For most companies Privacy is a buzzword or a false promise — for us it’s everything. Proxy was created to ensure your right to control your privacy and personal data as technology enters the physical realm.
We created Proxy to serve you. Full stop. Your data is your data. It’s owned by you and only you. Only you can consent to how it can be used and for what purposes, and if you change your mind you should be able to revoke access to your data from any party. These are not things we care about because of regulations. These are things we believe are fundamental to our humanity. No lengthy confusing privacy policy document should ever take that away.
Here are the fundamental beliefs that drive our approach to data privacy.
01
We believe your privacy is a human right and is not something to be held at ransom.
02
We believe you own your personal data and digital self as much as your physical self, and you should hold absolute authority on how your data is shared and used.
03
We believe your personal data should be used to empower and positively serve you.
Nobody reads, let alone understands, privacy policies. They are designed by lawyers, for lawyers and are perfectly crafted to give companies the authority to take as much data and information from you as legally possible. That’s not right, and we’re putting our foot down.
Proxy respects your privacy and is committed to protecting it. This privacy notice describes the types of information we collect and our practices for using, storing, protecting, and disclosing that information. It covers information that you provide to us when you use the Proxy app or manage Proxy readers, as well as information generated while using the Proxy mobile access service.
Your name, email address, and photo are stored in your Proxy user profile.
Device model, OS type and version, OS language, hardware settings, network settings, MAC address, device identifier and device location (GPS).
App logins, interactions your device has with Proxy readers, door unlocks, and activity you perform within the Proxy app.
We store logs of IP address, system activity, and crashes of the Proxy app.
Administrators provide their company credit card number and billing address.
You provide Proxy with your name and email address, which are stored in your profile. Optionally, you may add your photo to your profile and enable device location access. If you are an administrator, you provide Proxy with your company credit card and billing address.
Your employer can provide us your name, email address, and photo when setting up corporate access and ID cards. This data is owned by your employer, and is kept separate from your personal data.
All other information classified as Device Info, Usage Activity, and Device Logs are collected automatically when you use Proxy on your device.
There are some core pieces of information that we need to make Proxy work. That includes the data in your user profile like your email and whenever your device running the Proxy app interacts with a Proxy reader. In the background, the Proxy app also needs some data to operate properly on your device such as your network settings, hardware settings, etc.
The Proxy app accesses your phone’s GPS location in order to “wake up” the Proxy app in the background whenever you’re near a Proxy reader. We don’t store or transmit your GPS location off your device. However, our logs of device interactions with Proxy readers could be used to infer your location if the location of the Proxy reader is known to us.
We may use your email address to inform you about the service you signed up for, such as letting you know about upcoming changes to Proxy. We will also email you updates about service operation if you have opted to subscribe to updates from our status page at https://status.proxy.com.
We will not send you email about any services other than the one you signed up for without your explicit consent.
When you contact Proxy, we keep a record of your communication to help solve any issues you might be facing. Providing feedback in the Proxy app sends logs of your device’s system activity and Proxy app crashes so that we can help troubleshoot. We also look at some other data to diagnose issues with the Proxy app including device model, hardware settings, etc.
When interacting with our support staff, we will seek your consent before accessing any personal data or corporate data that you did not provide to us in your support request.
In order to prevent security incidents in the Proxy app, and to investigate incidents after they have occurred, we retain IP address, activity in the Proxy app, and logins to the Proxy app.
We look at some of the collected data to make Proxy better, including IP address (which tells us in what geographic regions people are using Proxy), OS language, and OS type and version.
Proxy is free to install on your device and use, but administrators that manage Proxy readers and associated software pay a subscription. We collect payment details from those administrators to process payments.
If you use Proxy as an employee or member of an organization or domain, we share only the information relevant to your activities within that organization or domain with its administrators. We will never share any of your information that is not related to the organization in question (for example, your activity as part of other organizations you belong to which may also use Proxy).
We share credit card and other payment details provided by administrators with our payment processors in order to facilitate payments to Proxy.
