Privacy Statement

Versión en Español  | Version en Français-Canadien  

About Socure. Socure Inc. (collectively, “Socure,” “we”, “us” or “our”) provides products, tools, and services powered by artificial intelligence and machine learning to help our business customers validate identities, assess risk, and detect and prevent identity theft and fraud (the “Products”). We use what we learn about you on an ongoing basis to continually develop and improve the Products.

Scope of this Privacy Statement. This Privacy Statement applies only in the ordinary course of our business and only to:  (1) personal information (or “personal data”), as defined by applicable law; and (2) anyone who uses the Products, directly or indirectly, or visits us at any one of our websites, hyperlinks, social media pages, or elsewhere on the Internet (the “Sites,” or, when referred to with the “Products,” collectively known as the “Services”). This Privacy Statement describes how we collect, use, and disclose personal data and identifies our data sources, our lawful bases for processing, and our data security and data retention practices. It also contains important information about your data rights and how to contact us. This Privacy Statement does not apply to job applicants or to any non-affiliated third parties.

Changes to this Privacy Statement. Socure reserves the right to modify this Privacy Statement by posting an update on this website. Please review this Privacy Statement from time to time to stay informed, as any material changes to this Privacy Statement will be effective immediately and your continued use of our Services mean you agree to your data being used accordingly. 

Collection of Personal Information

The categories of personal and sensitive personal information that we collect about you in connection with your use of the Services include: 

• Identifiers, such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, or other financial information.

• Characteristics of protected classifications, such as age, sex, gender, gender identity, immigration status, race, skin tone, and national origin.

• Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Biometric information, such as information derived from photographs of a face or inferred from keystroke or other data entry patterns.

• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with the Services.

• Geolocation data, such as Internet Protocol address and Global Positioning System coordinates.

• Audio, electronic, visual, thermal, olfactory, or similar information, such as identity document and selfie photographs and readings from device sensors.

• Professional or employment-related information, such as any business-related contact information used when you create an account with us or interact with the Sites.

• Inferences drawn from the information we collect to create a profile about you that reflects your preferences, characteristics, predispositions, or behavior.

• Sensitive personal information, such as personal information that reveals your social security number, driver’s license or state identification card number, passport number, financial account and routing number, racial or ethnic origin, criminal history, contents of your email, and biometric information.

Sources of Personal Information

The sources of the personal information we collect are:
• you, directly or indirectly, when you use the Services;
• third parties who test, purchase, or resell the Products;
• public sources of information; and
• our third-party vendors and service providers.

Use of Personal Information

We may use your personal information in accordance with law and our customer contracts to:

• carry out our operational or other purposes, as necessary to provide the Services;
• prevent, detect, protect or defend against, or respond to security incidents, identity theft, fraud, harassment, malicious, deceptive, or illegal activities;
• preserve the integrity or security of our systems;
• debug and otherwise identify and repair errors that impair existing intended functionality of the Services;
• advertise or market to you in connection with your interaction with the Sites;
• audit or otherwise perform quality control related to a current or concurrent transaction;
• perform services for or on behalf of our customers, including maintenance or service of accounts, troubleshooting transactions, and providing other customer support; and
• undertake internal research for technological development and demonstration, which includes the development, validation, and improvement of the Services.

Where permitted or required by law, we may also use your personal information to:

• comply with federal, state, or local laws, rules, or regulations;
• comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities;
• provide support to a customer or partner who is being investigated or audited;
• cooperate with law-enforcement agencies concerning conduct or activity that we or our customer reasonably and in good faith believes may violate federal, state, or local laws, rules, or regulations; and/or
• investigate, establish, exercise, prepare for, or defend legal claims.

Lawful Bases for Processing Personal Information

For consumers located in jurisdictions that require a lawful basis for processing, please note that your personal data are processed in accordance with:

• your consent;
• performance of a contract;
• overriding legitimate interests, such as identity verification, risk assessment, and ongoing fraud prevention; or
• a legal requirement or obligation.

Where Socure relies on legitimate interests, we take into consideration the reasonable expectations of data subjects based on their relationship with the controller, including ongoing customer relationships and access to goods or services, and balance them against our customer’s ongoing needs to validate identities, assess risk, and prevent, detect, protect or defend against, or respond to security incidents, identity theft, fraud, harassment, malicious, deceptive, or illegal activities.

