Streetcred ID, Inc. Privacy Policy

Version 1.0 – Last modified August 5, 2019


Company: Streetcred ID, Inc and its affiliated entities (“Company”, “us”, “our”, and “we”)

Company Contact Information: hello@streetcred.id

Company Website: The website located at [streetcred.id] (together with any websites on related domains or subdomains, the “Site”).

Company Apps: The mobile or online application(s) entitled “Streetcred Wallet” (together with any other applications or platforms available via the Site or published by the Company, collectively, the “Apps”).

Company Services: The application programming interfaces, verifiable credential-related technology, cloud hosting and associated services (collectively, the “Services”)

Company Digital Channels: The interactions including web, email, online, phone, messaging application, social media, or other content available through these platforms between you and the Company (“Digital Channels”)

ACCESSING, DOWNLOADING OR OTHERWISE USING OUR SITE, APPS, SERVICES, OR DIGITAL CHANNELS (COLLECTIVELY, THE “OFFERINGS”) INDICATES THAT YOU ACCEPT AND AGREE TO BE BOUND BY THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT ACCESS, DOWNLOAD OR OTHERWISE USE THE OFFERINGS. YOU ACKNOWLEDGE (A) THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY; AND (B) THIS PRIVACY POLICY SHALL HAVE THE SAME FORCE AND EFFECT AS A SIGNED AGREEMENT.

INTRODUCTION

Privacy is one of our core values, so we respect your privacy. Our Site, Apps, and Services are designed to minimize the amount of data we collect about you (“you”). In order to interact with you, we do collect some information. This Privacy Policy (“Policy”) describes how we collect, use, and share your personal data in connection with our Site, Apps, Services and when you use our Digital Channels. 

As you read this Policy, you will notice that most sections include both a “Plain English” section as well as a corresponding “Legally-Binding Contract” section. The “Plain English” section is meant to provide you with a summary or explanation of the different sections of this Policy in concise, clear and plain language. The “Legally-Binding Contract” section is also written in as concise, clear and plain language as possible, but is slightly more thorough and thus lengthier. The “Legally-Binding Contract” section contains more technical words and more complex sentences and lists, and is meant to provide the most expansive explanation of each section of this Policy.  You are responsible for reading both sections together, using the “Plain English” section as a guide to understanding what you are agreeing to in the “Legally-Binding Contract” section. 

1. WHEN USER INFORMATION IS COLLECTED.  

  Plain English Legally-Binding Contract  
1.1   Information Collection. We collect your information whenever you use any of our websites, apps, products or services. Full access to our websites, apps, products and features requires that you provide us with any information requested, and that we be allowed to collect your information as set forth in this Privacy Policy. We will not ask for more information than is required to provide the features. If you choose not to provide us with certain information, we may not be able to provide you with certain features of our websites, apps, products or services.  Streetcred collects your information during your access or use of (i) any websites or web application provided, published, developed or made available by the Company, including the Site; (ii) any mobile or online applications provided, published, licensed, developed or made available by the Company, including the App; and (iii) any feature, content, software, hardware, services or other products available on or through the Site or the App or otherwise provided by the Company (together with the Site and the App, the “Services”). You access and use of the Services is conditioned on your providing us with any requested User Information.    

