Version Date: August 18, 2023
At NowSecure, privacy is a top priority. The purpose of this notice is to set out how NowSecure, Inc. and our subsidiaries and affiliates (“NowSecure”, “us,” or “we”) collect, use, store, or process personal information about individuals (“you”) who interact with NowSecure, including by using any of our websites, products, or services that link to this Privacy Notice (the “Services”).
This Privacy Notice (“Notice”) does not apply to any third-party websites or services, including those we may link to from our Services. You should review the terms and policies for third-party websites and applications before providing any personal information.
Where we provide the Services under contract with an organization (for example, your employer), that organization controls the information processed by the Services. For more information, please see Notice to End Users in section 6 – Your Privacy Rights. This policy does not apply to the extent we process personal information in the role of a processor on behalf of such organizations.
Please review the following sections to understand our privacy practices.
- Information we collect
- How we use this information
- Sharing your information with third parties
- Your choices
- Your privacy rights
- Protecting your information
- Children’s privacy
- Information for US residents of specific states
- Information for international (non-US) residents
- Data retention
- Changes to this Privacy Notice
- Contact us
1. Information we collect
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
1A. Information provided to us by you.
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information.
We collect information about you when you register for an account, create or modify your profile, or set preferences, through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our website.
The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, for example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities, or events.
Information you provide through our support channels.
The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
1B. Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services.
We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services.
Device and Connection Information.
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies and Other Tracking Technologies.
1C. Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, social media platforms, public databases, and from our business and channel partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalized advertising and suggest services that may be of interest to you.
Other users of the Services
Other users of our Services may provide information about you when they submit content through the Services. We also receive your email address from other Service users when they provide it in order to invite you to the Services. An administrator from your company may provide your contact information when they designate you as a contact on your company’s account.
We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with our Services and online advertisements.
Third Party Providers
We may receive information about you from third party providers of business information and publicly available sources (like social media platforms), including physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses and social media profiles, for the purposes of targeted advertising of products that may interest you, delivering personalized communications, event promotion, and profiling.
2. How we use this information
In general, and subject to applicable law, including consent (as required), we may use your personal information to provide, fix, and improve our Services, develop new Services, and market our products and Services. Examples of how we use the personal information we process include, but are not limited to, the following:
- Provide you with and collect payment for the products and Services and products you request.
- Create your account and manage your relationship with us (e.g., communicating with you, providing you with requested information).
- Send you records of our relationship, including for purchases or other events.
- Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you.
- Record details about transactions involving electronic documents (e.g., who initiated, viewed, or signed the documents; signers’ IP addresses; timestamps).
- Run sweepstakes, contests, and refer-a-friend programs.
- Choose and deliver content and tailored advertising, and support the marketing and advertising of our Services.
- Create and review data about our users and how they use our Services.
- Test changes in our Services and develop new features and products.
- Fix problems you may have with our Services, including answering support questions, customer education and training, and resolving disputes.
- Manage the Services platforms, including support systems and security.
- Prevent, investigate and respond to fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior.
- Comply with legal obligations.
- Meet legal retention periods.
- Establish, exercise, or defend our rights in legal claims.
We may combine the personal information we collect (“aggregate”) or remove pieces of personal information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and marketing. Once such information has been aggregated and anonymized so that it is no longer considered personal information under applicable data protection law, this Notice does not apply.
Lawful Basis for Processing Your Personal Information.
If European data protection law applies and where NowSecure acts as a data controller, our lawful basis for collecting and using the personal information described in this Notice will depend on the type of personal information concerned and the specific context in which we collect or use it.
We normally collect or use personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use personal information to create and manage an account, we do so in order to provide you with relevant Services and perform our contract with you.
- Gather and record data associated with use of a digital certificate or digital signature, we do so to comply with regulations.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can withdraw at any time) or, where permitted under applicable law, on the basis of our legitimate interests.
- Gather usage data and analyze it to improve our Services or ensure the security of our websites, we do so based on our legitimate interest in safeguarding and improving our Services.
