Privacy Policy
Privacy Policy
LAST UPDATED: November 1, 2024
Our Privacy Pledge:
We consider your data—especially your video streams–your very private information. PERIOD. This is our guiding principle for everything that we do.
- Deep Sentinel personnel may access your Content only after signing explicit agreements that include Non-Disclosure and Non-Retention (they may not keep, distribute or talk about ANY customer videos unless necessary to provide the Services)
- LiveSentinel personnel (a “Guard”) review Content as a core part of our LiveSentinel service.
- When a Guard accesses live streams of Content, you will be provided the name of the guard who viewed the video in the App.
- Multiple Guards may view Content to support the primary Guard within 20 minutes of an Event to assess the Event, whether it requires Escalation, and Response where applicable.
- LiveSentinel personnel may view Content for quality control purposes.
- Our support services team and developers may access your videos or data to improve the Service or address problems
Please note that these pledges are provided in good faith as a summary of the complete binding Privacy Policy as below.
Deep Sentinel Corp. and its subsidiaries and affiliates (collectively referred to herein as “we,” “us,” “our,” or “Deep Sentinel”), respects your privacy and the importance of the information you entrust to us. With this in mind, we provide you this privacy policy (the “Policy”) to help you understand the kinds of information we may gather about you when you use the Deep Sentinel website (“Site”) or any of our Services, how we may use and disclose the information, and how you can control, correct and/or update the information. By accessing or using the Site or Services, you are accepting the policies and practices described in this Policy. Each time you visit or use the Site or Services, you agree and expressly consent to our collection, use and disclosure of the information that you provide as described in this Policy. This Policy shall be read in conjunction with our Terms of Service and all the relevant provisions of the Terms of Service (including but not limited to indemnification, limitation of liability, governing law and dispute resolution) shall mutatis mutandis apply to this Policy and be deemed to be incorporated herein by reference. Any capitalized terms not defined herein shall have the meaning as set forth in the Terms of Service and/or End User License Agreement.
Please note that this Policy does not apply to your use of third-party sites, services, or applications you may access through the Services. We encourage you to review the privacy policies of those third parties for more information regarding their privacy practices.
In this Policy, the term Services included all Deep Sentinel Products as well as Deep Sentinel Software (including Deep Sentinel Web Apps and Deep Sentinel Mobile Apps), and Deep Sentinel LiveSentinel services as defined in the Terms of Service. This policy applies in circumstances where we are acting as a data controller with respect to the Personal Information (as defined herein) of Users of our Site and/or Services; in other words, where we determine the purposes and means of the processing of that Personal Information.
INFORMATION WE MAY COLLECT
- Information You Provide to Us
When you install certain Services, you’ll be asked questions to enable us create an initial program. For example, we’ll ask for information related to camera location, as well as your address and/or postal/ZIP code. This information enables us to customize your experience by, for example, retrieving weather information for your neighborhood or by enabling intelligence around Products in your Protected Property when you leave and when you come back. In addition, and for purposes of providing the Services to you, we collect certain information when you download our mobile application(s), register for our Services, sign up for an Account, complete a form, participate in any interactive features of the Services, request customer support, or otherwise communicate with us. The types of information we may collect include your name, email address, mailing and billing address and payment information, and any other information you choose to provide. For purposes of registering and using the Services, we collect certain information that can identify you (“Personal Information”), such as your name and contact information (email, address, company affiliation and phone number), as well as financial information such as credit card details. Personal Information also includes, for purposes of this Policy, the definition of personal data as such term is defined in Article 4(1) of the GDPR. We will never sell, rent, trade or use your Personal Information other than as specifically needed to provide the Services specifically requested by you. If you choose not to provide information that is necessary to provide the Services, you may not be able to use certain aspects or all of the Services. Deep Sentinel discloses Personal Information only to those of its employees, contractors, affiliated organizations and subcontractors that (i) need to know the information in order to process it on yours and our behalf, and (ii) that have agreed in writing to non-disclosure restrictions at least as strong as those herein.
