- I. What data we collect
- II. Where the data comes from
- III. How this data is used
- IV. How this data may be shared
- V. How the data is secured
- VI. How to update or delete your data
- VII. COPPA Compliance
- VIII. Safe Harbor Compliance
- X. Consent
- XII. Contact Information
I. What data we collect
Through the web site, mobile apps, and software NowSecure collects logs of site visits, page views, and data submitted through forms. If you register, we create an account including user account information such as email address, and billing/payment details when applicable. NowSecure generally uses of cookies or similar technology to enable session and state management.
Through mobile app components called Sensors, NowSecure Mobile can collect System Profile, Activity and Security Data, Geolocation, Device Identifiers, and some Personally Identifiable Information (generally “mobile sensor data”). Examples of each category of data are as follows: System Profile can include device model, OS version, and installed apps metadata; Activity can include timing and volume of app or communications activity, network locations, and hosts contacted; and Security Data can include device lock settings, encryption state, and privacy settings. Geolocation can include coarse and fine location coordinates; Device Identifiers can include IMEI, MAC address and OS-specific device ID; Personally Identifiable Information can include mobile phone number and user account IDs (including email addresses); These examples are not exhaustive, nor collected in all cases, but are representative of the mobile sensor data that may be collected by NowSecure Mobile.
NowSecure Mobile users who register can limit the type and frequency of mobile sensor data gathered by changing the settings for the Sensors.
NowSecure software including community editions (CE) and commercial licensed software contains anonymous usage tracking, which shares information on software usage such as frequency and types of usage. Our software also uploads technical data to our Mobile Intelligence Network, including mobile device properties such as model, operating system version and configuration, installed apps list, and mobile app binary files. Technical data does not include personal information or device identifiers and is used only to provide and enhance the services. Both usage tracking and Mobile Intelligence Network data sharing can be disabled in some commercial licensed versions of our software.
II. Where the data comes from
NowSecure receives the information from website form data submitted by users, logs, and through software and mobile apps identified as NowSecure.
III. How this data is used
The data collected by NowSecure is used to provide security intelligence and protection capabilities, improve the service, and conduct business with NowSecure customers. It is not used for third-party advertising or marketing.
Uses may include: delivery of security reports, metrics, APIs and alerts; the processing of transactions for purchasing or payments related to NowSecure; sending of notifications via email, SMS or other channels; and delivery of emails or other communications regarding activities, services or products of NowSecure or selected partners (but only related to mobile security).
IV. How this data may be shared
NowSecure does not sell, exchange, or transfer Personally Identifiable Information or Geolocation data, unless explicitly authorized by the affected user.
In order to provide mobile security services, employees and agents under nondisclosure agreements may access limited portions of this data, in order to help us provide and improve these services. Such access is limited both contractually and by security controls and does not allow transfer of the data out of the NowSecure system.
Limited data points may be transferred to third-party service providers in order to provide services (for example, mapping). Such transfers do not include Personally Identifiable Information.
Data which is free of Personally Identifiable Information, aggregated or anonymized, may be shared with third-party collaborators or released publicly. Any such sharing or release will not include fine Geolocation coordinates, device identifiers, or content that can lead to specific user identification.
NowSecure may be required to release information to law enforcement or governmental authorities to comply with a subpoena or other legal process. However, we will always make efforts to resist or limit any release of data required by law. If we are required by law to release information, we will notify affected user(s) by email prior to release, unless we have reasonable cause to believe such notification could cause harm, or notification is legally prohibited.
No special access to NowSecure data is granted to any government agency.
V. How the data is secured
NowSecure data is secured during transmission with (at a minimum) strong SSL/TLS encryption, and it is secured at rest with (at a minimum) AES 256 encryption and proper “least privilege” user access controls. The physical datacenter is a secure SSAE 16, SOC 2 facility, and only authorized parties with business purpose can access the servers. The system is actively monitored for indicators of intrusion or abnormal activity, and all activities are logged to a centralized database.
Mobile sensor data is protected on-device by means of the OS security model, including file permissions and file system encryption (when available).
VI. How to update or delete your data
You may update basic personal information directly in the NowSecure system by logging in and editing your profile. You may request cancellation of your account, and removal of Personally Identifiable Information. If you request removal of your NowSecure account, your Mobile Sensor Data will be cleared of Personally Identifiable Information, Device Identifiers, and fine Geolocation data. We will retain anonymized or aggregate mobile sensor data for security research purposes.
We will retain your account information for as long as your account is active, and we will also retain billing account information if applicable for financial reporting and compliance, and to comply with legal obligations.
We will respond to requests to update or delete data within 15 business days. Users may request information about their data, or request updates or deletion, by emailing [email protected].
VII. COPPA Compliance
The US COPPA (Children’s Online Privacy Protection Act) statute addresses services and content targeted at children under 13 years of age. Our Services are all directed to people who are at least 13 years of age. If the NowSecure Services are used in any way for gathering a child’s personal information, such use must be approved by the parent or guardian.
VIII. Safe Harbor Compliance
NowSecure complies with the US-EU Safe Harbor framework and the US-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. NowSecure intends to self-certify that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Upon certification, this clause will be amended. To learn more about the Safe Harbor program, please visit http://www.export.gov/safeharbor
This policy applies to the NowSecure Services where this policy is posted. It does not apply to any data collected offline.
XII. Contact Information
1046 Lake Street
Oak Park, IL 60301
|1.3||2014-12-02||Company name change, added usage and mobile intelligence data info|
|1.2||2014-08-20||Clarifications, added disclaimer|
|1.1||2014-04-30||Clarifications and simplified wording|