Our Policies
The Storm4 product was designed from the ground up with the following principles in mind.
We have designed our policies the same way. We want to be 100% open and transparent about what we do. If you have any questions or concerns about our policies, please let us know.
- Always use strong cryptography and best security practices.
- Make it easy for the user to do the right thing.
- The user has full control over who can decrypt documents and metadata.
- The storage provider does not have the ability to decrypt the content.
We have designed our policies the same way. We want to be 100% open and transparent about what we do. If you have any questions or concerns about our policies, please let us know.
Our Responsibilities
Our company was created to protect your privacy. Therefore our primary responsibilities are as follows:
- Treat your personal information with the sensitivity and respect it deserves.
- Ensure that our data collection and retention policies are always upheld.
- Ensure that our service is secure and safe for all our users.
- Be up front and direct with you about any issues that may arise, or any questions you may have.
Your Responsibilities
Storm4 is a powerful tool for privacy—please don’t do bad things with it. While we can’t decode the data you are protecting, we do reserve the right to not sell or discontinue our service with you. Here are some things you shouldn't do with Storm4:
- Attempting to hack into other customer’s data.
- Trying to game our free trial program.
- Stealing other people's intellectual property or violating intellectual property laws.
- Supporting acts of terrorism or child porn.
- Any other abusive activities, determined at our discretion.
Our cancellation policy
If you're unhappy with Storm4 for any reason, you may cancel at any time.
Just send us a cancellation email. And we will promptly:
Just send us a cancellation email. And we will promptly:
- delete your account
- calculate the charges for the partial month
- process your final payment
- refund any remaining credit on your account
Our data sharing policy
We will never share any information about you with any third party.
(We're not in the advertising business. We're in the security business. So we have nothing to gain, and everything to lose by selling your data.)
The one important exception is if we are forced to respond to a legal request. See our legal request policy below.
(We're not in the advertising business. We're in the security business. So we have nothing to gain, and everything to lose by selling your data.)
The one important exception is if we are forced to respond to a legal request. See our legal request policy below.
Our data collection & retention policy
When you sign up for Storm4 we collect:
This email address is the only communications channel we have with you. We only use it for communications concerning your account. E.g. monthly statements, expired credit card notices. If you sign up for our newsletter, we will also occasionally send you emails about our latest product innovations, and other such news.
When you sign up for a paid account, we collect:
We don't store your payment information ourselves. It's stored securely with our credit card processing company: Stripe. This company handles payments for many of the largest companies online, and has an excellent security record.
Our technology stack is built upon 3 other companies:
As mentioned above, Stripe is used to store and charge your credit card. They're purpose built for this specific task.
Auth0 is used as a general authentication framework. In order to improve security, we wanted to provide multiple authentication options for our users, including a variety of "social providers" (e.g. Google, Twitter, etc). These third party providers have gone to great lengths to build secure identity platforms with a number of security features that benefit their users (e.g. multi-factor authentication, credit card based account restoration, etc). By providing support for all these third party identity providers, we can give our users the best authentication options available, combined with our cryptographic cloud storage solution.
AWS is our cloud storage provider. They're a recognized industry leader and AWS powers many of the world's biggest companies. Our vision was to bring the cost effectiveness of AWS directly to the customer, combined with our cryptography in order to protect the customer's privacy.
Information collected that's not linked to your Storm4 account:
When anybody visits our website, we use Google Analytics to track general interest in our product. This information is not linked to your Storm4 account, and is no different than the general website traffic analytics performed by most websites on the Internet.
- your email address
This email address is the only communications channel we have with you. We only use it for communications concerning your account. E.g. monthly statements, expired credit card notices. If you sign up for our newsletter, we will also occasionally send you emails about our latest product innovations, and other such news.
When you sign up for a paid account, we collect:
- your name
- your payment information (e.g. credit card number)
We don't store your payment information ourselves. It's stored securely with our credit card processing company: Stripe. This company handles payments for many of the largest companies online, and has an excellent security record.
Our technology stack is built upon 3 other companies:
- Stripe (our payment processor)
As mentioned above, Stripe is used to store and charge your credit card. They're purpose built for this specific task.
- Auth0 (our authentication broker)
Auth0 is used as a general authentication framework. In order to improve security, we wanted to provide multiple authentication options for our users, including a variety of "social providers" (e.g. Google, Twitter, etc). These third party providers have gone to great lengths to build secure identity platforms with a number of security features that benefit their users (e.g. multi-factor authentication, credit card based account restoration, etc). By providing support for all these third party identity providers, we can give our users the best authentication options available, combined with our cryptographic cloud storage solution.