You acknowledge and agree that communications, including phone calls or “chat” services, interactions over other devices such as cameras, with Deep Sentinel or our third-party agents may be monitored, recorded and retained by Deep Sentinel. You consent to the monitoring and recording of all conversations between you and Deep Sentinel and you release us from and against any and all claims, liabilities and losses that may result from any such monitored and/or recorded conversations. Depending on the nature of your inquiry or activities on the Services, we may also ask for other information relevant to your use of the Services.
The following types of information will or may need to be provided:
- Wi-Fi Network Information: To connect devices or sensors to the Services, or to access the Services over the Internet from a computer, a smartphone or a tablet, you will need to connect it to your Wi-Fi network. During setup, Deep Sentinel may ask for your Wi-Fi network name (SSID) and password to connect to the Internet or to connect Deep Sentinel devices together. This information may be saved on the device or in Deep Sentinel’s servers, along with your IP address, so that you can access it and control it from your computer, smartphone or tablet, and so that it can communicate with Deep Sentinel servers and download software updates. Once connected to your account, your devices regularly send the data as provided for herein (excluding your Wi-Fi password) to Deep Sentinel to provide you with the Services.
- Additional Authorized Users: Deep Sentinel may provide you with the ability to enable additional authorized users to access your account or parts of your account. If you do so, the additional authorized users may control and view some or all of your devices and content. An invited user must have or create a Deep Sentinel account, and information about invited users (like email address, name, or changes to product settings) will be stored with their account and will be governed by this Policy as its own account.
- Email Addresses and/or mobile phone: When you create a Deep Sentinel account, we collect and store your email address and/or mobile phone (from here, your “Contact Information”). From that point forward, your Contact Information is used for communications from Deep Sentinel. In addition, Deep Sentinel may provide you with the ability to enable individuals to access your account or to invite other individuals such as friends or family to share access to your content such as recorded video footage. We will ask you for the Contact Information of any such individuals and automatically send an invitation on your behalf. Deep Sentinel stores this information to send this invitation, to register your friend if your invitation is accepted, and to track the success of our invitation services.
- Basic Profile Information: Your account allows you to provide certain basic profile information like your name and profile photo. Names and profile photos may be shown to others in connection with the Services. For example, if you invite someone as an additional authorized user, he or she will be able to see your name and photo. You should only use photos you are willing to make public.
- Mobile location data: You may choose to enable features share location data from your mobile device or from additional authorized users. This data may be processed or combined with data from other products to enhance features for Deep Sentinel.
- Information We Collect Automatically When You Use the Site and Certain of the Services
When you access or use the Site or Services, we automatically collect information about you, including some or all of the following:
- Log Information: We log information about your use of the Site or Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to the Site or Services. Publicly available tools can sometimes provide the approximate location for IP addresses.
- Device Information: We collect information about the computer or mobile device you use to access the Site or Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information. Also, we collect video and audio signals and data as well as environmental data and technical information from your cameras, sensors and other devices.
- Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored in device memory that help us to improve the Site and your experience, see which areas and features of the Site are popular, and count visits. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in the Site or emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
We also may collect other types of information in the following ways when you visit or use the Site or Services:
- Details of how you used and interacted with the Site or Services, such as your search queries and how you responded to certain questions.
- Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- Our server logs automatically collect information, such as your IP address, your browser type and language, and the date and time of your visit, which helps us track your movements around the Site or Services and understand trends.
- Information We Collect From Other Sources
We may also obtain information from other sources and combine that with information we collect through the Services. For example, we may collect information about you from third parties who provide services on our behalf, such as maintaining and monitoring usage of the Site and Services and processing payment transactions.
