For the purpose of this agreement, the terms "we", "us", "our" refers to dennisbabkin.com, the company that provides the service, and "I", "you", "your", "yours" refers to the user of the Cash Counter - Small Office Tools. The term "software", "service", or "services" refers to the outcome of using the software code and application provided by the Cash Counter - Small Office Tools.
Should you have any questions or concerns regarding the use of the Cash Counter - Small Office Tools, please consider contacting us at dennisbabkin.com/contact first. By downloading and/or installing, or using the Cash Counter - Small Office Tools you are implicitly agreeing to the terms of this document.
What information do we collect?
The following may be collected during the operation of the Cash Counter - Small Office Tools:
- All data collected and processed by the Cash Counter - Small Office Tools during the course of its operation is stored on your local disk. Such data was never intended by us to leave your local computer where the service is installed and running. The exception of such rule is the following: A) When you manually email/send/transmit said data file upon your own discretion with or without using the functions provided by the service, and B) When any other software running on your system inadvertently or otherwise disposes of the information stored by our service. Because such data is stored in a local file on disk in a multitasking environment, we do not have a full control over actions of any third-party software running on your system that may dispose of the said file upon its own discretion. As an example, such third-party software may include: antivirus products, scanners, operating system itself while synchronizing access to roaming folders, etc.
- Technical information regarding the operation of the service, especially in the event of a technical malfunction of the service. Collected information may include: date and time, version of the service, version of the operating system, state of the CPU, amount (and not the contents) of the free vs. used RAM/memory, amount (and not the contents) of the free vs. used disk space where the operating system is installed and/or where the service is running from, as well as other minimal diagnostic information about the malfunction. It is important to note that such information is intended by us to never leave the local computer where the service is installed and running. The exception of such rule is the following: A) When you manually email/send/transmit such information to our support team after a request to fix a malfunction in the service. Note that such action is totally voluntary on your part, and B) When any other software running on your computer may inadvertently or otherwise dispose of the information collected by our service. Because such information is stored in a local file on disk in a multitasking environment, we do not have a full control over actions of any third-party software running on your system that may dispose of the said file upon its own discretion.
- Version of the Cash Counter - Small Office Tools downloaded and used from the Windows Store may collect and transmit from/to the Window Store the following information: a) state of the license for the service, b) expiration of the license, c) your purchase of the license. Note that none of this information will be shared with our service and will be handled entirely by the Operating System. Refer to the Microsoft data collection policy for further information.
What information do we not collect?
Anything that is not expressly outlined in the section above is not collected by the Cash Counter - Small Office Tools. This includes any "covert", or "behind the scenes" collection and transmission of data while the service is running. In its pristine condition the service is intended to expressly display a user notification and ask for further permission to transmit the collected information outside of the local computer where the service is installed and running.
How do we protect your information?
During the course of its operation, the Cash Counter - Small Office Tools stores the data it works with on the local disk. While being stored on disk, some of the information may be "scrambled" to prevent a casual observer from gaining unauthenticated access to the data. It is important to note that by the term "scrambled" we do not mean "encrypted" which in turn implies that safeguarding the data file on your local disk is your responsibility.
How do we protect the passwords used by the service?
During the course of its operation, the Cash Counter - Small Office Tools allows users to authenticate access to some of the data the service works with using passwords. While providing access to password-protected data the service is NEVER intended to store passwords in the plaintext form, and to always scrub (or delete) plaintext passwords out of memory as soon as it's done converting them into secure cryptographic hashes. The service is never intended to save (or offload) plaintext passwords to disk. The service employs adequate encryption methods to safeguard provided user passwords. The following technical details outline the process:
- During exporting of the database with the user data the plaintext password provided by a user is passed through multiple rounds of the PBKDF2 algorithm to generate an encryption key. (The service allows you to specify an arbitrary number of rounds for PBKDF2 algorithm in preferences, as long as that number is larger than 10,000. The service uses 100,000 rounds by default.) Then generated encryption key is used for the AES-256 encryption of the database itself, with the GCM authentication method. Note that the plaintext form of the user provided password is scrubbed from memory as soon as the encryption key is generated. The plaintext form of the user provided password is never intended to leave the memory/RAM of the Cash Counter - Small Office Tools.
- During importing of the database with the user data the plaintext password provided by a user is passed through multiple rounds of the PBKDF2 algorithm. The resulting hash is used for decryption of the data file using the AES-256 algorithm with GCM authentication. The service intends to scrub the plaintext password from memory as soon as it's done generating secure hash using the PBKDF2 algorithm.
Do we use third-party links and affiliate programs?
Desktop version of the Cash Counter - Small Office Tools does not use third-party links or affiliate programs. The version of the service downloaded from the Windows Store may use affiliate links associated with the Windows Store. Refer to the Microsoft data collection policy for further information.
What information do we store on our servers?
As noted above, the Cash Counter - Small Office Tools is a locally installed service that was not intended to collect and offload any of your information to our servers. That being said, there are following exceptions:
- When you voluntarily submit a bug (glitch) report we will store the contents of your submission on our servers for the purpose of fixing the bug and to improve the service in the future. In the event that you prefer us to scrub (or delete) all data from our servers once the bug (issue) has been resolved, please indicate so in your email request.
- When you voluntarily submit any kind of feedback via email we will store such report to improve the service in the future.
- Version of the Cash Counter - Small Office Tools downloaded from the Windows Store may transmit license status, license expiration, license acquisition, as well as potentially other telemetry to the Microsoft servers. Such collection and transmission is done entirely by the Operating System and is outside of control of the Cash Counter - Small Office Tools.
What information do we use for marketing purposes?
None of the information collected by the Cash Counter - Small Office Tools during its operation will be used for marketing purposes. You pay for your use of the service by purchasing its license.
What if I want to remove the service completely?
You are fully empowered to do so. By uninstalling the Cash Counter - Small Office Tools, the service is intended to completely scrub (or delete) all of its files, including the generated data file(s). The exception of this rule is the following: A) Diagnostic event log that was collected during the operation of the service. By its nature, such log is stored in the Windows Event Log that is shared by all software on your local system. To remove all entries from the log generated by the service open Windows Event Viewer by running eventvwr command as administrator. Then go to Windows Logs -> Application and select "Clear Log." Then confirm by clicking "Clear." B) Any submissions that you made via email to our support team. You may request us to delete all of your submitted information by going to dennisbabkin.com/contact page.
Are you a security researcher reporting a bug or vulnerability?
If you are a security researcher, or just a user that is trying to report a bug or security vulnerability in our software or services, please do not hesitate to submit your feedback. We are currently not offering any bug bounty programs. (We are a small group of developers.) But we will do everything possible to provide a bug-free software for our users. By submitting your bug and vulnerability reports you will contribute to the general benefit of the software users like yourself.
We provide several ways of contacting us and guarantee that there will be no legal or other ramifications to you, person(s) who are reporting the bug or vulnerability, even if your use or methods of obtaining of our software were not covered by our terms of service, EULA, or even the local laws. We promise to keep any interaction between you and our support team as anonymous as possible and to absolve you from any legal consequences that may arise from your reporting of the vulnerability, or from the research that was undertaken to discover it.
How can I contact you?
If you have any questions or concerns about this policy, please contact us by going to dennisbabkin.com/contact page.
When was this document last updated?
It was last updated on March 13, 2018