PRIVACY STATEMENT

Effective Date: Oct 2020

When you visit and interact with our website, contact and communicate with us or use any of our products and services, TruU may collect, use, and process information related to you (“Personal Data”). “TruU”, “We”, “Us”, “Our” or the “Company, refer to TruU, Inc. TruU offers a solution that is comprised of: a cloud service, customer managed software and a mobile app / SDK. These components, along with the website, are referred to as “Services” in this policy.

This Privacy Statement applies to the following activities:

Visiting our website;
Visiting our offices;
Communicating with us, including emails, text or fax;
Registering for our events;
Using our Services.

Website

Our website (https://truu.ai) and other websites under the truu.ai domain, include links to other websites, applications and services maintained by third-parties. The information protection and privacy practices of these external websites, applications and services are governed by the privacy statements of the respective third-party. We encourage you to review these privacy statements to better understand the privacy practices of each third party.

Personal Data Collected

The Personal Data we directly collect, process and/or store from you may include:

Information Request: If you request for information about our Services, register for a trial, download our software, request for support or use the “Contact Us” feature on our website, we generally require contact information such as your name, email address, company name, title and telephone number.
Website Interaction: If you use and interact with our website, we may collect your usage information through cookies, web beacons and similar tracking technologies that may qualify as Personal Data.
Office Visit: If you visit our offices, you may be required to sign-in with your name, email address, telephone number, company, title, purpose of visit and date/time of arrival.
Event Registration: If you attend an event, we may scan your badge which will provide us with your name, email address, company name, title and telephone number.
Customer Personal Identification Information (PII): End user’s first / last name, GUID, email address (if available), UPN, mobile device info (HW version, OS version, etc..), and public key trust associations during an interaction between the identity server and TruU cloud when a user is registered to use TruU authentication service. TruU staff does not have any visibility into this data.
Device Information: If you are using our Services, we may be collecting sensor data from your registered device if you consent to allow collection of this information. Such information includes the gyroscope and accelerometer to measure motion data that uniquely identifies a person based on their gait. Additional sensor data may include Bluetooth, Location and Wi-Fi signals, which are also used to uniquely identify a person.

Cookies, Log Files & Web-Beacons

We use common information-gathering tools, such as cookies, log files and web-beacons that may collect Personal Data about you, to make interactions with our website more meaningful.

Cookies

We use cookies and similar web tracking technologies such as tags and scripts to collect your usage information and interactions with us on our website. When you visit our website, our servers send a cookie to your computer. Cookies allow us to track overall usage and make your interactions with us more customized and meaningful.

We use both session-based and persistent-based cookies. Session cookies only exist during a session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Most browsers automatically accept cookies however, if you choose to disable cookies, it may limit your use of certain features and functions on our website or service.

Log Files

As with most websites, we automatically gather certain information in log files as you navigate our website. This information may include your Internet Protocol (IP) address, your Internet Service Provider (ISP), your device identification numbers, your location, your browser, your mobile carrier, your searches on our website, your pages and files viewed, your operating system and date/time stamps of your usage. We analyze this information to help us improve our website and to guarantee proper functionality and security.

Web-Beacons

We may also use web-beacon technologies such as clear gifs that help us better manage content on our website and emails. Clear gifs are tiny graphics with a unique identifier that help track the online movement of users on the website. We do not tie information gathered from clear gifs to Personal Data.

Data Collected Through TruU Services

At the core of our Services, sensor data from a registered mobile device, is collected and processed by the TruU platform in order to formulate a unique identity of an end-user. If a user authorizes or opts in, such sensor data may come from the gyroscope and accelerometer of the device, which is processed by the TruU platform consisting of a cloud and a customer managed software component. Other sensor data, including barometric sensor, Bluetooth, Location, Magnetometer and Wi-Fi from a registered device may be collected for the purpose of uniquely identifying a user. TruU will never collect data from a device without the end-user’s permission. End-users can also set the TruU mobile app into ‘Privacy Mode’ on a scheduled or on an ad-hoc basis to disable all data collection by TruU. By default, end-users can also disable any sensor data collection parameter (e.g. location, motion, etc.) within the TruU mobile app; however, Administrators do have the ability to require or disable any of sensor data collection parameter via policy controls, based on the Enterprise’s internal policies.

Customer Administrator can control who uses TruU service from their management console. For a user who is enrolled into using TruU service, TruU only uses less sensitive data such as first / last name, GUID, email address (if available), UPN, mobile device info (HW version, OS version, etc..). This data is obtained from the corporation as part of using the TruU service. TruU staff cannot see who at the customer site is using TruU service. We see only the aggregate user count for billing purposes.

Employment Application:

TruU can get your information if you apply for a job at TruU.

Data NOT Collected by TruU:

TruU has no need of data about very personal traits and does not collect data about:

Children
Mentally Ill People
Asylum seekers
The Elderly
Patients
Race or ethnic origin
Religious or philosophical beliefs
Political opinions
Trade union memberships
Biometric data
Genetic data
Health data
Data related to sexual preferences, sex life or sexual orientation

Employment Information Exception:

TruU may have some information about a data subject when requesting employment. TruU does not collect this information from end customers.

