Last Updated: November 22, 2024
Welcome to ESi, an application (the “App”) operated by Einstrong Foundation, a California 501(c)(3) (the “Organization,” “we” or “us”).
We respect and protect the privacy of our users. This Privacy Policy explains how we collect and use your information and is part of our Terms of Use when you use our App.
By using our App, you consent to our Data Protection and Privacy Policy. If you don’t agree, please don’t use our App. Your potential use of the App to obtain funds and/or other services for your children younger than 18 indicates your acceptance of our collection of the same type of information about them as we collect about adults.
Organization
“Organization” means Einstrong Foundation, 301 N Lake Ave, Suite 405 Pasadena, CA 91101, USA.
GDPR
“GDPR” means that General Data Protection Regulation Act. (This is a law that applies in the European Economic Area (EEA).)
Data Controller
“Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. The Organization is the Data Controller for the personal data you submit via the App.
Data Processor
“Data Processor” means any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject
Data Subject is any living individual who is using our App.
Services
The services provided by the App, and by us via the App, as described in our Terms of use.
Our principles for processing personal data under the GDPR are:
Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
Accuracy. We take reasonable steps to ensure that personal data will be accurate, and that any mistakes are rectified or erased without delay.
Storage Limitation. We will not keep personal data for longer than we need it. (However, we may keep anonymized data for an indefinite term.)
Confidentiality and Integrity. We use appropriate measures to maintain the confidentiality and integrity of personal data.
When you sign up for the App you`ll be asked to provide certain information about yourself, such as your name.
CBI recipients will need to provide biometric information (face and palm print) which will serve as their password. They will also need to provide a birthdate and upload a copy of a birth certificate or other form of ID. They will also need to provide income information and information on family relationships (e.g., parent/guardian and child(ren)).
Users who wish to cash out payments will be required to provide bank account and/or identification information, which will be shared with our financial partners.
CBI recipients with children will also be asked to provide biometric information (face and palm print) for their children and a birthdate and copy of a birth certificate or other form of ID for each child.
We collect certain information that your mobile device sends when you use our App, like a device identifier, user settings and the operating system of your device, as well as information about your use of our App and Services.
When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
Your information may be stored in our own servers or in servers owned by third-party cloud storage providers.
Third-party storage providers may not use your information except as provided in this Privacy Policy.
Information we collect from you might be used:
To verify your identity when you return to the App
To verify the identity of your children, if relevant
To provide you with Services
To perform analysis or gather other information to improve our App and Services or to improve third-party identification technology
Our legal basis for collecting and using the personal data described in this Policy depends on the personal data we collect and the specific context in which we collect the information:
We need to perform a contract with you.
You have given us permission to do so.
Processing your personal data is in our legitimate interests.
We need to comply with the law.
Please be aware that if you do not provide personal data we may be unable to provide some Services to you.
We may transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States, Canada or other destinations outside the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA.
If you are located in the EEA, we will only transfer your personal data
if:
the country to which the personal data will be transferred has been
granted a European Commission adequacy decision;
the recipient of the personal data is located in the US and has certified to the US-EU Privacy Shield Framework; or
we have put in place appropriate safeguards in respect of the transfer, for example we have entered into EU standard contractual clauses with the recipient, or the recipient is a party to binding corporate rules.
You may request more information about the safeguards that we have put in place in respect of transfers of personal data via [email protected].
We will retain your personal information only for as long as is necessary for the purposes set out in this Policy.
We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
We intend to store some of your information User Content indefinitely.
We may provide links to or compatibility with websites. However, we’re not responsible for the privacy practices employed by those websites or the information or content they contain.
We use appropriate physical, electronic, and other procedures to safeguard and secure the information we collect. However, please be aware that the Internet is an inherently unsafe environment, and that hackers are constantly working to defeat security measures.
Thus, we cannot guarantee that your information will not be accessed, disclosed, altered or destroyed, and you accept this risk.