AWS is our cloud storage provider. They're a recognized industry leader and AWS powers many of the world's biggest companies. Our vision was to bring the cost effectiveness of AWS directly to the customer, combined with our cryptography in order to protect the customer's privacy.
Information collected that's not linked to your Storm4 account:
When anybody visits our website, we use Google Analytics to track general interest in our product. This information is not linked to your Storm4 account, and is no different than the general website traffic analytics performed by most websites on the Internet.
Our legal request policy
Storm4 is owned and operated by 4th-A Technologies LLC, a legal entity which is headquartered in Delaware USA. We are a law-abiding company, and as such, we are subject to federal, state, and local laws.
Keep in mind that, in practice, there is likely to be little or no valuable data that we could share with law enforcement. (We can't read any of our customer's content, after all.) This means our service offerings have no backdoors. Indeed, history has shown that backdoors created for law enforcement interception are themselves a security liability and present an irresistible target for hackers and state-sponsored attackers.
Should it ever become necessary to respond to a legal request, we will do so. We will only respond to a legally binding request. The request would have to come from a United States federal, state, or local authority.
We want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. But before turning it over, we will thoroughly evaluate the request to make sure it complies with the letter and spirit of the law. And, consistent with best privacy practices followed by other companies, when possible and legally permissible, we will notify the user in order to give him or her the opportunity to object to the disclosure.
We have a separate page that details our DMCA policies, as required by law.
Keep in mind that, in practice, there is likely to be little or no valuable data that we could share with law enforcement. (We can't read any of our customer's content, after all.) This means our service offerings have no backdoors. Indeed, history has shown that backdoors created for law enforcement interception are themselves a security liability and present an irresistible target for hackers and state-sponsored attackers.
Should it ever become necessary to respond to a legal request, we will do so. We will only respond to a legally binding request. The request would have to come from a United States federal, state, or local authority.
We want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. But before turning it over, we will thoroughly evaluate the request to make sure it complies with the letter and spirit of the law. And, consistent with best privacy practices followed by other companies, when possible and legally permissible, we will notify the user in order to give him or her the opportunity to object to the disclosure.
We have a separate page that details our DMCA policies, as required by law.
No backdoors policy
Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security features or restrictions. These include, but are not limited to:
Our products are the result of rigorous development practices that place security and trust at the forefront. They also receive continuous scrutiny from our engineers, our peers, our customers, and third party security researchers, contributing to product integrity and assurance.
We have no indication of unauthorized code in our products, and we will investigate all credible reports and disclose findings with customer implications. We ask all our customers and others to report any suspected vulnerabilities to the us for immediate investigation. We will manage and disclose any such results.
- Undisclosed device access methods or “backdoors”.
- Hardcoded or undocumented account credentials.
- Covert communication channels.
- Undocumented traffic diversion.
Our products are the result of rigorous development practices that place security and trust at the forefront. They also receive continuous scrutiny from our engineers, our peers, our customers, and third party security researchers, contributing to product integrity and assurance.
We have no indication of unauthorized code in our products, and we will investigate all credible reports and disclose findings with customer implications. We ask all our customers and others to report any suspected vulnerabilities to the us for immediate investigation. We will manage and disclose any such results.
Our difference
When it comes to cloud storage providers, you have a lot of choices. We strive to differentiate ourselves in 3 ways:
You should feel safe knowing that your data is secure from prying eyes. This includes everything from hackers to overreaching government agencies.
Our focus on privacy & security extends beyond the cloud. We want to make security a reality for the average user in the real world.
We realize that everybody is different. To us it doesn't matter if you only want to store a single document, or backup an entire business. If we can increase your security in any way, that's a win in our book. This lead us away from a tiered pricing system, and down the road to a pay-as-you-go model. We don't have to be your only cloud storage provider. But we'd love to be one of them.
- Your files are encrypted in the cloud such that we cannot read your content.
You should feel safe knowing that your data is secure from prying eyes. This includes everything from hackers to overreaching government agencies.
- Your files are encrypted on your local device.
Our focus on privacy & security extends beyond the cloud. We want to make security a reality for the average user in the real world.
- You only pay for what you use.
We realize that everybody is different. To us it doesn't matter if you only want to store a single document, or backup an entire business. If we can increase your security in any way, that's a win in our book. This lead us away from a tiered pricing system, and down the road to a pay-as-you-go model. We don't have to be your only cloud storage provider. But we'd love to be one of them.