com. Your personal information may also be accessed from your Personal Profile page after logging in to your account, where you can correct, amend, or delete information related to your account.

You may also make requests to limit the sharing of any of your personal information by contacting privacy@idrive.com. For example, you may opt in or opt out of receiving communications regarding our Services from your Personal Profile Page or by contacting Support. You may also withdraw your consent for us to disclose and/or process your personal information, if you have given us consent in the past. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to withdrawal, nor will it affect processing carried out on lawful grounds other than consent.

These rights apply to personal data we collect through your account and service interactions, not to transient session cookies used solely for website functionality.

All requests for accessing and/or limiting the use of your personal information will be subject to verification of account ownership.

Data RetentionWe keep your personal data only for as long as needed to provide our services, meet legal and accounting obligations, and comply with regulatory requirements.

To determine appropriate retention periods, we consider:

• the type, amount, and sensitivity of the personal data;
• the potential risk of harm from unauthorized use or disclosure;
• the purposes for which we process the data and whether those purposes can be achieved through other means; and
• applicable legal, contractual, and regulatory requirements.

When you close your account, your stored data is permanently deleted from our systems within 10 days, unless a longer retention period is required by law. If certain information must be retained to comply with legal obligations, it is securely stored and isolated from further processing until deletion is possible.

IDrive® Photos App Permissions In order to upload, store, send, receive, share, delete, or modify your content to the IDrive^® Photos Service, the account holder must ensure they have the necessary rights to delete, modify, share, or upload any content and the content is lawful. You, as the Account holder, are solely responsible for access to, content in, or sharing and use of your Account. All content uploaded to the service is based on your consent provided to the app. The IDrive^® Photos app cannot modify or delete the media files from the local device without your consent.

SecurityWe take reasonable precautions to protect personal information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. User data is password-protected and your password should never be shared with anyone. When we receive certain types of sensitive information, such as financial information, we redirect visitors to the secure portion of our site using industry-standard SSL. In the event of a personal data breach that affects your information, we will notify you in accordance with applicable law and our Data Processing Addendum.

Our Policy Toward Children Our Services are not directed to children under the age of 13, or under 16 where required by applicable data protection laws (such as the GDPR or CPRA). We do not knowingly collect personal data from children. If a parent or guardian becomes aware that their child has provided us with personal data without consent, they should contact us at privacy@idrive.com. If we become aware that we have collected personal data from a child in violation of this policy, we will take steps to delete it promptly.

International Data Transfers and Data Privacy Framework IDrive^® is subject to oversight by the U.S. Federal Trade Commission. JAMS is the U.S.-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance. We ask that you first submit any such complaints directly to us via privacy@idrive.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS at https://www.jamsadr.com/dpf-dispute-resolution (free of charge). In the event your concern still isn't addressed by JAMS, you may be entitled to binding arbitration under the Data Privacy Framework Principles.

IDrive, Inc. is based in the United States. If you are located outside the U.S., your information may be transferred and stored in the United States or in other countries where our service providers operate. We rely on recognized transfer mechanisms for such transfers, including our participation in the EU–U.S. Data Privacy Framework (DPF), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework. Where a transfer is not covered by these frameworks, we rely on the European Commission’s 2021 Standard Contractual Clauses (SCCs), together with the UK Addendum where applicable. These mechanisms help ensure that your personal data continues to be protected to standards consistent with applicable law.

IDrive Inc. has certified its compliance with the EU–U.S. DPF, the UK Extension, and the Swiss–U.S. DPF. Our certification can be verified on the official Data Privacy Framework List. We comply with the DPF Principles for onward transfers and remain liable if our processors process personal information in a manner inconsistent with the Principles.

If there is any conflict between this Privacy Policy and the DPF Principles, the DPF Principles shall govern. IDrive^® is subject to oversight by the U.S. Federal Trade Commission. For unresolved DPF inquiries, you may contact our independent recourse mechanism at JAMS (free of charge) via https://www.jamsadr.com/dpf-dispute-resolution. Binding arbitration may be available as described in the DPF.

California Consumer Privacy Act NoticeIDrive^® does not sell or share personal information through cookies or similar technologies.

California residents have the following rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020:

• Right to know and access – Request details about the categories and specific pieces of personal information we collect, use, disclose, or share.
• Right to delete – Request deletion of personal information we hold about you, subject to certain exceptions (e.g., billing, legal compliance, or security).
• Right to correct – Request correction of inaccurate personal information.
• Right to opt out – Direct us not to sell or share your personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information – Restrict how we use sensitive information (if applicable)
• Right to non-discrimination – We will not discriminate against you for exercising your privacy rights.

Changes to our Privacy Policy This Privacy Policy may change from time to time. If we make a change to this privacy policy that we believe materially reduces your rights, we will provide you with notice (for example, by email). We may provide notice of changes in other circumstances as well. By continuing to use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

Contact Us If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this website, you can contact:

Attn: Privacy Management
IDrive Inc.
26115, Mureau Road, Suite A,
Calabasas, CA 91302
privacy@idrive.com

Previous Versions:

• May 01, 2024