This Privacy Policy has been updated on October 15 2023 and is an updated version of the previous privacy policy that was applicable to “My Callisto” - now called the Callisto Vault.
This Privacy Policy describes the information we collect, use, and store when you create an account for Callisto Vault (formerly called My Callisto). Callisto Vault is a different service from Callisto Campus, which was sunsetted in 2020. If you created an account with the Callisto Campus service then the Callisto Campus Privacy Policy is still applicable to that account. If you visit our website and do not create an account for Callisto Vault, then the projectcallisto.org privacy policy is applicable.
Callisto Vault is a suite of web accessible tools built for survivors, by survivors that enable you to create an Incident Log or to create an entry in the survivor Matching System. We understand that sharing any information related to a sexual assault is difficult and can create risks for survivors. We weave privacy and information security into every design decision of our tools.
Through encryption and other techniques, we ensure that only you have access to information you provide that identifies you or the perpetrator you designate. If you create an entry that matches with another user’s entry who names the same perpetrator, then only your assigned Legal Options Counselor will have the ability to see your identity and the unique identifiers of the named perpetrator. Your Legal Options Counselor is a legal advocate who will advise you of your rights and help you navigate your options for taking action. Your entry information and other communications with your Legal Options Counselor about your options to seek justice are confidential, to further protect your privacy.
In this Privacy Policy, we explain in detail:
What information about you we collect and store when you create a Callisto Vault account
For what purposes we use your Callisto Vault information and general data about our users
What limited Callisto Vault information Callisto employees have access to
What information your Legal Options Counselor has access to
What non-identifying information we share with third parties
How we protect your information
1. WHAT INFORMATION WE COLLECT AND STORE
The type of information we collect and store depends on your activity after you created a Callisto Vault account. The description below details the information we collect in Callisto Vault only.
YOU CREATE AN ACCOUNT IN CALLISTO VAULT
The login credentials that you need to provide to us when you create a Callisto Vault account are:
Your school email address, so we can send you a link to create an account, or help you recover access to your account
Your personal email, so we can send you important update information, or help you recover access to your account
A username for your account. This user name does not need to identify you and can be different from your first and last names
A password to protect access to your account
Your phone number and a security question answer to help you recover access to your account
We restrict access to Callisto Vault only to users who have an .edu email address. This reduces the risk of use of the Callisto platform by individuals who are not students or faculty for fraudulent or deceptive means. Callisto does not store your email address and only uses it once to send you the link needed to create your account. Our vendor MailGun retains your email address in their logs for five days and then deletes it.
Once you create an account, Callisto Vault stores your username, password, email, phone number and security question information in an encrypted form that Callisto Vault cannot decrypt. We therefore do not have access to your account information.
When you create an account, you will also be asked to provide demographic information. This information is completely anonymous and is not connected to your user name or in any way tied to your account. It will only be used in aggregate form, to help us understand Callisto Vault users without knowing who they are.
Your Callisto Vault account username and password are the safest way to access any information that is stored in Callisto Vault, so it is important that you choose a username and password that you can easily remember, or store them in a safe and secure place. You can change your account password at any time.
If you forget your password or lose your backup code, you can provide Callisto your email address and phone number, which will be immediately encrypted and matched with your account information (all in encrypted form), and an email will automatically be sent to you with a link to a page with your security question where you can provide the answer to recover access to your account. Your email address is decrypted solely for our vendor MailGun to send you your account recovery email. MailGun retains your email address in their logs for five days and then deletes it.
YOU CREATE AN INCIDENT LOG IN CALLISTO VAULT
If you decide to create an Incident Log, you will be asked to fill in a form with a series of questions to help you describe the events around the assault or coercion. You can include as much or as little information as you like. All Incident Logs are protected by advanced cryptographic techniques and only you, using your account username and password, can access it.
YOU CREATE A MATCHING ENTRY IN CALLISTO VAULT
To create a matching entry and designate your perpetrator, we request that you provide the following information:
Your Preferred name
Your Phone number or email
Your Preferred contact method (phone, email, text)
At least one unique identifier of the perpetrator you designate, such as their social media account information, phone number or email address
The state in which the assault occurred (so we can assign a legal Options counselor in that state in case of a match)
The school that you attend
All of the above matching entry information is protected by using advanced cryptographic techniques and is only accessible by you using your Callisto Vault account username and password, until a match is made. No Callisto employee has access to this information, therefore we cannot share it with anyone. Unless and until a match happens, you are the only person who has access to this information. If a match happens, your Legal Options Counselor will have access to your matching entry.
You can access your matching entry to edit it or remove it from our platform at any time. When you delete your entry, all information from the entry is removed from Callisto Vault.
YOU ARE MATCHED WITH ANOTHER SURVIVOR
No additional information is collected. When an entry you submitted is matched with the entry or another survivor who designated the same perpetrator, we generate a non-identifying unique ID that corresponds to that perpetrator. Your entry and the entry provided by the other survivor are linked then via the common perpetrator unique ID generated by Callisto Vault.
