Privacy Policy

AuthenticID (“AuthenticID”, “we”, “us”, “our”) is a leading provider of identity authentication services to enterprises. In this privacy policy (the “Policy”), we describe AuthenticID’s privacy and information practices and the rights and choices individuals have regarding their personal information that we collect. When enterprise users (“Enterprise Users”) purchase and use our authentication services, we process the personal information of individuals at their direction and on their behalf, as a service provider. In such cases, the privacy policies of the respective Enterprise Users apply and not this Policy.

OVERVIEW

We think transparency is important. In this overview, we summarize the personal information we collect and how we use it, which is further explained in our Policy below. Keep in mind that the actual personal information we collect and how we use it varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal information.

Categories of personal information collected. Generally, we collect the following types of personal information:

Name, contact information and other identifiers: direct identifiers such as a name, alias, user ID, username, account number, unique personal identifier, IP address and other online identifiers or unique identifiers, email address, phone number, address and other contact information, account name, government identifiers, or other similar identifiers.
Customer records: personal information that individuals provide us in order to purchase or obtain our products and services, such as name, signature, contact information and payment information.
Commercial information: records of products and services our Enterprise Users and prospective customers have purchased, obtained or considered.
Usage data: browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our website and online services, and our marketing emails and online ads.
Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage (e.g., collected from visitors to our premises), selfies and other photographs and images, and call recordings (e.g., of customer support calls).
Professional information: professional or employment-related information, such as current and former employer(s) and position(s), title and business contact information.
Inferences: inferences drawn from personal information that we collect to create a profile reflecting an individual’s preferences or other characteristics.
Biometrics: physiological characteristics that can be used to establish an individual’s identity, such as facial recognition templates derived from “selfies” and photos on identity documents.
Geolocation data: precise location information about a particular individual or device.
Protected classifications: characteristics of protected classifications under applicable laws, such as disability information (as part of and to the extent included on identity documents provided to us) and medical conditions (e.g., which we may collect in order to make available appropriate accommodations at our Events) and information that you voluntarily provide to us.

Purposes of use. In general, we may use and disclose personal information for the following purposes:

Providing our services and related support
Analyzing and improving our services
Communicating with you
Personalizing content and experiences
Marketing and promotional purposes
In support of our general business operations
Securing and protecting our assets and rights
Complying with legal obligations

If you are a California resident, review the Additional Information for California Residents section below for important information about the categories of personal information we collect and disclose, as well as your rights under California privacy laws.

Scope

Information we collect
How we use information
How we disclose information
Cookies and other tracking information
Your choices and rights
Security
Retention
Children
Changes to this Privacy Policy
Contact us
Additional information for California residents

SCOPE

This Policy explains how we process information that we collect from customers and prospective customers, resellers and partners, as well as individuals that access our website or communicate or engage with us about our products and services, i.e., the personal information we process as a “controller” or “business” under applicable privacy laws.

When we collect information on behalf of Enterprise Users of our products and services, the privacy policies of the respective Enterprise Users will apply to and govern the processing of such personal information, and AuthenticID will only collect, use, retain and otherwise process such information on behalf of these Enterprise Users and in accordance with our applicable contractual agreements. Enterprise Users are responsible for providing notice to and obtaining any required consent from individuals related to our processing of personal information as part of our authentication services.

Personal Information. In this Policy, the term “personal information” generally means any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual. It does not include anonymous, aggregate or de-identified information that can no longer be linked to or used to identify a particular individual.

INFORMATION WE COLLECT

We may collect personal information directly from individuals, from third parties, or automatically related to the use of our website and services. The personal information we collect and the sources from which we collect it, vary depending upon the circumstances.

Information We Collect from You. We may collect personal information directly from you, including:

Name, usernames and contact details: we collect name, company name, title, email address and contact information, preferences and other information from customers and prospective customers. For example, if you wish to receive our fraud bulletins and other newsletters, access our ROI calculator or read one of our security eBooks, you are asked to submit a registration form.
Services and payment information: when Enterprise Users purchase our services, we collect information related to the services they have purchased, which may include name, billing and shipping address, and payment details. We may work with external payment processors and fulfillment partners to process these payments.
Communications, requests and support: if you contact us by email, mail, phone, contact us forms or otherwise regarding the Services, we collect and maintain a record of your contact details, communications and our responses. If you call us, we may also record calls and maintain logs and records of those calls.

Information We Collect from Third Parties. If you access or manage our services on behalf of an Enterprise User, then we may receive username, email addresses and other information from such Enterprise User in order to grant you access to the services. We may also collect personal information from public sources or databases and other third-party sources, in order to provide and enhance our authentication services. We may also collect information about customers and prospective customers and the relevant business contacts for them from third party sources in order to validate or enhance our customer records.

