Socure is committed to protecting consumer privacy, which includes the security of personal information that we hold and use. We provide digital services to many kinds of businesses, and we operate this website. This policy breaks out our information handling practices by those channels. The Privacy Notice for Socure Website and Operations covers the collection and use of information obtained through this website, which is owned and administered by Socure Inc. (“Socure” or “we”), and our business operations such as our hiring processes. The Privacy Notice for Socure Products and Services covers the personal information we collect and process at the direction of Our Customers and through their use of our services. If you have questions or complaints regarding our privacy notice or practices, please contact us.
Socure is a business that provides a digital service to many consumer-serving businesses, such as financial services institutions, ecommerce sites, and many more (these are “Our Customers”). Our Customers use Socure to verify the identity of their online applicants and related services. They provide only the personal information that is necessary for our solution to work and then we check it out. We get personal information from other sources as well in order to compare Customer-provided data against it and to create our data models. We do this work quickly and accurately so our customers can prevent fraud and so consumers can get their desired services. As a company, we follow all the applicable privacy laws and we have established a comprehensive privacy program, including a global compliance and privacy officer and a chief compliance officer, to help us respect and protect the personal information of individuals.
We collect personal information in a variety of ways, such as when you:
We also collect supplemental information from other sources, including our Vendors and publicly available sources of information.
We collect personal information in the following categories: authenticating identifiers, financial, demographic, social, and device/computing personal information e.g. browser, operating system, hardware and other details that are used for fraud detection and identity verification. We collect it in a variety of ways: directly from you, from our business customers and their technologies, and from third party sources. You may input personal information directly into business forms or technology platforms when you apply for products or services with our customers. This includes when you scan, upload or otherwise provide your identity documents. Other information such as IP address and device information comes to us in a more automated fashion when you use websites, mobile applications and platforms to request products or services. Finally, we acquire personal information from data vendors that are compliant with the relevant privacy laws and our internal policies and standards, for the purpose of providing and improving our identity verification services.
The information we collect may include, without limitation, a person’s or business’ name, usernames, passwords, email addresses, phone numbers, date of birth, national ID information (such as Social Security Number, driver license information, passport information, etc.), IP addresses, employer names, geographic location (latitude and longitude), images, device attributes about the computing device you are using (including information about battery, browser and platform usage), and other information necessary to access accounts or profiles with third-parties, including, but not limited to, social media sites. Device data will be collected in accordance with the privacy permissions and settings that you have enabled in or via your device. For job applicants, we also collect professional and employment information as required by our hiring process or additionally provided by candidates or third parties.
We use the personal information received from individuals and from Our Customers in connection with our provision of identity verification products and services to Our Customers. We process personal information consistent with Our Customers’ requirements. We also use personal information, including images of identity documents, we receive from Individuals for verification purposes through our ID+ Identity Verification Solution. We use the personal information of job applicants for purposes of hiring and recruiting.
Our use of received personal information may include sharing the personal information with Vendors working for us to provide products or services to Our Customers, as necessary for the provision of Socure products and services. Vendors with which we share received personal information components are required to keep this information confidential and may not use such information for any purpose other than to help us provide requested products and services to Our Customers.
Socure takes appropriate steps to ensure that Vendors protect such personal information. Additionally, your personal information may be disclosed as required by law and when we have reason to believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Socure does not sell consumer personal information, meaning we do not pass on personal information to other businesses or third parties for monetary or other valuable consideration.
In cases of onward transfer to third-parties of data of EU and Swiss individuals received pursuant to the EU–U.S. Privacy Shield and Switzerland–U.S. Privacy Shield, Socure is potentially liable. See our Privacy Shield Statement below.
We collect information about the use of our website, about the browser type and IP address used to visit our website, and about any website from which someone may have been linked to or referred to our website, or to a site which someone may be linked to or referred to from our website. This non-personal information is aggregated for reporting on usability, performance, and effectiveness. It is used to improve the customer experience and the usability and content of our website, and of the services and products we provide.
Whenever we collect your personal information, we take steps to help ensure that it is accurate, complete, and up-to-date. You may request access to such personal information about yourself that Socure holds by contacting us. Additionally, if your personal information changes, or if you believe the information Socure holds is inaccurate, you may request to correct, update, amend or delete/remove inaccurate information by contacting us; except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
To exercise your consumer rights under laws like the California Consumer Privacy Act (which gives Californians the right to request a description or deletion of their personal information), please contact us at 866-932-9013 or firstname.lastname@example.org.
We encourage interested persons, including those in the EU, to use the contact information provided with questions or concerns about their personal data. We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using the U.S.-based JAMS (http://www.jamsadr.com).
Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
In compliance with the Privacy Shield Principles, Socure commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss individuals with a question or concern about the use of their Personal Data should contact Socure.