USE OF INFORMATION
We may use information about you for various purposes, including the following:
- Provide, maintain, and improve the Site and Services;
- Provide and deliver the products and services you request, process transactions, and send you related information;
- Verify your identity and, if applicable, authorization for you to use the Site and Services;
- Process payment for Services you order;
- Manage your account;
- To prevent or address service, security, technical issues or at your request in connection with customer support matters;
- Respond to your comments, questions, and requests;
- Send you technical notices and other administrative messages;
- Communicate with you about Products and Services, offered by us or others, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage, and activities in connection with the Site and Services;
- Conduct research, analysis, and surveys;
- Personalize and improve the Site and Services and provide content or features that match user profiles or interests;
- Enforce our Terms of Service and End User License Agreement;
- Ask you to participate in surveys;
- Link or combine with information we get from others in connection with the Services; and
- Carry out any other purpose for which the information was collected.
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable User of the Site or Services. In other words, information about how you use the Services may be collected and combined with information about how others use the same Services, but no personally identifiable information will be included in the resulting data.
SHARING OF INFORMATION
We may share or transfer information about you as follows or as otherwise described in this Privacy Policy:
- With vendors, consultants, subcontractors and other service providers who need access to such information to carry out work on our behalf to provide and support the Products and Services. For example, we have service providers who help with some of our processing and storage, including helping to answer your questions. They may also assist with monitoring our servers for technical problems. These parties only have access to such information as necessary to perform their functions and may not use it for any purpose other than to provide services to us;
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule, or regulation;
- If we believe your actions are inconsistent with the spirit or language of our Terms of Service or other agreements or policies, or to protect the rights, property, and safety of you, us, or others;
- In connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company (we will request a purchaser to treat our data under the privacy statement in place at the time of its collection);
- With your consent or at your direction. One example of this would be if you invite another user to access the Services on your account as an Authorized User. Another example is if you sign up for programs offered by our partners. If you do this, we may share certain information with the partner, but again only with your explicit consent. This could include things like your enrollment information and the activation status of your device. Similarly, when you connect third-party devices and services to your Deep Sentinel Products, you are shown information about any proposed exchange of data. Your explicit consent is required to allow these exchanges on your behalf and you can change your mind at any time.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
PAYMENT INFORMATION
Deep Sentinel may collect credit card or additional payment information from you. However, it’s important to note that we do not store any of this payment information or process any of your payments on our servers, but rather use a third party payment processor that handles such transactions (“Payment Processor”). Therefore, any information regarding your payment processing and security must be verified in Payment Processor’s own Terms of Service Agreement and Privacy Policy. Payment Processor may provide us with unique authentication tokens to make payment requests with. Payment Processor may also provide us with information such as your name, credit card type, expiration date, and the last four digits of your credit card number. This information is used only for the purposes of completing transactions you have initiated through the Services, protecting against or identifying possible fraudulent transactions, and otherwise as needed to manage the Services.
ANALYTICS SERVICES
We may allow others to provide analytics services in connection with the Services, such as Hubspot, and Google Analytics. These entities may use cookies, web beacons, and other technologies to collect information about your use of the Site and Services, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. We and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, personalize the user experience, and better understand your activity.
- To learn more about Hubspot, please visit https://legal.hubspot.com/privacy-policy
- To learn more about Google Analytics, please visit https://policies.google.com/privacy.
RETENTION
We will retain your Personal Information for the period of time that is necessary to fulfil the original purposes for which it has been collected. At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. Please keep in mind that, in certain cases, a longer retention period may be required or permitted by law or to allow us to pursue our business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute. We may also retain cached or archived copies of your personally identifiable information for the duration of your use of the Services or until you request deletion of such data in compliance with applicable law.
The criteria used to determine our retention periods include:
- Time needed to provide you with our Services or to operate our business.
- Whether your account with us is active. You may contact us to make your account inactive at any time.
- Legal, contractual, or similar obligations to retain your data, such as mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation.
Please note that we are not responsible for storing any information that you provide to us or for any content or information that we provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the Site or Services.
Deep Sentinel has specific data retention policies for the following types of data:
- Video data on your hub. Videos are stored on your hub until space is needed. The Deep Sentinel software running on your hub will intelligently select how long videos will be retained here based on the importance of a video.
