We deploy world-class Creative
on demand.
Privacy Policy
Enigma takes your data and personal information privacy seriously. Our Privacy Policy outlines who we are, and how we gather, disclose, and use your data. You may find other answers in our Terms & Conditions and the FAQ section
[1] Definitions
Data Controller | Dragon Secure GmbH (company code CH-170.4.019.396-6, registered at Bahnhofstrasse 32 6300 Zug, Switzerland) which determines the purposes and means of the processing of Personal Data. |
Data Processor | A natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller. |
GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC. |
Personal Data | Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Service | Defined in the Terms of Service |
Supervisory Authority | An independent public authority that is established by a Member State of the European Union pursuant to Article 51 of the GDPR. |
Data Breach | A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed. |
Enigma Account | The profile created using the Service. |
Data Subject, you | The user of the Service. |
AWS | Amazon Web Services https://aws.amazon.com/security/. |
Terms and Conditions | The Terms and Conditions of the Service. |
User ID | The user ID generated when creating a Enigma Account on Service. |
[2] Who we are
Dragon Secure GmbH built the Enigma app which boasts on our exceptional security that compares to none. Enigma differentiates itself from others by storing only exceptionally limited Personal Data and ensuring end-to-end encrypted messages in all cases. Below you will find further specifications on how we handle the finite Personal Data you provide to us
If you choose to use our Service, then you agree to the collection and use of information in relation to this Privacy Policy. The Personal Data that we collect is only used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions and the GDPR unless otherwise defined in this Privacy Policy.
[3] Information collection and use for the Service
We will process the following categories of Personal Data when you create a Enigma Account with us:
⎯⎯ User ID – Enigma will generate a unique User ID for each Enigma Account holder. Only you will know your exact User ID and will be able to share it with your peers to communicate. Our technical team will also see all the User IDs, however, we will be unable to tell whom it belongs;
⎯⎯ Sim card and operator info – Enigma may derive the information of the name of the sim operator from the IP address which is collected by Cloudflare. Note that we do not use such data for our purposes;
⎯⎯ Log-in status – we will be able to see which user is active at that specific time. For such data, we will only see the User ID and active status.
⎯⎯ Subscription data – we need this data to know when your subscription period started and when it will end as the subscription period starts only after the activation.
⎯⎯ IP address – Enigma will be able to see your IP address unless you are using a virtual private network or TOR (VPN), however, in any case, we will not store such information;
⎯⎯ Payment data – we will receive the payments from your Coinbase crypto account, therefore we will see your unique crypto account number, transaction ID, sub wallet ID, the amount and date the transaction was created, payment network and hash;
⎯⎯ Date and time when the phone last sent API request to the backend – we collect this data to know when was the last time you were online. Enigma has functionality that triggers Enigma Account auto-delete after 30 days of inactivity both on the app (if the app is online) and on the server (always). Absolutely all the data that is available to us is deleted once your Enigma Account ceases.
The legal basis for the processing of this Personal Data is the performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR).
Your Personal Data processed for this purpose will be retained for the duration of the subscription plus 2 weeks after the subscription expires (as the User can redeem/renew the subscription after its expiration for 2 weeks).
[4] Information collection and use for additional services
For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this Privacy Policy
⎯⎯ Your communication with us
Purpose: we will process your User ID, contact details and the content of the request or complaint in order to answer your queries
Legal basis: the legal basis for the processing of this Personal Data is our legitimate interest to answer user queries (Article 6(1)(f) of the GDPR).
Purpose: we will process your User ID, contact details and the content of the request or complaint in order to answer your queriesStorage: your Personal Data processed for this purpose will be retained for 3 months or 3 years, depending on if it is a query or a complaint respectively.
⎯⎯ Processing the purchase
Purpose: we may collect your email address in case you decide to download the subscription code purchased for the Service.
Legal basis: the legal basis for the processing of your email address is consent (Art. 6(1)(a) of the GDPR).
Storage: we will store your email address only as long as it takes to send you the subscription code. After that, it will be immediately deleted. If you prefer to not disclose your email address, we recommend writing the subscription code down for future use or downloading it from the order page
[5] Communication via Enigma
Your messages will not be retained on our servers. Your Enigma Account will not be connected to your phone number in any way. You may connect with other users of the Enigma app by providing them with your User ID or by searching their User ID on your Enigma Account. You can dismiss the requests on Enigma App to connect or you can turn off the ability to find your Enigma Account by other users.
