Choose your storage product


Object Storage


Device Backup

WD My Cloud Home


Choose your storage product


Object Storage


Device Backup

WD My Cloud Home



CrowdStorage Privacy Policy

Last update: November 1, 2019


Who We Are

CrowdStorage, Inc., (“CrowdStorage”) provides advanced technology to enable efficient cost models in cloud storage devices through use of excess device storage capacity. CrowdStorage technology and services include: data compilation, encryption, fragmentation, and storage through shared device usage by allocating storage to available hard-drive space on personal and commercial cloud storage devices. This cutting-edge technology is highly flexible to user needs, allowing for maximum personal use or available shared use of data storage. The cost model recognizes the value of available space and enables a reduced customer price for devices in return for the ability to “share” excess device storage. CrowdStorage has extensive experience operating its shared storage model in the home technology industry. As part of operating its technology and related services, CrowdStorage engages in typical business operations, including operating its main website, related websites, networks, embeddable widgets, downloadable software, mobile applications, and other services it provides (collectively, the “Services”). CrowdStorage also engages with other business representatives for shared opportunities and support services, and processes personal data of those representatives.CrowdStorage is a corporation based in the United States, incorporated in Delaware, with its headquarters in Lehi, Utah. CrowdStorage respects your privacy and takes safeguarding personal data seriously. Please read the following to understand the privacy practices of CrowdStorage.



“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data does not include information that is anonymized. Personal Data also does not include corporate information that relates to an organization but not to an individual, such as a corporate name, corporate address or general corporate phone number. However, if it is combined with your Personal Data in a manner that reasonably allows it to be associated with your identity, or is otherwise considered Personal Data under applicable law, it will be treated as Personal Data under this Privacy Policy.


EU-U.S. Privacy Shield Framework

CrowdStorage complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. CrowdStorage has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy ShieldPrinciples shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit


Personal Data We Process

We process personal data of customers who use our Services. Personal data collected includes name, address, phone number, and payment information. Processing also includes uploading and storing data submitted by our customers for storage on third-party devices. The material submitted for storage may incorporate personal data of other individuals, who we refer to as storage material subjects.

We likewise process personal data for our business clients and their customers, who use our Services to store data on third-party devices. We process the personal data of device owners and licensees on behalf of our business clients who have contracted with device owners and licensees to allow use of excess storage space available on devices. Where we process personal data on behalf of our clients, we do so to fulfill our contractual obligations as a third-party service provider.

We process technical information and navigational information when you visit our website, which is found at Technical information includes IP address, geographical location, device ID and related information and browser type. Navigational information includes pages viewed, selection made and length of visit. Our primary goal in processing this information from you is to provide you access to features on the site and help us improve our product and services and develop and market new products and services.

We also process personal data from users who navigate to our website and submit an inquiry through email or electronic form. Personal data collected includes name, email address, and phone number.

As part of our business-to-business functions, we process personal data we obtain from representatives of business clients, or third-party service providers, for communication, payment processing, customer service, and for other purposes typical in a business relationship. In addition, we collect and access personal data of representatives of potential clients, generally obtained from inquiries, events, conferences and third-party service providers who source, collect, and license information for sales and marketing purposes. The personal data processed includes name, email address, phone number, employer, and job title.

We also process personal data of our employees and job applicants. The personal data we process is specific to the purpose for which we process that data.

We do not actively collect or otherwise process special categories of personal data as identified in the EU General Data Protection Regulation (“GDPR”) including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We do not actively collect or otherwise process personal data relating to criminal convictions and offenses.

We do not actively collect or otherwise process personal data from minors. The age of a minor varies by country. For the purposes of personal data collected from the European Union, the age of a minor is under age sixteen (16).

The personal data we process directly are generally in relation to our business-to-business activities and data subjects are not required by statute or contract to provide their personal data. However, the possible consequences of failing to provide personal data in some circumstances is that we will be unable to respond to requests or inquiries or interact for business purposes. For services offered directly to customers, our customer contracts define whether accessing our services is conditional upon agreeing to share available storage space on a personal device. In this case processing of certain personal data such as device ID is required by contract.

e. California Consumer Privacy Act.

Pursuant to the § 1798.110 of the California Consumer Privacy Act (“CCPA”) the categories of personal information we have collected about consumers in the preceding 12 months are:

  • Identifiers such as a real name, alias, unique personal identifier, postal address, online identifier, Internet Protocol address, email address, account name;
  • Personal information categories described in the California Customer Records Statute (Cal. Civ. Code §1798.80(e)), namely, name, address, credit card number, debit card number, or any other financial information (collected through service providers);
  • Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumers’ interaction with an Internet Website, application, or advertisement;
  • Geolocation data;
  • Audio, electronic, visual, or similar information (in the context of personal data submitted by consumers for storage purposes);
  • Professional or employment-related information;
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


Tracking Technologies, Cookies, and Clear GIFS

We use tracking technologies, cookies and clear GIFs to collect information. Tracking technologies are used to collect information from your web browser through our servers or filtering systems when you visit any of our sites.