When this match occurs and the common perpetrator ID is generated, your assigned Legal Options Counselor will have the ability to decrypt and access your matching entry information. See details in Section 4, Who Has Access to Your Information below.
YOU GIVE US FEEDBACK ON YOUR LEGAL OPTIONS COUNSELOR
Once you have been fully advised by your Legal Options Counselor on the pros and cons of your various options for seeking justice, your Legal Options Counselor will ask you to fill out a survey to provide us with feedback on your experience with your Legal Options Counselor. This is done on a voluntary basis. We are solely interested in feedback regarding the skills, competence, and professionalism of your Legal Options Counselor. The survey is anonymous and does not collect any information about you.
YOU HAVE BEEN DESIGNATED AS A PERPETRATOR BY A USER OF CALLISTO VAULT
If you have been designated as a perpetrator by one of the Callisto Vault users, we will store in Callisto Vault an encrypted version of unique identifiers used to designate you, such as your telephone number, email address, or social media account information.
All such information is protected using advanced cryptographic techniques and only the Callisto Vault user who created the entry can access such information, or, in case of a matching entry, their designated Legal Options Counselor.
2. Why We Collect and Store Your Information
In this section we explain for what purpose we use information you create and submit to Callisto Vault.
To Provide Our Services to You
We use all account information, Incident Log information and matching entry information to provide the Callisto Vault tools and services, including our Legal Options Counselor service. Specifically, we use your information to enable you to create a record of your experience, identify your offender, be matched with other survivors of the same offender, be connected with a Legal Options Counselor, and have the opportunity to coordinate action with the other survivor(s) of the same offender. We also enable you to provide feedback to us, including your level of satisfaction with the Legal Options Counselor that was assigned to you.
The information from Callisto Vault matching entries also enables us to link survivors of repeat offenders together through coordination with Legal Options Counselors. Callisto Vault aims to stop serial offenders from committing further acts of sexual misconduct and to build safe communities where such behavior is unacceptable.
We also enable you to manage your account settings, including changing your password, help you recover access to your account, and send you email messages about updates to our terms of service, privacy policy or other Callisto Vault feature updates.
To Measure Our Effectiveness and Impact
We analyze aggregate usage trends to understand how our users are using our tools, and which features appear to be more useful and have the most impact. Specifically, the non-identifiable data we collect about our users’ use of the Callisto Vault and services helps us understand how many:
users create an account
account holders create an encrypted record form
account holders create a matching entry
entries match as having designated the same perpetrator
survivors benefit from the advice of a Legal Options Counselor and the effectiveness of the Legal Options Counselor service to them.
This helps us in our decisions to develop new products, features and services, and to create a better website,tools, and services to further our mission to empower survivors of sexual assault or coercion to navigate inequitable systems utilizing technology.
3. HOW LONG WE KEEP YOUR INFORMATION
Email: when you first provide your .edu email address to us to receive the link to create your Callisto Vault account, or if you use your email to recover access to your account, our email service provider Mailgun retains your email address in their logs for five days and then deletes them.
Account Information: Your encrypted username and password are maintained for as long as you wish to keep your account and have access to your Encrypted Record Form or your marching entry. If you terminate your account, all account information will be permanently removed from our systems.
Incident Log: Callisto Vault will store your Incident Log for as long as you wish to maintain it. You can delete it from the Callisto Vault system at any time. Once you delete it, all associated information will be permanently removed from our systems. If you terminate your account, your Incident Log and all associated information will be automatically deleted.
Matching Entry Information: Matches happen over time, and it is therefore important that our users’ entries are maintained and stored over time to enable the matching feature. If you delete your entry or terminate your account, the information from your matching entry is deleted.
If you do not delete your account, Incident Log or matching entry information, we retain your data for as long as we have a legitimate purpose to do so (and in accordance with applicable law), including to continue to detect serial offenders, assist with legal obligations, resolve disputes, and enforce our agreements.
If you terminate your account or delete your Incident Log or matching entry, Callisto will keep the demographic information that you provided upon creating your account, but that information is never associated with your account and so cannot be used to identify you.
In the event that Callisto ceases operation, we will securely delete any collected information.
4. WHO HAS ACCESS TO YOUR INFORMATION
Callisto Employees
No Callisto employee has access to your Callisto Vault account user name or password, nor to your Encrypted Record Form, and therefore we are unable to share this information with anyone, even if requested by a court order.
Callisto employees have access to limited information from your matching entry as detailed below:
non-identifying visitor ID and Callisto Vault account ID
the state in which the assault occurred
the college campus with which you are affiliated
Access to this limited information is necessary to assign you to a Legal Options Counselor that can best advise you in case of a match. Callisto employees do not have any access to any information identifying you, nor any perpetrator identification information. Such information is encrypted and Callisto employees do not have the capability to decrypt it.
Your Assigned Legal Options Counselor
When you create a matching entry, you designate a perpetrator. In the event where another Callisto Vault user creates an entry designating the same perpetrator, Callisto will assign to you a Legal Options Counselor who will contact you to advise you of your rights and help you navigate your options for taking action.
