Information We Collect and How We Use It
OneID Account Information
You choose what information you wish to store in your OneID account. Your email address is the only information that is required to create an account, although we also request that you provide a display name for us to use in referring to your account. When you create and update your OneID account, you may upload additional account information to the OneID data repository, which may be maintained by OneID or another entity of your choice (the “Repository Manager”). This information may include: your address, date of birth, credit card information, driver’s license information, phone number and other personal information. All of the information stored in the OneID data repository, with the exception of your account name, email address and the device identification information necessary to enable push notifications, is stored in encrypted form. The encryption keys and passcodeneeded to decrypt the information in the OneID data repository are created and stored exclusively on your devices and are not accessible by OneID or the Repository Manager.
OneID may use your account information for the following purposes:
- To enable you to share your account information with third party websites and applications that are OneID-enabled.
- To inform you about account activity.
- To communicate with you for administrative purposes, such as sending security related notices, notifying you of major OneID Service changes, or for other customer service purposes.
- OneID may use your email address to contact you on occasion regarding OneID product announcements such as special promotions or new products and services. You can choose to opt-out of receiving these emails at any time by clicking the relevant link in one of these messages.
Registered Device Information
When you register a device with your OneID account we store encryption keys in local browser storage and/or in flash storage used by the OneID Remote app as a unique identifier. For mobile devices, we also collect information necessary to enable push notifications.
OneID may use your registered device information for the following purposes:
- To enable you to verify your identity to OneID-enabled websites and applications.
- To enable second factor authentication utilizing your mobile device.
Account Formation and Usage Information
When you create your OneID account, we record the website from which your account originated. When you use the OneID Services we record your account access and information about your device, including the IP address, browser and operating system type and version, and dates and times of your requests, and website accessed. We also record the total number of transactions, the use of the OneID functionality, and the total value of financial transactions by each OneID-enabled Website or application; however this information is not tied to your Personal Information. All other individually-identifiable information related to your interactions with OneID-enabled websites and applications is stored by the Repository Manager in encrypted format. The encryption keys and passcode needed to decrypt this information are created and stored exclusively on your devices and are not accessible by OneID or the Repository Manager.
Usage information is used for verification purposes, to measure how our users utilize the OneID Services, and to improve and enhance our offerings to you.
QuickFill Mapping Submissions
If you make manual changes to the OneID QuickFill mapping on a Website, we record your changes in order for us to present the revised mapping next time you visit that Website and to determine whether such changes should be generally incorporated into our automated QuickFill mapping.
Cookies and Clear Images
We may place “cookies” on your computer or device. Cookies are small data files that identify you when you use the OneID Services. These may be session cookies that disappear after you close your browser and/or persistent cookies that remain after you close your browser and are used by us during your subsequent visits to the site. You have the option to decline our cookies by using your browsers’ settings, but this may interfere with your use of our website and OneID Services.
Customer Support or Inquires
Additional information from or about you may also be collected in your direct correspondence with us via email, text, or letter, including your communications with our customer service teams. We will use this information to provide customer service and fulfill requests you make.
General Collection and Usage
In addition to the specific collection and usage policies described above, OneID may use your information as follows:
- To provide the features and functionality of the OneID Services.
- To enforce our agreements with you, as well as secure the best possible experience for all OneID members by ensuring compliance with applicable laws and our own policies.
- OneID and its trusted third party service providers may use aggregated or anonymous information for OneID’s internal purposes, including improving the OneID Services and analyzing user behavior, and to measure and report aggregate usage information to OneID-enabled website and application owners.
Sharing Your Personal Information
Any information that can be used to identify a person is “Personal Information”. OneID will not rent or sell your Personal Information to others. OneID will not share your Personal Information with third parties without your prior consent or direction except as set forth below.
In Connection With Using Your OneID Account
You are in control of what Personal Information you choose to share with OneID-enabled websites and applications. When you access your OneID account to interact with OneID-enabled websites or applications, you may elect to share all or some of your Personal Information stored in the OneID data repository.
To Our Third Party Service Providers
In Connection With a Business Transaction
As we develop our business, we may buy or sell assets or business offerings. Customer, transaction, email, and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer such information, including Personal Information contained therein, in the course of corporate divestitures, mergers, or dissolution.
Legal Compliance and Protection of OneID and Others
OneID may be required to disclose Personal Information by law, court order or subpoena or if we believe that such action is necessary to (a) conform to the law, comply with legal process served on us or our affiliates, or investigate, report, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our User and Website agreement, take precautions against liability, investigate and defend ourselves against any third-party claims or allegations, assist government enforcement agencies, or protect the security or integrity of our site; or (c) exercise or protect the rights, property, or personal safety of OneID, our Users or others.
Protecting Your Personal Information
As described above, with the exception of your name, email address and device identification information necessary to enable push notifications, all information stored in the OneID repository is encrypted and only you have the keys and passcode to decrypt your information. We have implemented additional safeguards and procedures in accordance with US state and federal law and regulations to maintain the physical and electronic security of our software, services and your Personal Information. Our measures include firewalls, data encryption, physical and electronic access controls, and strict rules regarding the access and use of data on our system. We also perform third-party penetration tests to harden our systems from attack. We cannot, however, ensure or warrant the security of any information that OneID receives on your behalf and you provide information to OneID at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
The security of your OneID account relies on the protection of your password, PIN, recovery code and the private encryption keys stored on your devices. You are solely responsible for maintaining the security of these items and for activities that occur under your OneID account due to their compromise.
Compromise of Personal Information
Your Choices About Your Information
You may, of course, decline to submit Personal Information through the OneID Services, in which case OneID may not be able to provide certain services to you. You may update or correct your account information at any time by logging in to your account. You can review and correct the information about you that OneID keeps on file by contacting us as described below.
Third Party Repositories
OneID-enabled Websites and Links to Other Web Sites
The OneID Services are hosted in the United States and are intended for United States visitors. If you are using the OneID Services from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal data to the United States and by providing your personal data you consent to that transfer.
Blogs and Forums
If you use the blog or forums on the site, you should be aware that any information you submit there can be read, collected, or used by other users of these blogs and forums, and that any contact information you include could be used to send you unsolicited messages. We are not responsible for the information you choose to submit to these blogs or forums. To request removal of your information from our blog or forum, contact us as specified below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to do so and why.
Protecting the privacy of young children is especially important. For that reason, OneID does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register with the OneID Services. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to provide any Personal Information to or on OneID. In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as described below.
It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our website, as determined by OneID in its sole discretion. We reserve the right to determine the form and means of providing notifications to you.
900 Island Drive
Redwood City, CA 94065