Information We Collect Automatically. We also may collect personal information about how individuals access, use and interact with our websites, applications and online service, such as information we collect automatically including cookies and pixel tags, IP address, app identifier, advertising ID, location information, browser type, device type, domain name, the website that led you to our website, the website to which you go after leaving our website, the dates and times you access our websites and online services, and the links you click and your other activities. We also may use pixels in HTML emails to understand if individuals read the emails we send to them. For more information, see the Cookies and Other Tracking Information section below. In addition, if you access or manage our services on behalf of an Enterprise User, we collect and maintain access, audit and other logs about administrator activities within the services.

HOW WE USE INFORMATION

The purposes for which we may process personal information vary depending upon the circumstances. For information on how Enterprise Users collect, use and share the personal information collected via our platform, please refer to the customer’s respective privacy policies.

Generally, AuthenticID uses personal information for the following business and commercial purposes:

Providing our services related support: to provide and operate our services and website, communicate with you about your use of our services or website, to provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process payments, communicate with you, and for similar service and support purposes.
Analyzing and improving our services: to better understand how our services and website are accessed and used, in order to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.
Communicating with you: to respond to your requests or otherwise communicate with you relating to our services or business.
Personalizing content experiences: to tailor content we may send or display on the website or otherwise, to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
Marketing and promotional purposes: to promote AuthenticID’s products and services to Enterprise Users and prospective customers and for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you.
Securing and protecting assets and rights: to protect the services and our business operations, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable agreements and terms of use.
Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
In support of our general business operations: related to the administration of our general business, operational, accounting, recordkeeping and legal functions. For example, as part of any merger, sale, transfer of assets, acquisition, financing and/or restructuring, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.

Aggregate and anonymous data. We may also create and use aggregate, anonymous and de-identified data to improve and develop our business and services, and for similar research and analytics purposes. We may use automated processes, artificial intelligence, and machine learning, to analyze data, which helps us improve our services and identify fraud patterns.

HOW WE DISCLOSE INFORMATION

We may share or disclose personal information that we collect as follows:

Subsidiaries and affiliates: with our subsidiary and affiliated companies (i.e., our parent company and other companies under common ownership, control or management with us); their use and disclosure of such personal information is subject to this Policy.
Vendors and providers: with our third-party service providers who use this information to perform services on our behalf, such as hosting and cloud storage providers, payment providers, auditors, advisors, consultants, customer service and/or support providers. In addition, we may disclose certain information to third parties in order to conduct and improve our authentications services on behalf of Enterprise Users.
Enterprise Users: with our Enterprise Users we share information related to their users who access and manage the services on their behalf as well as authentication information collected and processed on behalf of Enterprise Users related to their use of our services.
Legal compliance: in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
Business transfers: as part of any actual or contemplated merger, sale, transfer of assets, acquisition, financing and/or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
Protection of rights: where we believe necessary to respond to claims asserted against us, to enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, to protect the rights, property or safety of AuthenticID, our affiliates, Enterprise Users, prospective customers and/or others, and/or as evidence in litigation in which we are involved.

Aggregated and De-identified Data. We may share aggregate or de-identified data with third parties for research, marketing, advertising, analytics and/or other purposes.

COOKIES AND OTHER TRACKING INFORMATION

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities and use of the website and online services. We may combine this “usage data” with other personal information we collect about you. We use this usage data to understand how our website and services are used, track bugs and errors, provide and improve our services, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, to personalize content, and for analytics purposes.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website, while others allow us to track your activities while using our Site. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Parts of our website may not work properly if you disable cookies.

Pixel Tags. Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use pixel tags (also referred to as web beacons, web bugs or clear GIFs), in connection with our Services to, among other things, help us manage ads and content, and compile statistics about usage of our Services. We may also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Browser Settings. You can also block or disable cookies for the device and browser you are using, through your browser settings; however, certain features on our website may not be available or function properly if you block or disable cookies.Please note, that your cookie preferences are applied on a browser and device basis. So, you will need to set your cookie preferences for each browser and device you use to access our website.

Interest-Based Advertising. We may work with third party ad networks, analytics companies, measurement services and others (“third party ad companies”) to help us manage our advertising on third party sites and services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our website (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content. In addition, these third parties may combine the information collected from us and our website with information collected about you from third-party sites, apps, and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services and to collect associated metrics. For more information about third party ad networks and how to opt out of interest-based ads from many ad networks go to:

Canada: www.youradchoices.ca
U.S.: www.aboutads.info

YOUR CHOICES AND RIGHTS

Access, Amend and Correct. If you wish to access or amend certain personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request to privacy@authenticid.com. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.

If you have a request related to the personal information we collect and process on behalf of an Enterprise User, you should contact that Enterprise User directly. If you submit your request to us, we will attempt to forward it to the relevant Enterprise User so that they may respond to you directly.

Direct Marketing. You may always opt-out of direct marketing emails. If you would like to unsubscribe from our email subscriptions or otherwise change your email preferences with AuthenticID, please follow the instructions in any of our promotional emails that we send to you, e.g., by clicking the unsubscribe link provided therein. Please note, that we may continue to send you transactional or service-related communications, such as service announcements and administrative messages.

