ENTERVAULT, the EnterVault Logo, PRIVATEVAULT, and the PrivateVault logo are trademarks of EnterVault, Inc. All other trademarks used above are for the purpose of identifying products and services of others and are the property of their respective owners.

At Enterprise Vault, Inc. ("EnterVault") the privacy and security of our customers' personal information is of the utmost importance. We never take for granted the trust our customers have placed in us and we honor that trust by managing our customers' personal information with the highest level of care.

Safeguarding the privacy and security of customer information is a complex and dynamic process. This public statement is provided to help you understand what is involved in this process.

From time to time we may revise and redisclose this policy to reflect changes in technology, privacy law or changes in our operations and practices. If you have any questions about this policy statement please contact us.

Throughout the Customer Privacy Policy, "we", "us" and "our" refer to EnterVault. "You" and "your" refer to the customers of EnterVault.

1. Privacy Principles. We pledge to do the following:
   
   
   1. Recognize a customer's expectation of privacy. We recognize and respect the privacy expectations of our customers and want to explain principles of privacy to our customers in an appropriate fashion. These principles and the accompanying policy statement are provided to explain how we continuously work to meet our customers' expectation of privacy.
      
      
   2. Collect, use and retain a customer's information only if we believe that the customer will benefit. We collect, retain and use information about individual customers only where required by law, regulation or we reasonably believe it is useful and allowed by law in order to administer our business and to provide products, services and other opportunities to our customers.
      
      
   3. Maintain accurate information. We have established procedures so that the customer's information we collect is accurate, current and complete in accordance with reasonable commercial standards. We enable you to correct inaccurate information from within your private electronic vault.
      
      
   4. Limit employee access. We limit employee access to personally identifiable information to those with a business reason for knowing such information. Our employees are trained to understand the importance of confidentiality and customer privacy and security. We have employee privacy and security guidelines in place and will take the appropriate disciplinary measures to enforce these guidelines.
      
      
   5. Protect information via established security procedures. We have adopted appropriate security standards and procedures to guard against unauthorized access to customer information.
      
      
   6. Restrict the disclosure of account information.We will not reveal specific information about customer accounts or other personally identifiable data to unaffiliated third parties for their independent use with the following exceptions: 1) the information is provided to help complete a customer initiated transaction; 2) the customer requests it; 3) the disclosure is required by/or allowed by law (e.g., subpoena, investigation of fraudulent activity, etc.); 4) The customer has been informed about the possibility of disclosure for marketing/sales purposes through a prior communication and has not exercised the right to opt out; 5) The information is exchanged with reputable information reporting agencies, such as credit card processing companies, to verify the accuracy and validity of such information; or 6) in the performance of bona fide corporate due diligence for merger or asset sales.
      
      
   7. Maintain customer privacy in business relationships with third parties. At times, we rely on third parties to help us do business. Each of these companies is bound by contract to honor these privacy principles. If personally identifiable customer information is provided to other third parties, we will require them to keep our customer information private and secure.
      
      
   8. Make our privacy principles and policies known to the customer. We will always provide our customers with reasonable access to our privacy policy.
      
      

   With the above stated privacy principles as a foundation, the policy language that follows is a detailed explanation of how and why we collect, use and share information.

2. Information Collection and Use. We collect the information we believe necessary to deliver our products and services. Due to the complex nature of the secure electronic information storage services business, we must collect certain types of nonpublic personal information about you in order for us to deliver the products and services you request. We collect nonpublic personal information about you in a variety of ways, including:
   
   
   1. Information we receive from you on applications to open a private electronic vault. Depending on the product or service requested, the information we may request could include (but is not limited to) your name, address, social security number, telephone and fax numbers, and email address.
      
      
   2. Information about your transactional experience, such as your login, password, and amount of electronic space in use. This information helps us to protect your account against unauthorized access, as well as accurately track your billing.
      
      
   3. Information we collect when you visit our website. When you visit our company web site, but not your private electronic vault, we may collect transaction, site navigation, customer contact and optional survey information. We use this information to enhance and personalize our online services. Refer to the "Online Information Privacy and Security" section below for more information regarding online privacy.
      
      

   If you choose not to provide the information necessary for us to fulfill a request for a specific product or service, we may not be able to process your request.

3. Information Sharing. EnterVault does not disclose any nonpublic personal information about our customers or former customers to anyone, including Zions Bancorporation or its affiliates, except as permitted or required by law or as described in this privacy policy.
   
