Privacy Policy

The Clipboard Everywhere service privacy policy is very simple. Customer data is not sold or given away. Your email address is transiently passed to Amazon Web Services to send you automated emails, but this is a private and secure process. I respect your privacy greatly; but if you wish to read in more detail, feel free to reveal the details below.

Back to Dashboard

Glossary

To help you in reading and understanding this policy, I have included the following definitions:
  • Clipboard Everywhere Website - The website you are currently browsing
  • Clipboard Everywhere Service - The API and real-time hub for which the client software relies on to communicate
  • Client Applications - The applications that you as a user download onto your devices in order to use the Clipboard Everywhere Service
  • ELMAH - Error logging framework. Please see here
  • Amazon Web Services (AWS) - Cloud service provider, used by much of the internet. Please see here
  • PayPal - Payment Processor. Please see here
  • Account Information - A user's account details, such as their email address and email preferences
  • Customer Data - Data that customers store with me on the server, such as clipboard items

1 - Description of Data Stored

1.1 - Clipboard Items

When you log in to one of the client applications, you are connecting to a server. The server saves clipboard items (the data that you copy) and syncs them to your other devices. A clipboard item is an object with several properties. These are the ones that come from the client:
  • Type (to determine whether the item is text or an image)
  • Time (to determine the order of clipboard items)
  • Starred (whether the item is starred)
  • Binary Content (binary data representing the item)
  • Initialization Vector (the IV used in encryption)
Any text that you copy is encrypted with AES-256 encryption. This key is never known to the server, which ensures that your copied content is completely private. If you lose the encryption key, your data will not be recoverable. This encryption strategy is known as end-to-end encryption.
Except in the event of a bug with what the client applications display to you, all clipboard items stored on the server under your user account will be visible on the Clipboard page of the apps. When clipboard items are pushed off of your clipboard history, they are immediately deleted from the server, however they will likely be included in database backups. Database backups are effectively taken every 15 minutes, and usually aren't kept for more than 3 months, but some backups can be kept longer. The backups themselves are encrypted when stored. These backups are taken for disaster recovery scenarios and are unlikely to ever be used. The only person capable of decrypting these backups is me, and your clipboard data is still only decryptable by you, the user.
In addition to storing clipboard items to sync them with your other devices, I also keep track of which one was most recently copied, which allows the system clipboard to be properly synced when new devices log in.

1.2 - Device Data

The client applications transmit four pieces of device data to the server:
  • Operating System Version (e.g. Microsoft Windows 10 Pro)
  • Clipboard Everywhere Application Version (e.g. 1.6.1.0)
  • Application Platform (e.g. Windows Desktop)
  • Device Name (The name you gave to your device when first logging in, or in the Files tab)
The first three items are used to notify you of an updated application version, if available. The Device Name is used by SuperDrop to initiate transfers, and also to enforce connection limits. This data is usually kept only for the duration of your session, but can be kept slightly longer depending on how you disconnect. To be more specific:
  • If you log out of an app, this data is removed from the server immediately.
  • If you forcefully close an app without logging out, it may persist for several minutes.

1.3 - User Account Information

The server stores account details for each user; for example, the user's email address and whether their email address has been verified. Settings such as email preferences are also stored. Sensitive payment information is never stored - such data is handled by PayPal, a third party payment processor company. PayPal will handle your payment details in accordance with all applicable laws. PayPal is not provided with any Clipboard Everywhere account details. No sensitive payment information is ever directly visible to the Clipboard Everywhere servers.
Your email address will sometimes be used to send you automated emails. Some of these emails can be opted-out of, and some important emails, such as those used for email account confirmations, password reset, and billing, are mandatory. Your email address will never be stored with a third party to provide this, however it may be transiently passed to reliable companies (e.g. Amazon Web Services) in order to provide this functionality.

1.4 - Events Recorded by the Server

To better improve Clipboard Everywhere, I do record some events that take place on the server, which can also be called logging. Please note that these logs are never shared with anyone and are only readable by me. I use them to develop, maintain and debug the server-side software. Here is what is logged by the server:
  • Data regarding some requests to the website. This will include the majority of regular web requests to HTML pages that you would make when browsing the site, as well as the majority of requests to the API, which would be done by the client apps, but due to volume excludes the real-time endpoint. Effectively, this means that any purposeful request by a user is logged, but many programmatic requests are not logged. The properties logged are:
    • Request Timestamp
    • Request Uri
    • Request End Time
    • Request Type (whether it is a request to the API or the MVC section of the software)
    • The user's email address, if applicable
  • The latest time that you have logged into the service or website. This is recorded so that I can see when a user was last active. If a user has not been active for several months, they will no longer receive mass emails. This is so that users who have clearly stopped using Clipboard Everywhere will not receive unwanted emails.
  • The timestamp of each clipboard item that is synced to the server, and whether it is text or an image. The content of the clipboard is never stored in these logs! Just the timestamp and whether it is text or an image. This again helps me to see how the software is used.
  • Details regarding server errors. For this, I have integrated ELMAH into my application, so I log everything that ELMAH logs. ELMAH logs details of errors and presents them to me. ELMAH loggs to my own database - it is an offline service.
Please note that, as with all data I store, these logs are kept very secure. On the Home page, you may have noticed a claim that your data is stored in the most secure database engine on the market, now 8 years running as of 2019. This database engine is Microsoft SQL Server, an enterprise-focussed database engine, and it has been classed as the least-vulnerable database engine by NIST.