Additional Information for California Residents. In the section Additional Information for California Residents below, we provide additional information as required under California privacy law. California residents should review this section for more information regarding their rights under CA privacy law.

SECURITY

We have implemented administrative, physical, personnel, and technical safeguards designed to protect the personal information we collect or hold on behalf of customers from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

RETENTION

Generally, we retain your personal information for as long as necessary to fulfill the purposes for which we collected it or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

Please note that with respect to any personal information that we collect and process as a service provider or processor on behalf of an Enterprise User, we will retain such personal information for the period of time specified by the Enterprise User.

CHILDREN

Our Services are not targeted to minors under the age of sixteen (16) and we do not knowingly or specifically collect information about minors under the age of 16. If you believe we have unintentionally collected such information, please notify us as set out in the Contact Us section below.

CHANGES TO THIS PRIVACY POLICY

We may update this Policy from time to time, for example to reflect new privacy law requirements or changes in our privacy practice. If we make changes to this Policy, we will post a new version of this Policy on our website. If the changes materially affect the way we collect, use, disclose or otherwise process your personal information, we will endeavor to notify you in advance of such change(s), such as by sending a notice to the primary email address associated with your account or by posting a notice on the website. We encourage you to periodically check back and review this Policy for the latest updates.

CONTACT US

If you have any questions about this policy, please feel free to contact us at privacy@authenticid.com.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

In this section, we provide additional information, as required under California privacy laws including the California Consumer Privacy Act (“CCPA”). This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA. While our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we have collected and disclosed personal information about consumers in the prior 12 months (from the Effective Date above).

Categories of personal information collected and disclosed. The table below identifies the categories of personal information (as defined by the CCPA) we have collected about consumers, as well as how we have disclosed such information for a business purpose. For more information about the business and commercial purposes for which we collect, use and disclose personal information, please see the How We Use Information and the How We Disclose Information sections above.

Personal Information Collected

Categories	Description	Categories of Third Parties to Whom We May Disclose this Information
Identifiers	Includes direct identifiers, such as name, alias user ID, username, account number; email address, phone number, address and other contact information; IP address and other online identifiers; SSN, driver’s license number, passport number, tax ID and other government identifiers; and other similar identifiers.	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers • operating systems and platforms • Enterprise Users
Customer Records	Includes personal information, such as name, account name, user ID, contact information, employment information, account number, and financial or payment information), that individuals provide us in order to purchase or obtain our products and services. For example, this may include account registration information, or information collected when an individual purchases or orders our products and services, or enters into an agreement with us related to our products and services.	• service providers • advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • Enterprise Users
Commercial Information	Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers • operating systems and platforms • data brokers • Enterprise Users
Usage Data	Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, mobile apps and other Services, and our marketing emails and online ads.	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • data analytics providers • internet service providers • operating systems and platforms • Enterprise Users
Audio, video and electronic data	Includes audio, electronic, visual, thermal, olfactory, or similar information such as, thermal screenings and CCTV footage (e.g., collected from visitors to our offices/premises, photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls).	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries • Enterprise Users
Professional information	Includes professional and employment-related information such as business contact information and professional memberships.	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries
Education information	Information about an individual’s educational history such as the schools attended, degrees you were awarded, and associated dates.	• service providers • advisors and agents • government entities and law enforcement • affiliates and subsidiaries
Inferences	Includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities or aptitudes. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads.	• service providers • advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • analytics providers

Sources of personal information. As further described in the section Information we collect above,we may collect personal information from the following sources:

directly from the individual
Enterprise Users
data analytics providers
public records
service providers
advisors and agents

California residents’ rights. In general, California residents have the following rights with respect to their personal information:

Do-not-sell (opt-out): to opt-out of our sale of their personal information. We do not sell personal information about California consumers, including those we have actual knowledge are younger than sixteen (16).
Right of deletion: to request deletion of their personal information that we have collected about them and to have such personal information deleted (without charge), subject to certain exceptions.
Right to know: with respect to the personal information we have collected about them in the prior 12 months, to require that we disclose the following to them (up to twice per year and subject to certain exemptions):
- categories of personal information collected;
- categories of sources of personal information;
- categories of personal information about them we have disclosed for a business purpose or sold;
- categories of third parties to whom we have sold or disclosed for a business purpose their personal information;
- the business or commercial purposes for collecting or selling their personal information; and
- a copy of the specific pieces of personal information we have collected about them.
Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

Submitting CCPA requests.California residentsmay submit CCPA requests to know (access) and requests to delete their personal information by email at privacy@authenticid.com.

When you submit a request to know or a request to delete, we will take steps to verify your request by matching the information provided by you with the information we have in our records. You must email us with any requested information (or otherwise provide us with this information to verify your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by contacting us through the above listed method; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. If you would like to submit a CCPA request regarding personal information we process on behalf of an Enterprise User (i.e., in our role as a service provider), you should contact the relevant Enterprise User directly; if you submit such request to us, we will endeavor to forward your request to the relevant Enterprise User (where known) so that they may respond to your request.

For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.