Product Privacy Policy

Effective date: November 1, 2022.

At AiPrise, we take your privacy seriously. Please read this Product Privacy Policy to learn how we treat personal data that we collect through the Services when we act as a service provider or processor to provide our services to our enterprise customers .

Remember that your use of the Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

Privacy Policy Table of Contents

• What this Privacy Policy Covers

• Personal Data

  • Categories of Personal Data We Collect
  • Categories of Sources of Personal Data
  • Our Commercial or Business Purposes for Collecting Personal Data

• How We Share Your Personal Data

• Information about Biometric Information We Collect on Behalf of Our Customers

• Tracking Tools, Advertising and Opt-Out

• Data Security and Retention

• Personal Data of Children

• Rights under Data Privacy Laws

• Changes to this Privacy Policy

• Contact Information

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use the Services. Please see our Website Privacy Policy for an overview of our practices with respect to our website. "Personal Data" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules or regulations. Note that this Privacy Policy only covers Personal Data that we collect in the course of providing our Services to our enterprise customers. When we provide these Services to our customers, we only process the Personal Data in our capacity as a "processor" or "service provider" on behalf of the customer, which is the "controller" or "business." As such, your Personal Data will also be subject to our customer's privacy policy, and any questions regarding the collection, use, or sharing of your Personal Data should be directed to the customer. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.

For reference, under relevant privacy laws, "controllers" determine how and why to processes personal data, and may also be called "businesses", while "processors" process personal data at the instruction of the controller with which they contract, and may also be called "service providers."

Personal Data

Categories of Personal Data We Collect

This chart details the categories of Personal Data that we collect and have collected over the past 12 months:

Category of Personal Data	Examples of Personal Data We Collect	Categories of Third Parties With Whom We Share this Personal Data:
Profile or Contact Data	First and last name Email Phone number Mailing address	Service Providers
Identifiers	Social security number Driver's license number and photo Passport number and photo National ID number and photo	Service Providers
Device/IP Data	IP address Device ID Type of device/operating system/browser used to access the Services	Service Providers
Consumer Demographic Data	Age / date of birth Zip code	Service Providers
Geolocation Data	IP address-based location information	Service Providers
Biometric Data	Scan of face geometry (including faceprints)	Service Providers
Other Identifying Information that You Voluntarily Choose to Provide	Identifying information in emails or letters you send us	Service Providers

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

• Our customer. Our customer may provide us with certain information about you when referring you to our Services.
• You
  • When you provide such information directly to us.
    • When you use our interactive tools and the Services.
    • When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
    • When you send us an email or otherwise contact us.
  • When you use the Services and such information is collected automatically.
    • Through Cookies (defined in the "Tracking Tools, Advertising and Opt-Out" section below).
    • If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
    • If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services.
• Third Parties
  • Vendors
    • We receive information about you from some of our vendors who assist us with providing our Services (including our biometric identity verification service) to our customers.
    • We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.

Our Commercial or Business Purposes for Collecting Personal Data

• Providing the Services to our customers as a service provider and, as permitted under agreements with our customers:
  • Meeting or fulfilling the reason you provided the information to us.
  • Providing support and assistance for the Services.
  • Improving the Services, including testing, research, internal analytics and product development.
  • Doing fraud protection, security and debugging.
• Corresponding with You
  • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about AiPrise or the Services.
• Meeting Legal Requirements and Enforcing Legal Terms
  • Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
  • Protecting the rights, property or safety of you, AiPrise or another party.
  • Enforcing any agreements with you.
  • Responding to claims that any posting or other content violates third-party rights.
  • Resolving disputes.

How We Share Your Personal Data

We disclose your Personal Data to the categories of service providers listed in this section. For more information, please refer to the state-specific sections below.

• Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
  • Hosting, technology and communication providers.
  • Security and fraud prevention consultants.
  • Support and customer service vendors.
  • Analytics Partners. These parties provide analytics about usage of the Services.

Information about Biometric Information We Collect on Behalf of Our Customers

Our Collection and Use of Biometric Information.

We may collect biometric information about our customers' end users in order to provide our biometric verification service. Biometric information is a form of personal data based on an individual's biometric identifier – such as an iris scan, fingerprint, voiceprint, hand geometry, or facial geometry – that is used to identify an individual. As used in this policy, "Biometric Information" refers to both "biometric information" and "biometric identifiers" as those terms are defined under applicable law. When providing our biometric verification services to our customers, we may collect Biometric Information such as a scan of your facial geometry or a "faceprint" of our customers' end users. To do this, we may ask you to submit a picture of yourself, which we match against government issued identification or other identification documents. We use Biometric Information to assist our customers, including to help them identify and authorize individuals to access secured systems and spaces. We may also use Biometric Information to comply with applicable legal obligations or comply with a request from law enforcement or government entities, unless prohibited by law.

How We Share Biometric Information.

We may share Biometric Information with our service providers and our customers. We may also share your Biometric Information with third parties where permitted to enforce our terms of use, comply with legal obligations, or cooperate with law enforcement agencies where required by law. Note that we never sell or rent Biometric Information.

How We Secure Biometric Information.

We seek to protect your Biometric Information from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures. We endeavor to protect Biometric Information in the same or more protective manner than the manner in which we store, transmit or protect other confidential and sensitive information. Although we work to protect the security of your data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Our Retention of Biometric Information. AiPrise will retain biometric data until the earlier of the following: (1) the identity verification purposes for the collection have been satisfied; or (2) three years from your last interaction with our Services.

Unless required by a valid warrant or subpoena to maintain any specific biometric data for longer than the above retention schedule, we will securely delete biometric data according to this schedule, rendering it no longer available for inspection or access.

Questions about Your Biometric Information. If you are an end user of an AiPrise customer and have questions about the collection and use of your Biometric Information, please contact the customer directly, as our customer is responsible for their own privacy and data security practices with respect to Biometric Information and other Personal Data collected in connection with AiPrise's Services (including our biometric identity verification service).

Legal Obligations

We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under "Meeting Legal Requirements and Enforcing Legal Terms" in the "Our Commercial or Business Purposes for Collecting Personal Data" section above.

Business Transfers

All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Data that is Not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.

Data Security and Retention

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. Although we work to protect the security of your data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

As a service provider, we retain Personal Data for periods consistent with our obligations in contracts with our customers.

Personal Data of Children

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data about children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at info@aiprise.com.

Rights under Data Privacy Laws

Note that certain consumers may have rights over their Personal Data under laws such as the California Privacy Rights Act, the UK General Data Protection Regulation, and the European Union Data Protection Regulation. We act as a "service provider" or "processor" when providing services to our customers, who are the "business" or "controller" of the Personal Data. If we are processing your Personal Data on behalf our customer, we are acting as a service provider or processor and any questions about your Personal Data and requests to exercise your rights over such Personal Data should be directed to the customer.

Changes to this Privacy Policy

We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on the AiPrise website, by sending you an email and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

• https://aiprise.com
• info@aiprise.com