- Personal Data on Deep Sentinel Servers. Deep Sentinel generally stores your personal information on Deep Sentinel’s servers until you delete or edit it, or for as long as you remain a Deep Sentinel customer in order to provide you with Deep Sentinel Products or Services. You can access, amend or delete your personal information from Deep Sentinel’s servers through the controls in your account. Because of the way we maintain certain Services, after your information is deleted, backup copies may linger for some time before they are deleted, and we may retain certain data for a longer period of time if we are required to do so for legal reasons.
- Video Data on Deep Sentinel Servers. Deep Sentinel will retain video data on Deep Sentinel Servers under three types of circumstances:
- To deliver or improve Products. Videos that are being used to improve the Products and Services may be retained for up to 24 months. If you wish to have specific videos removed from this use, simply contact [email protected]
- Videos reviewed by LiveSentinel Guards. Videos that have been viewed by a LiveSentinel Guard may be retained for up to 24 months.
- Videos resulting in a LiveSentinel interaction or a request for support from police or another private security firm may be retained up to 24 months, or until the extent of the statute of limitations of any potential legal action, whichever is longer.
SECURITY
We work hard to protect your information and take appropriate commercially reasonable physical, electronic, and other security measures to help safeguard information and data from loss, unauthorized access, alteration, misuse or disclosure. Our security practices include:
- Encrypting many of our Services using SSL;
- Frequent review of information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We secure access to all transactional areas of our websites and apps using firewall, secure key and encryption technology.
- Access to your Personal Information is password-protected, and payment information is stored only on PCI compliant systems.
- We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
- Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing your Personal Information
- Technology safeguards, like the use of anti-virus and endpoint protection software, and monitoring of our systems and data centers to ensure that they comply with our security policies
- Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect your Personal Information
No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, we cannot guarantee absolute security around the storage or transmission of any data.
Deep Sentinel does not seek to collect sensitive Personal Information other than as stated herein (also known as special categories of data as defined in Article 9 of the GDPR). If we do so we will always collect the data in accordance with applicable data privacy requirements. If you choose to provide us with unsolicited sensitive Personal Information, you will be asked to consent to our processing of such data on a case-by-case basis by using a specific express consent form.
OTHER WEBSITES AND OTHER PRODUCTS
This Privacy Policy applies only to information we collect at and through our Site or Services. The Site and Services may contain links to or embedded content from third party websites. A link to or embedded content from a third party website does not mean that we endorse that third party website, the quality or accuracy of information presented on the third party website or the persons or entities associated with the third party website. If you decide to visit a third party website, you are subject to the privacy policy of the third party website as applicable and we are not responsible for the policies and practices of the third party website. We encourage you to ask questions before you disclose your information to others.
Any data that Deep Sentinel receives from third-parties will be processed and stored by Deep Sentinel and will be treated in accordance with this Privacy Statement. This information may be processed in the same ways as any other data that is a part of your Deep Sentinel account or the Deep Sentinel logs.
If you select an outside party for the purchase, installation, or service of your Deep Sentinel device and share your personal information, we cannot control the collection, storage or sharing of information collected by that party. For example, if you use the Services but purchase your cameras from an independent retailer, the retailer may collect personal information as part of the transaction. Or the party that installed the device may retain information that you provided to them to assist them in servicing the device if needed. Always check the privacy policies for any company that collects your personal information.
DO NOT TRACK
Some web browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus for how companies should respond to “do not track” signals, although one may develop in the future. We do not respond to “do not track” signals at this time; if we do so in the future, we will describe how in this Privacy Policy.
CALIFORNIA PRIVACY RIGHTS
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to [email protected].
CHILDREN UNDER THE AGE OF 18
The Site and Services are intended for users who are eighteen (18) years of age and older. If you are under the age of eighteen (18), you are not permitted to submit any Personal Information to us. If you believe we might have any information from or about a child under 18, please contact us at [email protected].