We urge you to take steps to keep your personal information safe by not sharing it with others or posting it online.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information (PII) for commercial or marketing purposes.
We may share your PII with third-party processors, which can include:
Providers of email management and distribution tools
Providers of security and fraud prevention services
Providers of date aggregation and analytics software
We will, if required by a valid court order, provide your personal information in a civil or criminal proceeding.
We will not share any PII that we have collected from or regarding you except as described below.
Information Disclosed in Connection with Business Transactions. If we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, may be disclosed or transferred to a third-party acquirer in connection with the transaction.
Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
The Organization works with certain third parties to provide specific functionality within the App.
By using the App, you also authorize the engagement of these third parties as sub-processors of your data.
If you object to the sub-processors’ handling of your data on the terms indicated at the links, please terminate your use of the App.
| Product Name | Company Name | Company Location | Company role and function |
|---|---|---|---|
| UXCam | UXCam Inc | USA | From the data protection perspective, we act as a data processor for the information collected through the SDK and UXCam App, and as data controllers for the information collected through our website. |
| Firebase | USA | Firebase is a Google platform offering tools like databases, authentication, hosting, and analytics to simplify app development, deployment, and scaling. It´s popular in DevOps for streamlining backend infrastructure and enabling rapid, real-time updates. | |
| PalmID | Redrock Biometrics | USA | End-user palm identification and verification. |
| Tech5 | TECH5 Inc | Switzerland | TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies. |
| AuthID | AuthID | USA | AuthID (Nasdaq: AUID) ensures cyber-savvy enterprises “Know Who’s Behind the Device” for every customer or employee login and transaction. Through its easy-to-integrate, patented, biometric identity platform, authID quickly and accurately verifies a user’s identity, eliminating any assumption of ‘who’ is behind a device and preventing cybercriminals from taking over accounts. authID combines digital onboarding, FIDO2 login, and biometric authentication and account recovery. |
| Zendesk | Zendesk | USA | In-app customer support. |
| Datadog | Datadog Inc | USA | Datadog Inc. is an American company that provides an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform. |
| Sentry | Sentry | USA | Sentry is an error monitoring platform designed to help developers quickly detect, diagnose and resolve problems in their applications. |
| Hashicorp Vault | HashiCorp, Inc | USA | Manage access to secrets and stop credentials from falling into the wrong hands with identity-based security. |
You may contact these sub-processors directly to have any information they store about you erased.
We may update our list of sub-processors by posting that information in this privacy policy. Please check back for updates.
Our App is not intended for children under the age of 18. We do not knowingly or specifically collect information from or about children under the age of 18 except with the permission of a parent who uses the App and enters the information.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us at [email protected].
In certain circumstances, you have the following data protection rights:
The right to be informed of your rights
The right to access, update or to delete the information we have on you
The right of rectification (to correct mistakes)
The right to erasure (known as “the right to be forgotten”)
The right to restrict processing of your data
The right to data portability
The right to withdraw consent
If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If you wish to withdraw your consent to process your personal data, please contact us at [email protected]. If you withdraw your consent, this will not make processing which we undertook before you withdrew your consent unlawful.
If we decide to change our Privacy Policy, we will post those changes on this page. We may also, but are not required to, send you an email notice.
These Additional California Privacy Disclosures (the “CA Disclosures”) apply solely to individual residents of the State of California (“consumers” or “you”).
This notice confirms that the Organization will act as a Service Provider as such term is defined in the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. and implementing regulations (the “CCPA”). We will collect, access, maintain, use, process and transfer personal information, as that term is defined by the CCPA (“CCPA Personal Information”) solely for the purpose of performing our obligations under our Terms of Use and as further described herein, on your behalf and for no commercial purpose other than the performance of such obligations.
