Personal Information We Collect.
We get information about you in a range of ways and this includes personal information:
Information You Give Us. We collect your email address, phone, username and password, as well as other information you directly give us on our App. The information we collect is validated and then stored as salted hashes with the plain text discarded. In most cases, we will need to know your plain text information to verify that it is stored in our records.
We may get information about you from other sources. We may add this to information we get from this App. We also receive information about you from Twilio, and potentially other third party services we partner with, to verify and authenticate your identity as required by applicable law.
We automatically collect certain information about your device when you use the App, including information about your time zone.
How We Use Your Personal Information.
We use the personal information that we collect generally to fulfill the purpose for which it was provided. We have set out below a description of the ways we plan to use your personal information. We note that unless otherwise stated, we rely on the legal basis of legitimate interest to process your personal information:
We may use your personal information to operate, maintain, and improve the App, products, and our services.
We may use your personal information to respond to and provide customer service.
We may use your personal information to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity or money laundering.
We may use your personal information to conduct security investigations and risk assessments.
We use your personal information as described in the “Sharing Your Personal Information” section below.
Sharing Your Personal Information.
We may share personal information as follows:
We may share personal information with your express consent.
We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
We may share personal information for legal, protection, compliance and safety purposes.
We may share information to comply with applicable laws.
We may share information to respond to law enforcement, officials, regulatory agencies and other lawful requests, subpoenas and legal processes.
We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
We may share your information with our corporate affiliates (i.e., our related companies) which assist in providing the App.
You have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. In accordance with applicable laws, you may send requests about personal information to our Contact Information below regarding the following:
Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; and (ii) any new processing of your personal information that we may carry out beyond the original purpose. Please note that your use of some, or all, of the App and our services may be ineffective upon opt-out.
You may access the information we hold about you at any time by contacting us directly.
You can also contact us to update or correct any inaccuracies in your personal information.
In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.
Please note that, in general, we are unable to retrieve your personal information unless you can provide us with the plaintext record that would be recorded in the salted hash database.
If you wish to exercise any of these rights, you may contact Richard Carback, who we have designated as the Company’s Data Protection Officer under the GDPR (as defined below), at email@example.com. In your request, please make clear: (i) what personal information is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note, certain applicable laws may require that we maintain a record of certain personal information notwithstanding your wish to exercise these rights, such as financial information for purposes of complying with anti-money laundering laws or sanctions laws. Whenever possible, we will disclose any conflicts between such laws and your request to exercise your rights under this section and work with you to reach a resolution in compliance with applicable laws.
We take your privacy very seriously and work hard to protect the Company and you from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we collect and store. Your personal information will be stored in salted hashes on a series of servers which have implemented industry standard security measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure and/or access. We encrypt App data using TLS encryption technology and/or the xx anonymous communications network. All traffic on the App is forced to use TLS and/or the xx anonymous communications network. We review all information practices on a regular basis, and we restrict access to information on a need-to-know basis for all employees and other Company service providers who are subject to confidentiality obligations and are subject to termination or disciplinary action, including legal action, should such employees or service providers breach these obligations. By submitting to us personal information, you give your express consent to the transfer and storage of your personal information as described in this Policy.
GDPR and International Transfers.
All collection, processing and storing of personal data is performed in accordance with the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”), and the Company’s processing will take place in accordance with the GDPR. You can exercise your right to complain to a data protection authority by using the contact info found here.
Your information, including personal information that we collect from you, may be transferred to, stored at and processed by us and our affiliates and other third parties outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our App, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Policy. One such step we will take to ensure the security of your personal information is to enter into “standard” contract clauses approved by the European Commission with Data Processors (as defined by GDPR) which ensure your personal information is given the same protection it has in Europe.
We will only retain your personal information for as long as is reasonably required for you to use the App and our services (and in the event you have created an account with us, until you close such account), unless a longer retention period is required by law.
The App and our services are not intended for individuals under the age of 18. By using or interacting with our App, you are affirming that you are at least 18 years old. We do not knowingly collect personal information from children under 13. If you believe that a child under the age of 13 has provided information to us, please notify us at firstname.lastname@example.org. If we inadvertently collect information of children under 13, we will delete that information immediately upon notice. We are not liable for any damages that may result from the user’s misrepresentation of age.
We may update this Policy from time to time at our sole discretion. We may update the Policy for a variety of reasons. For instance, we may update the Policy in order to reflect changes to our practices or for other operational, legal or regulatory reasons. If we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on our App. You are responsible for providing us with your most current e-mail address or other contact information. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of our App and any related services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at: email@example.com. You may direct privacy inquiries to the attention of Richard Carback, our designated Data Protection Officer.