Cookies store small text files onto a user’s computer hard drive with the user’s browser, containing the session ID and other data. Cookies enable a web site to track a user’s activities on the website for the following purposes: (1) enable essential features; (2) provide analytics to improve website performance and effectiveness; (3) store user preferences; and (4) facilitate relevant targeted advertising on advertising platforms or networks. Users are free to change their web browsers to prevent the acceptance of cookies. Cookies may also be set within emails in order to track how often our emails are opened.

A clear GIF is a transparent graphic image placed on a website. The use of clear GIFs allows us to monitor your actions when you open a web page and makes it easier for us to follow and record the activities of recognized browsers. Clear GIFs are used in combination with cookies to obtain information on how visitors interact with our websites.

Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites. We collect this information to better understand how you use and interact with our sites in order to improve your experience. We also collect this information to better understand what services and marketing promotions may be more relevant to you. We may also share this information with our employees, service providers and customer affiliates.

You can change your web browser settings to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, you may not be able to use some sections or functions of our sites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them,

To opt out of being tracked by Google Analytics across all websites visit


Purposes for Processing Personal Data

We process personal data to fulfill our contractual obligations in service contracts with our customers and business clients. Primarily, the purpose for processing personal data under our service contracts is to facilitate storage of data, including personal data, on third-party devices.

We also process personal data for our administrative and other business purposes, including generating sales leads, providing information services, processing payments, implementing marketing initiatives, and performing web analysis and security monitoring. We rely upon legitimate interest as our lawful basis for processing in performing these activities.

If personal data processing is related to cookies and other tracking technologies, we rely upon the consent given when we display our cookie banner and the user selects “Accept” for our use of non-essential cookies. We do not process that category of personal data if the user selects “Decline”. Processing of essential cookies is performed on the basis of our legitimate interest.

We may use your data to comply with applicable laws, exercise legal rights, and meet tax and other regulatory requirements. We may also use your personal data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on our regulatory obligations and/or our legitimate interests in performing the activities of the organization.


Sharing Personal Data

We share your personal data with third-party service providers, regulatory bodies, public authorities and law enforcement in the following circumstances:a. Third-Party Service Providers.We share personal data with third-party service providers for their processing in performing functions on our behalf. The categories of third-party service providers with whom we share personal data are: Payment Processors, Providers of Marketing Services, Web Analytics Service Providers, and Security Monitoring Service Providers. In such instances, the providers will be contractually required to protect personal data from additional processing (including for marketing purposes) and transfer in accordance with this Privacy Policy and applicable laws.

b. Encrypted Data Sharing for Storage Purposes Personal Data you submit to us for storage purposes are stored on third-party devices in a manner that is not accessible by the device owner due to our advanced technology, which compiles, encrypts, and fragments the Personal Data as part of the data storage process.

c. Regulatory Bodies, Public Authorities and Law Enforcement.We may access and disclose your personal data to regulatory bodies if we have a good-faith belief that doing so is required under regulation. This may include submitting personal data required by tax authorities. We may disclose your personal data in response to lawful requests by public authorities or law enforcement, including to meet national security or law enforcement requirements.

d. Other Disclosures.We may also disclose your personal data to exercise or defend legal rights; to take precautions against liability; to protect the rights, property, or safety of the resource, of any individual, or of the general public; to maintain and protect the security and integrity of our services or infrastructure; to protect ourselves and our services from fraudulent, abusive, or unlawful uses; or to investigate and defend ourselves against third-party claims or allegations. Disclosures maybe made to courts of law, attorneys and law enforcement or other relevant third parties in order to meet these purposes.
In cases of onward transfer of personal information to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, CrowdStorage remains liable.

e. California Consumer Privacy Act.Pursuant to the § 1798.115 of the CCPA the categories of personal information we have disclosed about consumers for a business purpose in the preceding 12 months are:

  • Identifiers such as a real name, alias, unique personal identifier, postal address, online identifier, Internet Protocol address, email address, account name;
  • Personal information categories described in the California Customer Records Statute (Cal. Civ. Code §1798.80(e)), namely, name, address, credit card number, debit card number, or any other financial information (collected through service providers);
  • Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumers’ interaction with an Internet Web site, application, or advertisement;
  • Geolocation data; Audio, electronic, visual, or similar information (in the context of personal data submitted by consumers for storage purposes);
  •  Professional or employment-related information;
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


Storage of Personal Data 

Personal data stored on behalf of our customers, clients’ customers, clients, users and for our own purposes is processed and stored at various locations including on devices owned or licensed by individuals globally, and on servers located in the United States of America. In the event that personal data is transferred outside of the United States of America, we will ensure that adequate protections are implemented to comply with the GDPR, such as Standard Data Protection Clauses. We endeavor to utilize third-party service providers from the United States that have certified with the EU-U.S. Privacy Shield Framework or alternatively provide adequate protections that are compliant with the GDPR such as Standard Data Protection Clauses.


