Cryptobox Privacy Policy | Ercom

Cryptobox Privacy Policy

This Privacy Policy describes how your personal data is collected and processed as a result of downloading and using the application (hereafter, the “Application”) required to use the Cryptobox solution.

The Application is one of the software components of the Cryptobox platform, managed and hosted by Ercom, and accessed remotely. Cryptobox is therefore a “SaaS” solution in this configuration.

When using the Application and Cryptobox hosted by Ercom, we may be required to know and process some of your personal information. We are committed to respect your privacy and the confidentiality of your personal information. This is why we have drafted this Privacy Policy.

It is important to note that a user entity (hereafter, the “Customer”) subscribes to the Cryptobox service, either directly with Ercom or through an authorized third party (hereafter, the “Distributor”), for the benefit of End Users. You may use Cryptobox in a particular setting, for example if the service is provided within a larger packaged offer by an authorized Distributor or operated directly by your employer. However, this Privacy Policy does not apply to personal information that the Customer’s account managers (hereafter, the “Account Managers”), who manage Cryptobox user rights and are designated by those individuals, may collect directly from users and process elsewhere.


1.    Account Manager data and Cryptobox usage data

Ǫ    What Account Manager data do we possess?

®    Essential information: first name, last name and e-mail address.

To allow subscriptions to Cryptobox, we need the first name, last name and e-mail address of the Customer’s Account Manager, in order to send him/her a link and a password by e-mail to access the Cryptobox Application.

This information is communicated to us by the Customer who has subscribed to the Cryptobox service. Designed to identify and authenticate Account Managers, this data is kept for the entire duration of the subscription.


Ǫ    What solution and service usage data do we have access to?

®    Only usage data.

For the purpose of administering the service, we collect the following usage data from the solution (metadata):

  • Connection date and time
  • Actions: logins (success/failure), adding/deleting user(s), adding/deleting Account Manager(s), modifying user/Account Manager rights
  • Connection IP address

In addition, we may access license information (number of users, activation status, start date, end date) that is not personally identifiable, but may be indirectly associated with users of the service.

This information is collected automatically on our servers. Designed to understand, manage and improve the use of the Cryptobox solution as well as allow Customers to manage the service, this data is kept for one year after its collection.


2.     End user data (you)

Ǫ     What identifying data about you do we possess?

®     Only your first name, last name and e-mail address.

When subscribing to the Cryptobox service, a Customer sends us the first name, last name and e-mail address of each user authorized to access the service, and we invite directly authorized users by e-mail to create their account using the Application.

As such, we send a hypertext link to the e-mail address provided to verify the e-mail address and finalize your registration. In order to use Cryptobox, you must be registered, either through a list sent by Customer while subscribing to the Cryptobox service, or throughout the subscription, you may be invited by an existing Account Manager.

Then, when you first log into the Application, we need to verify that you are authorized to use Cryptobox.

For this, when you register, you provide us with only your first name and last name (we already have your e-mail address that was communicated to us by the Customer or the Account Manager) (hereafter, “Identifying Data”). We do not ask you for any other personal information. This information is mandatory in order to validate your registration.

Your access to Cryptobox is conditional on your account being validated by an Account Manager.

When you finalize your registration, your first name, last name and e-mail address are communicated to the Account Manager to inform him/her of your registration to Cryptobox and allow him/her to validate your account.

Your personal data is also used when another Cryptobox user designates you as a trustee (hereafter, “Trustee”), i.e. the trusted person through which this user can access his/her account in case he/she has forgotten his/her password.


Ǫ    Can we see the content of your shared documents?

®    We are not able to access the content of your shared documents.

Files uploaded or downloaded to/from Cryptobox are encrypted end-to-end from/to your device. They are only accessible to users you have designated yourself.

The files you store in your collaborative workspace (hereafter, the “Workspace”) are kept for the duration of the subscription, and for a period of 30 days afterwards to allow you to recover your files by downloading them. After this period, files are deleted from our servers. However, if you are using an evaluation version or trial license of Cryptobox, your documents may be kept for a shorter duration after the end of the license, if at all! Please check the terms of your license!


To allow you to use Cryptobox, the Application also requires the following permissions:

  • “Read System Memory”: Reads system shared memory (adding files to the service);
  • “Write to System Memory”: Allows you to write to and read from the system’s shared memory (downloading files from the service);
  • “Read access to contacts”: Access to contacts to invite them or share documents with them;
  • “Internet access”: Access to the device connection status to ensure proper operation of the Application.


Ǫ    Can we access your instant communications?

®    No, we do not have access to the content of your communications.

Your communications (instant messaging using “My Chats”) with another user are encrypted end-to-end. We do not have access to the content of your communications.


Ǫ    Do bug reports allow us to collect personal information?

®    Bug reports are not intended to allow collection of personal information.

You can provide us with information about your use of Cryptobox (hereafter, “Bug Reports”) by sending us an e-mail containing information about the performance of Cryptobox or other issues.