2. WHAT USER INFORMATION IS COLLECTED. 

 Plain English Legally-Binding Contract  
2.1   Digital Credentials We provide apps for people that let them access, manage, and share personal information in the form of digital credentials. The credentials are stored on the end-user’s device unless the user chooses to upload his or her data to the cloud for back-up purposes, for example. If using cloud back-up, Streetcred may manage encryption keys on the end-user’s behalf. Our digital identity technology and digital wallets are designed to provide a secure method for consumers to access and exchange identity-related information (“digital credentials”) when dealing with various organizations including when they use financial and other services and when purchasing goods and services. These digital credentials are stored on the end-user’s device. Where the end-user chooses to upload his or her data to the cloud (for example for back-up purposes), We may host the data through third-party cloud service providers. We may also hold encryption keys relating to your encrypted data. Where We provide the data hosting service, users’ data is encrypted such that even Streetcred itself cannot identify specific individuals. 
2.2   Personally Identifiable Information.   We may collect information that could be used to personally identify you, if you choose to provide it. This could be contact information, information from your IDs and government documents, and other similar information.  Company may collect any personally-identifiable information that you provide in connection with any Services, including, without limitation: your name, email address, mailing address, phone number, photograph, birthdate, passport, driver’s license, government-issued identification numbers, and other similar information provided with respect to your business or its employees, officers, representatives or affiliates, and certain historical, contact, and demographic information about you. 
2.3   Device Information.   We collect information about the devices that you use, including data structures stored on or associated with your device called “device identifiers”.  Company may access, collect, monitor, and/or remotely store information about your device when you access any Services, including hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with the Services. 
2.4   Payment Information.   To the extent that you make purchases on our Site, or Apps, we may collect information that you submit when making payments, such as credit card and bank account information, and information about any of your transactions and orders. Company may collect information provided in connection with you making, accepting, requesting or recording payments, credits or money transfers through any Services, including: payment card numbers, bank accounts information, when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions. 
2.5   Purchase Information.   We collect information about your purchase order history and preferences. Company may collect information and data about your purchase information and preferences, including products and services purchased, amounts paid, frequency of purchases, and similar information.   
2.6   Usage Information.  We collect information about how you use our Offerings. This is so we can improve the Offerings over time.  Company may collect information and data about how you use the Services, including access time, Services accessed, browser type and language, Internet Protocol (“IP”) address, webpages and applications viewed and used, time spent on webpages and applications, links clicked, and conversion information (e.g., transactions entered into). 
2.7   Aggregated Data.   We may aggregate any of the above types of information that we collect about you with information that we collect from other users, and then use the aggregated data for various purposes. Company may collect aggregated data about your or your use of Services, or any other aggregated form of the other types of User Information set forth above. Aggregated data that we collect cannot be specifically associated with you individually, unlike most of the other forms of User Information. 
2.8   Data from Clients When we provide software to businesses, businesses may pass their customers’ information onto our servers so they can use our products. During the course of data hosting services for our clients, we receive encoded data relating to our clients and clients’ customers. This data enables our clients to identify and interact with their customers when using our Services or Apps. The encoded data may be any of the User Information defined above.  

3. HOW USER INFORMATION IS COLLECTED.   

  Plain English Legally-Binding Contract  
3.1   Given by You.   When you submit any information to us through any of our websites, apps, products or services, we collect it. We consider this information as voluntarily provided. You provide certain User Information when you register for your account with the Services, as you use the Services, or as you engage with Company through its Digital Channels. We consider all such information voluntarily provided. 
3.2   Automatic Collection.   We may collect information automatically through our software or other technologies, whenever you access or use our websites, apps, products and services.  User Information can be recorded and collected by software or processes that run automatically on your computer or device or on Company’s servers as you use the Services. 
3.3   Analytics information. We may collect information through third-party tools that help us understand how people are using our Offerings and how to improve them. We collect, measure, and analyze traffic and usage trends in connection with our website and other Digital Channels, and We use third-party analytics tools to help us. We use Mixpanel to provide analytics services. This allows us to understand, among other things, who is using the Digital Channels, how they are using them, and ways to improve the Services. Such third-party analytics tools and services may use cookies and persistent device identifiers to collect and store information including, but not limited to time of visit, pages visited, time spent on each page, IP address, unique device ID, advertising tags and type of operating system used. 
3.4   Cookies.   We use “cookies” to collect information. “Cookies” are small files that we store on your device when you use our websites, apps, products and services. We use these “cookies” to store certain types of information about you and communicate that back to our software and servers. Some “cookies” are deleted after you finish using one of our websites, apps, products and services. Other “cookies” may remain on your device until you manually delete them. User Information may be collected by sending cookies to your device. Cookies are small data files that are stored on your hard drive or in your device memory when you use the Services. A cookie may also convey information to us about how you use the Digital Channels (e.g., the pages you view, the links you click and other actions you take) and allow us or our third-party analytics tools We use to track your usage of the Digital Channels. There are at least two different types of cookies: persistent and session cookies. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent use of the Digital Channels. Persistent cookies can be removed by following your Web browser’s directions for removal of cookies. A session cookie is temporary and disappears after you close your browser. You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how the Services are provided. 
3.5   Web Beacons.   We may use “web beacons” to collect information. “Web beacons” are electronic images that our software and servers can use to communicate and receive information. User Information may also be collected by using web beacons. Web beacons are electronic images that may be used in connection with the Services. Company may use web beacons to deliver cookies, track the number of visits to the Offerings, understand Service usage and effectiveness, and determine whether an email has been opened and acted upon.    
3.6   From Third Parties.   We may collect information from third-parties that already have information about you. User Information is also collected from third parties that already have access to certain of your User Information, including third-party verification services, mailing list providers, and publicly available sources. User Information may also include your data and content contained within a third-party service links or integrates with the Services. This Privacy Policy does not apply to, and Company is not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. Company continually evaluates analytics services to use in addition its own, and Company may update this policy in the future to reflect Company’s ongoing use of said services. 