If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us via email at [email protected]. Note that in situations where NowSecure acts as a processor, it is our customer who determines the appropriate legal basis associated with processing activities, and queries about the applicable lawful basis should be directed to them.
3. Sharing your information with third parties
NowSecure is not a data broker, and we do not sell personal information for monetary consideration.
Subject to applicable law, including consent (as required), we may share personal information as follows:
- Service Providers.We share your personal information with service providers we use to support our Services. These companies may provide services like analytics, advertising, authentication systems, threat/fraud detection, and customer support. We have contracts with our service providers that address the safeguarding and proper use of your personal information, requiring it may only be used for their provision of service to us.
- We may share your personal information with other companies under common ownership or control with NowSecure. These companies use your personal information as described in this Notice.
- Marketing Partners.We may share your personal information with sponsors of events, webinars, or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.
- Public or Government Authorities.We may share your personal information to comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative, or judicial process, such as a subpoena, government audit, or search warrant where we are legally compelled to do so. We also may share your information when there are threats to the physical safety of any person, violations of NowSecure policies or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
- Corporate Transactions.Your personal information may be disclosed or transferred to relevant third parties in the event of, or as part of the due diligence for, any proposed or actual reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
- We may share your personal information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your personal information may also be shared as described below:
- Public Information:
- Profile Information. When you create a MobileverseTM profile, other users can view your profile information.
- User-Generated Content.When you register and contribute content in the Mobileverse, sign up and participate in our virtual webinars, or attend our live community events, this information, as well as your name and profile may also be read, collected, and used by others.
- Your Employer or Organization.When you create an account with an email address assigned to you as an employee or member of an organization, that organization (if it is a NowSecure customer) can find your account and take certain actions that may affect your account.
Our Services employ the following types of cookies:
- Essential Cookies.First party cookies that are necessary to provide the functionality of the Services. Essential cookies help remember your login, settings, and session state information.
- Functionality Cookies.First party and third party cookies used to remember information you have entered or choices you make, which may not be essential but help tailor the Services to you.
- Statistics Cookies.First party and third party cookies that track information about how the Services are being used so that we can assess performance and make improvements. They collect information about how visitors use the Services, which site the user came from, the number of each user’s visits, and how long a user stays on the Services.
- Marketing Cookies.Third party cookies placed by advertising platforms or networks in order to track ad performance, and enable us to deliver ads that may be relevant to you based upon your activities. More information about how cookies are used for advertising purposes is explained below in Marketing and Ad Personalization.
Web beacons. These are tiny graphics (clear GIFs or pixel tags) with a unique identifier, similar in function to cookies. Unlike cookies, beacons are not stored on your computer. We use beacons to track activities of users on the Services, manage content, and to compile statistics about usage. We (and our third party service providers) also use beacons in HTML emails to track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
5. Your choices
This section describes many of the actions you can take to change or limit the collection, use, storage, or other processing of your personal information.
- You are not required to create a profile. If you do, you can access and review this personal information. If any personal information is inaccurate or incomplete, you can make changes in your account settings (in NowSecure Platform and Mobileverse) or contact support to request any changes.
- Marketing Messages. You can opt out of email marketing messages we send you by clicking on the “Unsubscribe” link in the email message or unsubscribe here https://info.nowsecure.com/email-preference-center.html. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages. If you would like your phone number added to our internal Do-Not-Call list to opt out of telemarketing messages, please contact us via Email [email protected]. Please include your first name, last name, company, and phone number. You can also let us know at any time, including during a telemarketing call, that you do not want to be called again for telemarketing purposes.
- Opting Out of Ad Networks.If you wish to not have cross-site information used for the purpose of serving you personalized ads, you may opt-out of many ad networks by visiting http://optout.aboutads.info/, or if you are located in the European Union, by visiting http://www.youronlinechoices.eu/. You will continue to see ads on the sites you visit, but the ad networks from which you have opted out will no longer personalize ads to you based upon your activities on other sites. These opt-out mechanisms are cookie based, so if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to aboutads.info.
- Do Not Track.Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser DNT requests. You can use your browser to prevent your computer from accepting cookies, or only block third party cookies, as described in the following section.
