The Information Collected
CHATMENT® may obtain the following types of information from or concerning you, your mobile phone device or computer, which may include information that can be used to identify you as specified below.
User Provided Information
You provide certain Personally Identifiable Information, such as your mobile phone number, e-mail address used for Contact Name, name , billing information and device information to CHATMENT® when choosing to participate in various uses of CHATMENT® Services, such as registering as a user, updating your applications or requesting multiple Karawrapped applications for more than one device. CHATMENT® can never access your address book or contact list on your mobile phone or computer. CHATMENT® does not store or have access to any User encryption keys or have the ability to read transmissions. The chosen display name, account name and email address are stored in a secure system locked database, internally using Karaway’s Patented Vault Technology. The password is stored as a non reversible hash. Email address may be utilized by the system to provide the user with notifications, which will require the authorization of the user to use this information. Some of these items may have implied permission, requesting a password reset, and other account management potential issues.
A native application creates a random hash to uniquely identify each device running Karaway® software, the hash may be based on information available such as hardware network addresses, or other device specific information. Any specific information is used to generate a hash that does not itself include any of the original information.
A browser based web application will also create, locally, a unique hash to identify the current device. As part of login, this device key is required to know if the device is authorized.
The first time a client connects, the device key provided is related to the user and is marked as active, allowing the user to login. Any subsequent devices which have new identifiers are marked as inactive, and will require connecting to the website to manage allowed connections; from a previously authorized device. If all previously authorized devices are no longer available, the account will not be able to be accessed.
The device key is used to prevent connections from arbitrary devices from someone who may have acquired the username and password login; Any sense of identity is given by the user logging in with the correct credentials and any other system specific information incidentally used about the user’s system is not available to identify the user.
Optional Automatic Login
In options, it is possible to specify automatic login. This feature uses another unique identifier to connect to the system. Each login, the user authentication service will return a unique token that can be used for the next login; this token will change with every login.
Internal User Identification
Each service that receives a client identifier receives a unique identifier for each client vs what another service might receive. The username (the anonymous name shown to the public, if allowed) may also be used within the system. The CHATMENT® system requires the name to provide routing to the proper destinations, because it traverses multiple services, each of which gets a unique user identifier. This prevents a service from mining client identifiers and then using that information to get information from some other service.
CHATMENT® Future Cloud Storage
Data is saved on a cloud storage server for each browser. This allows the user to retain messages in between closing and reopening a new connection by using a KPVT storage device, using keys provided by the client. Contact information and groups are saved on the server; and reliable, undeleted messages are stored until the client reconnects. Data stored in this vault is mostly managed by the client. Messages stored in the cloud storage are encrypted by the client using keys unavailable to the cloud storage system. A timestamp is associated with messages, so when a client connects and requests information the server can use the timestamp to delete absolutely old, dead messages before giving them to the client. The client is otherwise responsible for deleting expired messages in storage; each cloud storage vault is an extension of the client device into the cloud. The native application also stores some messages, until they expire, and it is the application layer that controls when they are deleted. The user has options to immediately delete data.
Data, such as messages, images, sounds, etc., sent on the CHATMENT® platform have a few modes; Reliable and Immediate. Reliable messages (sent with 'Send' button), are tracked and acknowledged during their whole chain of transmission. If the target user is offline, this message (already encrypted by the client, using keys the server does not have) is stored to forward later. When the user comes online, the Chat system gets notified and reloads and transmits any pending messages for that client, which, when acknowledged by the client, are delete from server storage. Messages older than 7 days will automatically be purged. Immediate messages (sent with '7' button, and various other operations), are non-reliable, such that if the target user is offline when they are sent, they are not saved on the server. They are also not stored in the CHATMENT client cloud storage. Voice live communications, if available on your device, use this sort of transmission with an invite notification.
User Account and Display Names
The anonymous user account name is only used for account creation and user authentication. The registered username is returned through the system and used in subsequent communications. This name will appear in public in groups you join (show group members), and on messages you send to the group. This may be used by others to generate personal and group invitations to you.
You may receive notifications for users that wish to communicate with you. You will receive 3 options,
If an invitation from you to the other user already exists, no new invitation is created and will display ‘sent invitation’.
When you are invited to a named group, the invitation includes the group key. You may accept/reject/ignore this invite also. You are added to that group, with a pending invitation status. You will not receive any messages from the group until you accept the invitation.
Cookies Information: CHATMENT® does not load any cookies when you visit the CHATMENT® website. It does use localStorage in code.
Log File Information: When you visit the CHATMENT® website, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol ("IP") address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, one or more cookies that may uniquely identify your browser, your device, and various status information. When you use CHATMENT® ’s secure downloaded or web browser’s Karawrap® executable application, our servers log certain specific identifying information that the CHATMENT® application sends for authorization sign-in to the system. In the effort to secure Identity, so not just anyone can get your messages, the 2Conn® /CHATMENT® system creates a unique hash to first establish an assumed Identity. This temporary identity client key is saved on the local device in the browser's storage. This random hash is associated with the account when a user account is created. The client identification key comes from the server, and must be available for the client to send to the authentication system. If this key is lost, the system will automatically create a new client key to identify that browser. Other than being a unique identifier, there is no relation to the user's information, location, or any other meta information.
Whenever a message is sent or received, status information, including time and date stamps and the notice that communications was received by receiver then the messages are deleted from the server system. Users control when messages are deleted from their device vault. There is a server log file that records size of data transmitted and the running total of all communications sent for our internal usage.