All the files, photos, videos, and voice messages are end-to-end encrypted. Neither Enigma nor anyone else, except you and your peer, will see the chat content.
[6] Enigma Account deletion
You may at any time delete the Enigma application which also wipes your Enigma Account immediately if you are connected to the Internet. Your Enigma Account will also be automatically deleted after 30 days of inactivity.
[7] Data recipients
We may transfer your Personal Data to others. The transfers may occur outside the European Union, including the UK, USA, Switzerland, and others. In such cases, we will ensure the highest data protection standards and will sign Standard Contractual Clauses with each Data Processor, unless there is an Adequacy Decision adopted for the respective country which proves the high standard of protection. The purpose of transfer may be technical support, payments, storage, etc.
We only share your Personal Data with such service providers where it is necessary to perform the agreement with you, to follow a legal obligation, or we need to share your data based on our legitimate interest, or you have provided a clear consent to share your data. Such providers may be Cloudfare, Amazon Web Services, and others. When we share your Personal Data with the above recipients, we make sure they comply with this privacy policy.
Your data is hosted on Amazon Web Services (AWS). We take advantage of all the security and privacy features AWS provides. For more specific details regarding how AWS keeps data secure, please refer to https://aws.amazon.com/security/
Your data may also be shared with Firebase Crashlytics, Pusher, Cloudflare, Coinbase, and Atlasmic (Web Helpdesk/Live chat).
[8] Applicable law
We will handle Personal Data in accordance with this Privacy Policy and all applicable data protection and privacy laws and regulations, including the European Union General Data Protection Regulation (2016/679) (the GDPR).
Where applicable data protection and privacy laws provide less protection than those granted by this Privacy Policy, this Privacy Policy will apply. Where applicable data protection and privacy laws provide higher protection, they will take precedence over this Privacy Policy.
[9] Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your devices internal memory
We use one performance cookie to allow you to contact us via a Live Chat. To use the Live Chat, you will have to agree to the use of performance cookies. Should you choose not to, you can always email us or, if you already have a Enigma Account, you may contact us there by finding a user with an ID “SUPPORT”. The information on the cookie is provided below.
| Name | Type | Purpose | Storage |
|---|---|---|---|
atlasmic_token | Performance | Used to keep track of the current conversation as well as who started the conversation. | 7 days |
[10] Security
We value your trust in providing us with your Personal Data, thus we are striving to use commercially acceptable means of protecting it. We have implemented the following security measures:
- We are closely working with the worlds biggest white hat hackers organisation HackerOne – they continuously monitor and test possible vulnerabilities;
- We make sure to use the latest technologies without known vulnerabilities;
- We regularly update systems software and packages;
- We do not store any unnecessary data or metadata related to ANY user actions;
- We generate strong, unique and random usernames which are nearly impossible to guess;
- We limit access to critical data;
- All infrastructure related systems are under access control – only system admins with certain IPs can be allowed to access those systems;
- All employees must have 2FA for every system we use;
- All of our employees have regular cyber security awareness and training
- We limit access to critical data;
We want to inform you that whenever you use our Service, in a case of an error in the app, we do not collect data and information (through third-party products) on your phone.
In case of an error, we will receive the following data – exception (error) information, User ID, device name, operating system version, free disk space, free RAM space, and device orientation.
[11] Links to other sites
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
[12] Ads
Unlike other services, we do not use your data for ad targeting or other commercial purposes. Enigma only stores the information it needs to function as a secure and feature-rich cloud service.
[13] Childrens privacy
The Enigma app can be used by persons above the majority age (usually 18 years old) in their country. We do not knowingly collect personally identifiable information from children. We encourage parents and legal guardians to monitor their childrens Internet usage and ensure that they do not use the Enigma app under the majority age. If you have a reason to believe that a child has provided personally identifiable information to us through the Enigma app and/or Services, please contact us
[14] Your rights
You have the following rights in terms of your Personal Data:
- the right to access Personal Data held about you;
- the right to object to processing;
- the right to data portability;
- the right to complain to a Supervisory Authority about processing carried out by us;
- the right to object to automated decision making;
- the right to rectify your Personal Data;
- the right to be forgotten
Since Enigma does not store much Personal Data, your rights will be limited to the Personal Data we do store. However, in no way does this limit your ability to contact us at any point – we are committed to ensuring the security of your Personal Data and we are willing to help you in any way we can.
[15] Changes to this Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on the website.
This policy is effective as of 12 April 2022
[16] Contact us
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us a [email protected].