We shall not sell, disclose, release, transfer, make available or otherwise communicate any CCPA Personal Information to any third party without your prior written consent. Notwithstanding the foregoing, nothing shall restrict our ability to disclose CCPA Personal Information (i) to a Subcontractor for a business purpose pursuant to a written agreement to protect CCPA Personal Information in the same manner as provided herein, (ii) to a third party as necessary to comply with applicable laws, or (iii) as otherwise permitted by the CCPA.
We will delete and permanently destroy CCPA Personal Information (i) upon your written request, and (ii) upon termination of this Agreement. We shall remain responsible for compliance with our obligations to protect CCPA Personal Information in accordance with this notice and our Privacy Policy and will be liable to you for the acts or omissions of any subcontractor or other third party to whom we have disclosed or permitted to access CCPA Personal Information as if they were our acts or omissions.
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Policy or as otherwise defined in the CCPA.
When we use the term “personal information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
For the purposes of these CA Disclosures, personal information does not include:
Publicly available information from government records.
Deidentified, aggregated or anonymized data (not capable of being associated with or linked to you).
Information relating to our job applicants, employees, contractors and other personnel of the Organization, which is not governed by these CA Disclosures.
Information excluded from the CCPA´s scope, such as: (i) Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; (ii) Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver´s Privacy Protection Act of 1994.
We collect various categories of personal information in connection with our services. Please review the rest of our Privacy Policy to learn more about the personal information we collect.
In the last 12 months we have collected the following categories of personal information:
Identifiers, such as name, address, email address, account information or other similar identifiers. These are collected directly from you, our business partners and affiliates, your browser or device and third parties you direct to share information with us.
Commercial Information, such as information about products or services purchased or considered and your use of our services. These are collected directly from you, and third parties you direct to share information with us.
Internet/Network Information, such as log data and analytics data (including your usage and activity on our website). These are collected from your browser or device.
Geolocation Data, such as your general geographic location based on the log data. These are collected from your browser or device.
Professional/Employment Information, such as current occupation, job title, company/employer, industry and employment history, if you apply for a job with the Organization. These are collected directly from you and third parties you direct to share information with us.
Other Personal Information, such as messages or requests you provide to us directly or through a third-party service, such as social media. These are collected directly from you, our business partners and affiliates, and third parties you direct to share information with us.
Inferences, including information generated from your use of our websites reflecting your preferences. These are collected from your browser device, and form information generated or derived from the personal information described above.
The business purpose for the information collected as above is as follows:
(i) To provide you with and manage access to our products and services, audit the transactions in our platform and manage the relationship with our users;
(ii) To communicate with you, including via email, push notification and/or social media;
(iii) To operate, evaluate, secure and improve our business;
(iv) To enhance our products and services;
(v) To recognize you and remember your information when you return to our website and services;
(vi) To develop and carry out marketing campaigns and activities;
(vii) For debugging existing intended functionality;
(viii) For testing, training, research, analysis and product development, including to develop and improve our products and services;
(ix) To detect and protect against security events;
(x) To defend, protect or enforce our rights or applicable terms of service;
(xi) To comply with legal process and our legal obligations; and
(xii) As otherwise provided in our agreements with you.
In the last 12 months, we have not sold personal information about you, but we have disclosed all of the categories of personal information we collect, explained in the table above, to our affiliate and to third parties for a business purpose.
As described above, we share personal information with a variety of third parties for business purposes.
As a California resident, you may be able to exercise the following rights in relation to the Personal Information about you that we have collected (subject to certain limitations at law):
The Right to Know
You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity:
The specific pieces of personal information we have collected about you;
The categories of personal information we have collected about you;
The categories of sources of the personal information we have collected about you;
The categories of personal information that we have disclosed about you to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
The categories of personal information we have sold about you (if any), and the categories of third parties to whom this information was sold; and
The business or commercial purposes for collecting or, if applicable, selling personal information about you.
The Right to Request Deletion
You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Opt Out of Personal Information Sales
You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.