Information Not Collected
CHATMENT® does not collect names, emails, addresses or other contact information from its users’ mobile address book or contact lists. Users contact lists must be created in the CHATMENT® application installed on the device or web browser user vault for security and privacy. At the present time e-mail addresses are used for contact purposes. This list is not transmitted to CHATMENT®. Certain location data is verified within the Karawrap® application for identification purposes only, but users may voluntarily share their location with other users via CHATMENT® Services. The contents of messages that have been delivered by CHATMENT® are not copied, kept or archived in the normal course of business. CHATMENT® Services are meant to be a secure SMS replacement using data service through a user’s phone (either via cell network or Wi-Fi) and a secure platform for computer communications. Users type transmissions, which are sent via dual encrypted data service to our servers, and routed to the intended CHATMENT® recipient, if that recipient is online. If the recipient is not online, the undelivered message is held in the CHATMENT® servers until it can be delivered. If the message is undelivered for seven (7) days, the undelivered message is deleted from our servers. The contents of any delivered messages are not kept or retained by CHATMENT® . Records of the content of any delivered transmissions reside directly in the sender’s and recipient’s computer or mobile device vaults. This data is deleted at the user’s option choice. CHATMENT® may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which CHATMENT® is legally compelled to collect. Files that are sent through CHATMENT® Servers are deleted and stripped of any identifiable information within a very short period of time in accordance with our general non-retention policies.
If you submit Personal Identifiable Information to us through the CHATMENT® Site, or CHATMENT® Services, then we use your personal information to authenticate use, maintain, and provide to you the security features and functionality of CHATMENT® Services. In particular, your mobile phone number or e-mail address is essential to your use of CHATMENT® Services and will be retained in a secure environment. Any billing information that may be collected from you will be removed within ten (10) days after the termination of your account with CHATMENT® . Any Personal Identifiable Information or content that you voluntarily disclose on CHATMENT® Services becomes publicly available and may be collected and used by other users of the Services if not already automatically deleted. Your name (as it is saved in other user's contact list) may be displayed to other users when you communicate through CHATMENT® Services and other users may contact you directly through CHATMENT® Services with your approval. We do not use your mobile phone number or e-mail address to send commercial or marketing messages. We may, however, use your contact e-mail address without further consent for non-marketing or administrative purposes. We may use both your Personal Identifiable Information and certain non-personal information such as: anonymous user usage data, IP addresses, browser type, click stream data, etc. to improve the quality and design of the CHATMENT® Site and Services. We may use log file information to monitor individual and aggregate metrics such as total number of your communication entries and views.
We do not sell or share your Personal Identifiable Information. CHATMENT® Services may collect and release Personal Identifiable Information and/or non-personal-identifiable information if required to do so by law, or in the good-faith belief that such action is necessary to comply with state and federal laws, international law or respond to a court order, subpoena, or search warrant or equivalent, or where in our reasonable belief, an individual’s physical safety may be at risk or threatened. CHATMENT® also reserves the right to disclose Personal Identifiable Information and/or non-personally-identifiable information that CHATMENT® believes, in good faith, is appropriate or necessary to enforce our Terms of Service, take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of the CHATMENT® Site or our servers, and to protect the rights, property, or personal safety of Karaway®, CHATMENT® , our users or others.
CHATMENT® utilizes patented technology combined with modified commercially physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We cannot, however, ensure or warrant the absolute security of any information you transmit through CHATMENT® and you do so at your own risk. Using unsecured Wi-Fi or other unprotected networks to submit communications through CHATMENT® Services is not recommended, even though all transmissions are encrypted and protected as much as possible as of today. Once we receive your transmission of information, CHATMENT® takes extreme efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If CHATMENT® learns of a security systems breach, and then we will attempt to notify you electronically so that you can take appropriate protective steps. CHATMENT® will post a notice on the CHATMENT® Site or through CHATMENT® Services if a security breach occurs. CHATMENT® wants to be known as the most secure communication service in the world.
CHATMENT® does not knowingly collect or maintain Personal Identifiable Information or non-personal-identifiable information on CHATMENT’®s Site or CHATMENT® Services from persons under 18 years of age, and no part of CHATMENT® Services are directed to or intended to be used by persons under 18. If you are under 18 years of age, then please do not use CHATMENT® Services. If CHATMENT learns that Personal Identifiable Information of persons under 18 years of age has been collected by mistake or through devious means then CHATMENT® may deactivate the account and/or make submissions inaccessible.
Notice to International Users
The CHATMENT® Site and Services are hosted in the United States and are intended for and directed to users in the United States. If you are a user accessing CHATMENT® Site and Services from any other foreign region or country with laws or regulations governing personal data collection, use, and disclosure, that differ from United States laws, please be advised that through your continued use of CHATMENT® , that is governed by Arizona and Nevada law, you are transferring your personal information to the United States and you expressly consent to that transfer and consent to be governed by law for these purposes.
In the event that either or both Karaway Entertainment, LLC or CHATMENT® are acquired by or merged with a third party entity, we reserve the right to transfer or assign the authentication information we have collected from our users as part of such merger, acquisition, sale, or other change of control. In the event of bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, we may not be able to control how your limited personal information is treated, transferred, or used.
Changes and Updates
Effective Date: 4-2-2019