TRANSFER OF PERSONAL INFORMATION; INTERNATIONAL VISITORS
The Site and Services are provided for access and use by persons located in the United States. If you use the Site and Services from outside of the United States, you do so at your own risk. You are solely responsible for ensuring compliance with the laws of your specific jurisdiction, including the specific laws of your jurisdiction regarding the import, export, or re-export of the Services. If you are outside the United States, you acknowledge that by providing your Personal Information, you are: (a) permitting the transfer of your Personal Information to the United States which may not have the same data protection laws as the country in which you reside; and (b) permitting the use of your Personal Information in accordance with this Privacy Policy.
Protecting your data outside the United States
We may transfer Personal Information that we collect from you to third-party data processors in countries that are outside the United States. For example, this might be required in order to fulfill your order, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the United States. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our compliance department. Any transfer of your Personal Information will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
YOUR RIGHTS / OPTIONS
Access and Control of Your Personal Information
We use reasonable processes to ensure compliance with this privacy policy and periodically verify that the policy is accurate. We encourage you to raise any concerns by contacting us at [email protected], and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of information. Unless legal restrictions apply, you have the right to access the information we hold about you free of charge. You may update, correct or delete your information at any time by contacting us at [email protected]. You can help us maintain the accuracy of your information by notifying us of any changes. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting. We will respond to your request within 30 days of receipt, unless we inform you that it will take longer, as permitted by law under certain circumstances. Please note that there may be instances where access may be restricted as permitted or required by law. We will advise you of the reasons for restricting access subject to any legal or regulatory limitations. In addition, please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period. Please note that we are not responsible for storing any information that you provide to us or a third party or for any content or information that we or a third party provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the Services.
Third Party Marketing Communications
Under no circumstance do we share personal information for any commercial or marketing purpose unrelated to the activation and delivery of the Services. If this changes at any point in the future, we will be required to ask you first—but let’s be absolutely clear. We do not plan on making this change, and if we do make this change at some point, you would need to opt-in to such a change. Unless you proactively agree to participate, your information will never be shared by Deep Sentinel with a third party for marketing purposes unrelated to Deep Sentinel Products and Services.
Marketing Communications: Opt Out
You may opt out of receiving marketing communications from us by following the instructions in those communications or by emailing us at [email protected]. In such cases, we will retain minimum Personal Information to note that you opted out in order to avoid contacting you again. Please note that even if you opt out from receiving marketing communications, we may still send you administrative communications, such as technical updates for our Services, order confirmations, notifications about your account activities, and other important notices. Non-Discrimination
We will not discriminate against you because you elect to exercise any of the rights related to your Personal Information, including but not limited to:
- Denying you products or Services;
- Charging you different prices or rates for Services, including through the use of discounts or other benefits or imposing penalties on you;
- Providing a different level or quality of Services to you; or
- Suggesting that you will receive a different price or rate for Services or a different level or quality of Services.
PRIVACY POLICY CHANGES
Deep Sentinel reserves the right to change, modify, add, or remove portions of this Policy at any time and without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. However, we will not use your Personal Information in a way that is materially different than the uses described in this Policy without giving you an opportunity to opt out of such differing uses. Your continued use of the Site or Services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of the Policy, as amended. We encourage you to review this Policy regularly.
HOW TO CONTACT US
If you have any questions about this Policy, or our information practices, please contact us by email at [email protected].
STATE ADDENDUM TO THE DEEP SENTINEL PRIVACY POLICY
ADDENDUM DATE: July 1, 2023
This State Addendum to the Deep Sentinel Privacy Policy (“Addendum”) supplements the terms of Deep Sentinel’s Privacy Policy and applies to individuals who are residents of California, Colorado, Connecticut, Virginia, and Utah, as specified below. It describes the rights you may have, depending on the state of your residence, with regard to your personal information, which apply when new or updated laws take effect in these states. This Addendum does not apply to any employees, owners, directors, officers, or contractors of Deep Sentinel or its affiliates.
- California Privacy Policy
The section relates solely to residents of the State of California, and for purposes of this section, “you” means residents of the State of California. This section will provide you with information about our information practices and your privacy rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and applicable regulations (collectively referred to as “CPRA”). Any terms defined in the CPRA have the same meaning when used in this section.
