For most companies Privacy is a buzzword or a false promise — for us it’s everything. Proxy was created to ensure your right to control your privacy and personal data as technology enters the physical realm.
Here are the fundamental beliefs that drive our approach to data privacy.
We believe your privacy is a human right and is not something to be held at ransom.
We believe you own your personal data and digital self as much as your physical self, and you should hold absolute authority on how your data is shared and used.
We believe your personal data should be used to empower and positively serve you.
Nobody reads, let alone understands, privacy policies. They are designed by lawyers, for lawyers and are perfectly crafted to give companies the authority to take as much data and information from you as legally possible. That’s not right, and we’re putting our foot down.
Proxy respects your privacy and is committed to protecting it. This privacy notice describes the types of information you may be asked to provide when using Proxy services, and our practices for using, storing, protecting, and disclosing that information.
You provide your name and photo when you activate Proxy on a new phone. You may optionally add other information to your profile, such as email addresses that link to your existing memberships and organization affiliations. Your name, photo, and email addresses are stored on our servers as part of your profile. You have the ability to delete this data by requesting deletion of your Proxy account.
Proxy provides services that allow you to digitize your physical ID cards and store them locally on your phone. To provide this service to you, Proxy uses third-party services that verify the validity of your ID card and match your face with the card photo. Your ID card information, card photo, and verification status are stored locally on your phone, and never stored on Proxy servers. The selfie taken during the ID verification process is stored on Proxy servers at a randomized URL known only to the local app on your phone. You have the ability to delete locally stored data at will by deactivating the Proxy app on your phone. Any link between your account and the selfie you previously verified is also removed at that time.
Proxy provides services that allow you to import your health test results and digitize your existing paper health documents. Your health test results and health documents are stored locally on your phone, and never stored on Proxy servers. If you have agreed to share your health status with another organisation, we will store only the overall status of the documents you provide, but never the documents themselves or any contained information, on Proxy servers. You have the ability to delete locally stored data at will by deactivating the Proxy app on your phone.
Proxy also allows you to complete a health survey. Survey answers you provide are never recorded or stored anywhere. If you have agreed to share your health status with another organisation, we will store only the overall pass or fail status of the survey, with the failure reason, on Proxy servers.
App logins, interactions your phone has with Proxy devices, door unlocks, check-ins, and activity you perform within the Proxy app.
Phone model, OS type, OS version, OS language, hardware settings, network settings, MAC address, device identifier and additional technical non-personal information as necessary for Proxy to operate our apps and services.
Application logs including IP addresses, network requests made by the application, and crashes of the Proxy mobile app.
Organisation administrators provide their company credit card number and billing address.
Profile information you provide is stored on Proxy servers. Your phone will transmit just your name and photo, for presentation purposes, to a check-in kiosk whenever you actively choose to check in at a supported location.
If you have agreed to share your verified ID status with another organisation, we will store only the verification status of your documents and the selfie you took during the verification process, but never the documents themselves or any contained information, on Proxy servers. We will provide this verification information to the requesting organisation.
If you have agreed to share your health status with another organisation, we will store only the overall pass or fail status of your health survey, the failure reason, and the status of your provided health documents, but never the documents themselves or any contained information, on Proxy servers. We will provide this status information to the requesting organisation.
Your phone will also anonymously transmit just the overall pass or fail status of your health survey, and the status of your documents but not the documents themselves, to a check-in kiosk when you choose to check in at supported locations.
If you are an administrator, business or paying user, the credit card and billing address information you provide is used for the purposes of processing payment.
Organizations that use the Proxy service may provide to us your name, email address, and photo when granting you access to buildings, check-in locations and issuing mobile ID cards. This data is owned by the organization and subject to the organisation’s privacy and data use policies, and is kept separate from your personal data.
All other information classified as Usage information, Phone information, and Diagnostic logs, is derived automatically when you use Proxy on your phone. Proxy limits this information, and the duration for which it is retained, to the minimum necessary to operate our services.
There are some core pieces of information that we need to make Proxy work. That includes the information in your user profile like your email address, and interactions whenever your phone running the Proxy app interacts with another Proxy device. In the background, the Proxy app also needs some data to operate properly on your phone such as your phone model and network settings. When interacting with other Proxy devices you have the option to share the status of your locally stored ID or health documents, name, photo, and date of birth.
The Proxy app accesses your phone’s GPS location services in order to “wake up” the Proxy app whenever you arrive at a place that you frequent (such as your office). We never store or transmit your GPS location. However, our logs of device interactions with Proxy devices could be used to infer your location if the location of the other Proxy device is known.
We may use your email address to inform you about the service you signed up for, such as letting you know about upcoming changes to Proxy. We will also email you updates about service operation if you have opted to subscribe to updates from our status page at https://status.proxy.com.
We will not send you email about any services other than the one you signed up for without your explicit consent.
When you contact Proxy, we keep a record of your communication to help solve any issues you might be facing. Providing feedback in the Proxy app sends logs of your phone’s system activity and Proxy app crashes so that we can help troubleshoot. We also look at some other data to diagnose issues with the Proxy app including phone model, hardware settings, etc.
When interacting with our support staff, we will seek your consent before accessing any personal data or corporate data that you did not provide to us in your support request.
In order to prevent security incidents in the Proxy app and dashboard, and to investigate incidents after they have occurred, we retain IP addresses, activity in the Proxy app and dashboard, and login attempts.