4. HOW USER INFORMATION IS USED.   

  Plain English Legally-Binding Contract  
4.1   As Permitted by Law. We may use your information in any way not otherwise prohibited by law. We may use, publish, store, duplicate, manipulate and share User Information in any way not otherwise prohibited by applicable privacy laws.   
4.2   Providing Services. Collecting your information is necessary for us to be able to provide you with access to many of our websites, apps, products and services. We also use your information to personalize and optimize your experience within the websites, apps, products and services. User Information is stored and used so that you can verify your identify and save your preferences, profile and information in connection with creating, using and accessing your account with the Services, and to deliver, operate, provide, maintain, enhance, personalize, tailor and facilitate your use of the Services.  
4.3   Improving Services. We use your information to both improve our websites, apps, products and services, and to develop new products and services. User Information is also used to develop new products and Services, provide optimization, statistical analysis, and improvements for existing Services, and to improve web design and functionality. 
4.4   Communication Purposes.   We use your information to communicate with you.  User Information is used to deliver technical notices, security alerts, support messages, administrative notices and alerts, and communications relevant to your use of the Service, as well as to inform you about software compatibility issues, send news or information, conduct surveys and collect feedback. User Information is also used to communicate with you about products, services, contests, promotions, discounts, incentives, gift cards, loyalty programs, and rewards, based on your communication preferences and applicable privacy laws.   
4.5   Facilitate Payments. We use your information to allow you to make and process payments through or for our websites, apps, products and services. Using and storing your User Information is necessary for us to be able to process or record payment transactions or money transfers.  
4.6   Track and Display Consumer Behavior. We use your information so that our websites, apps, products and services can track your transaction and usage histories. User Information is stored so that the Services can track historical transactions, payments, invoices, receipts and past order information. User Information is also used to display current, ongoing, pending or requested transactions or orders. 
4.7   Legal Compliance.   We store your information so that we can comply with laws and regulations. User Information is stored so that we can comply with applicable laws and regulations, including the privacy laws and anti-money laundering laws. 
4.8   Aggregated Data Collection.  We collect your information so that we can track aggregated statistics about how our websites, apps, products and services are used by our users and how they perform. User Information is collected and aggregated to monitor aggregate usage and web traffic routing of all users of the Services, as well as to generate aggregated statistics about purchasing behavior of different demographics and populations. 
4.9   Dispute Resolution; Contract Enforcement.   We collect and store your information so that we can resolve disputes that may arise in connection with your use of our websites, apps, products and services. User Information may be used to resolve disputes; collect fees; provide assistance with problems with Services; protect Company rights or property or the security or integrity of the Services; enforce the Terms of Use and other terms and conditions that govern use of the Services; and investigate, detect and prevent fraud, security breaches, and other potentially prohibited or illegal activities. 

