Product Privacy Policy

The data we collect
Through TrustBuilder solutions

Cover both the platform usage and the Authenticator app usage

TrustBuilder provides organizations such as corporations, banks and e-health platform hosts. To understand how these organizations manage your data, you should refer to their privacy policies.
If one of our customers (an organization) provides you with a means of TrustBuilder solution, we will have a record in our systems that may contain data such as your username with that organization, your first and last name, and your email address. The actual data we have depends on how this organization uses our solution, as we do not need any of this data to operate our service.

When you use our platform/ application, you are sometimes given the opportunity to name your trusted profiles or equipment, for the sole purpose of recognizing and distinguishing them. Unlike authentication data, which we protect with the highest security measures, these names are not considered sensitive information in our systems and do not benefit from the additional security measures taken for sensitive data. It is therefore your responsibility to ensure that the names you use are not sensitive data whose loss or accidental disclosure to an unauthorized third party could cause you harm. Simply put, never use sensitive information such as a social security number, tax ID, driver’s license number, payment card number, or password to name your trusted profiles and equipment. Instead, use nicknames such as “John’s Work”, “Julie’s House”, “Mary’s Personal”, etc.
We make a commitment to our customers that we will not access or modify their user information. We do not process it or share it with third parties. We have a strict internal policy in place not to access user data without a specific request from the organization that created the data and for the sole purpose of analyzing or resolving an issue impacting the service provided to that organization.

We record information about how the solutions are used to access our customers’ platforms/ applications. We therefore store in our systems data such as the day and time of the access attempt, sometimes the IP address, the authentication method used and the result of the authentication. We do not process or share this information with anyone except the organization that uses our solution to authenticate its users.

Since the data on our systems is primarily created by our customers using their own repository of user identifiers (such as usernames or anonymous aliases), we generally cannot know whether we have any data about you, as a user of our customers’ services. All requests for access, correction or deletion of personal data, as well as any questions or complaints about the use of such data, should be addressed exclusively to the organization that created an authentication profile for you in our systems. If you have made such a request to delete your profile from our systems, but you are not sure if the organization has executed it, you can go to this web page and enter your email address (the one you use with this organization) in the “already a user” section. If this address still exists in our systems, you will receive an automatically generated message listing the organizations that still hold data about you in our systems.

We do not track your navigation
TrustBuilder solutions

There is no tracking of your navigation implemented in our solutions.

What data is sent outside the EU?

Currently, TrustBuilder does not transfer any data collected within the EU to locations outside the EU.

We also rely on third-party suppliers and partners with which we may share your Personal data for the purposes indicated above, Whenever we rely on such third parties, we make sure that they provide an adequate level of protection of the Personal data they process on our behalf. When such third parties are located outside of the European Union, we apply the European Union Model Clauses (SCC) as adopted by the European Commission into our agreements.
We also may share your Personal data with third parties for marketing purposes, only with your explicit consent.

Government requests

Notwithstanding anything to the contrary in this policy, we may disclose personal data if we believe it is reasonably necessary to comply with a law, regulation or legal request or to protect the safety, property or rights of the Group or others. However, nothing in this policy is intended to limit any defences or objections you may have to a request from a third party or government to disclose your information.

Data retention

Given the retention requirements of certain regulatory bodies and organizations creating user profiles in our systems, we have a policy of deleting data after a period of no more than 6 (six) months following the creation of usage data in our systems. As an exception to this principle, the retention period will be extended if we have a contractual obligation to an organization to archive usage data of its users and in any case never beyond 3 years after collecting.

Change of control

If the Group is involved in a bankruptcy, merger, acquisition, reorganization or asset sale, your information may be sold or transferred as part of that transaction. The promises in this policy will apply to your information transferred to the new entity, including your right to remove your information entirely from our databases.

Changes and contact information

From time to time, we need to make changes to our privacy policy to accommodate new features or for other reasons. When such changes occur, you can track them on our application / solution and view the new privacy policy on our application/ solution. By continuing to use our solution, you consent to the updated policy. If you have any questions about our policy, please send them to [email protected], and we will do our best to respond promptly.