Criminal convictions or offences (unless volunteered during employment screening)
Government issued identification numbers required for employment verification as protected by the law
Bank, credit card or other financial details required for sending or receiving payments

How We Use Your Data

We collect, process and store your Personal Data for the purposes and on the legal bases identified below:

Improving Website: We collect and process Personal Data to analyze trends and track your usage of our website for our legitimate interest in further improving and developing our website and to provide you with more relevant and meaningful content.
General Inquiries: We collect and process Personal Data to respond to inquiries and information requests, and to send materials such as whitepapers, datasheets and pricing through email, postal mail or telephone.
Marketing Communications: We collect and process your Personal Data to send advertisements, newsletters, product updates, events and promotions necessary for our legitimate interest in providing Services on a commercial basis.
Employment Opportunities: We collect and process your Personal Data for current and future potential employment.
Delivering Core Services: We collect and process Personal Data through enabled sensors on your registered mobile device in order to provide core Services of the TruU solution.
Customer Support: We collect and process Personal Data to respond to your request for assistance, to resolve technical issues you encounter, to analyze crash information and to repair and improve our Service.
Office Visitors: We collect and process Personal Data of all personnel who visit our offices, for security purposes.
Legal: We collect and process your Personal Data to cooperate and comply with public and government authorities, courts, and lawful requests in accordance with our legal obligations under applicable laws that require processing or disclosure of Personal Data to protect our rights.

How We Share Your Data

We may share collected Personal Data with the following recipients:

Service Providers: We may share Personal Data with contracted service providers that provide hosting, system administration, legal, banking, insurance, accounting and auditing.
Human Resources: We may share Personal data with our Human Resources service provider for background checks in accordance with applicable employment laws.
Social Media: We may share Personal Data with third-party social networks, advertising networks and websites that usually act as separate controllers, so that TruU can market and advertise on these third-party platforms.
Merger, Acquisition, Reorganization: We may share or transfer Personal Data if we are involved in a merger, acquisition or reorganization. In accordance with applicable laws, we will use reasonable efforts to notify you of such sharing or transfer of Personal Data to an unaffiliated third party.
Legal: We may disclose Personal Data as required by law or if the Company reasonably believes that disclosure is necessary to protect the Company’s rights, protect your safety or safety of others, investigate fraud and/or to comply with a court order or other governmental authority.

Marketing Opt-Out

You may opt-out of receiving promotional communication and personalized advertisements by managing cookies in your browser. Please note, however, that by disabling cookies and similar technologies, you may not be able to take full advantage of features and functionality on our website. You can also withdraw your opt-in consent at any time by referring to the “Contact Us” section below.

End-User Notice

TruU Services are intended for use by Enterprises. The Administrator of the Enterprise is responsible for user accounts and/or Services over which it has control. TruU is not responsible for the information protection and privacy practices defined and implemented by the Enterprise. Please direct your questions to your Administrator, as your use of TruU Services is subject to Enterprise policies implemented by your Administrator.

Administrators are able to:

Access information in and about your account;
Access or retain information stored as part of your account;
Restrict, suspect or terminate your access to the Services;
Enable policies that require certain sensor data (e.g. location) to use the Services;
Install or uninstall third-party apps or other integrations;
Change your information, including profile information;
Restrict your ability to edit, modify or delete information.

Children

TruU Services are not directed at children under the age of 16. We do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child has provided TruU with Personal Data without your consent, please contact by referring to the “Contact Us” section below. TruU will take steps to delete such Personal Data from our systems.

Personal Data Retention Period

All data retention is managed as per data retention policy. We retain Personal Data for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Service. TruU also retains certain Personal Data required to comply with legal obligations, resolve disputes and to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where TruU retains information for Service improvements, TruU takes every step to eliminate information that directly identifies you, and only use the information to uncover collective insights about the use of our Service, not to specifically analyze personal characteristics about you.

Your Rights

You have certain rights when it comes to your Personal Data, subject to local data protection laws. These rights include the right to:

Access to your Personal Data held by TruU (right to access)
Rectify inaccurate Personal Data (right to rectification)
Erase or delete your Personal Data, as permitted by legal obligations (right to be forgotten)
Restrict our processing of your Personal Data (right to restriction of processing)
Transfer your Personal Data to another controller to the extent possible (right to data portability)

To exercise your rights, please refer to the “Contact Us” section of this document. We will try to respond to all legitimate requests within one month of the request and may contact you if we need additional information to honor the request.

Training

TruU employees and contractors are required to go through mandatory recurring training to make sure they understand their role and responsibilities in protect all TruU data.

Security

TruU takes every pre-caution to protect against unlawful or accidental loss, theft, alteration, disclosure or unauthorized access to any Personal Data. While TruU follows generally accepted standards to protect Personal Data, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Privacy Statement Changes

TruU reserves the right to update our Privacy Statement at any time to reflect changes in our internal practices, technologies and legal requirements. If changes are made to the Privacy Statement, the “Effective Date” at the top of this Privacy Statement will be updated. Your continued use of our Services after we post any modifications to the Privacy Statement described on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Statement.

Contact Us

If you have any questions or concerns about this Privacy Statement or to exercise your rights regarding your Personal Data, please contact us:

TRUU, INC
720 University Ave, Suite 200
Palo Alto, CA 94301
United States
Email: privacy@truu.ai

Violations

Any violation of this policy may result in disciplinary action, up to and including termination of employment. TruU reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. TruU does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, TruU reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy.

Any employee or partner who is requested to undertake an activity which he or she believes is in violation of this policy, should provide a written or verbal complaint to his or her manager, any other manager or the Human Resources Department as soon as possible.

Glossary

References

ISO/IEC 27001:2013 – Clauses 9.2(g) Internal Audit and others

AT 101 – SOC 2: CC1.0– The Control Environment

AT 101 – SOC 2: CC2.0 – Communication and Information

AT 101 – SOC 2: CC4.0 – Monitoring of Controls

PCI DSS v3.1