Privacy Policy

Effective: 17th December, 2020

Introduction

tru.ID processes two broad categories of personal information when you use our products and services:

  • Your personal information as a customer (or potential customer) of tru.ID’s services — information that we refer to as Customer Account Data, and
  • The personal information of your end users who use or interact with your application that you’ve built using tru.ID’s services, like the people you communicate by way of that application — this category contains your Customer Usage Data (e.g., communications metadata).

tru.ID processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.

How tru.ID processes your Personal Information

Data protection laws and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.

A processor processes personal information on behalf of a controller based on the controller’s instructions. When tru.ID processes your Customer Account Data, the tru.ID entity with whom you are contracting is acting as a controller.

Broadly speaking, we use Customer Account Data to further our legitimate interests to:

  • understand who our customers and potential customers are and their interests in tru.ID’s product and services,
  • manage our relationship with you and other customers,
  • carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations, and
  • help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.

What Personal Information tru.ID collects

We collect and process your personal information:

  • When you visit a tru.ID public-facing website like https://tru.id or sign up for a tru.ID event, or make a request to receive information about tru.ID or our products, like a tru.ID whitepaper or a newsletter;
  • When you contact our Sales Team or Customer Support Team; and
  • When you sign up for a tru.ID account and use our products and services.

We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you use our services. This data might take different forms, and we might use it for different purposes — read on for more information.

What Customer Account Data tru.ID processes when you visit our website, Sign Up for a tru.ID event, or make a request for information About tru.ID and Why

When you visit our website, sign up for a tru.ID event or request more information about tru.ID, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.

What Customer Account Data tru.ID processes when you communicate with our Sales or Customer Support teams and why

You may share personal information, like your contact information, with a member of our Sales or Customer Support team when you communicate with them. We keep a record of this interaction.

What Customer Account Data tru.ID processes when you communicate with our Sales or Customer Support teams and why

You may share personal information, like your contact information, with a member of our Sales or Customer Support team when you communicate with them. We keep a record of this interaction.

What Customer Account Data tru.ID processes when you Sign Up for and Log In to a tru.ID account and why

When you sign up for an account with us, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on tru.ID makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.

Other Customer Account Data we collect and why

We may collect information about you, as our customer, from publicly available sources so we can understand our customer base better.

How long we store your Customer Account Data

tru.ID will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask tru.ID to delete specific personal information from your Customer Account Data (see ‘How to make choices about your Customer Account Data’ below). We will honour this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

How to make choices about your Customer Account Data

You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your tru.ID account or through the marketing preferences centre. Any other requests about your data you cannot make through these self-service tools, you can request by emailing [email protected] or contacting Customer Support.

How tru.ID processes your End Users’ Personal Information

Your end users’ personal information typically shows up on tru.ID’s platform in a few different ways. Authentication-related personal information about your end users, like your end users’ phone numbers, IP addresses, or device tokens for push notifications, appear in our systems when you use or intend to use this information to authenticate or identify your end user through use of our products and services. We call such information Customer Usage Data. As noted above, data protection law (including privacy law) in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.

What Customer Usage Data and Customer Content tru.ID processes and why

We use Customer Usage Data to provide services to you and to carry out necessary functions of our business as an authentication service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

How long do we store Customer Usage Data and Customer Content and exercising choices about End User Personal Information

Details regarding how long your end user personal information may be stored on tru.ID systems and how to delete, access, or exercise other choices about end user data will depend on which tru.ID products and services you are using and how you are using them. For that reason, our API docs for each of our products and services are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our products and services.

When and why we share your Personal Information or your End Users’ Personal Information

We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.

Transfers of Personal Information out of the EEA and Switzerland

When you use our services, personal information of you and your end users processed by tru.ID may be transferred to other countries where we or our service providers operate. These transfers may take place based on the jurisdiction in which an end user’s mobile phone is registered. tru.ID employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including Binding Corporate Rules and the Swiss–U.S. Privacy Shield Framework.

Automated Decision Making

tru.ID may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.

Handling disputes relating to our data protection practices

We hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at [email protected] or by writing to us at:

4Auth Limited, 107 Cheapside, London, EC2V 6DN, United Kingdom

For individuals in the EEA, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.

How we secure Personal Information

We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

Cookie Notice

A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere on your hard drive. Cookies allow tru.ID to identify certain activity as you navigate through our website or Console. We use cookies to enable parts of functionality such as to remember whether you've signed in. This helps make navigating and interacting with the tru.ID website and Console more efficient, easy and meaningful.

By themselves, cookies do not identify you specifically. Rather, they recognise your web browser. So, unless you identify yourself specifically to tru.ID, such as by signing in to the Console or filling in a form, we don’t know who you are just because you visited our website or Console.

You can turn off your web browser’s ability to accept cookies or reject certain types of cookies we use. However, if you do choose to do so, certain parts of the tru.ID website or Console may not work as intended or expected.

The cookies we use fall into these classes:

  • Required Cookies: These are necessary for the Console, so you can’t opt out of them. We use a cookie to remember your session on the Console when you sign-in so you don't have to keep signing in every time you navigate from the page.
  • Functional Cookies: You can use your browser settings to disallow these. We use cookies to enable certain parts of the website or Console's functionality such as allowing you to view and copy your account credentials with ease.
  • Performance Cookies: These cookies collect data about how visitors use the tru.ID website. This includes data like which pages visitors go to the most. These cookies don’t collect information that individually identifies visitors. The data these cookies collect is aggregated and intended to be anonymous and used to improve how the site functions and performs. We may also have third party service providers help us track and analyse usage and volume statistical information from individuals who visit our website. The third party vendors we use include:
       - Google Analytics - We use Google Analytics to help analyse which pages on the tru.ID website visitors viewed. For information on how to opt-out of tracking technologies from Google Analytics, click here.
       - Hubspot – we use Hubspot to manage contact forms. For more information about how to opt-out of tracking technologies from Hubspot, click here.
       - HotJar — we use HotJar to understand how viewers engage with content on our website to understand what we can do to improve it. For more information about how to opt-out of tracking technologies from HotJar, click here.
  • Targeting or Advertising Cookies: tru.ID may have third party service providers track and analyse usage and volume statistical information from those who visit our website. tru.ID sometimes uses cookies placed by its third party service providers to track the performance of our advertisements. For example, these cookies remember which browsers have visited our website. This data given to the third party service providers does not include information that identifies you specifically, but this data may be re-associated with information that identifies you specifically after tru.ID receives it. To learn more about how to opt out of targeting and advertising cookies, you can go to the Your Online Choices page, the Network Advertising Initiative page, and the Digital Advertising Alliance’s Consumer Choice page. These opt-out tools are provided by third parties, not tru.ID. We do not control or operate these tools or the choices that advertisers and others provide through these tools. The third party vendors we use include:
       - Google Dynamic Remarketing - We use Google Dynamic Remarketing to target search engine marketing to users of the Google search engine. For more information on opting out of Google advertising tracking technologies, click here.