- Personal Information we collect
Deep Sentinel collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“CPRA Covered Personal Information” or “personal information”). CPRA Covered Personal Information does not include personal information that has been de-identified or aggregated, or that is publicly available information from government records.
In particular, we have collected the following categories of CPRA Covered Personal Information from consumers (as that term is defined in the CPRA) within the last twelve (12) months:
Category | Examples | Collected |
A. Personal Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, Account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes |
B. Personal and financial information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status. | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on your interaction with a Site, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | Yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes |
I. Professional or employment related information | Occupation, title, employer information, current or past job history or performance evaluations. | No |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
J. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
L. Sensitive Personal Information | Social security, driver’s license, state identification or passport numbers; Account log-in, financial account, debit or credit card number in combination with any required security or access code, password or credentials allowing access to an Account; precise geolocation data; racial or ethnic origin, religious or philosophical beliefs or union membership, content of mail, email and text messages unless business is the intended recipient; genetic data; processing of biometric information for the purposes of uniquely identifying a consumer; personal information collected and analyzed concerning your health. | Yes |
- Categories of sources from which we collect personal information
You have the right to know the categories of sources from which we collect your personal information. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy.
- Our processing of your personal information
You have the right to know how we process and use your personal information. We make this information available to you in the USE OF INFORMATION section of our Privacy Policy.
- Disclosure of Personal Information
You have the right to know if we share your personal information with any third parties and the categories of those third parties. We make this information available to you in the SHARING OF INFORMATION section of our Privacy Notice.
- No Sales or Sharing of Personal Information
We do not sell personal information for monetary or other consideration, and we do not share your personal information for cross-context behavioral advertising (as defined in the CPRA). We have also not sold or shared the personal information of consumers under 16 years of age.
- Use of Sensitive Personal Information
We do not use or disclose sensitive personal information for purposes other than those specified in section 7027, subsection (m) of the CPRA regulations and we do not collect or process sensitive personal information for purposes of inferring characteristics about you.
- Your CPRA Consumer Rights
- Where we are acting as a business (as opposed to a service provider as those terms are defined in the CPRA), you have the following rights:
- Right to Access. You have the right to request that we disclose the categories of personal information we collected about you, the categories of sources for the personal information we collected about you, our business or commercial purpose for collecting your personal information, the categories of third parties with whom we share your personal information; and the specific pieces of personal information we collected about you.
- Right to data portability. You have the right to obtain a copy of your data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to a third party.
- Right to delete. You may have the right to request that we delete your personal information where we act as a business. This right is subject to several exceptions and we may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information and take actions reasonably anticipated within the context of our ongoing business relationship with you or our client;
- Detect bugs or errors in our Services, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information as permitted by law or that are compatible with the context in which we collected it.
- Right to correct. We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you have the right to request that we correct any inaccurate personal information that we have about you.
- Right to non-discrimination and no retaliation. We will not discriminate or retaliate against you for exercising any of your rights under the CCPA, including we will not deny you goods or services, charge you different prices for goods or services, provide you a different level or quality of goods or services, or suggest that you will receive a different price for goods or services or a different level of quality of goods and services.
- Exercising Your Rights
You may exercise your rights to know, delete and correct as described above by submitting a verifiable request to us by emailing us at customercare@ DeepSentinel.com.
- Verification Process
We are only required to fulfill verifiable requests. Only you, you as a parent or a legal guardian on behalf of a minor child, or your authorized agent may make a verifiable request related to personal information. If you submit your request through an authorized agent, we may require you to provide your agent with written permission to do so and verify your identity. We may deny any request by an authorized agent that does not submit proof that the agent has been authorized by you to act on your behalf.
- For requests for access to categories of personal information, we will verify your request to a “reasonable degree of certainty.” This may include matching at least two data points that you would need to provide with data points we maintain about you and that we have determined to be reliable for the purposes of
- For requests for specific pieces of personal information (portability request), we will verify your request to a “reasonably high degree of certainty.” This may include matching at least three data points that you would need to provide with the data points we maintain about you and that we have determined to be reliable for the purposes of verification. We will also require you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
- For requests to delete, we will verify your request to a “reasonable degree” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to the consumer posed by unauthorized deletion.