We analyze and process some data to make Proxy products and services better, including IP addresses (which tells us in what geographic regions people are using Proxy), OS language, and OS type and version.
Proxy is free to install and use on your phone, but administrators that manage Proxy devices and associated software pay a subscription. We store payment details from those administrators for the sole purpose of processing payments.
If you use Proxy as an employee or member of an organization, we share only the information relevant to your activities within that organization with its administrators. We never share any of your information that is not directly related to the organization in question (for example, your activity as part of other organizations which may also use Proxy services).
We share credit card and other payment details provided by administrators with our payment processors in order to facilitate payments to Proxy.
In order to send you email related to Proxy, such as your verification email when you first sign up, we rely on email service providers to process and send these emails on our behalf. Our contracts with them prohibit sharing your email address and content with other third parties such as advertisers or marketing affiliates, or using it for any other purpose.
In order to verify the validity of ID cards you digitize, we rely on service providers to process and verify scans of your ID documents. Our contracts with them prohibit sharing your information with other third parties such as advertisers or marketing affiliates, or using it for any other purpose.
Proxy uses the following providers to verify your ID documents:
In addition to the processors above, we may disclose your information to other third parties to help us provide the Proxy services. Examples of such sharing include our web hosting services such as Amazon Web Services, our internal workflow tools like Dropbox and Salesforce, and our communications tools like Zendesk and Slack. When we disclose information to processors, we do so only after entering into a contract with the processor that describes the purpose of the sharing and requires the processor to both keep that information confidential and not use it for any purpose except performing the contract, helping to provide you the best Proxy service possible.
We may also disclose your information if we are required to do so by a court order, law, or legal process, including to respond to government or regulatory requests. We will disclose no more than that portion of your information which we are legally obligated to disclose, and will use commercially reasonable efforts to obtain assurances from the applicable court or agency that your information will be treated with confidentiality.
It is our intention to make you (the person) the owner of as much information related to your profile and transactions as possible, as opposed to only the companies with devices that sense your signal. Each transaction that occurs in the physical world is generated through interaction of several parties, each contributing their own data towards the outcome and deserving to retain their part of the result.
To better illustrate who owns what information, here are some examples of the most common Proxy transactions.
Let’s take the example of Jenna, who is using Proxy to check in and access the lobby and office of her employer Acme, Inc. Jenna has an access pass for Acme, Inc. in her Proxy mobile app. Acme, Inc.’s access control system is connected to that of its landlord, Buildings, Inc. Who owns what data?
While the parties remain in a relationship (Jenna is still employed by Acme, Acme is still a tenant in the building), they have visibility of the full data associated with the transaction — Jenna and Acme both have a record of which office doors she unlocked, or which locations she checked in at, and Acme is able to detect Jenna’s Proxy signal while she is inside the building.
Once their relationship is terminated, each party keeps just their perspective of the transaction — Jenna still has a record that she unlocked a door and/or checked in at Acme, Inc., but no longer has access to identifying information about Acme’s office locations. Respectively, Acme loses access to any updated information about Jenna other than what Acme provided themselves, and is no longer able to detect her Proxy signal inside the building.
Keeping with our example, let’s look at a situation where a company called Irrelevant Co. invites Jenna to use a mobile access pass for a meeting, and she rejects the pass invitation. When she arrives for her meeting, she walks by a Proxy device owned by Irrelevant Co.
Let’s look at a scenario where Jenna walks past a Proxy device owned by a company she has no existing relationship with, Other Co. In this scenario we also consider an example where Jenna actively chooses to check in at a Proxy device owned by Other Co. by bumping her phone.
Finally, let’s look at an example where Jenna wants to share certain personal information with her peer Joe, another Proxy user.
You can elect to not provide some information
You don’t have to upload a photo to your Proxy profile and you can decide not to enable location services to the Proxy app on your phone.
While location services are optional, enabling it is only needed for the purposes of improving the user experience by not having to launch the app every time you interact with a device or check-in. Location information is never stored or shared, and only used to wake-up the app when you are in proximity to a Proxy device.
You have the right to see the information we store about you
You have the right to ask for information we have about you, and how we use that information. Once we receive and verify your request, within 45 days we will disclose to you:
You have the right to correct any inaccuracies in your personal information
You can update information in your Proxy profile, such as your name and photo, from within the Proxy app. To update other information about you, you can contact firstname.lastname@example.org. We will honor your request to update your information unless we are required to keep the existing information for legitimate contractual or legal purposes.
If you believe that your employer or another organisation has inaccurate information about you, you can contact that organization to update your information as the data controller. We will honor the controller’s request to update any information they control.
You have the right to have information about you deleted
You may request that we delete any information that we have received from you and retained, subject to certain exceptions. These exceptions include completing the transaction or providing the service you requested, complying with legal obligations, or detecting and preventing security incidents or illegal or fraudulent activity.
We use physical, technological, and administrative measures to secure your data. For more information, visit our security page.
We store data in data centers in the United States and Ireland. Additionally, your information that is shared with third parties is stored in any location they have data centers. Data transmitted between Proxy and third parties, or between our servers and applications, may be cached temporarily during transit or locally on receiving devices only for the purpose of improving performance and reliability of the service.
When we make minor edits to this policy, we will make the changes on this webpage and describe the edits at the top of the page. For more extensive updates, we will send an email with details to the email address you have provided.