Socure has further committed to refer unresolved privacy complaints to JAMS, an independent and alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact JAMS (http://www.jamsadr.com) for more information and to file a complaint. The services of JAMS are provided at no cost to you.
Socure is committed to following Privacy Shield Principles for all Personal Information within the scope of the Privacy Shield Agreement. If Socure is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our websites of any change in ownership or proposed uses of your personal information, as well as any choices you may have regarding your personal information.
Socure will take responsible steps to protect information and has implemented appropriate physical, electronic, and managerial procedures to safeguard, secure and protect information from loss, misuse, unauthorized access, disclosure, alteration, destruction, and malicious or unintentional action. However, the Company cannot completely guarantee the security of Information on or transmitted via the Internet.
Protecting our customers’ information and their users’ privacy is extremely important to us. As a SaaS company entrusted with our customers’ personally identifiable information we have set high standards for security. To ensure this security, we regularly complete:
In accordance with GDPR requirements, Socure will continue to adhere to established controls to protect personally identifiable information. Specifically, Socure will continue to provide security incident notifications and will continue to meet its obligations and offer contractual assurances.
Our website may provide links to third-party websites for your convenience and information. If you access those links, you will leave our website. We do not control those websites or their privacy policies or practices, which may differ from ours. We, therefore, encourage you to review the privacy policies of companies and websites before submitting any personal information to them.
Our website contains tracking technologies owned and operated by third parties. For example, we use tracking technologies from website analytics services, such as Google Analytics and LiftCertain, to analyze website traffic, including user behavior and attributes, and to provide lead generation services. These technologies include cookies and web beacons.
Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. Specific cookies known as HTTP cookies are used to identify specific users and improve your web browsing experience. Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you.
Web beacons (also known as a “tracking pixel” or “clear GIF”) are a clear graphic image (typically a one-pixel tag) that is delivered through a web browser or HTML e-mail, typically in conjunction with a cookie. Web beacons allows us, for example, to monitor how users move from one page within our websites to another, to track access to our communications, to understand whether users have come to our websites from an online advertisement displayed on a third-party website, to measure how ads have been viewed and to improve site performance.
Socure does not track website visitors over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. DNT is a browser setting that can prevent such tracking. If you would like to learn more, you can check out https://allaboutdnt.com/.
Socure’s ID+ service is not intended for access or use by, and we do not knowingly collect personal information from, children under 13 years of age. If you are under 13 years of age, do not access, use or provide any information on our website, including completing the online registration process for the service, or provide any information about yourself to us, including your name, address, telephone number, email address or any other personally identifiable information. If you believe we might have any information from or about a child under 13 years of age, please contact us at: email@example.com
Specifically for European individuals, we provide information on our privacy practices in a format that matches up with European laws and requirements.
As required under the GDPR:
In addition, Socure undertakes the following measures:
Socure utilizes various vendors to provide its services to customers. As such, vendor agreements (via contract or other similar legal business document) control and define how vendor information is utilized and processed. Agreements include requirements for sufficient technological and business controls to meet acceptable security and privacy standards for the provided service(s).
Socure adheres to these controls to ensure that appropriate legal and technical controls are in place to buffer Socure from privacy violations on behalf of a customer, a data vendor, a service provider, or other person, organization or entity. In case of a third-party breach or privacy violation outside of Socure systems, Socure will follow internal policy and procedures for Security Incidents.
Socure has established a comprehensive Data Retention policy and Data Destruction procedures which all Socure employees must adhere to in handling Customer or Consumer Information. All requests for data destruction from customers and consumers will be performed in accordance with all applicable policies, regulations, certifications, and contractual obligations.
All data sent to or received by from Socure is data acquired via opt-in acceptance. That is, all Socure customers must provide opt-in acceptance for consumers which Socure provides identity verification processing services to.
Services that would require the use of data without opt-in specifications or controls must be disclosed to customers concerning the data privacy and provenance to reasonable ability.
Socure complies with the EU–U.S. Privacy Shield Framework and the Switzerland–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Socure has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view Socure's certification, please visit http://www.privacyshield.gov.
A full list of Privacy Shield participants and their assigned dispute providers can be found on the Department of Commerce website at: https://www.privacyshield.gov/list
Questions or complaints regarding Socure’s compliance with the Privacy Shield Principles should be first directed to Socure via one of the methods listed in the Contact Us section. Socure has further committed to refer unresolved Privacy Shield complaints to JAMS (http://www.jamsadr.com), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. EU and Swiss citizens can also, after contacting both Socure and JAMS for dispute resolution resulting in no acknowledged outcome, enter into binding arbitration to resolve a specific, individual complaint.
Last revision: October 2020