Last updated: January 12, 2021

 

This document provides details on the technology we use that may capture or process personal information about you or information your use generates in our platform. 

This document applies to the Priiv iOS app and our websites hosted at ThePrivacyCo.com, The Privacy.com, ThePrivacy.co, GetPriiv.com, and other tools or online platforms we may release in the future. This overview is not a replacement for our Privacy Policy. Our data uses fall into five major categories – commerce, marketing, analytics, integrations, and operations – each of which is discussed below.

 

Commerce

For customers who come to our website to purchase software or services, we use a suite of tools to manage sales and capture payments. These services are generally used to accept payment, track membership status, and fulfill our obligations to you. 

WooCommerce

For orders placed via one of our websites, we use WooCommerce as the shopping cart. WooCommerce captures payment information and provides a method to bill members on a monthly or annual basis. It keeps track of payment status and notifies us when a membership has terminated.

 

User information Processed:

  • Billing information
    • Name
    • Address
    • Zip Code
    • Full Credit Card information
    • Date of Purchase

 

User information:

  • Billing information (stored indefinitely) 
    • Name
    • Location
    • Email address
  • Purchase Information (stored indefinitely) 
    • Product purchased
    • Membership terms
    • Date
    • Transaction identification information 

Stripe

Stripe is our Payment Gateway for Priiv at Home customers. This work in conjunction with Recurly to capture funds via credit cards. Stripe is the service that actually captures funds from your credit card and deposits them in our bank account.

 

User information Processed:

  • Billing information
    • Credit Card number
    • Billing Name
    • Location
    • Product purchased

 

User information stored:

  • Billing information (stored indefinitely) 
    • Name, address
    • Transaction identification information

 

TaxJar

TaxJar works with WooCommerce to calculate sales tax. TaxJar takes information about the product you’re purchasing and your location to determine how much (if any) sales tax to apply to your purchase. This information is passed via an integration with WooCommerce. 

 

User information processed:

  • Billing information
    • Product purchased
    • Billing address & jurisdiction 
    • Credit card information

 

User information Stored:

  • Billing information (stored indefinitely) 
    • Product purchased
    • Billing address & jurisdiction 

 

Marketing

We use a variety of marketing platforms to manage promotions and communicate with our users. These tools enable us to promote our products, send updates to users, and solicit feedback on the product we’re building.

Hubspot

Hubspot is our primary CRM. We use it to message users, to provide customer support, and share marketing messages or offers. The majority of messages we send you or you send us will be stored here. This enables us to provide better support by allowing our permitted employees to see previous communications as well as basic user and usage information.

 

User information stored:

  • Contact information 
    • Name & email address
  • Messages 
    • Messages Priiv sent to you 
    • Messages you send to 
  • Usage Statistics 
    • Your Priiv score
    • Last sign in date
    • Signup date
  • Product and membership level

 

All data in this platform can be purged upon request. For marketing messages and accounts, you have the option to unsubscribe. Purchase confirmations are required communications and cannot be disabled.

 

Analytics

We use a set of tools to help ensure that we’re building a product people want to use and a product that is technically sound. Broadly speaking, these tools track usage of features in an application or on our website and also let us know when we run into technical problems. 

 

Mixpanel

Mixpanel helps us learn how specific features of our app are used so we can improve them. Data is primarily viewed in aggregate across many users. You have to opt-in to the use of MixPanel to allow us to see data you generate, from within the app.

 

User information stored:

  • Your Priiv software version
  • Details about your use in the application (log in, button clicks, etc.)
  • A unique (but transient) identifier 
  • How often you use the application

 

Aggregated usage data is stored for up to one year. Your individual click data, if you’ve opted in, is only stored for the time necessary to tabulate aggregate statistics.

 

 

Matomo

Matomo is a privacy-focused, self-hosted web analytics platform.  This allows us to view how many people visit our websites, know how they came to our site, and see how they interact with the content on our websites. We use this information to improve our website.

 

User information stored:

  • A unique identifier (resettable)
  • Your IP address
  • What content you visit on the website
  • How you got to our website
  • Browser version, Operating system, and which plugins are installed.

 

Aggregate usage and visit data are stored indefinitely. Raw user data are stored in an anonymized format for up to one year. 

 

Sentry

Sentry is a privately-friendly alternative to Crashlytics. It allows us to know when your application crashes and the cause. It is hosted in our data center so these data are never shared with a 3rd party. We use this information to build a more reliable and better product.

 

User information stored:

  • A unique identifier 
  • Your IP address
  • Trace information for crashes
  • Your iOS version

 

Crash data are periodically purged and generally are deleted within 90 days. 

 

Integrations

We use a few tools to help us integrate our services. This is done to help us develop a robust product quickly.

 

Zapier

Zapier allows is to connect our priiv sales from our website in to our CRM. This is used so that we have a central location to keep track of what customers have bought and when.

 

User information processed:

  • Name & email address
  • Membership status
  • Product purchased
  • Purchase confirmation IDs from Stripe

 

User information stored

Note, Zapier only stores the data long enough to ensure a successful transaction. In the case of an API outage, this may be a few hours. Once a transaction is complete the data are purged.

 

Sign In with Apple

Apple provides a secure and anonymous way to authenticate with applications. We use them as our primary way to authenticate with the application. Apple provides users with a forwarding email address that masks your actual address from us. They are also an Identity Provider for our services so that you may sign in to our application, website, and other properties.

 

User information processed:

  • Whether an authentication was successful

 

User information stored:

  • A virtual email address provided to us by Apple

 

These data are stored for as long as you have an active Priiv account. 

 

Operations

Amazon AWS Suite

Amazon AWS is our primary cloud provider. They manage and process all aspects of our application as well as tools we’ve built to manage the program.

 

User information processed:

  • All scoring and activity
  • All user activity

 

User information stored:

  • Only transient data are stored in AWS for the purposes of operating our application
  • Log-level activity used for debugging the application

 

Mongo Atlas

Mongo Atlas is our managed database provider. They are the central repository for all of our user data and activity. We use a managed provider instead of hosting our own because they have a dedicated security team and provide a good line of defense against malicious actors.

 

User information stored:

  • All membership information
  • Email address
  • Name
  • All content you’ve entered – profile question responses
  • Tools in use, actions/tips completed (or skipped/paused)
  • Your score, score components, score history
  • Other data required to enable app features

 

A note on security:

Mongo Atlas is a best-in-class database provider. They manage security, patching, and ensuring data  integrity. This allows us to benefit and protection of a dedicated security team without having to hire one internally.

 

Second, we are migrating towards an opt-in encryption at rest solution. This will ensure that your data are protected; not even Priiv will be able to access your data without your consent. 

 

Elasticsearch, Logstash, Kibana

Our ELK stack is primarily used to monitor application performance. It takes in aggregate data and allows us to quickly analyze activity to understand where performance bottlenecks are happening as well as monitoring the overall health of the system.

 

User information processed:

  • Raw activity logs generated by our applications and API
  • What API calls were made from your client and from which IP address
  • Any errors we encounter as well as any debugging information we may have built in to the calls 

 

User information stored:

  • The raw data sent between your device to our platform

 

These logs are regularly purged and used predominantly for troubleshooting and monitoring. Access to these logging mechanisms is controlled and limited only to the required staff.