   
   1. Information sharing with outside parties - other situations. There are certain situations where we may, in good faith, disclose information requested by government agencies, including federal regulatory agencies, and other outside parties as permitted or required by law. Examples include:
      
      
      1. Responding to legal process or to comply with federal, state or local laws, rules and other applicable legal requirements (e.g., a court order or subpoena for information);
         
         
      2. Providing information to facilitate a fraud investigation;
         
         
      3. Facilitating an audit or examination by a government regulatory agency;
         
         
      4. Providing information necessary to fulfill customer expectations (e.g., enabling a credit card to be processed for billing purposes); and
         
         
      5. The proposed or actual sale, merger or transfer of accounts to another entity.
         
         
   2. Former customers. EnterVault provides the same private and secure treatment for the nonpublic personal information of applicants and former customers as it provides for existing customers. Information previously collected from former customers is maintained on file in accordance with state and federal regulatory requirements for record retention.
      
      
4. Employee Access to Customer Information. EnterVault trains its employees to adhere to policies regarding customer information privacy and security. Each of our employees must sign an agreement that carries with it the responsibility to protect the privacy and security of our customers' information. In addition, all EnterVault employees are bound by this policy and are trained on privacy requirements. Only employees having an appropriate business reason have authorized access to customer information.
   
   
5. Offering You Products and Services. EnterVault offers a wide range of products and services to help you meet your needs. On occasion we may want to contact you to offer information on products and services that could benefit you.
   
   
6. Online Information Privacy and Security. We want to assure you that you are in a safe, secure and confidential environment. Safeguarding the privacy and confidentiality of your information is of the utmost importance whether you interact with us over the Internet, by e-mail, or by telephone. Due to the technological nature of the Internet, however, there is additional information you should know when you access our products and services online.
   
   
   1. User identification and password. EnterVault requires you to select a user ID, or login, and password to serve as your secure identification when using our electronic vault services, and, at your option, acquire a digital certificate. You can change your user ID and password at your convenience. Together, these two or three pieces of information provide you online protection and enable you to view your electronic vault information quickly, easily and safely.
      
      Your user ID, password, and, if applicable, digital certificate, should be kept secret. If you must maintain a written record of this information, you are strongly advised to store such record away from your computer or any other place it could be easily accessed. Never allow anyone to observe you inputting your user ID and password and always log off of our web site when you are away from your computer. If you feel either your user ID or password may have been lost or compromised, please notify us immediately.
      
      
   2. Secure server. For your protection, EnterVault utilizes Internet servers that require you to use a forms-capable browser such as Netscape's Navigator or Microsoft's Internet Explorer. When your browser communicates with our server, your customer information is encrypted for security while traveling over the Internet. What this means is that while your information is traveling over the Internet it is scrambled until it reaches our server where it is unscrambled. This process is applicable to information flows to and from EnterVault servers.
      
      
   3. Cookies. In an ongoing effort to provide better service we utilize a technology commonly referred to as "cookies" when we interact with the browser on your computer. A cookie is a text file placed on your hard drive by our server and functions as a unique identifier and can be used for anonymously tracking individual data. What is most important for you to know is that cookies do not collect personally identifiable information, and we do not align information collected through cookies with other personally identifiable information to reveal your identity. Cookies can be deleted from your browser and you can set your browser so that it will not accept cookies.
      
      
   4. Email. If you send us email, the content of your message, your email address and any limited, or one time response that we may provide, is archived in accordance with legal and government regulatory record retention requirements. If we collect your email address in this manner, we will not use it to notify you about EnterVault products and services unless you have granted us permission.
      
      
   5. Online surveys. Any information you voluntarily provide on surveys through our company web sites will be used for internal marketing purposes only. On occasion we may inform you of new products and services based on the information you provide.
      
      
   6. Online information collection and use. Our company web sites require certain types of information, such as your e-mail address or your account number. These information requirements are necessary to enable you to perform certain tasks like reviewing your account information. However, if you visit our web sites and anonymously browse, no personally identifiable information will be collected. On an aggregate basis, we periodically gather usage data such as number of hits, pages visited and length of user sessions in order to evaluate the effectiveness of our web site designs.
      
      
7. Protecting Your Files. EnterVault is committed to protecting the privacy of the files and data stored in your private electronic vault. EnterVault recognizes and respects the sensitive, confidential nature of all files and data you store in your private electronic vault. Under the terms of the User Agreement, EnterVault will not access, view, disclose, or share any electronic files stored in your private electronic vault, except in the limited cases described in the User Agreement.
   
   
8. Compliance with GLBA 501(b) EnterVault has established policies and procedures to ensure compliance with the Gramm Leach Bliley Act, part 501(b). These policies and procedures apply not only to EnterVault employees, but to our vendors as well. Employees receive privacy training on a quarterly basis. Vendors are contractually bound to abide by EnterVault's privacy policies, and are monitored quarterly to ensure compliance.