Privacy Policy

PRIVACY POLICY
IO NINJA
TIBBO TECHNOLOGY, INC.

Tibbo Technology Inc. ("Tibbo") respects the privacy of our users. This Privacy Policy outlines WHAT and WHEN is being transmitted between the IO Ninja software and IO Ninja servers.

1. WEB SIGN-IN (HTTPS): Upon startup, IO Ninja asks for a user's permission to perform a Web sign-in via the system web browser. During the HTTPS handshake that follows, IO Ninja sends its version and a seat fingerprint to the server. A seat fingerprint does not contain any personal or other sensitive information and only helps us distinguish between different seats that IO Ninja runs on. After the handshake completes, a user is asked to log in via the default browser, while IO Ninja keeps polling the server over the HTTPS connection. Once the server authenticates the user account, it sends a so-called app token back to IO Ninja. An app token is a cryptographically signed snapshot of what capabilities are enabled for the given account.

2. AUTO-SIGN-IN (HTTPS): After a web sign-in completes, the user has a choice to keep this workstation signed in. If the user chooses to, a session cookie is saved to the local store on the user's machine. When IO Ninja starts next time, it attempts to restore the previous session automatically. IO Ninja does so by sending this saved cookie and the seat fingerprint to the server. The server checks those, and if the session cookie is valid and matches the seat fingerprint, it generates an app token and returns it to IO Ninja. Otherwise, IO Ninja falls back to the web sign-in above. Since the seat fingerprint is verified, a session cookie cannot be stolen from the local store and used on another machine.

3. POST CRASH REPORTS (HTTPS): Upon startup, IO Ninja may contact Tibbo servers to submit crash dumps collected during previous runs of IO Ninja. During a crash, IO Ninja tries to gather the information that could help us identify the cause of the crash -- a so-called crash report. Currently, crash reports are only being collected and submitted on Microsoft Windows. Crash reports include the version of IO Ninja and the basic information about the platform IO Ninja is being run on (OS type and version, CPU architecture, memory stats). A Windows minidump file is collected using the WinAPI function MiniDumpWriteDump with MINIDUMP_TYPE set to MiniDumpNormal. This way, a minidump will only include just the MINIMUM amount of information necessary to reconstruct stack traces. Unless configured otherwise, IO Ninja asks for a user's permission before submitting a crash report. Crash report files are transmitted over an encrypted HTTPS connection; as such, there's no need to worry about these reports being eavesdropped on by a potential attacker. Crash reports can be completely disabled on the Settings->Privacy configuration page.

Copyright (c) 2008-2021
Tibbo Technology, Inc.
9F-3, Lane 169, Kang-Ning St., Hsi-Chih Dist., New Taipei City, Taiwan
All rights reserved.
TIBBO is a trademark of Tibbo Technology, Inc.
September 07, 2021