We will use the personal information you provide in a request only for purposes of verifying your identity or authority to make the request.
- Response Timing and Format
We will respond to a verifiable request within forty-five (45) days of its receipt, and will notify you within those forty-five (45) days if we require more time to respond and the reasons for the additional time. If you have an Account with us, we will deliver our written response to that Account. If you do not have an Account with us, we will deliver our written response by mail or electronically, at your option. (Note that the law prohibits us from disclosing at any time a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an Account password, security questions and answers, or any unique biometric data.) If we cannot comply with a request or a portion of the request, we will include the reasons in our response. If we deny your request on the basis that it is impossible or would involve a disproportionate effort, we will explain our reasons, such as the data is not in a searchable or readily accessible format, is maintained for only legal or compliance purposes, or is not sold or used for any commercial purpose and our inability to disclose it, delete or correct it would not impact you in any material manner.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
*Please note that in certain cases we may collect your personal information as a service provider (as opposed to a business, as those terms are defined in the CPRA) pursuant to a contract we have with a commercial client (the CPRA business) to provide a service. In such a case, we are required to collect and process your information only based on the instructions received from the business. Should you direct your requests to exercise your rights to us, we may be required to share your request with the business, who is the party responsible under the CPRA for receiving, verifying and responding to your requests, or we may direct you to make your request directly to the business.
- CPRA exemptions
This section (California Privacy Policy) does not apply to the following data which is exempt from the CPRA, including but not limited to: medical information governed by the California Confidentiality of Medical Information Act (CMIA); protected health information collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 (DPPA).
- Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services who are California residents to request certain information regarding our disclosure of personal information to affiliates and other third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].
- Notice of Colorado, Connecticut, Virginia and Utah Privacy Rights
The section relates solely to residents of the States of Colorado, Connecticut, Virginia and Utah, and provides you with information about your privacy rights under the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CDPA), the Virginia Consumer Data Protection Act (VCDPA) and the Utah Consumer Privacy Act (UCPA).
This section shall be effective for the residents of those States on the dates set forth below:
- Effective January 1, 2023, for residents of the State of Virginia
- Effective July 1, 2023, for residents of the States of Colorado and Connecticut
- Effective December 31, 2023, for residents of the State of Utah
For purposes of this section, “residents”, “consumers” or “you” means individuals of those states who are acting in their individual or household context. This section does not apply to individuals acting in their commercial or employment context.
- Personal Information we collect
You have a right to know the categories and types of personal information we collect about you. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy.
- Categories of sources from which we collect personal information
You have the right to know the categories of sources from which we collect your personal information. We make this information available to you in the INFORMATION WE MAY COLLECT section of our Privacy Policy.
- Our processing of your personal information
You have the right to know how we process and use your personal information. We make this information available to you in the USE OF INFORMATION section of our Privacy Policy.
*For residents of the State of Virginia, to the extent that we maintain de-identified data, we take reasonable measures to ensure that de-identified data cannot be associated with a natural person, we publicly commit to maintaining and using de-identified data without attempting to re-identify the data, and we contractually obligate any recipient of the data to comply with the same obligations.
- Disclosure of Personal Information
You have the right to know if we share your personal information with any third parties. We make this information available to you in the SHARING OF INFORMATION section of our Privacy Policy.
- No Sale of Data or Use of Data for Targeted Advertising
We do not sell your personal information and we do not use your data for targeted advertising (as that term is defined by your applicable state law). We may send you advertising in response to your request for information or feedback or based on your activities with our Services, including your search queries and visits to our Services. However, we will not send you targeted advertising based on your activities across non-affiliated websites, applications or platforms to predict your preferences or interests.
- Your Rights
- Where we act as the Controller of your personal information (as opposed to a Processor as those terms are defined in your applicable State law), you have the right to submit a request to us for the following:
- Right to access. You have the right to know if we process your personal information and have access to such information and certain details of how we use it.
