Date of last revision: November 16, 2021
The Service is for use by residents of the United States, only. The Service is not directed to individuals under the age of eighteen (18), who should not provide their Personal Data via the Service.
Your Personal Data and Where We Collect It From
We collect (and may have collected over the last 12 months) the following types of Personal Data from you:
- Enrollment information you enter into the Service (such as, your name, physical address, date of birth, gender identity, mobile phone number, and email address) (collectively, “Enrollment Information”)
- Identity Check Information you enter into the Service for purposes of verifying your identity (such as your answers to identity check questions and, where your identity is unable to be verified based solely on such questions, the last four digits of your Social Security number)
- Authentication Credentials (such as, a PIN you enter into the Service, a photograph of your face (selfie) captured by the app accessing your camera, and to enable their use for future authorization requests, information about your device’s enabled biometric security factors)
- Health information (such as, information related to your COVID-19 vaccination, your health insurance information, and your answers to self-assessment questions) (collectively, “Health Information”)
We collect (and may have collected over the last 12 months) the following types of Personal Data about you from our Service Providers:
- Service usage metrics generated by our service provider’s software embedded in the Service (such as, counts and timestamps of functions you use in the Service, and any errors that might occur)
You may choose not to provide us with certain information, but that may result in our inability to provide you access to the Service.
How and Why We Use Your Personal Data
We process and store your Personal Data in the United States, and use it as follows:
- We verify your identity using your Enrollment Information and Identity Check Information
- We may contact you about your use of the Service, including in order to advertise new features or additional services offered by AllClear using your Enrollment Information
- We use your Health Information as necessary to provide the Service; provided, that such Health Information is only shared as described under “Health Information and Access Decisions” below
- We aggregate App Usage Metrics to gain insight into the performance of the Service, so that we can improve them and fix issues
- We review App Usage Metrics, and other categories of Personal Data as necessary to investigate fraud and protect the Service from abuse
How We Share Personal Data
We do not sell or rent, and have never sold or rented, your Personal Data to marketers or other unaffiliated third parties.
We share your Personal Data with trusted entities:
- Relying Parties. Upon your consent, we share your Personal Data (excluding Health Information) with organizations that you may designate for purposes of being informed of whether you have met their premises access requirements (“Relying Parties”).
- Service Providers. We contract with service providers to assist us in delivering the Service. If these service providers need access to your Personal Data in order to perform their services, we only authorize them to use the data as necessary to perform their services and require that they agree in contracts to keep this information confidential. Examples include identity verification services, email delivery, and cloud infrastructure providers.
- Compliance and harm prevention. We share limited Personal Data as we believe necessary: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of us, you, or others; and (iv) to respond to a judicial or governmental requirement or order.
- Successors and assigns. We reserve the right to transfer Personal Data to a third-party successor entity or assignee in the event of a merger, change of control or disposition of all or any portion of our business, assets, or stock.
Health Information and Access Decisions
The Service enables Relying Parties to establish and enforce access requirements without obtaining any individual’s Health Information. The Service does this by enabling Relying Parties to establish pre-determined criteria regarding categories of Health Information, such as self-reported symptoms and exposure and vaccination status. Once you have provided Health Information to the Service regarding these categories, the app can be used to verify requirements and request entrance to Relying Parties’ locations. The app does this by accessing your device’s camera to scan a Relying Party’s Location QR code. With your consent, we will compare such Health Information against the pre-determined criteria established by a Relying Party. Relying Parties are then informed of whether you have satisfied the criteria for each category of Health Information for one of their specific locations. Relying Parties will be provided a record of your name, entry location and entry outcome. With respect to entry outcome, Relying Parties will only be informed of whether you meet or do not meet the criteria for each category but will not receive any Health Information.
Data Security and Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse including, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on our systems. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. While we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us while that information is in transit. That is especially true for information that you transmit to us via email since we have no way of protecting that information until it reaches us since email does not have the security features that are built into our websites and apps. No data transmission or storage system can be guaranteed to be 100% secure. If you believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us via the contact information in the Contact Us section of this policy.
We will retain your Personal Data as long as we are providing the Service to you. We retain Personal Data after we cease providing the Service directly to you to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. Where we retain data, we do so in accordance with obligations imposed by applicable law and under this Policy.
Your Rights and Choices
You have choices regarding our use and disclosure of your Personal Data:
- Reviewing or Changing your Personal Data. If You would like to review, correct, or update Personal Data that you have previously disclosed to us, you may review your data in the Service or contact us.
- Exercising your right to know. You may request the following information about the Personal Data we have collected about you during the past 12 months:
- Categories and specific pieces of Personal Data that we have collected about you
- Categories of sources from which we have collected your Personal Data
- The business or commercial purposes for collecting or selling your Personal Data
- Exercising your right to delete. You may request that we delete the Personal Data we have collected from you, subject to certain limitations under applicable law.
We will not discriminate against you for exercising these rights.
To submit a request, use the contact information provided in the Contact Us section. We will need to verify your identity before responding to your request by verifying that the email address from which you send the request matches your email address that we have on file or authenticating you by using other data that we have on file. If we no longer need to process Personal Data about you in order to provide our Service, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request. Notwithstanding anything in this Policy to the contrary, we will not be able to fulfill a request for reviewing, changing or deleting Personal Data if we no longer hold your Personal Data or if such Personal Data has been anonymized such that it is no longer Personal Data under applicable law.
If you withdraw your consent for our collection, use or disclosure of your Personal Data, we (and any third party with whom we have contracted to serve advertising) will promptly cease all such use. Note that if you withdraw your consent to our collection, use or disclosure of your Personal Data, we will no longer be able to provide you with the Service.
You can contact us by email at firstname.lastname@example.org, or by sending physical mail to:
AllClear ID Health, Inc.
9600 Escarpment Blvd.
Suite 745, #225
Austin, TX 78749