Last updated June 26, 2020


Guide To Third Party Services Used

This document provides details on the technology we use that may capture or process personal information about you or information your use generates in our platform.

This document applies to the Priiv iOS app and our websites hosted at, The,, and other tools or online platforms we may release in the future. This overview is not a replacement for our Privacy Policy. Our data uses fall into five major categories – commerce, marketing, analytics, integrations, and operations – each of which is discussed below. We encourage you to read our Privacy Policy Overview for more information.



For customers who come to our website to purchase software or services, we use a suite of tools to manage sales and capture payments. These services are generally used to accept payment, track membership status, and fulfill our obligations to you.


For orders placed via one of our websites, we use Recurly as the shopping cart. Recurly captures payment information and provides a method to bill members on a monthly or annual basis. It keeps track of payment status and notifies us when a membership has terminated.

User information Processed:

  • Billing information
    • Name
    • Address
    • Zip Code
    • Full Credit Card information
    • Date of Purchase

User information stored:

  • Billing information (stored indefinitely)
    • Name
    • Location
  • Purchase Information (stored indefinitely)
    • Product purchased
    • Membership terms
    • Date
    • Transaction identification information


Stripe is our Payment Gateway for Priiv at Home customers. This works in conjunction with Recurly to capture funds via credit cards. Stripe is the service that actually captures funds from your credit card and deposits them in our bank account.

User information Processed:

  • Billing information
    • Credit Card number
    • Billing Name
    • Location
    • Product purchased

User information stored:

  • Billing information (stored indefinitely)
    • Name, address
    • Transaction identification information


Avalara works with Recurly to calculate sales tax. Recurly takes information about the product you are purchasing and your location to determine how much (if any) sales tax to apply to your purchase. This information is passed via an integration with Recurly.

User information processed:

  • Billing information
    • Product purchased
    • Billing address & jurisdiction
    • Credit card information

User information Stored:

  • Billing information (stored indefinitely)
    • Product purchased
    • Billing address & jurisdiction


We use a variety of marketing platforms to manage promotions and communicate with our users. These tools enable us to promote our products, send updates to users, and solicit feedback on the product we’re building.


Hubspot is our primary CRM. We use it to message users, provide customer support, and share marketing messages or offers. The majority of messages we send to you or you send to us will be stored here. This enables us to provide better support by allowing our permitted employees to see previous communications as well as basic user and usage information.

User information stored:

  • Contact information
    • Name & email address (or Sign in with Apple equivalent)
  • Messages
    • Messages Priiv sent to you
    • Messages you send to
  • Usage Statistics
    • Your Priiv score
    • Last sign in date
    • Signup date
  • Product and membership level

All data in this platform can be purged upon request. For marketing messages and accounts, you have the option to unsubscribe. Purchase confirmations are required communications and cannot be disabled.


We use a set of tools to help ensure that we’re building a product people want to use and a product that is technically sound. Broadly speaking, these tools track the usage of features in an application or on our website and also let us know when we run into technical problems.


We use Crashlytics to determine when and why our software crashes. Crashlytics sends us information about which device crashed, which version of the app was running, and what the application was doing prior to the crash. This data is important to ensure that we have a high-quality, reliable product, though users may opt-out of this service.

User information stored (for 90 days):

  • Your Priiv software version
  • Phone information (hardware version, operating system, Installation UUID)
  • What our software was doing right before the crash (Stack Traces)


Mixpanel helps us learn how specific features of our app are used so that we may improve them. Data is primarily viewed in aggregate across many users. You have to opt-in to the use of Mixpanel to allow us to see the data you generate from within the app.

User information stored:

  • Your Priiv software version
  • Details about your use in the application (log in, button clicks, etc.)
  • A unique (but transient) identifier
  • How often you use the application

Aggregated usage data is stored for up to one year. Your individual click data, if you’ve opted in, is only stored for the time necessary to tabulate aggregate statistics.


Matomo is a privacy-focused, self-hosted web analytics platform.  This allows us to view how many people visit our websites, know how they came to our site, and see how they interact with the content on our websites. We use this information to improve our website.

User information stored:

  • A unique identifier
  • Your IP address
  • What content you visit on the website
  • How you got to our website
  • Browser version, Operating system, and which plugins are installed.

Aggregate usage and visit data are stored indefinitely. Raw user data is stored in an anonymized format for up to one year.



We use a few tools to help us integrate our services. This is done to help us develop a robust product quickly.


We use the Firebase suite of tools primarily for three things. We use it to send transactional emails via Sendgrid & Hubspot, to update your information in Hubspot, and to send in-app notifications.

User information processed:

  • Name & email address
  • Messages Priiv sent to you and messages you send to us
  • Aggregate Priiv App usage numbers
  • Product and membership level
  • Transactional messages
  • Push notifications

User information stored

These tools store the data long enough to ensure a successful transaction. In the case of an API outage, this may be a few hours. Once a transaction is complete the data is purged.


Zapier allows us to connect our Priiv sales from our website in to our CRM. This is used so that we have a central location to keep track of what customers have bought and when.

User information processed:

  • Name & email address
  • Membership status
  • Product purchased
  • Purchase confirmation IDs from Stripe

User information stored

Note, Zapier only stores the data long enough to ensure a successful transaction. In the case of an API outage, this may be a few hours. Once a transaction is complete the data is purged.

Sign In with Apple

Apple provides a secure and anonymous way to authenticate users within applications. We use this as our primary way to authenticate users within the application. Apple provides users with a forwarding email address that masks your actual address from us. They are also an Identity Provider for our services so that you may sign in to our application, website, and other properties.

User information processed:

  • Whether an authentication was successful

User information stored:

  • Either your real email address or a virtual email address provided to us by Apple
  • A token to validate your session

This data is stored for as long as you have an active Priiv account.



Amazon AWS Suite

Amazon AWS is our primary cloud provider. They manage and process all aspects of our application as well as tools we’ve built to manage the program.

User information processed:

  • All scoring and activity
  • All user activity

User information stored:

  • Only transient data is stored in AWS for the purposes of operating our application
  • Log-level activity used for debugging the application

Mongo Atlas

Mongo Atlas is our managed database provider. They are the central repository for all of our user data and activity. We use a managed provider instead of hosting our own because they have a dedicated security team and provide a good line of defense against malicious actors.

User information stored:

  • All membership information
  • Email address
  • Name
  • All content you’ve enterede. profile question responses
  • Tools in use, actions/tips completed (or skipped/paused)
  • Your score, score components, score history
  • Other data required to enable app features

A note on security:

Mongo Atlas is a best-in-class database provider. They manage security, patching, and ensuring data integrity. This allows us to benefit and provide the protection of a dedicated security team without having to hire one internally.

Second, we are migrating towards an opt-in encryption at rest solution. This will ensure that your data are protected; not even Priiv will be able to access your data without your consent.


Sendgrid allows us to send transactional emails to customers. For example, our password reset email replies. (Note: We are phasing out Sendgrid at this time.)

User information processed:

  • Your name and email address
  • The contents of any email we send through their service

Elasticsearch, Logstash, Kibana

Our ELK stack is primarily used to monitor application performance. It takes in aggregated data and allows us to quickly analyze activity to understand where performance bottlenecks are happening as well as monitor the overall health of the system.

User information processed:

  • Raw activity logs generated by our applications and API
  • What API calls were made from your client and from which IP address
  • Any errors we encounter as well as any debugging information we may have built in to the calls

User information stored:

  • The raw data sent between your device to our platform

These logs are regularly purged and used predominantly for troubleshooting and monitoring. Access to these logging mechanisms is controlled and limited only to the required staff.