Privacy at Proxy

Profile information

You provide your name and photo when you activate Proxy on a new phone. You may optionally add other information to your profile, such as email addresses that link to your existing memberships and organization affiliations. Your name, photo, and email addresses are stored on our servers as part of your profile. You have the ability to delete this data by requesting deletion of your Proxy account.

ID information

Proxy provides services that allow you to digitize your physical ID cards and store them locally on your phone. To provide this service to you, Proxy uses third-party services that verify the validity of your ID card and match your face with the card photo. Your ID card information, card photo, and verification status are stored locally on your phone, and never stored on Proxy servers. The selfie taken during the ID verification process is stored on Proxy servers at a randomized URL known only to the local app on your phone. You have the ability to delete locally stored data at will by deactivating the Proxy app on your phone. Any link between your account and the selfie you previously verified is also removed at that time.

Health information

Proxy provides services that allow you to import your health test results and digitize your existing paper health documents. Your health test results and health documents are stored locally on your phone, and never stored on Proxy servers. If you have agreed to share your health status with another organisation, we will store only the overall status of the documents you provide, but never the documents themselves or any contained information, on Proxy servers. You have the ability to delete locally stored data at will by deactivating the Proxy app on your phone.

Proxy also allows you to complete a health survey. Survey answers you provide are never recorded or stored anywhere. If you have agreed to share your health status with another organisation, we will store only the overall pass or fail status of the survey, with the failure reason, on Proxy servers.

Usage information

App logins, interactions your phone has with Proxy devices, door unlocks, check-ins, and activity you perform within the Proxy app.

Phone information

Phone model, OS type, OS version, OS language, hardware settings, network settings, MAC address, device identifier and additional technical non-personal information as necessary for Proxy to operate our apps and services.

Diagnostic logs

Application logs including IP addresses, network requests made by the application, and crashes of the Proxy mobile app.

Financial information

Organisation administrators provide their company credit card number and billing address.

Information you provide

Profile information you provide is stored on Proxy servers. Your phone will transmit just your name and photo, for presentation purposes, to a check-in kiosk whenever you actively choose to check in at a supported location.

If you have agreed to share your verified ID status with another organisation, we will store only the verification status of your documents and the selfie you took during the verification process, but never the documents themselves or any contained information, on Proxy servers. We will provide this verification information to the requesting organisation.

If you have agreed to share your health status with another organisation, we will store only the overall pass or fail status of your health survey, the failure reason, and the status of your provided health documents, but never the documents themselves or any contained information, on Proxy servers. We will provide this status information to the requesting organisation.

Your phone will also anonymously transmit just the overall pass or fail status of your health survey, and the status of your documents but not the documents themselves, to a check-in kiosk when you choose to check in at supported locations.

If you are an administrator, business or paying user, the credit card and billing address information you provide is used for the purposes of processing payment.

Information organizations provide about you

Organizations that use the Proxy service may provide to us your name, email address, and photo when granting you access to buildings, check-in locations and issuing mobile ID cards. This data is owned by the organization and subject to the organisation’s privacy and data use policies, and is kept separate from your personal data.

Data provided automatically

All other information classified as Usage information, Phone information, and Diagnostic logs, is derived automatically when you use Proxy on your phone. Proxy limits this information, and the duration for which it is retained, to the minimum necessary to operate our services.

Service operation

There are some core pieces of information that we need to make Proxy work. That includes the information in your user profile like your email address, and interactions whenever your phone running the Proxy app interacts with another Proxy device. In the background, the Proxy app also needs some data to operate properly on your phone such as your phone model and network settings. When interacting with other Proxy devices you have the option to share the status of your locally stored ID or health documents, name, photo, and date of birth.

Mobile app operation

The Proxy app accesses your phone’s GPS location services in order to “wake up” the Proxy app whenever you arrive at a place that you frequent (such as your office). We never store or transmit your GPS location. However, our logs of device interactions with Proxy devices could be used to infer your location if the location of the other Proxy device is known.

Contacting you about the Proxy services

We may use your email address to inform you about the service you signed up for, such as letting you know about upcoming changes to Proxy. We will also email you updates about service operation if you have opted to subscribe to updates from our status page at https://status.proxy.com.

We will not send you email about any services other than the one you signed up for without your explicit consent.

Troubleshooting

When you contact Proxy, we keep a record of your communication to help solve any issues you might be facing. Providing feedback in the Proxy app sends logs of your phone’s system activity and Proxy app crashes so that we can help troubleshoot. We also look at some other data to diagnose issues with the Proxy app including phone model, hardware settings, etc.

