Privacy Policy

The Clipboard Everywhere service privacy policy is very simple. Customer data is not sold or given away. Your email address is transiently passed to Amazon Web Services to send you automated emails, but this is a private and secure process. A unique, private identifier is passed to Braintree in order to link purchases to your account, in the event that you subscribe to the Premium tier. I respect your privacy greatly; but if you wish to read in more detail, feel free to reveal the details below.

Back to Dashboard

Glossary

To help you in reading and understanding this policy, I have included the following definitions:
  • Clipboard Everywhere Website - The website you are currently browsing
  • Clipboard Everywhere Service - The API and real-time hub for which the client software relies on to communicate
  • Client Applications - The applications that you as a user download onto your devices in order to use the Clipboard Everywhere Service
  • Microsoft Application Insights - Performance monitoring framework. Please see Here
  • ELMAH - Error logging framework. Please see here
  • Amazon Web Services (AWS) - Cloud service provider, used by much of the internet. Please see here
  • Account Information - A user's account details, such as their email address and email preferences
  • Customer Data - Data that customers store with me on the server, such as clipboard items

1 - Description of Data Stored

1.1 - Clipboard Items

When you log in to one of the client applications, you are connecting to a server. The server saves clipboard items (the data that you copy) and syncs them to your other devices. A clipboard item is an object with several properties. These are the ones that come from the client:
  • Type (to determine whether the item is text or an image)
  • Time (to determine the order of clipboard items)
  • Starred (whether the item is starred)
  • Binary Content (binary data representing the item)
  • Initialization Vector (the IV used in encryption)
Any text that you copy is encrypted with AES-256 encryption. This key is never known to the server, which ensures that your copied content is completely private. If you lose the encryption key, your data will not be recoverable. This encryption strategy is known as end-to-end encryption.
Except in the event of a bug with what the client applications display to you, all clipboard items stored on the server under your user account will be visible on the Clipboard page of the apps. When clipboard items are pushed off of your clipboard history, they are immediately deleted from the server, however they could be included in database backups. Database backups are effectively taken every 15 minutes, and usually aren't kept for more than 3 months, but some backups can be kept longer. The backups themselves are encrypted when stored. These backups are taken for disaster recovery scenarios and are unlikely to ever be used.
In addition to storing clipboard items to sync them with your other devices, I also keep track of which one was most recently copied, which allows the system clipboard to be properly synced when new devices log in.

1.2 - Device Data

The client applications transmit four pieces of device data to the server:
  • Operating System Version (e.g. Microsoft Windows 10 Pro)
  • Clipboard Everywhere Application Version (e.g. 1.6.1.0)
  • Application Platform (e.g. Windows Desktop)
  • Device Name (The name you gave to your device when first logging in, or in the Files tab)
The first three items are used to notify you of an updated application version, if available. The Device Name is used by SuperDrop to initiate transfers, and also to enforce connection limits. This data is usually kept only for the duration of your session, but can be kept slightly longer depending on how you disconnect. To be more specific:
  • If you log out of an app, this data is removed from the server immediately.
  • If you forcefully close an app without logging out, it may persist for several minutes.

1.3 - User Account Information

The server stores account details for each user; for example, the user's email address and whether their email address has been verified. Settings such as email preferences and whether or not images will be copied, and whether encryption has been enabled, are also stored. Sensitive payment information is never stored - such data is handled by Braintree, a third party payment processor company owned by PayPal. Braintree will handle your payment details in accordance with all applicable laws. Braintree is provided with your user ID in order to link the purchase to your account, but they are not provided with your email address. No sensitive payment information is ever directly visible to the Clipboard Everywhere servers.
Your email address will sometimes be used to send you automated emails. Some of these emails can be opted-out of, and some important emails, such as those used for email account confirmations, password reset and billing, are mandatory. Your email address will never be stored with a third party to provide this, however it may be transiently passed to reliable companies (e.g. Amazon Web Services) in order to provide this functionality.