1.5 - Events Recorded by the Client

For the same reasons as above in section 1.4, the client apps record some events. These events are stored on your device and are not shared without the user initiating the process. The main reason for this logging is to get data from my own devices, and I probably won't ever request this data from a user, but the functionality is there and it is possible for a user to send me their logs if they want to help me to fix a problem. The logs generally contain code execution related details, such as faults in parts of the code, and the order of execution, which can help me to see how multi-threaded operations carry out. Most parts of the code execution are not logged, and logging is typically done in areas that I have found to be problematic, and I'm either looking for a solution to those problems, or monitoring their behaviour to check that they have been fixed correctly. This is all done with the goal of improving the end user experience.
Separate to general logging, I also log crashes (crash reports). When the apps crash, some details of the crash are logged. On next launch, the Android app will ask if you want to send these. The Windows app has a setting that will either send them automatically, or will not send them. The default is to not send them. If you choose not to send them, this could significantly limit my ability to solve problems that are occurring in your apps. Here is what the crash reports contain:
  • Some device and app info; limited to Operating System, Operating System version, App version and Device Name.
  • The timestamp of the crash.
  • The "Location" of the crash, which tells me where in the code it was logged.
  • Details of the crash, such as the type of exception and from where it was thrown. Crash reports do not contain user data.
When allowed by the user, crash reports are submitted to the server, where I can view them to help solve problems. Crash reports will be stored under the account of the user who submitted them. Crash reports are stored securely and privately, and I am the only one with access to them. Crash reports do not contain any user data that may be relevent to the crash. There's nothing compromising with what they contain.

1.6 - SuperDrop

When you use SuperDrop, the server logs the size of each transfer that you make, along with its timestamp, and records which user made the transfer. This data is stored to see how SuperDrop is used. For example, it allows me to see the average size of files sent through SuperDrop, and allows me to see usage patterns. This can help me to determine future improvements to SuperDrop, regarding performance and usability. This log is also used to enforce transfer limits for Free tier users.
When initiating a SuperDrop transfer, the file name of each file that you send is passed to the receiving device through the Clipboard Everywhere Service. This is done for conflict resolution purposes, to enable you to see whether the file already exists on the target device, and is how the sending app presents you with an option to cancel said conflicting transfer, or to write over the existing file. The file name is not stored by the server.

1.7 - Physical Location of Server Data

Server data is stored in an Amazon data centre in London, England.

1.8 - Who owns customer data?

The respective customer.

1.9 - Payments

When you pay with PayPal, PayPal will send me some details of the PayPal account used to complete the purchase. The only identifying information I store is the email address of that PayPal account.
PayPal contacts me when payments, refunds, and subscription changes occur. The details of these changes are automatically stored in my database. For these events, I store:
  • Event ID
  • State (of transaction)
  • Total (amount of payment)
  • Currency
  • Payment Mode
  • Protection Eligibility
  • Protection Eligibility Type
  • Billing Agreement ID
  • Create Time
  • Update Time
  • Plan ID
  • Quantity
  • Start Time
  • PayPal Account Email
  • Status Change Note
  • Refund Amount
  • Sale ID
The above data is not stored for every type of event. A type of event is a payment, or a refund. Some of the above data is stored only for some types of events. Additionally, I store some other private data such as transaction fees and private developer-related PayPal identifiers. When making payments, you must agree to PayPal's privacy policy.
All registered users with appropriate email preferences will be alerted when this policy changes significantly. By default, all users are notified of major changes to this policy. If you are interested in being alerted every time a word in the policy changes, then please let me know. The reason I don't offer this currently is because you may get more alerts than you're expecting. Please do not hesitate to contact me if you have any concerns about the content of this page. I will be more than happy to clarify it for you :-)
Please also note that I am one person and am responsible for the entire Clipboard Everywhere stack. This includes development of the client applications, the website, the API, the database and the servers. If anything on this page is out of date or incorrect, my intent is not malicious, and I do try my best to ensure that it is all up to date and correct. If you notice any inconsistencies or think anything may be outdated, please contact me for clarification.