Privacy at Proxy
For most companies Privacy is a buzzword or a false promise — for us it’s everything. Proxy was created to ensure your right to control your privacy and personal data as technology enters the physical realm.
Privacy is a human right
We created Proxy to serve you. Full stop. Your data is your data. It’s owned by you and only you. Only you can consent to how it can be used and for what purposes, and if you change your mind you should be able to revoke access to your data from any party. These are not things we care about because of regulations. These are things we believe are fundamental to our humanity. No lengthy confusing privacy policy document should ever take that away.
Privacy principles
Here are the fundamental beliefs that drive our approach to data privacy.
01
We believe your privacy is a human right and is not something to be held at ransom.
02
We believe you own your personal data and digital self as much as your physical self, and you should hold absolute authority on how your data is shared and used.
03
We believe your personal data should be used to empower and positively serve you.
Privacy you can understand.
Nobody reads, let alone understands, privacy policies. They are designed by lawyers, for lawyers and are perfectly crafted to give companies the authority to take as much data and information from you as legally possible. That’s not right, and we’re putting our foot down.
Your data with Proxy, visualized
Proxy Privacy Policy
Proxy respects your privacy and is committed to protecting it. This privacy notice describes the types of information we collect and our practices for using, storing, protecting, and disclosing that information. It covers information that you provide to us when you use the Proxy app or manage Proxy readers, as well as information generated while using the Proxy mobile access service.
Types of data we collect
User info
Your name, email address, and photo are stored in your Proxy user profile.
Device info
Device model, OS type and version, OS language, hardware settings, network settings, MAC address, device identifier and device location (GPS).
Usage activity
App logins, interactions your device has with Proxy readers, door unlocks, and activity you perform within the Proxy app.
Device logs
We store logs of IP address, system activity, and crashes of the Proxy app.
Financial
Administrators provide their company credit card number and billing address.
When and how we collect data
Data you provide us
You provide Proxy with your name and email address, which are stored in your profile. Optionally, you may add your photo to your profile and enable device location access. If you are an administrator, you provide Proxy with your company credit card and billing address.
Data your employer provides us about you
Your employer can provide us your name, email address, and photo when setting up corporate access and ID cards. This data is owned by your employer, and is kept separate from your personal data.
Data we collect automatically
All other information classified as Device Info, Usage Activity, and Device Logs are collected automatically when you use Proxy on your device.
How and why we use your data
Service operation
There are some core pieces of information that we need to make Proxy work. That includes the data in your user profile like your email and whenever your device running the Proxy app interacts with a Proxy reader. In the background, the Proxy app also needs some data to operate properly on your device such as your network settings, hardware settings, etc.
Mobile app operation
The Proxy app accesses your phone’s GPS location in order to “wake up” the Proxy app in the background whenever you’re near a Proxy reader. We don’t store or transmit your GPS location off your device. However, our logs of device interactions with Proxy readers could be used to infer your location if the location of the Proxy reader is known to us.
Contacting you about the Proxy services
We may use your email address to inform you about the service you signed up for, such as letting you know about upcoming changes to Proxy. We will also email you updates about service operation if you have opted to subscribe to updates from our status page at https://status.proxy.com.
We will not send you email about any services other than the one you signed up for without your explicit consent.
Troubleshooting
When you contact Proxy, we keep a record of your communication to help solve any issues you might be facing. Providing feedback in the Proxy app sends logs of your device’s system activity and Proxy app crashes so that we can help troubleshoot. We also look at some other data to diagnose issues with the Proxy app including device model, hardware settings, etc.
When interacting with our support staff, we will seek your consent before accessing any personal data or corporate data that you did not provide to us in your support request.
Security auditing
In order to prevent security incidents in the Proxy app, and to investigate incidents after they have occurred, we retain IP address, activity in the Proxy app, and logins to the Proxy app.
Product improvement
We look at some of the collected data to make Proxy better, including IP address (which tells us in what geographic regions people are using Proxy), OS language, and OS type and version.
Payment processing
Proxy is free to install on your device and use, but administrators that manage Proxy readers and associated software pay a subscription. We collect payment details from those administrators to process payments.
Whom we share your data with
Your employer or other organization you belong to
If you use Proxy as an employee or member of an organization or domain, we share only the information relevant to your activities within that organization or domain with its administrators. We will never share any of your information that is not related to the organization in question (for example, your activity as part of other organizations you belong to which may also use Proxy).
Payment processors
We share credit card and other payment details provided by administrators with our payment processors in order to facilitate payments to Proxy.
Email processors
In order to send you email related to Proxy, such as your verification email when you first sign up, we rely on email service providers to process and send these emails on our behalf. Our contracts with them state they will not share your email address and content with other third parties such as advertisers or marketing affiliates.
Third-party processors
In addition to the processors above, we may disclose your information to other third parties to help us provide the Proxy services. Examples of such sharing include our web hosting services such as Amazon, our internal workflow tools like Dropbox and Salesforce, and our communications tools like Zendesk and Slack. When we disclose information to processors, we do so only after entering into a contract with the processor that describes the purpose of the sharing and requires the processor to both keep that information confidential and not use it for any purpose except performing the contract, helping to provide you the best Proxy service possible.
Law enforcement
We may also disclose your information if we are required to do so by any court order, law, or legal process, including to respond to government or regulatory request. We will disclose no more than that portion of your information which we are legally obligated to disclose, and will use commercially reasonable efforts to obtain assurances from the applicable court or agency that your information will be afforded confidential treatment.