1.4 - Events Recorded by the Server

To better improve Clipboard Everywhere, I do record some events that take place on the server, which can also be called logging. Please note that these logs are never shared with anyone and are only readable by me. I use them to develop, maintain and debug the server-side software. Here is what is logged by the server:
  • Data regarding some requests to the website. This will include the majority of regular web requests to HTML pages that you would make when browsing the site, as well as the majority of requests to the API, which would be done by the client apps, but due to volume excludes the real-time endpoint. This data is collected by Microsoft Application Insights, which is a performance monitoring framework. It grants me insight into the performance of the server applications, and shows me metrics such as page load time, database response time, server response time, and the amount of requests I'm getting and to which endpoints. This is not an exhaustive list, but will hopefully make semi-simple the reason why I use it. This data can be very helpful in solving problems and improving the end-user experience. This is stored in a Microsoft data centre in the Netherlands, and partially in my own database.
  • The latest time that you have logged into the service or website. This is recorded so that I can see when a user was last active. If a user has not been active for several months, they will no longer receive mass emails. This is so that users who have clearly stopped using Clipboard Everywhere will not receive unwanted emails. This is stored in my own database.
  • The timestamp of each clipboard item that is synced to the server, and whether it is text or an image. The content of the clipboard is never stored in these logs! Just the timestamp and whether it is text or an image. This again helps me to see how the software is used. This is stored in my own database.
  • Details regarding server errors. For this, I have integrated ELMAH into my application, so I log everything that ELMAH logs. ELMAH logs details of errors and presents them to me. ELMAH logs to my own database, but Microsoft Application Insights also logs some of this.
Please note that, as with all data I store, these logs are kept very secure. On the Home page, you may have noticed a claim that your data is stored in the most secure database engine on the market, now 8 years running as of 2019. This database engine is Microsoft SQL Server, an enterprise-focussed database engine, and it has been classed as the least-vulnerable database engine by NIST.

1.5 - Events Recorded by the Client

For the same reasons as above in section 1.4, the client apps record some events. These events are stored on your device and are not shared without the user initiating the process. The main reason for this logging is to get data from my own devices, and I probably won't ever request this data from a user, but the functionality is there and it is possible for a user to send me their logs if they want to help me to fix a problem. The logs generally contain code execution related details, such as faults in parts of the code, and the order of execution, which can help me to see how multi-threaded operations carry out. Most parts of the code execution are not logged, and logging is typically done in areas that I have found to be problematic, and I'm either looking for a solution to those problems, or monitoring their behaviour to check that they have been fixed correctly. This is all done with the goal of improving the end user experience.
Separate to general logging, I also log crashes (crash reports). When the apps crash, some details of the crash are logged, and you should be prompted to share these crash reports with me when you next launch the app. You can control how they are sent. You can decide every time, send them automatically, or choose never to send them. If you choose not to send them, this could significantly limit my ability to solve problems that are occurring in your apps. Here is what the crash reports contain:
  • Some device and app info; limited to Operating System, Operating System version, App version and Device Name.
  • The timestamp of the crash.
  • The "Location" of the crash, which tells me where in the code it was logged.
  • Details of the crash, such as the type of exception and from where it was thrown. Crash reports do not contain user data.
When allowed by the user, crash reports are submitted to the server, where I can view them to help solve problems. They are stored anonymously, and it would be difficult to link a crash report to a specific user, but I cannot promise that the connection is impossible to make. Though I can't promise that the link is impossible to make, I can promise that crash reports are stored securely and privately. Crash reports do not contain any user data that may be relevent to the crash. There's nothing compromising with what they contain.

1.6 - SuperDrop

When you use SuperDrop, the server logs the size of each transfer that you make, along with its timestamp, and records which user made the transfer. This data is stored to see how SuperDrop is used. For example, it allows me to see the average size of files sent through SuperDrop, and allows me to see usage patterns. This can help me to determine future improvements to SuperDrop, regarding performance and usability. This log is also used to enforce transfer limits for Free tier users.
When initiating a SuperDrop transfer, the file name of each file that you send is passed to the receiving device through the Clipboard Everywhere Service. This is done for conflict resolution purposes, to enable you to see whether the file already exists on the target device, and is how the sending app presents you with an option to cancel said conflicting transfer, or to write over the existing file. The file name is not stored by the server.

1.7 - Physical Location of Server Data

Server data is stored in an Amazon data centre in London, England; or a Microsoft data center in the Netherlands. The Netherlands contains only analytical data from Application Insights. Everything else is stored in London.

1.8 - Who owns customer data?

The respective customer.
All registered users with appropriate email preferences will be alerted when this policy changes significantly. By default, all users are notified of major changes to this policy. If you are interested in being alerted every time a word in the policy changes, then please let me know. The reason I don't offer this currently is because you may get more alerts than you're expecting. Please do not hesitate to contact me if you have any concerns about the content of this page. I will be more than happy to clarify it for you :-)
Please also note that I am one person and am responsible for the entire Clipboard Everywhere stack. This includes development of the client applications, the website, the API, the database and the servers. If anything on this page is out of date or incorrect, my intent is not malicious, and I do try my best to ensure that it is all up to date and correct. If you notice any inconsistencies or think anything may be outdated, please contact me for clarification.