In this case, we collect your e-mail address and possibly other personal information that you decide to communicate as part of this e-mail. We generally do not wish to possess such information, which is why we invite you to limit as much as possible personal information in your correspondence. Your e-mail address may however be useful for us to be able to respond!

The Application also include features to automatically detect application anomalies. You have the option to manually share this information with us, or choose to automate this feature. The information sent to us is anonymous and relates to the configuration of the device and the Application.


Ǫ    What data do we collect automatically when you use Cryptobox?

®    Only usage data.

Usage data revealing Cryptobox usage statistics, also known as metadata, are collected by our servers.

Usage data collected:

  • The date and time an action occurred (downloading/uploading files, selecting a Trustee, changing the password, etc.);
  • Your e-mail address;
  • The name of the server on which the action took place;
  • Your IP address;
  • The first name, last name and e-mail address of users with whom you communicate:
  • In a workspace;
  • In a conversation.

This usage data is not visible in the Application and is not communicated to the Account Manager or the Customer (e.g. your employer).


Ǫ    Does the Application use cookies?

®   The Application does not use any cookie.


Ǫ    For what purposes do we collect your personal data?

®    Only to provide a quality Cryptobox service!

The identifying data collected from you and, where applicable, from the Account Managers and the Customer are required for:

  • Manage user identification and authentication;
  • Display your first name, last name and e-mail address in the list of users of a collaborative workspace;
  • Display your first name, last name and e-mail address to your contacts within Cryptobox, including instant messaging;
  • Send e-mail notifications in case you have opted for this feature (e.g. to be notified of scheduled updates or service downtimes);


In addition, usage data (metadata) and any personal information you choose to include in bug reports sent to us are only used for:

  • Manage and track Cryptobox usage;
  • Display your details (first name, last name and e-mail address) to Cryptobox administrators as part of providing support in response of a bug report;
  • Compile statistics to measure adoption and application performance;
  • Measure service quality to improve user experience, through a security audit.


Ǫ    Where and how is your personal data stored?

®    In France, complying with very high levels of security.

Your personal data is stored on servers located in France. Your data will never be transferred outside France.

Cryptobox is designed around security and privacy (security & privacy by design).

Cryptobox security is primarily based on robust encryption technology (AES 256-bit). It secures user-to-user communications and file sharing between users and external partners, data storage within Cryptobox, and provides Cryptobox with robust protection.

Your personal information is stored on our servers located in France. Their logical access (with end-to-end encryption) and physical access (restricted and protected access) is very secure.


Ǫ    Who can access your personal information?

®   Very few people…

Your identifying data and, where applicable, your Trustee status, are communicated to the Account Manager.

Other personal information resulting from your use of Cryptobox may be accessible to the Account Manager depending on the subscribed offer. For more information on access and use of your usage data by your organization, please contact the relevant services at your organization.

When the Customer does not have access to your usage data, these may be aggregated and anonymised, and provided to the Account Manager and/or the Customer responsible for your account, but these are no longer personal information!

Access to your personal information is restricted to our authorized employees, as well as our vendors bound by very demanding confidentiality agreements. In both cases, only members on a strictly need to know basis can access personal information, and can only use them for the purposes listed above.

We do not commercially exploit your data and guarantee they are not transferred to third parties other than those mentioned above, and only because it is strictly required for your use of Cryptobox.

We may however be required to provide your personal information in case of legal or regulatory obligation, or resulting from a decision of a relevant judicial or administrative authority.


Ǫ     What is the retention period for personal information?

®    The duration strictly necessary, no more!

We keep your usage data (metadata) and the personal information possibly contained in Bug Reports for a duration of one (1) year after their collection.

Other personal data (specifically, your first name, last name and e-mail address) are kept for the entire duration of your rights to use Cryptobox. Once your rights have come to an end, for any reason (including deletion of your account), we may retain this data for up to one (1) year for billing purposes, facilitating subscription, and to improve user experience.

At the end of the retention periods mentioned above, all your personal information will be deleted from our servers or anonymised.

Termination of your rights to use Cryptobox does not, however, affect the information that other Cryptobox users possess about you (including messages you sent them).


Ǫ     How do you access your personal information?

®     By contacting us, preferably by e-mail

You have the right to access your personal information to check their accuracy and correct them as necessary. Your personal information may be updated, corrected or modified as appropriate. We will endeavor to fulfill your request as soon as possible, but this right should not be exercised in an exaggerated or abusive manner.

You also have the right to request a copy of your personal information.

You also have the right to oppose or limit the processing of your personal information, to withdraw your consent to their processing, as well as request the deletion of your personal information. Note, however, that exercising this right may affect your ability to use Cryptobox.

You can exercise this right in association with your personal information by contacting us by e-mail at:

If, after contacting us, you believe the rights regarding your personal information have not been enforced or if you believe their processing does not comply with privacy protection rules, you may file a complaint with a supervisory authority, such as CNIL in France.


