Footprint Privacy Policy
Last Updated: January 20, 2023
This Privacy Policy is designed to help you understand how One Footprint Inc. (“Footprint,” “we,” “us,” or “our”) collects, uses, and shares your personal information, and to help you understand and exercise your privacy rights.
Notice at Collection. At or before the time of collection, California residents may have a right to receive notice of our practices, including the categories of personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared and how to opt-out of such uses, and how long such information is retained. You can find those details in this statement by clicking on the above links.
SCOPE AND UPDATES TO THIS PRIVACY POLICY
This Privacy Policy applies to personal information processed by us in the course of providing our website located at https://www.onefootprint.com/, our mobile application, our identity verification services, and our related online or offline offerings. To make this Privacy Policy easier to read, our website, our identity verification services, our mobile application, and our other offerings are collectively called the “Services.”
Footprint allows individuals to verify their identity (“End Users”) using our Services through the use of a proprietary platform which combines facial recognition technology, ID authenticity checks, third-party database checks, and other proprietary methods.
End Users may use our Services to share personal information with Footprint customers. Our customer’s use of an End User’s personal information is governed by their privacy policy, not this Privacy Policy.
Changes to our Privacy Policy. We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.
PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.
- Personal Information You Provide to Us Directly
We may collect personal information that you provide to us.
-
End User Account Information.
If you are an End User, we may collect personal information in connection with the creation and administration of your account including, but not limited to:
- Your full name, email address, telephone number, address, and Social Security number;
- Short selfie videos that contain both visual and audio recordings;
- Identification documents (which may include your passport, driver’s license, and any other relevant identification documents requested from time to time and any data contained within that identification document (for example, age, gender, place of birth, nationality, and place of residence));
- If you consent, biometric information, including your facial image, that is extracted from both your selfie videos and any photos within your identification information;
- Your inferred current location based off of your IP address;
- Background check documentation;
- The identity verification outcome and related profile that is generated once we analyze the information you provide.
-
Customer Account Information. If you are an authorized user of a Footprint customer (“Authorized User”), we may collect personal information in connection with the creation or administration of your account including, but not limited to, your name, email address, phone number, and professional details.
-
Your Communications with Us. We may collect personal information, such as email address, phone number, or mailing address when you request information about Footprint or our Services, register for our newsletter, request support, or otherwise communicate with us.
-
Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
-
Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered “public,” unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
-
Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
-
Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
-
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
-
Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.
Personal Information Collected Automatically
We may collect personal information automatically when you use our Services.
-
Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, items that you search for via the Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
-
Cookie Policy (and Other Technologies). We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services.
-
Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
-
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
-
Our uses of these Technologies fall into the following general categories:
-
Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
-
Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
-
Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
- Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services.
Personal Information Collected from Other Sources
Third-Party Services and Sources. We may obtain personal information about you from other sources, including from Third-Party Services (defined below) and other organizations. For example, we may obtain supplemental information from Third-Party Services and/or other background check providers letting us know whether the personal information you have provided is true or valid.
Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about your friends through our referral service. Our referral services may also allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.
Provide Our Services
We use your personal information to fulfill our contract with you and provide you with our Services, such as:
- Verifying an End User’s identity;
- Authenticating the unique biometric information extracted from an End User’s selfie videos against the biometric information represented on the End User’s identity document for identity verification, fraud prevention, and improvement of our Services;
- At the instruction of an End User, sharing the End User’s personal information with other third parties the End User interacts with;
- Managing your information and accounts;
- Providing access to certain areas, functionalities, and features of our Services;
- Answering requests for customer or technical support;
- Communicating with you about your account, activities on our Services, and policy changes;
- Processing your financial information and other payment methods for products or Services purchased;
- Processing applications if you apply for a job we post on our Services; and
- Allowing you to register for events.
Administrative Purposes
We use your personal information for various administrative purposes, such as:
- Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
- Measuring interest and engagement in our Services;
- Improving, upgrading, or enhancing our Services;
- Developing new products and services;
- Ensuring internal quality control and safety;
- Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
- Debugging to identify and repair errors with our Services;
- Auditing relating to interactions, transactions, and other compliance activities;
- Sharing personal information with third parties as needed to provide the Services;
- Enforcing our agreements and policies; and
- Carrying out activities that are required to comply with our legal obligations.
Marketing and Advertising our Products and Services
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
With Your Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by applicable law.
-
Automated Decision Making. We may engage in automated decision making, including profiling. Footprint’s processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
-
De-identified and Aggregated Information. We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about how you use the Services, information about the device from which you access our Services, or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use, disclose, and retain such information as permitted by applicable laws including, but not limited to, for research, analysis, analytics, and any other legally permissible purposes.
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
Disclosures to Provide our Services
The categories of third parties with whom we may share your personal information are described below.
-
Footprint Customers You Share or Interact With. Footprint customers use Footprint to help them verify End User identities and comply with “know your customer” . When an End User uses the Services, the End User may instruct Footprint to share their personal information with one of these Footprint customers for their own, independent purposes. Footprint will not share an End User’s biometric information with the Footprint customer, but it will share the output of the biometric identity verification process (i.e., whether or not the facial images from the selfie video and identity documents are the same person).
Any information shared with or otherwise collected by a Footprint customer will also be subject to the Footprint customer’s privacy policy. We are not responsible for the processing of personal information by Footprint customers.