When interacting with our support staff, we will seek your consent before accessing any personal data or corporate data that you did not provide to us in your support request.

Security auditing

In order to prevent security incidents in the Proxy app and dashboard, and to investigate incidents after they have occurred, we retain IP addresses, activity in the Proxy app and dashboard, and login attempts.

Product improvement

We analyze and process some data to make Proxy products and services better, including IP addresses (which tells us in what geographic regions people are using Proxy), OS language, and OS type and version.

Payment processing

Proxy is free to install and use on your phone, but administrators that manage Proxy devices and associated software pay a subscription. We store payment details from those administrators for the sole purpose of processing payments.

We never sell or rent your personal information. In addition, we do not share or otherwise disclose such information except as described in this Privacy Policy.

Your employer or organizations you belong to

If you use Proxy as an employee or member of an organization, we share only the information relevant to your activities within that organization with its administrators. We never share any of your information that is not directly related to the organization in question (for example, your activity as part of other organizations which may also use Proxy services).

Payment processors

We share credit card and other payment details provided by administrators with our payment processors in order to facilitate payments to Proxy.

Email processors

In order to send you email related to Proxy, such as your verification email when you first sign up, we rely on email service providers to process and send these emails on our behalf. Our contracts with them prohibit sharing your email address and content with other third parties such as advertisers or marketing affiliates, or using it for any other purpose.

ID verification processors

Other third party processors

In addition to the processors above, we may disclose your information to other third parties to help us provide the Proxy services. Examples of such sharing include our web hosting services such as Amazon Web Services, our internal workflow tools like Dropbox and Salesforce, and our communications tools like Zendesk and Slack. When we disclose information to processors, we do so only after entering into a contract with the processor that describes the purpose of the sharing and requires the processor to both keep that information confidential and not use it for any purpose except performing the contract, helping to provide you the best Proxy service possible.

Law enforcement

We may also disclose your information if we are required to do so by a court order, law, or legal process, including to respond to government or regulatory requests. We will disclose no more than that portion of your information which we are legally obligated to disclose, and will use commercially reasonable efforts to obtain assurances from the applicable court or agency that your information will be treated with confidentiality.

It is our intention to make you (the person) the owner of as much information related to your profile and transactions as possible, as opposed to only the companies with devices that sense your signal. Each transaction that occurs in the physical world is generated through interaction of several parties, each contributing their own data towards the outcome and deserving to retain their part of the result.

To better illustrate who owns what information, here are some examples of the most common Proxy transactions.

Your options

You can elect to not provide some information

You don’t have to upload a photo to your Proxy profile and you can decide not to enable location services to the Proxy app on your phone.

While location services are optional, enabling it is only needed for the purposes of improving the user experience by not having to launch the app every time you interact with a device or check-in. Location information is never stored or shared, and only used to wake-up the app when you are in proximity to a Proxy device.

Your rights

You have the right to see the information we store about you

You have the right to ask for information we have about you, and how we use that information. Once we receive and verify your request, within 45 days we will disclose to you:

• The categories of personal information we have about you
• The sources of that information
• Our purpose for that information
• The categories of third parties with whom we share that information
• The specific pieces of your personal information

You have the right to correct any inaccuracies in your personal information

You can update information in your Proxy profile, such as your name and photo, from within the Proxy app. To update other information about you, you can contact privacy@proxy.com. We will honor your request to update your information unless we are required to keep the existing information for legitimate contractual or legal purposes.

If you believe that your employer or another organisation has inaccurate information about you, you can contact that organization to update your information as the data controller. We will honor the controller’s request to update any information they control.

You have the right to have information about you deleted

You may request that we delete any information that we have received from you and retained, subject to certain exceptions. These exceptions include completing the transaction or providing the service you requested, complying with legal obligations, or detecting and preventing security incidents or illegal or fraudulent activity.

We use physical, technological, and administrative measures to secure your data. For more information, visit our security page.

We store data in data centers in the United States and Ireland. Additionally, your information that is shared with third parties is stored in any location they have data centers. Data transmitted between Proxy and third parties, or between our servers and applications, may be cached temporarily during transit or locally on receiving devices only for the purpose of improving performance and reliability of the service.

When we make minor edits to this policy, we will make the changes on this webpage and describe the edits at the top of the page. For more extensive updates, we will send an email with details to the email address you have provided.