Last Updated: June 27th, 2019
Woven Identity, Inc. (“Woven,” “we,” “our,” and/or “us”) values the privacy of everyone who uses our services and website (collectively, our “Service”). Woven is in the digital identity business. We take your privacy seriously. We created Woven’s Service because we believe in the value of privacy—yours, ours, everyone’s. You are you. We are Woven.
Information We Collect
Being in the business of digital identity, we collect a variety of information from or about you or your devices from various sources, as described below. We will only use such information with your consent.
A. Information You Provide to Us.
Identity Verification, and Profile Information. When you establish and verify your digital identity with Woven, we ask for a variety of information, depending, for example, on the needs of your employer. We may ask for your name, date of birth, email address, physical address, phone number, pictures of you, and the contents or images of official government identity documents, such as your driver’s license, passport, green card, or Social Security card.
Communications. Should you contact us directly, we receive additional information about you. For example, when you contact our customer support team, we will receive your name, email address, phone number, the contents of any message or attachments that you send to us, and other information you choose to provide. If you subscribe to our emails or newsletter or request more information about our Services, then we will collect certain information from you, such as your email address, phone number, and information about your company. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.
B. Information We Collect Whenever You Choose to Use Our Service.
Device Information. We rely on and receive information about the device and software you use to access our Service, including IP address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
Usage Information. To help us understand how you use our Service and to help us improve it, we automatically receive information about your interactions with our Service, like the pages or other content you view, the pages you log in to, and the dates and times of your visits.
Information from Cookies and Similar Technologies. We and third-party partners collect information using cookies, pixel tags, or similar technologies. Our third party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters.
Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Services to their fullest potential.
C. Information We Receive from Third Parties As Part of Our Service.
Information from employers. We may receive information about you from your employer or prospective employer, including your name and email address. We may also receive the level of access you are entitled to within your employer’s organization and systems (e.g. administrative access).
How We Use the Information We Collect
In general, we use the information we collect to provide a durable digital identity that can be used from one employer to the next. This allows us to provide, among other things, identity verification, application login services, and electronic document signatures.
We use the information we collect:
To provide, maintain, improve, and enhance our Service;
To verify your identity;
To allow you to log in to applications, websites and third party services,
To allow you to electronically sign documents;
To personalize your experience on our Service such as by providing tailored content;
To understand and analyze how you use our Services and develop new products, services, features, and functionality;
To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;
To find and prevent fraud, and respond to trust and safety issues that may arise;
For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and
For any other purpose for which we will provide specific notice and request your consent (and not proceed without it) at the time the information is collected.
Woven’s policy is to retain (in our cloud) only the minimum amount of information necessary for us to successfully operate our Service. Woven retains and uses the information it collects in different ways depending on the purpose for which it was collected and its sensitivity. Below are examples of how Woven retains and uses specific categories of information.
Identity Verification Information. Information we collect and use to verify your identity, such as your name, email address, phone number, images of identity documents (e.g. driver’s license, passport), and data derived from the images of government identity documents, is processed in our cloud and then deleted from the servers that did the processing. This information is retained on your mobile device but is encrypted and only accessible to Woven when you give consent through a Woven Consent Request. This category of information is also encrypted and stored in the Woven cloud to support recovery of your identity in the event that you lose your mobile device. This data is encrypted using a paper recovery key that is generated on your mobile device, printed by you, and is not stored or retained by Woven on the mobile device or in our cloud. This means that the encrypted recovery information stored in our Cloud cannot be decrypted by Woven Cloud because we don’t have the key. This data is only decrypted and accessed by Woven when you use the Woven Mobile application to recover your identity. In this case, the encrypted information is retrieved from the Woven cloud and decrypted locally on the mobile device, such that the unencrypted information is only accessible to you on the mobile device.
Service Operation Information. Information we collect and use in order to operate the service and communicate with you, including your Woven username, your first and last name, your email address (typically your work email), and your profile photo, is stored in our cloud service. Woven uses this information to display a minimal amount of identity information to your employer’s Service Administrators such as Information Technology (“IT”) or Human Resources (“HR”) Administrators who may use such information to administer the use of Woven for access management to various systems and services.
Usage Information. We collect and retain information about your activities and device when you make use of the Service. For example, we may generate and retain logs that indicate that your Woven ID was used to access an external service. This information is collected and used in order to verify proper and secure use of the employee applications and services.
How We Share the Information We Collect
Employers. With your consent, we may share information we receive with your employers in order for your employer to utilize your employee and/or digital identity, for instance so your employer may verify your identity, allow you to log in to your employer’s programs, websites, and resources, and so you may electronically sign documents.
Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of our Services.
Third Party App Integrations. If you connect a third party application to our Services, we may, with your consent, share information relating to your employee identity with that third party.
Other Online Services. Our Services may allow you to, upon your direction and with your informed consent, share information with other online services. You understand and agree that the use of your information by any other online service will be governed by the privacy policies of these third party platforms and your settings on that platform. We encourage you to review their privacy policies.
Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
Consent. We may disclose your information with your explicit permission.
We make reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. For instance, the Service is designed to minimize the storage of personal information that has not been encrypted in a manner in which the keys are protected or stored apart from the data, or cryptographically hashed using what are known as one-way hashing algorithms. The Service also stores some of the information that you provide on your personal device rather than on Woven’s servers.
However, as no electronic transmission of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.
Our Service is hosted in the United States and intended for visitors located within the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.
Update Your Information or Pose a Question
If you have any questions, comments, or concerns about our processing activities, please email us at firstname.lastname@example.org or write to us at 515 Marin Street, Suite 414, Thousand Oaks, CA, 91360.
Last Updated: June 27th, 2019