- How to Disable Cookies.By changing your settings, you can cause your browser (e.g. Google Chrome, Microsoft Edge, Firefox, Safari) to stop accepting cookies, block third party cookies, or to prompt you before accepting a cookie from websites you visit. The “Help” feature on most browsers will tell you how to change your cookie settings. Please note that if you disable cookies, some features of our Services will not function.
- Device and Usage Information.If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Complaints. We are committed to resolving valid complaints about your privacy and our collection, use, storage, or other processing of your personal information. For questions or complaints regarding our data use practices or this Notice, please contact us via email at [email protected].
6. Your privacy rights
You may have certain rights related to your personal information, subject to local data protection laws, as described in more detail below. To exercise any of these rights, please contact us via email at [email protected].
- You can update certain data in your profile information by accessing your account in NowSecure Platform or Mobileverse.
- You also can request the following information: how we collect and use your personal information and why; the categories of personal information involved; the categories of recipients of your personal information; how we received your personal information and its source; our business purpose for using your personal information; and how long we use or store your personal information or the manner in which we determine relevant retention periods.
- You have a right to correct inaccurate personal information about you, and you should notify us immediately if you believe the personal information we hold about you is inaccurate, incomplete, or out-of-date.
- In certain situations, you can ask that we erase or stop using your personal information, object to or restrict the use of your personal information, or export your personal information to another controller.
- Where we rely on your consent to process your personal information, you have the right to decline consent and/or, if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes. See Section 5 (Your Choices) of this Notice for more information on your choices.
- If you are unsatisfied with our response to your complaint, you have a right to raise questions or complaints with your local data protection authority at any time.
If you make a request to exercise the rights referenced above, we will require you to provide certain information for identity verification purposes. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may require you to provide additional information from which we can confirm your identity. You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
Certain personal information may be exempt from such requests under applicable law. We need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
If you wish to exercise these rights, please contact us via email at [email protected].
Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
7. Protecting your information
We have implemented appropriate technical, physical and organizational measures to protect your personal information from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access as well as all other forms of unlawful processing. To achieve this, we have developed and implemented an Information Security Management System and other sub-policies and guidelines relating to the protection of your personal information. For example, our staff is permitted to access customer personal information only to the extent necessary to fulfill the applicable business purpose(s) and to perform their job, subject to confidentiality obligations.
8. Children’s privacy
Our Services are not designed for and are not marketed to people under the age of 18 or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us via email at [email protected] if you believe we might have personal information from or about a minor that should be removed from our system.
9. Information for U.S. residents of specific states
In addition to the other information and rights described in this Privacy Notice, California residents are also entitled to certain additional information and have certain additional rights under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”) with respect to their personal information. If you are a resident of California (a “Consumer” as defined by the CCPA), this section of the Privacy Notice applies to you.
Subject to certain limitations, the CCPA and CPRA provide you the right to request:
- That we provide you access to details on the categories or specific pieces of personal information we collect and (including how we use and disclose this information,);
- That we delete any of your personal information;
- That we correct any inaccuracies in your personal information;
- To opt out of any “sale” or “sharing” of your personal information that may occur, including sensitive personal information; and
- To not be discriminated against for exercising any of the above rights.
Please note that NowSecure does not collect sensitive personal information other than account login and password from its users. NowSecure is not a data broker, and we do not sell personal information for monetary consideration.
If you would like to submit a request to exercise your California privacy rights, you may do so by submitting a request by emailing [email protected] with your request. We will verify your request using information associated with your account, including your email. Further identification may be required. You may also designate an authorized agent to act on your behalf. Please note that NowSecure may retain a record of your request to delete your personal information.
9.2 Other states
In addition to California, there are several other states which provide privacy protections by law including Colorado, Connecticut, Nevada, Utah, and Virginia (this list may not be exhaustive). NowSecure acknowledges them and in all cases we have determined that either (a) NowSecure is not subject to the regulations due to exceptions in the statute, or (b) NowSecure’s existing policies and protocols conform to the requirements of such regulations, including restrictions on the sale of personal information. If you live in a state with a privacy regulation and wish to exercise your privacy rights contact us at [email protected].