5.  HOW USER INFORMATION IS SHARED.   

  Plain English Legally-Binding Contract  
5.1   Facilitate Third Party Services.   We may share your information with our contractors, suppliers, and consultants that we use to perform critical functions for our websites, apps, products and services.   We, like many businesses, sometimes hire other companies or individuals to perform certain business-related functions and will need to share certain User Information for such parties to perform such functions. These third-party function may include: anonymous site metrics, analytics services, payment processing, point of sale services, task management services, order fulfillment and shipment/delivery of products and Services to users, mailing services, maintaining databases and other features or services included in or necessary for the Services.  When we employ another party to perform a function of this nature, we only provide them with the information that they need to perform their specific function.  
5.2   For Legal and Safety Purposes.   We may be required to share your information to comply with laws or to protect and enforce our legal rights. User Information may be shared for legal, protection, and safety purposes, such as to comply with laws, respond to lawful requests and legal processes, protect the rights and property of Company against competitors or claimants, and enforce our agreements, policies, and terms of use. 
5.3   Business Transfers.   If our Company is ever acquired or sold, we may transfer your information to the entity that is acquiring our business. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, User Information may be part of the transferred assets. 
5.4   Affiliated Entities.  If we have a subsidiary or a parent entity that we work with, we may share your information with them.  We may also share your User Information with our affiliated entities for purposes consistent with this Policy.  

6. HOW USER INFORMATION IS PROTECTED.   

  Plain English Legally-Binding Contract  
6.1   Protective Measures. We take protection of your information seriously and try to protect it as best as we reasonably can in as many ways as we reasonably can.  Company takes commercially reasonable measures, including administrative, technical, and physical safeguards, to (i) protect User Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, (ii) ensure the security, confidentiality, and integrity of the User Information, (iii) protect against any anticipated threats or hazards to the security or integrity of the User Information, (iv) protect against unauthorized access to, or unauthorized use or disclosure of, the User Information, and (v) take such security measures required by any applicable privacy laws.  
6.2   Third Party Partners and Employees.   We may use our own employees or third-party contractors to protect your information. We only give access to your information to those who need to know it in order to perform their jobs. Anyone with access to your information is obligated to keep it confidential and secure. Company may, by itself or using third-party service providers, hold, process and store User Information, including in the United States, Japan, the European Union and other countries. Company restricts access to User Information to those employees, contractors, and agents who need to know that information for purposes of performing their obligations to Company or to you, and who are subject to contractual confidentiality obligations, and who may be disciplined or terminated if they fail to meet these obligations. Company third-party service providers store and transmit User Information in compliance with appropriate confidentiality and security measures. 
6.3   Security Breach.   Despite our efforts, there may be a security breach where your information is accessed by unauthorized parties.  Company cannot guarantee that unauthorized third parties will never be able to defeat Company security measures or use User Information for improper purposes. In the event that any User Information in Company’s possession or under Company’s control is compromised as a result of a security breach, Company shall give prompt notice to you, with full particulars, and shall immediately commence a thorough investigation of any such incident.  
6.4   Company Not Liable for Breach. We will not be liable to you for any damages you experience as a result of a security breach or unauthorized access of your information. Company will not be liable for any damages, claims, liability, or causes of action that arise as a result of any such security breach. 

7. EXCLUSIONS.   

  Plain English Legally-Binding Contract  
7.1   Unsolicited Information Whenever you submit information to a public area of our websites, apps, products or services (such as community pages, comment areas, bulletin boards, chat rooms, forums, etc.), we are not responsible in any way for that information. We treat it such information as non-confidential, and you authorize us to do anything with that information that we want.   This Policy shall not apply to (i) information posted by you to any public areas of the Services, such as bulletin boards, chat room, community pages or comment areas, (ii) any ideas for new products or modifications to existing products, and (iii) other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and voluntarily given, and Company shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.   