In order to send you email related to Proxy, such as your verification email when you first sign up, we rely on email service providers to process and send these emails on our behalf. Our contracts with them state they will not share your email address and content with other third parties such as advertisers or marketing affiliates.
In addition to the processors above, we may disclose your information to other third parties to help us provide the Proxy services. Examples of such sharing include our web hosting services such as Amazon, our internal workflow tools like Dropbox and Salesforce, and our communications tools like Zendesk and Slack. When we disclose information to processors, we do so only after entering into a contract with the processor that describes the purpose of the sharing and requires the processor to both keep that information confidential and not use it for any purpose except performing the contract, helping to provide you the best Proxy service possible.
We may also disclose your information if we are required to do so by any court order, law, or legal process, including to respond to government or regulatory request. We will disclose no more than that portion of your information which we are legally obligated to disclose, and will use commercially reasonable efforts to obtain assurances from the applicable court or agency that your information will be afforded confidential treatment.
It is our intention to make you (the person) the owner of as much data related to your profile and transactions as possible as opposed to only the companies with readers that sense your signal. Each transaction that occurs in the physical world is generated through interaction of several parties, each contributing their own data towards the outcome and deserving to retain their part of the result.
To better illustrate who owns what data, here are some examples of the most common Proxy transactions.
Let’s take the example of Jenna, who is using Proxy to access the lobby and office of her employer Acme, Inc. Jenna has an access card for Acme, Inc. in her Proxy ID mobile app. Acme, Inc.’s access control system is connected to that of its landlord, Buildings, Inc. Who owns what data?
While the parties remain in a relationship (Jenna is still employed by Acme, Acme is still a tenant in the building), they have visibility of the full data associated with the transaction — Jenna and Acme both have a record of which office doors she unlocked, and Acme is able to detect Jenna’s Proxy signal while she is inside the building.
Once their relationship is terminated, each party keeps just their perspective of the transaction — Jenna still has a record that she unlocked a door at Acme, Inc., but no longer has access to identifying information about Acme’s office locations; respectively, Acme loses access to any updated information about Jenna other than what they provided themselves, and is no longer able to detect her Proxy signal inside the building.
Keeping with our example, let’s look at a situation where a company called Other Co. invites Jenna to use an access card for a meeting, and she rejects the card invitation. When she arrives for her meeting, she passes by a Proxy reader owned by Other Co.
Finally, let’s look at an example where Jenna walks past a reader owned by a company she has no relationship with whatsoever, Unrelated Co. In this case, no information is exchanged and there is nothing shared with Unrelated Co.
You can elect to not provide us with some data
You don’t have to upload a photo to your Proxy profile and you can decide not to enable location access to the Proxy app on your smartphone, although this will degrade your experience while using Proxy due to technical limitations of smartphones.
You have the right to see the data we store about you
You have the right to ask for information about our collection and use of your information. Once we receive and verify your request, within 45 days we will disclose to you:
You have the right to correct any inaccuracies in your personal data
You can update information in your Proxy profile, such as your name and photo, from within the Proxy app. To update other information about you, you can contact privacy@proxy.com. We will honor your request to update your information unless we are required to keep the existing information for legitimate contractual or legal purposes.
If you believe that your employer or another organisation has inaccurate information about you, you can contact that organization to update your information as the data controller. We will honor the controller’s request to update any information they control.
You have the right to have data about you deleted
You may request that we delete any information that we have collected from you and retained, subject to certain exceptions. These exceptions include completing the transaction or providing the service you requested, complying with legal obligations, or detecting and preventing security incidents or illegal or fraudulent activity.
We use physical, technological, and administrative measures to secure your data. For more information, visit our security page.
We store data in data centers in the United States and Ireland. Additionally, your data that is shared with third parties is stored in any location they have data centers.
When we make minor edits to this policy, we will make the changes on this webpage and describe the edits at the top of the page. For more extensive updates, we will send an email with details to the email address you have provided.