Ǫ     Your consent

By using the Application, you agree that we may collect and process the information you provide us in accordance with the provisions of this Privacy Policy.

We may amend this Privacy Policy at any time, in which case we will notify you of such changes through in-app notifications.

By continuing to use the Application after being notified of changes to the Privacy Policy, you agree to such changes.


Ǫ       Contact us

If you have any questions, comments or requests regarding this Privacy Policy, please contact:


6 rue Dewoitine, Immeuble Rubis

78140 Vélizy



Tel: +33 1 39 46 50 50



(version 3.1)

see the press Releases

Ercom announces the arrival of Patrick Plas as Chief Operating Officer to support future growth Ercom is pleased to welcome Patrick Plas to its Executive Committee. In his role as Chief Operating Officer, Patrick will be responsible for the proper execution of the Company’s strategic plan, and monitoring operational performance in all aspects, including product…

Continue reading

Ercom welcomes Jacques Pommeraud as a member of its Supervisory Board to assist with migrating toward SaaS and deploying customer success efforts. For more than 20 years, Jacques Pommeraud has developed a rich and diversified experience in supporting, managing and transforming new technology companies in the cloud. He graduated from Ecole Nationale des Ponts et…

Continue reading

ERCOM, a French specialist in mobile communications encryption, announces the deployment of its Cryptopass solution at Orano (formerly AREVA). Cryptopass is a secure communication mobile app for businesses and governments that allows users to securely communicate (instant messaging, voice, audio/video conference). Orano opted for Cryptopass by ERCOM to ensure the confidentiality of its employee communications,…

Continue reading

With this partnership, Ercom and Abbakan address the growing demand of ever more mobile and connected employees for security solutions Ercom, the leading French vendor in its field, has been offering its telecom and cryptographic expertise to customers for more than 30 years. The company invests heavily in R&D in order to develop and deliver solutions…

Continue reading

D&A’S HOLISTIC IG SERVICE PICKS CRYPTOBOX AS ITS SECURITY STANDARD NY, New York: Davis & Associates (D&A), a leading provider of integrated technology solutions and information governance services for law firms, corporate legal and IT departments is pleased to announce that Ercom and D&A have formed a partnership to leverage Ercom Cryptobox’s secured file sharing…

Continue reading

Paris, France – September 26, 2017 A managed service offer for businesses and the public sector A mobile application to easily secure voice, video, instant messaging and file transfers Increased privacy with end-to-end encryption of mobile communications Orange Cyberdefense launches “Mobile Security Intense”, an offer to secure mobile communications for businesses and the public sector….

Continue reading

Bussy Saint Georges – France, July 11, 2017 Ercom, a reference solution provider for secure voice and data communications, and Tech Data, a provider of value-added solutions for businesses, are pleased to announce a partnership to distribute Ercom security solutions. Tech Data, through its Azlan division, specialized in marketing value-added IT products, solutions and services…

Continue reading

Wednesday, May 10, 2017 Ingram Micro France announces the distribution of the solution portfolio of Ercom, the French company specialized in securing communications, devices and data. Starting now, Ingram Micro offers Cryptosmart, a solution for securing mobile devices and communications, as well as Cryptobox, a solution for secure collaboration and sharing. These two solutions are…

Continue reading

Orange Business Services, through its Orange Cyberdefense division, entered into a partnership with Ercom to market and deploy Cryptobox, an ultra-secure sharing and collaboration solution. As work environments are becoming increasingly open and collaborative, digital security and sovereignty are more than ever a priority for governments and companies. To meet these strategic requirements, Orange Cyberdefense…

Continue reading

Colombes, France, February 20, 2017 Oberthur Technologies (OT), a leading global provider of embedded security software products, services and solutions, today announces its international collaboration with Samsung and Ercom, a leading company in the mobile communication security industry, to jointly develop and launch Cryptosmart SIM-powered. OT and ERCOM have partnered to introduce Cryptosmart SIM-powered relying…

Continue reading

Vélizy-Villacoublay, January 19, 2017 – Ercom, a reference solution provider for secure voice and data communications, announces it has been selected by Groupe Imprimerie Nationale (French leader in secure ID solutions and trust services operator). The agreement includes supplying and deploying Cryptobox, the most secure sharing and collaboration solution. As a trust services operator, Groupe…

Continue reading

Cryptobox is a new secure collaborative solution enabling employees to securely share information internally and externally. Provided by Ercom, a company specializing in secure communications for nearly 30 years, Cryptobox ensures businesses can exchange information confidentially using end to end encryption. Easy to use and easy to deploy, Cryptobox is available on all types of hosting…

Continue reading

Cryptosmart is recognized by the European Union as a trusted solution to protect the exchange of information from governments, institutions and companies Cryptosmart: THE ultimate solution to secure mobile communications and devices Mobility tools are a gateway to an organization’s information systems, whether it is a government, an administration or a company. 40% of smartphone…

Continue reading

See All news