8. CHOICES; INTERNATIONAL PRIVACY LAWS; RETENTION; OUR CONTACT INFORMATION. 

  Plain English 
8.1   Right to be Informed; Access. We strive to be completely transparent in how we are using your personally identifiable information (your “Personal Data”). You have the right to know exactly what Personal Data is held about you and how it is processed. 
8.2   Right of Rectification. You are entitled to correct your Personal Data if it is inaccurate or incomplete.   
8.3   Right of Erasure or to Decline to Share. You have the right to have your Personal Data deleted or removed for any or no reason, and you have the right to decline to share certain Personal Data with us. However, if you choose to exercise either of these right, your ability to use and access our websites, apps, products and services may be impacted because various features require your Personal Data to function correctly. 
8.4   Right to Data Portability. You have the right to retain and reuse any Personal Data for your own purpose.   
8.5   Right to Object; Restrict Processing. In certain circumstances, you are entitled to object to the use of your Personal Data. This includes when your Personal Data is used for the purpose of direct marketing, scientific and historical research or the performance of a task in the public interest, when such use has a consequence with a legal bearing on yourself, or when such use is for the purpose of automatic decision making that has a material impact outside your use of our websites, apps, products or services. You may not object if our use of your Personal Data is otherwise permitted by applicable law. 
8.6   International Privacy Laws If you are using any of the websites, apps, products or services from outside the United States, please be aware that you are sending information, including personally identifiable information and data, to the United States where our servers are located. That information may then be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how it is stored or used by us. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Data will at all times continue to be governed by this Privacy Policy.  For personally identifiable information received from the European Union, we also certify that we adhere to the EU-US Privacy Shield principles of Notice, Choice, Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, and Enforcement 
8.7   Data Retention We only retain your Personal Data for as long as your account with us is active, and then for an additional limited period of time for as long as we need it to fulfill the purposes for which we initially collected such information, unless otherwise required by law or to protect our rights. For example, we may be required to retain copies of certain information to comply with legal obligations, to resolve disputes or enforce our agreements.  
8.8   Contact Information and Choices. If you have any questions that aren’t addressed by this Privacy Policy, please let us know! Our contact information can be found at the top of this Privacy Policy. Use it to contact us for anything related to our use of your information, including opting-out of sharing your information with others, updating your information, finding out what information we have about you, or for anything that you feel violates any of your above listed rights. 
8.9   Children Our servies are not directed to children and/or persons under the age of majority in their respective jurisdictions and is intended for use by adults and/or persons at or over the age of majority only. We do not knowingly collect personal data from individuals under eighteen (18) years of age. If you are under the age of eighteen (18), please do not submit any information through our digital channels or other offerings and do not provide your consent for the use of your data unless your parent or guardian has approved. 

9. CHANGES TO THIS PRIVACY POLICY.   

  Plain English Legally-Binding Contract  
9.1   Changes to this Policy. We may change this Privacy Policy whenever we like. When we change it, the modified version will be posted on our websites, apps, products or services, and you may be notified through your account, an email, or through a posting on our websites, apps, products or services.   This Policy is subject to occasional revision, and if we make any substantial changes, we may notify you through the Services, by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on the Site or through your account.  You are responsible for providing us with your most current e-mail address.  In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice.   
9.2   Effectiveness of Changes. When we make changes to this Privacy Policy, those changes will go into effect 15 days after we give you notice of those changes.  Any changes to this Policy will be effective upon the earlier of fifteen (15) calendar days following our dispatch of an e-mail notice to you (if applicable) or fifteen (15) calendar days following our posting of notice of the changes on our Site.  These changes will be effective immediately for new users of the Services.  
9.3   Acceptance of Policy. If you continue to use any of our websites, apps, products or services after those changes go into effect, we will consider that as your acceptance of those changes. Continued use of the Services following notice of changes to this Policy shall indicate your acknowledgement and acceptance of such changes and agreement to be bound by the updated Policy.  
9.4   Last Revision Date. You can confirm the last date when this Privacy Policy was updated at the top of this policy. You should review this policy frequently, especially before you provide any information to us. This Policy was last updated on the date indicated above. Please review this policy periodically, and especially before you voluntarily provide any User Information.