- Right to correct. We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you have the right to request that we correct any inaccurate personal information that we have about you.
- Right to delete. You may have the right to request that we delete your personal information where we act as a controller. This right is subject to several exceptions and we may deny your deletion request if retaining the information is necessary for us or our processors to:
- Complete the transaction for which we collected the personal information and take actions reasonably anticipated within the context of our ongoing business relationship with you or our client;
- Detect bugs or errors in our Services, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information as permitted by law or that are compatible with the context in which we collected it.
- Right to restriction of processing (opt-out). You have the right to opt-out of processing your personal information for purposes of profiling in furtherance of any automated processing of your data that produce legal or similarly significant effects concerning you. (This right only applies to residents of the States of Colorado, Connecticut and Virginia.)
- Right to data portability. You have the right to obtain a copy of your data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to a third party.
- Right to non-discrimination and no retaliation. We will not discriminate or retaliate against you for exercising any of your rights, including but not limited to, by denying you goods or services, charging you different prices for goods or services, or providing you a different level or quality of goods or services.
- Right to restrict the processing of sensitive information
Unless we are processing your sensitive information pursuant to any of the legal exemptions listed in Section 8 (Exemptions) below or as otherwise allowed by law:
- For residents of the States of Connecticut, Virginia and Colorado, we will not process your sensitive information without first obtaining your consent; and
- For residents of the State of Utah, we will not process your sensitive personal information without providing you with notice and an opportunity to opt out.
- Exercising Your Rights
You may exercise your rights to know, delete and correct as described above by submitting a verifiable request to us by emailing us at [email protected].
- Authentication Process
We will only fulfill request when we can verify your identify and confirm that you are authority to make such a request. Only you, you as the parent or legal guardian on behalf of your minor child, or your authorized agent, guardian or conservator may make a request related to personal information. If an authorized agent, legal guardian or conservator submits the request, we may require your written permission to do so and may require additional information to authenticate your identity. We may deny a request by an authorized agent, legal guardian or conservator who does not submit proof of authorization to act on your behalf. We will only use the personal information you provide in a request to verify your identity or authority to make the request.
- Response Timing and Format
We will respond to an authenticated request within forty- five (45) days of its receipt, and will notify you within those forty-five (45) days if we require more time to respond and the reasons for the additional time. If you have an Account with us, we will deliver our written response to that Account. If you do not have an Account with us, we will deliver our written response by mail or electronically, at your option. If we cannot comply with a request or a portion of the request, we will include the reasons in our response.
*For residents of the States of Colorado, Connecticut and Utah, you may make one request within a twelve-month period at no charge.
*For residents of the State of Virginia, you may make a request up to two (2) times within a twelve (12) month period at no charge. We reserve the right to charge a fee to process or respond to any request that we consider excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Right to Appeal
You have the right to appeal our decision within a reasonable period of time after receipt of our response. You may appeal our decision by sending us an email at customercare@ DeepSentinel.com. We will respond to your appeal within 60 days of receipt (45 days of receipt for residents of Colorado) and will inform you of any decisions and the reasons for such decisions.
* Please note that in certain cases we may collect your personal information as a processor (as opposed to a controller, as those terms are defined in your applicable state privacy law) pursuant to a contract we have with a commercial client (the controller) to provide a service. In such a case, we are required to collect and process your information only based on the instructions received from the controller. Should you direct your requests to exercise your rights to us, we may be required to share your request with the controller, who is the party responsible under your applicable state privacy law for receiving, authenticating and responding to your requests.
- Exemptions
This section (Notice of Colorado, Connecticut, Virginia and Utah Privacy Rights) does not apply to certain entities and data that are exempt from your applicable state privacy law, including but not limited to the following: covered entities, business associates and protected health information governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH); financial institutions and personal information subject to the Gramm-Leach-Bliley Act (GLBA); and personal information collected, processed, sold, or disclosed pursuant to certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Family Educational Rights and Privacy Act, the Farm Credit Act and the Driver’s Privacy Protection Act of 1994 (DPPA).