Your assigned Legal Options Counselor will have the ability to decrypt and access the information you provided in your entry, including your name, your contact information, and the unique identifiers of the designated perpetrator. They will also see the college campus with which you are affiliated. Prior to submitting your entry, you will be prompted to instruct us to share your entry data with your assigned Legal Options Counselor in case of a match, with the understanding that this information will be shared for the purpose of seeking legal advice and therefore be subject to an attorney-client privilege protection.
Your Legal Options Counselor is a third-party lawyer and all communications with them relating to the assault or coercion experience and your options for remedy are protected under attorney-client privilege, including your entry information. This means that your Legal Options Counselor is bound by professional and ethical rules to keep your information secret, and that you may not be compelled, even by a court order, to disclose the substance of your communications with your Legal Options Counselor that relate to your experience or your options to seek justice. However, you may lose the attorney-client privilege protection if you disclose the content or nature of your matching entry or Legal Option Counselor communications with anyone else, including another survivor.
No identifiable user information is ever shared between Callisto staff and the Legal Options Counselors.
Legal Options Counselors do NOT have access to any information in your Incident Log. They do not have access to your Callisto Vault account name and password.
Our Partners
Callisto partners with colleges, foundations, corporations, and nonprofits across the United States. We may share aggregate Callisto Vault usage information with our partners, such as the number of users who create an Encrypted Record Form, a matching entry, or the number of matches, but never in any way that would identify or enable the identification of any particular user.
Our Service Providers
Like all other technology and web platforms, we can not do it all alone. We work with vendors and service providers to help us run Callisto Vault.
During account creation, we offer the ability for users to check the security of their password through https://haveibeenpwned.com/Passwords. This service is separate and distinct from Callisto Vault and so any password you check via their service is subject to the haveibeenpwned privacy policy.
We also engage Mailgun to send you via email the link necessary to create a Callisto Vault account or help you recover access to your account. They only use your email for the sole purpose of providing their service to us and discard your email after five days.
In addition to the vendors listed above, we work with other vendors and service providers to help us run our website and platform. We use cloud-based data hosting providers to host the user data we collect and store as well as to securely store encryption key information. We use vendors to help with our website infrastructure and network protection from third-party attacks. None of these vendors have access to your username and password, your Encrypted Record Form or your matching entries that are encrypted. They collect information about user activities on our web application, but not about individual users.
5. HOW WE KEEP YOUR INFORMATION SAFE, INCLUDING FROM COURT ORDERS AND SUBPOENAS
Callisto Vault was built by survivors, for survivors. We understand that reporting sexual assault and coercion creates risks for victims, so we care obsessively about the privacy and security of our users.
To stop the spread of sexual violence and misconduct while still protecting the privacy of both the victim and the accused, we built an advanced cryptographic approach for our product. This means that any information that personally identifies you and any information you provide in your entry (including the identity of the designated perpetrator) is encrypted. Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is used to protect sensitive information so that only authorized parties can view it. Encrypted information will appear scrambled to anyone who tries to view it. It must be decrypted in order to be recognized or readable. This requires a password or a private key, which can be used to unlock files associated with the key.
When you create your account, your account login credentials are encrypted and not accessible to any Callisto employee or third party.
When you create an Incident Log, all associated information is encrypted and not accessible to any Callisto employee or third party.
When you create a matching entry, all identifying entry information is encrypted and only you or your Legal Options Counselor (if there is a match) have the key to decrypt it.
What Happens if We Receive a Court-Ordered Request for User Information?
We designed Callisto Vault so that no one can access data that identifies you or the offender designated in your entry, or any other data you submit via an Incident Log. If Callisto is ordered to disclose such data by a court-sanctioned subpoena or a court order, Callisto would simply be unable to produce it. While Callisto does not have access to any information that is identifying, general Callisto Vault usage data that we log may be crossed with other information obtained from third parties (such as your internet service provider) to provide additional information about your activities on Callisto Vault. In the event we receive a subpoena or court order to produce any information we stored in our Callisto Vault systems, our attorneys will address each such request individually with the goal of protecting survivor privacy and confidentiality.
If you receive a subpoena to compel the disclosure of any of your matching entry information, your Legal Options Counselor will assist you in asserting that such data is protected by attorney client privilege.
If you receive a subpoena to compel the disclosure of any of your Incident Log information, you should consult an attorney on how to respond.
100% Security Cannot Be Guaranteed
While privacy and security by design is integrated into Callisto Vault, no internet-enabled data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any of the information you submitted to Callisto Vault has been compromised), please immediately notify us by contacting us at privacy@projectcallisto.org.
6. UPDATES TO THIS POLICY AND HOW TO CONTACT US
Modifications to This Privacy Policy
From time to time, we may update this Privacy Policy as we update Callisto Vault and its features. We will notify you through a notification posted on the website, or as required by applicable law. Unless stated otherwise, modifications will become effective on the day they are posted.
If you continue to use Callisto Vault after the effective date of any change, then your access and/or use will be deemed an acceptance of our revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.
Contact Us
If you have any questions or concerns regarding our Privacy Policy or the way in which we process or protect your information, please contact us at privacy@projectcallisto.org.