Where Socure processes special categories of personal data, we do so only in accordance with your freely given consent, which may be provided to our customer, to us directly, or both, when you use the Services, whether directly or indirectly.

Disclosure of Personal Information

Socure may disclose your personal information with third parties for business purposes, as follows:

From time to time, for business purposes, Socure may also need to disclose your personal information to the following third parties:

• professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us;
• a court of law, arbitral tribunal, law enforcement agency or other third party, where required or otherwise permitted by law; or
• a third party as part of a business transaction such as a merger or acquisition.

Socure does not disclose sensitive personal information for purposes other than those specified in section 7027(l) of the California Consumer Privacy Act Regulations.

Targeted Advertising. You might receive targeted advertisements from Socure. For our third-party service providers to help us serve those advertisements, we may share with them your identifiers, professional or employment-related information, and/or personal information categories listed in the California Customer Records statute, alone or in combination with information from other sources (like our data vendors and offline customer data), and they use various tracking technologies. 

Socure does not “sell” personal information, as defined by applicable law. Socure has no actual knowledge that it sells or shares the personal information of consumers under 16 years of age, as defined by applicable law. 

When We Delete Information

At Socure, we believe (because we’ve seen) that ongoing identity verification, risk assessment, and fraud prevention are purposes for data collection, use, and retention that do not expire. Nonetheless, our general policy is to delete your personal data permanently and securely within 7 years from your last interaction with Socure or the Services, unless otherwise specified herein or where the law or a contract requires deletion to occur sooner.

Special Notices re Biometrics: To the extent Socure collects your “biometric information” or “biometric identifiers” as defined by applicable law, we will delete that information permanently and securely no later than 3 years after your last interaction with Socure or the Services. 

How We Secure Your Information

Socure uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we require our customers to do the same. Our security practices are also audited on a recurring basis, and we maintain ISO 27001 and SOC 2 Type 2 certifications. That said, there is simply no way to guarantee that any safeguards or security measures will be sufficient to prevent a security incident.  

Your Data Protection Rights

Based on where you live, you may be subject to one or more of the following data protection rights (some of which are limited rights subject to certain exceptions):

• Right to know the personal information or categories of personal information we collect about you and how it is used and shared.
• Right to correction/rectification inaccurate personal information that we have about you.
• Right to deletion/erasure of personal information about you. This is also referred to as the “Right to be forgotten.”
• Right to opt out of certain processing, such as targeted advertising, automated decision making, or certain types of profiling.
• Right to restrict processing, if you meet certain limited applicable circumstances.
• Right to withdraw consent, provided that any such withdrawal only applies prospectively and will not impact prior processing conducted in accordance with your prior freely given consent.
• Right to appeal a refusal to take action on a request within a reasonable period of time after you receive the initial decision.

Non-discrimination. Privacy and data protection laws generally prohibit discrimination against consumers who choose to exercise their data protection rights. Socure will not deny you any goods or services as a result of your exercise of data protection rights.

To exercise applicable data protection rights requests, please fill out this form. After receipt of your request, we will attempt to notify our customers and data vendors of the request and will let you know what actions we intend to take in response. You can also exercise your data protection rights by sending us an email with your name, state or country of residence, and which right(s) you’d like to exercise. Please note that Socure may be subject to specific exemptions and limitations in how we respond to such requests and that certain rights may not be applicable to you. 

Additional information regarding opt outs. To learn how to manage targeted advertisements you might see on LinkedIn, click here. If you would like more information about how targeted advertising works and how to control the use of your data in this way, you also can visit the NAI (National Advertising Institute) or the DAA (Digital Advertising Alliance). 

Verifiable Data Protection Rights Requests: Socure will use commercially reasonable methods to confirm that you submitted a verifiable request, where applicable or required. This means that we may need to ask you for additional information, and it also means we may need to save some of your personal information to prove that we complied with your request.

Authorized Agent:  You also may designate an authorized agent to make a request on your behalf, subject to appropriate verification and other applicable legal requirements.  Your authorized agent will need to provide documentation supporting the agent’s authority to make the request on your behalf.  We also may require you to verify your identity directly with us and confirm the request.

Opt Out Preference Signals:  We respond to signals or mechanisms enabled in web browsers and on mobile devices that indicate a preference to exercise the rights listed above as required by applicable law.  At this time, we do not honor “do not track” signals if enabled in a web browser. 

Contact Us

You can reach our Privacy team, including our Data Protection Officer, at privacy@socure.com.