Legal stuff! Yay! Don’t you simply love unreadable documents!? Unlike other companies we will have two sections – one where we tell you what we think you should know about our products and services – in a way that we would have liked to have read it ourselves.
Then there’s a section just for lawyers….
The Vortimo software is the Chrome Extension and the database/server that is installed on your local machine. The software collects all pages you browse to in your Chrome browser – except for those you define in Settings under Ignore/Recording. It stores these pages in the database which is local to your machine. None of that information is being sent to us at all – we don’t see it in any form or shape. We cannot log or process what we don’t receive.
However – here are some things you want to know about:
- When you run a widget the Vortimo software makes a call to an AWS Lambda function (that is under our control). The function then makes the call out to the remote API. It means that – if we wanted to – we could see the object value and the API keys. The initial design was that the UI would make a call directly to the relevant API (e.g. we’re not in the middle of it) but we scrapped it because too many of the API providers does not allow it. Read about CORS headers [here]. So while we’re really not interested in your API calls we can’t give you the functionality without being in the middle – thus having the ability to see the data. If it helps we can assure you that we don’t log or look at the data.
- To keep the Links sections in our software relevant we have the ability to remotely update links (the buttons you click on that goes off to another website). We check for changed or new links on start-up of the tool and every 90 minutes thereafter. The call-out is to AWS. These requests are also logged – nothing other than the source IP, user-agent, time of the request, resource requested is logged.
- When you replay a site, the data comes from the local store, but we’re pretty sure that there could be trickery (or even bugs on our side) that can cause the page to load any number of elements from the actual live site on the Internet. If you’re working with particular sensitive information and it’s crucial that the target web site is never touched again we advise you to disable your internet connection completely. That’s just good opsec anyhow.
- We call out to Google’s S2 favicon service in order to get you the favicons, the little images next the website, name – never to the actual site.
- When you click on a link that goes to an external provider then obviously the data is going to that provider. The URL is opened on the provider – we do not intercept or record it.
- When you visit our website we obviously log the visit – like any other site on the Internet. In an Apache log format.
Oh – also – when you sign up to the mailing list we record the email address, sector and employer – this is information that you supply to us and just the email address is mandatory. This info is kept at Mailchimp.
All transaction data like credit card numbers, CVV and that stuff is kept with FastSpring. We don’t touch that data.
There are three levels of service:
- FREE: You don’t pay us. We provide no support. You get to use the software – but it’s limited. You can use it for anything you want. If you want to use the software without limits you need to pay a bit of money. If you want to have support you need to pay some more.
- STANDARD: You give us money and in return you get software without any limitations. You get updates, you get bug fixes. You get email support – when we have the time to respond to you. We give priority email support to the Premium users. The Standard license is for personal use only.
- PREMIUM: You give us more money and in return you get everything in the Standard package – but you also get proper email support. It means we get back to your query within 48h (work hours are from 9am to 5pm SAST). You should get a Premium license if your company is paying for it.
- If the software blows up your computer or your network or your house or so on – it’s still on you. We do our best to ensure there is no malware in our software. However we cannot guarantee that our source code hasn’t been compromised by a state-level bad actor. It would be be a sad day though and we’re pretty diligent to ensure that doesn’t happen. Then again – that’s probably what the Solarwinds guys said too.
- Mileage might vary – for all of the models there is no guarantee that the software works exactly as you wish. We will do our best to not have bugs in our software, but let’s be fair – that’s also wishful thinking. Our worst nightmare is if you lose data due to corrupt databases or faulty exports. But – in full disclosure – that can happen. So regularly make PDFs.. 😉
- If you buy the standard version and you use it in your mega corp, then we won’t know – but you’ll find your karma affected by our state of the art automated bad juju generator if you’re lucky, by our lawyers if you’re unlucky. Corporates and big organizations should buy the Premium version. We totally rely on you not to be a poephol.
- For Standard license users – in order to develop (pretty niche) custom software at that price point we can’t really sit next to the computer waiting for your email. We’re all subtle about it but we appreciate that you understand this.
- Download the license agreement [here]. Updated January 2021.
- Download the Service Agreement [here]. Updated January 2021.