-
Third-Party Services You Share or Interact With. Certain features and functionalities of the Services may link to or allow you to interface, interact, or share information with, access and/or use third-party websites, services, products, and technology (collectively, “Third Party Services”). Any information shared with or otherwise collected by a Third Party Service may be subject to the Third Party Service’s privacy policy. We are not responsible for the processing of personal information by Third Party Services.
Some of the Third-Party Services you may interact with include, but are not limited to, the following:
-
Service Providers. We may share your personal information, including your biometric information, with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
-
Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
-
Affiliates. We may share your personal information with our corporate affiliates.
-
Footprint Customers (Authorized Users Only). In cases where you use our Services as an Authorized User of a Footprint customer, that customer may access information associated with your use of the Services including usage data and the contents of the communications and files associated with your account. Your personal information may also be subject to the customer’s privacy policy. We are not responsible for the customer’s processing of your personal information.
Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
YOUR PRIVACY CHOICES AND RIGHTS
Your Privacy Choices.
The privacy choices you may have about your personal information are determined by applicable law and are described below.
-
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy).
-
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
-
Technologies.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note you must separately opt out in each browser and on each device.
Your Privacy Rights.
In accordance with applicable law, you may have the right to:
-
Confirm Whether We Are Processing Your Personal Information (the right to know);
-
Request Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);
-
Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
-
Request Deletion of your personal information;
-
Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws);
-
Request Restriction of or Object to our processing of your personal information;
-
Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal; and
-
Appeal our Decision to decline to process your request.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
If applicable laws grant you an appeal right and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your personal information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.
RETENTION OF PERSONAL INFORMATION
We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. Where required by applicable law, we will delete your biometric information within three years of your last interaction with the Services.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
This Supplemental Notice for California Residents supplements our Privacy Policy and only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (“CCPA”).
The CCPA provides California residents with the right to know what categories of personal information Footprint has collected about them, whether Footprint disclosed that personal information for a business purpose (e.g., to a service provider), whether Footprint “sold” that personal information, and whether Footprint “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:
Category of Personal Information Collected by Footprint and Third Parties To Whom Personal Information is Disclosed to for a Business Purpose
Identifiers:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
- Footprint customers (Authorized Users only)
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)):
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
- Footprint customers (Authorized Users only)
Protected classification characteristics under California or federal law:
- Service providers
Commercial information:
- Service providers
Biometric information:
- Service providers
Internet or other electronic network activity:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
- Footprint customers (Authorized Users only)
Sensory data:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
Professional or employment-related information:
- Service providers
Inferences drawn from other personal information to create a profile about a consumer:
- Footprint customers you share or interact with (End Users only)
- Service providers
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
- Footprint customers (Authorized Users only)
Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
Biometric information that is processed for the purpose of uniquely identifying a consumer:
- Footprint customers you share or interact with (End Users only)
- Third-Party Services you share or interact with (End Users only)
- Service providers
The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in “Personal Information We Collect”, “How We Use Your Personal Information”, and “How We Disclose Your Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information.”
Additional Privacy Rights for California Residents
Disclosure Regarding “Sales” of Personal Information under the CCPA.
Footprint does not “sell” personal information (as defined by the CCPA), nor does Footprint have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Disclosure Regarding “Sharing” for “Cross-Context Behavioral Advertising” under the CCPA.
Footprint does not “share” any personal information for “cross-context behavioral advertising” (as such terms are defined in the CCPA), nor does Footprint have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising”.
Disclosure Regarding Opt-Out Preference Signals.
Footprint does not “sell” personal information or “share” personal information for “cross-context behavioral advertising” so it does not respond to opt-out preference signals.
Disclosure Regarding Sensitive Personal Information.
Footprint only uses and discloses sensitive personal information for the following purposes:
- To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at Footprint and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Footprint, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Footprint.
- For purposes that do not infer characteristics about individuals.
Non-Discrimination.
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Verification.
To protect your privacy, we will take steps to reasonably verify your identity before fulfilling requests submitted under the CCPA. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you, opening a link sent to the contact information provided, and following the instructions on the website you are taken to.
Authorized Agent.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.
SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contact Us” below.
OUR LAWFUL BASIS FOR PROCESSING
If your personal information is subject to the EU/UK General Data Protection Regulation, Footprint’s processing of your personal information may be supported by the following lawful bases:
- Performance of a Contract: Footprint may need to process your personal information to perform our contract with you.
- Legitimate Interest: Footprint may process your personal information to further its legitimate interests but only where our interests are not overridden by your interests or fundamental rights and freedoms.
- Consent and Explicit Consent: In some cases, Footprint may also rely on your consent and/or explicit consent to process your personal information.
- Compliance with our Legal Obligations: Footprint may process your personal information to comply with our legal obligations.
CHILDREN’S INFORMATION
The Services are not directed to children under 18, and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.
OTHER PROVISIONS
Third-Party Websites/Applications.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Supervisory Authority.
If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.
- EEA Data Protection Authorities (DPAs)
- Swiss Federal Data Protection and Information Commissioner (FDPIC)
- UK Information Commissioner’s Office (ICO)
CONTACT US
Footprint is the controller of the personal information we process under this Privacy Policy. If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:
One Footprint Inc. 201 Varick Street New York, NY 10014