10. Information for international (non-US) residents
10.1 Consent to processing and international transfer
The Services are controlled and operated by us from the United States. NowSecure and our subsidiaries and service providers may process, transfer, and store your information on servers located in a number of countries, including the United States. As a result, your personal information may be subject to data protection and other laws that may differ from your country of residence. Your personal information may be disclosed in response to inquiries or requests from government authorities or to respond to judicial process in the countries in which we operate. By using our Services or providing us any personal information, you consent to the collection, processing, maintenance, and transfer of such information in and to the United States and other applicable territories.
In the case of international transfers of your information, we ensure that the recipient of your personal information offers an adequate level of protection and security. We enter into appropriate agreements covering protection and use of personal information including, as necessary, standard contractual clauses or an alternative mechanism for the transfer of data as approved by applicable regulators or legislators.
10.2 Information for Europe residents (EU/EEA and UK)
If you are a resident or are otherwise located in the European Union (“EU”) or the United Kingdom (“UK”), this section provides additional details about the personal data we collect about you, and your rights granted by the EU and UK General Data Protection Regulations, as applicable (“GDPR”).
Subject to certain limitations, the GDPR provides you the following privacy rights:
- Right of access, objection, restriction of processing, correction, erasure, and portability.You can make a request to access, object, restrict, correct, erase, or transfer any of your personal information. You also have the right to withdraw your consent when we process your personal information based on your consent.
- Right to opt-out from direct marketing.You have the right to opt-out from receiving marketing materials from us by following the opt-out instructions in our commercial emails, by contacting us, or by adjusting your preferences under your profile details on the Site. Please note that we reserve the right to send you other communications, including transactional emails, service announcements and administrative messages relating to your account, without offering you the opportunity to opt out of receiving them.
- Right to lodge a complaint with a supervisory authority.If you consider that the processing of your personal information infringes your GDPR privacy rights, you have the right to lodge a complaint with a supervisory authority, in the member state of your habitual residence, place of work, or place of the alleged infringement. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. For users located in the UK, you can contact the Information Commissioner’s Office (ICO). Contact details for the ICO can be found at https://ico.org.uk/global/contact-us/.
If you would like to submit a request to NowSecure to exercise your EU or UK privacy rights under the GDPR, you may do so by submitting a request by email to [email protected].
Legal Basis for Processing (EU/EEA, Switzerland and United Kingdom only)
Our legal basis for collecting and using your personal information will depend on the type of information and the context in which we collect it. We will normally collect personal information from you only in the following circumstances:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
10.3 Additional privacy disclosures for users in certain countries
If you reside in Australia, Brazil, Canada, France, Israel, or the Philippines, we believe the policies and practices described in this notice conform to the provisions of the applicable privacy laws in your jurisdiction, and we will respond to all inquiries regarding exercise of your privacy rights in a timely manner and according to regulatory requirements. If you reside outside the United States and communicate with us to inquire about your personal information or exercise your privacy rights, please note the jurisdiction basis of your request and send your request to [email protected].
11. Data retention
NowSecure retains your personal information for as long as necessary to provide our services or during the period which we have an ongoing legitimate business interest, to prevent, investigate, or identify possible wrongdoing in connection with the site or to comply with legal obligations. Personal information that you submit through your user profile in the Services is retained at a minimum for the lifetime of your account with us.
12. Changes to this Privacy Notice
We may change this Notice from time to time, and we will post any revision prominently on our website. You should review our Privacy Notice when you use our services or provide us any personal information, and if you disagree with any terms of the Notice, you should avoid providing any personal information and take steps described in this Notice to contact us with any questions or to exercise your privacy rights.
13. Contact us
ATTN: Data Privacy Officer
141 W. Jackson Blvd. Suite 2100,
Chicago, IL 60604
Key Changes in this version:
- Revised name to Privacy “Notice” (rather than “Policy”)
- Significant revisions to section names, organization, and general content
- Added information for CA and other specific U.S. states
- Clarified that NowSecure does not sell personal information
- Revised information for EU, UK and other international visitors
To see the prior version, click here.