Personal Data Security

CrowdStorage uses technical and organizational measures to protect the personal data that we store, transmit, or otherwise process, against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems.


Retention of Personal Data

CrowdStorage retains the personal data of its clients and client’s customers for a period of time as instructed by the clients for whom CrowdStorage processes data. Where CrowdStorage collects personal data for its own purposes, it retains the data for a reasonable period of time to fulfill the processing purposes mentioned above, which at a minimum includes retaining data for the duration of the paid services. Our Services include features that enable eligible users to

upload, store, download, and delete data from shared storage devices. Users are able to delete data by accessing the delete feature available in our Services. When a user deletes data using the delete feature or when the paid services have expired, Personal data is deleted and only archived for time periods required or necessitated by law or legal considerations. When archival is no longer required, personal data is deleted from our records. If you wish to request a deletion of

your data, please contact directly the client who provided the source of data. If you want more information about how to contact a client, please submit an inquiry to the address provided at the end of this notice. We retain personal data that we are required to retain in order to meet our regulatory obligations

including tax records and transaction history. We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements.

We regularly audit our databases and archived information to ensure that personal data is only
stored and archived in alignment with our retention policy.


Personal Data Rights

In compliance with the Privacy Shield framework, individuals have the right to access personal data about them and to correct, amend, restrict or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Where you are receiving communication from us of a marketing nature directly related to CrowdStorage’s business marketing purposes, we provide the ability for you to unsubscribe at the end of the email. You may also contact us directly or through the CrowdStorage representative with whom you have a relationship to exercise your right to object to marketing communication or to exercise other rights. In addition, where we act as a data controller in relation to your personal data for our general business operations and that personal data is not required for regulatory or legal purposes or the like, we offer you a choice to limit the use and disclosure of your personal data. Our contact details are provided at the end of this Privacy Policy.

CrowdStorage provides technology and services to store data in a shared capacity on individual devices on behalf of its business clients, who provide us with device ID information and access for shared storage purposes. Those business clients hold a direct contractual relationship with the device owner and their contract determines whether the device owner has a choice to opt-out of allowing excess storage on their device to be used for shared storage. Please read the Terms of Use agreement for your device and the Privacy Policy of the organization that sold or licensed the device to you to understand your options on restricting device use, and to understand how your personal data is being processed.

CrowdStorage also provides technology and services to facilitate the compilation, encryption, fragmentation, and storage of data, on behalf of business clients and individuals. Where the services are performed on behalf of business clients, we will inform that client of any request you may have about your personal data and act upon their instructions. Alternatively, you may submit the request directly to the client. At your request, we will provide you with the relevantcontact information of the client.

Where the services are performed on behalf of an individual, CrowdStorage will process the request directly according to our Terms of Use agreement and applicable law.

Individuals in the European Economic Area have certain rights which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) ask for a copy of their personal data to be provided to them, or a third party, in a digital format. If you wish to exercise one of the above-mentioned rights, please send us your request to the contact details set out below. Individuals also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.

Personal data subject rights under the California Consumer Protection act may also apply to certain individuals and households. These rights include the right to: (i) know what personal information is being collected about them, (ii) know whether their personal data is sold or disclosed at to whom, (iii) say no to the personal sale of information (iv) access their personal information, (v) equal service and price, even if they exercise their privacy rights.

You may also contact us with your personal data inquiries or for assistance in modifying or updating your personal data and to exercise additional statutory rights such as: access, rectification, data portability, objection, processing restriction, and erasure of your personal data. Our contact details are provided at the end of this Privacy Policy.


Dispute Resolution

CrowdStorage participates in the EU-U.S. Privacy Shield Framework under CrowdStorage, Inc. A list of participants can be viewed by accessing the link below:

As part of its participation in the Frameworks, CrowdStorage is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Organizations participating in the Frameworks must respond within 45 days of receiving a complaint. If you have not received a timely or satisfactory response to your question or complaint, please contact one of the independent recourse mechanisms listed below:

JAMS Privacy Shield Program

Please note that these independent dispute resolution bodies are designated to address complaints and provide appropriate recourse free of charge to the individual.

If a Consumer’s complaint cannot be resolved through CrowdStorage’s internal processes, CrowdStorage will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant personal data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of the personal data of the Consumer who brought the complaint. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over CrowdStorage. Under certain circumstances, Consumers also may be able to invoke binding arbitration to address complaints about CrowdStorage’s compliance with the Privacy Shield Principles.


Effective Date and Amendments

This document is effective as of the date indicated at the top of this Privacy Policy under “Last update”. This document may be amended from time to time.


Contact Information

Inquiries may be made to:

Organization: CrowdStorage, Inc.

Address: 3401 N. Ashton Boulevard, Lehi, Utah 84043


Phone: +1 (801) 653-0336


Please note that organizations participating in the Frameworks must respond within 45 days of receiving a complaint.

103804719.4 0068348-00003