If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
The Right to Non-Discrimination
You have the right not to receive discriminatory treatment for exercising any of the rights described above.
However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.
To Exercise Your Right to Know or Right to Deletion
To exercise your right to know and/or right to deletion, please submit a request by: (i) emailing [email protected] with the subject line “California Rights Request”; or (ii) filling out our California Resident Rights Request Form.
We will need to verify your identity before processing your request. To verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise the right to know and/or the right to deletion, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity.
To Exercise Your Right to Opt Out of Personal Information Sales
As noted above, we do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analyzing and optimizing our services and ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see above for more information including how you may be able to exercise your rights to opt-out of cookies, analytics and personalized advertising.
We will update these CA Disclosures from time to time. When we make changes to these CA Disclosures, we will change the "Last Updated" date at the beginning of these CA Disclosures. If we make material changes to these CA Disclosures, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
The Organization has adopted the following biometric information privacy policy:
“Biometric Data” means any Biometric Identifier (as defined below) and any other personal information resulting from specific technical processing relating to the physical, psychological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person.
“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include audio recordings, writing samples, written signatures, photographs, or physical descriptions such as height, weight, hair color, or eye color, absent mathematical analysis or creation of templates for automated identification.
Purposes for Processing Biometric Data
Subject to applicable laws, the Organization may collect, use and retain
Biometric Data to identify and authenticate certain App users and to
improve biometrics technology, including face ID.
The processing of Biometric Data is subject to the following requirements:
Biometric Data is classified as Sensitive Personal Information (and Special Categories of Data) under the Organization Data Privacy Policy.
The Organization (or any service provider that is collecting Biometric Data on the Organization’s behalf) must inform the individual in writing (a) that the Organization is collecting, capturing, or otherwise obtaining the individual’s Biometric Data, and (if applicable) providing such Biometric Data to its vendors and/or the licensors of the data collection software; (b) of the specific purpose and length of time for which the individual’s Biometric Data is being collected, stored, and used. Biometric Data collection notices must meet applicable legal requirements, e.g., under the EU General Data Protection Regulation (GDPR) and the Illinois Biometric Information Privacy Act (BIPA).
The Organization (or any service provider that is collecting Biometric Data on the Organization’s behalf) must obtain affirmative written consent from the individual (or his or her legally authorized representative) authorizing the Organization’s processing of the Biometric Data.
The Organization shall not sell, lease, trade, or otherwise profit from individuals’ Biometric Data excepted as permitted in this privacy policy. The Organization shall not permit its vendors or licenses to sell, lease, trade or otherwise profit from such data except as permitted herein.
The Organization shall not disclose any Biometric Data to anyone other than its service providers and licensors unless: (a) the individual (or their representative) has provided affirmative consent for the disclosure, (b) the disclosure is required by law, (c) the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction, (d) the disclosure is otherwise legally permitted, as documented by the Organization Privacy Office.
The Organization shall retain Biometric Data only as needed. Unless Biometric Data are needed in connection with an investigation or prosecution of wrong-doing, the Organization will retain Biometric Data for the period of time that a user is using the App plus a maximum of three (3) years. At the end of the retention period, the Organization shall delete and/or destroy the Biometric Data and shall request that its vendors and licensors also securely delete and/or destroy the data. Exceptions to the retention limits must be approved by the Organization Privacy Office.
The Organization shall protect the security, confidentiality and integrity of the Biometric Data using organizational, technical and physical controls that are reasonably designed to prevent unauthorized access to or use of the Biometric Data. These security controls will be no less stringent than the controls used by the Organization to protect other sensitive personal information.
Our app is not intended for use in the state of Illinois. By using the app, you confirm that you are not accessing it from within the state of Illinois. We reserve the right to take measures to restrict access to users located in Illinois in compliance with applicable laws and regulations. If you are located in Illinois, you must not use or access the app
If you have questions about our Privacy Policy, please contact us at [email protected].