Who owns what data
It is our intention to make you (the person) the owner of as much data related to your profile and transactions as possible as opposed to only the companies with readers that sense your signal. Each transaction that occurs in the physical world is generated through interaction of several parties, each contributing their own data towards the outcome and deserving to retain their part of the result.
To better illustrate who owns what data, here are some examples of the most common Proxy transactions.
Person interacts with a Proxy reader, after having accepted an invitation
Let’s take the example of Jenna, who is using Proxy to access the lobby and office of her employer Acme, Inc. Jenna has an access card for Acme, Inc. in her Proxy ID mobile app. Acme, Inc.’s access control system is connected to that of its landlord, Buildings, Inc. Who owns what data?
1. Jenna is invited to use Proxy by her employer, Acme
- Jenna: —
- Acme: Jenna’s work email address, name from the corporate HR system (optional), photo from the corporate HR system (optional), and keycard number
- Landlord: —
- Proxy: Metadata of the transaction (may include IP address, timestamp, device operating system, Proxy app version)
2. Jenna creates a Proxy account and links her work email address
- Jenna: Jenna’s name of choice (e.g. Jen), photo from her gallery (optional)
- Acme: —
- Landlord: —
- Proxy: Metadata of the transaction (may include IP address, timestamp, device operating system, Proxy app version)
3. Jenna accepts the invitation to add an Acme access card to her Proxy app
- Jenna: "Jenna accepted a card from Acme, Inc."
- Acme: "Jenna accepted a card from Acme, Inc."
- Landlord: —
- Proxy: Auditable record of Jenna’s consent, and metadata of the transaction
4. Jenna walks through a turnstile in the lobby of the building
- Jenna: "Jenna activated a turnstile and was granted access by Acme, Inc."
- Acme: "Jenna with this keycard number activated a turnstile."
- Landlord: "Employee of Acme, Inc. activated Turnstile A at 555 7th Ave."
- Proxy: "User ID number interacted with sensor ID number."
5. Jenna unlocks an office door on her floor
- Jenna: "Jenna unlocked a door and was granted access by Acme, Inc."
- Acme: "Jenna unlocked Office Door 103."
- Landlord: —
- Proxy: "User ID number interacted with sensor ID number."
While the parties remain in a relationship (Jenna is still employed by Acme, Acme is still a tenant in the building), they have visibility of the full data associated with the transaction — Jenna and Acme both have a record of which office doors she unlocked, and Acme is able to detect Jenna’s Proxy signal while she is inside the building.
Once their relationship is terminated, each party keeps just their perspective of the transaction — Jenna still has a record that she unlocked a door at Acme, Inc., but no longer has access to identifying information about Acme’s office locations; respectively, Acme loses access to any updated information about Jenna other than what they provided themselves, and is no longer able to detect her Proxy signal inside the building.
Person passively detected by a Proxy reader (invited, but not accepted)
Keeping with our example, let’s look at a situation where a company called Other Co. invites Jenna to use an access card for a meeting, and she rejects the card invitation. When she arrives for her meeting, she passes by a Proxy reader owned by Other Co.
1. Jenna ignores or rejects invitation from Other Co.
- Jenna: "Jenna rejected a card from Other Co."
- Acme: —
- Other Co: "Jenna rejected a card from Other Co."
- Proxy: Auditable record of Jenna’s rejection, and metadata of the transaction
2. Jenna walks past a Proxy reader owned by Other Co.
- Jenna: —
- Acme: —
- Other Co: —
- Proxy: "User ID number detected by sensor ID number."
Person passively detected by a Proxy reader (never invited)
Finally, let’s look at an example where Jenna walks past a reader owned by a company she has no relationship with whatsoever, Unrelated Co. In this case, no information is exchanged and there is nothing shared with Unrelated Co.
1. Jenna walks past a Proxy reader owned by Unrelated Co.
- Jenna: —
- Acme: —
- Unrelated Co: —
- Proxy: "User ID number detected by sensor ID number."
Your privacy options and rights
Your options
You can elect to not provide us with some data
You don’t have to upload a photo to your Proxy profile and you can decide not to enable location access to the Proxy app on your smartphone, although this will degrade your experience while using Proxy due to technical limitations of smartphones.
Your rights
You have the right to see the data we store about you
You have the right to ask for information about our collection and use of your information. Once we receive and verify your request, within 45 days we will disclose to you:
- The categories of personal information we have collected about you
- The sources of that information
- Our purpose for collecting that information
- The categories of third parties with whom we share that information
- The specific pieces of personal information we collected about you
You have the right to correct any inaccuracies in your personal data
You can update information in your Proxy profile, such as your name and photo, from within the Proxy app. To update other information about you, you can contact privacy@proxy.com. We will honor your request to update your information unless we are required to keep the existing information for legitimate contractual or legal purposes.
If you believe that your employer or another organisation has inaccurate information about you, you can contact that organization to update your information as the data controller. We will honor the controller’s request to update any information they control.
You have the right to have data about you deleted
You may request that we delete any information that we have collected from you and retained, subject to certain exceptions. These exceptions include completing the transaction or providing the service you requested, complying with legal obligations, or detecting and preventing security incidents or illegal or fraudulent activity.
How we secure data
We use physical, technological, and administrative measures to secure your data. For more information, visit our security page.
Where we store data
We store data in data centers in the United States and Ireland. Additionally, your data that is shared with third parties is stored in any location they have data centers.
Updates to this policy
When we make minor edits to this policy, we will make the changes on this webpage and describe the edits at the top of the page. For more extensive updates, we will send an email with details to the email address you have provided.