Privacy Policy
Last Updated: January, 2025
1. Introduction
At Authentic Labs, accessible at authenticlabs.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Authentic Labs and how we use it.
If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at info@authenticlabs.com
This privacy policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Website Name. This policy is not applicable to any information collected offline or via channels other than this very specific website that you are using.
2. Consent
Your use of Authentic Labs, LLC’s (“Authentic Labs“, “we” or “our“) website (the “Site”), application (the “Application”), or third party applications that link to this policy and use our authentication services (“Services”) indicates your acknowledgement of the practices described in this Privacy Policy. We may update it from time to time, and we will provide notice of these changes if we believe it is necessary. Unless we require your consent, you agree those updates by continuing the use the relevant application.
3. Types of data we collect
Depending on how you interact with us, we may collect and process information that relates to identified or identifiable individuals (“Personal Data“). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change).
4. How we use your information
We use the information we collect in various ways, including to:
Provide, operate, and maintain our website
Improve, personalize, and expand our website
Understand and analyze how you use our website
Develop new products, services, features, and functionality
Communicate with you, either directly or through one of our partners
Send you emails
Find and prevent fraud
For users of our Mobile Application, we use your camera to authenticate products. We do not collect your camera images, however; we process all camera data on the device.
If you choose to contact us for support in the Application, we may collect Personal Data about you that you provide.
5. Information we collect automatically
Authentic Labs follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable.
Brands, other visitors to our Site:
Interaction Data: We collect data about the way you interact with the Site, including IP address, time spent on pages, and other data.
Cookies and Similar Technologies: (collectively “Cookies“). Cookies are small pieces of information that a website stores on your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to improve our Site and Services.
Users of our Application or Services:
Authentication Data: In order to authenticate a product, we collect information like the operating system, browser, device type, date and time of scan, and product scanned. We assign each authentication a unique user ID (“UUID“).
Geolocation Data: We may collect location data down to city level through the Application, subject to applicable law regarding consent. We do not link this Geolocation Data with other information to create a user profile.
Anonymous Application Analytics: Anonymous application usage analytics. Users may opt out of collection of this information in settings
The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website.
6. How we use the collected information
Subject to your Rights and Choices below, we process your data in the following ways:
Account Data
How we use it - to provide Brands aggregate analytics on authentication.
Storage - Amazon Web Services, Inc. (“AWS“) as host of Site and Application. For more information on AWS’ privacy practices, see their Privacy Policy. All data is encrypted at rest.
Retention - As long as your Brand retains an account with Authentic Labs.
How we use it - to send newsletters, surveys, offers, and other promotional materials related to Authentic Labs, and for other direct marketing purposes.
Storage - with MailChimp. For more information on their privacy practices, please see MailChimp’s Privacy Policy.
Retention - as long as you choose to receive marketing. See Section 10 below for more information.
Contact Data
How we use it - to answer your query.
Storage - with vary based on query.
Retention - for as long as necessary to provide the service you request.
Camera Data
How we use it - within our app to process the image (read the code) locally on your device.
Storage - we do not share or store Camera Data.
Retention - never retained.
Support Data
How we use it - to support your query.
Storage - with vary based on query.
Retention - for as long as necessary to provide the requested support.
Interaction Data
How we use it - to generate aggregate analytics to improve our Site and Services.
Storage - Framer.com (for front-end website) and AWS as Sites and Application hosts.
Retention - indefinitely, though this data has been anonymized without a method to trace it back to a user.
Cookies
How we use it - to distinguish between unique Site visitors; improve our Site and Services; targeted or behavioral marketing.
Storage - Framer.com (for front-end website) and AWS as Site hosts. Third party cookie providers as detailed in Section 9.
Retention - will vary based on cookie. Please see Sections 5(a)(ii) and 8 for more information.
Authentication Data
How we use it - to provide an authentication dashboard to Brands. We may also create de-identified or aggregate data records from this Data by excluding or changing information that makes the information personally identifiable to you. We use this data for a variety of purposes, such as to analyze request and usage patterns so that we may enhance the content of our Site, Services, or Application.
Storage - Brands; AWS as services host; Amplitude as analytics partner. For more information about Amplitude’s privacy practices, see their Privacy Policy. We do not share individually-identifiable Interaction Data with Brands.
Retention - for as long as we deem necessary to provide the Services and authentication, but not longer than one year after a Brand ceases to have an Account.
Geolocation Data
How we use it - if a Brand chooses to collect this Data and you consent under applicable law, we use city-level Geolocation Data in the Services.
Storage - Brands; AWS; Amplitude.
Retention - for as long as necessary to provide the Services, but not longer than one year after a Brand ceases to have an Account.
7. Other transfers and disclosures of your personal data
International Data Transfers. We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data as the European Union does. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, through AWS, and pursuant to Model Clauses (as approved by the Article 29 Working Party) agreed upon between AWS and Authentic Labs. Please see the Amazon Web Services Privacy Shield FAQ for more information on how your data is transferred from overseas.
Legal Disclosures of Data
i) Business Transactions. If Authentic Labs is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
ii) Disclosure for Law Enforcement. Under certain circumstances, Authentic Labs may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
iii) Legal Requirements. Authentic Labs may disclose your Personal Data in the good faith belief that such action is necessary to:
To comply with a legal obligation;
To protect and defend the rights or property of Authentic Labs, LLC;
To prevent or investigate possible wrongdoing in connection with the Service;
To protect the personal safety of users of the Service or the public; or
To protect against legal liability.
8. Cookies and similar technologies
To make our Site and Services more useful to you, we may process usage and other data when you interact with cookies and similar technologies on our Site. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
We use generally use cookies, and similar technologies as follows:
for “essential” or “functional” purposes, such as to enable various features of the Site;
for social media integration e.g. via third-party social media cookies, when you share information using a social media sharing button on our Site or Application, or you engage with our content on or through a social networking website such as Facebook or Twitter; and
for analytics purposes, consistent with our legitimate interests in how our Site is used or performs, how users engage with and navigate through the Site, what sites users visit before visiting our Site, how often they visit our Site, whether an email was received or opened, and other similar information.
subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Site, or for targeting advertising to visitors to our Site.
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. Please note this does not necessarily opt you out of being delivered advertising. You may continue to receive generic ads. You must opt out of third-party services directly via the third party. You may view a list of other third-party service providers who collect information, and/or opt out of such collection of information about you, by visiting https://www.networkadvertising.org/choices/ or https://www.aboutads.info/choices. Please note, at this time, our Site does not respond to your browser’s do-not-track request.
9. Data processor list
AWS
Framer.com
MailChimp
Amplitude
What they do - analytics (no personal data)
Privacy Policy - Amplitude Analytics Privacy Policy
Geography - US.
Firebase
What they do - ML Kit for Firebase
Privacy Policy - Firebase Privacy Policy
Geography - Instance ID for ML Kit model download.
10. Your rights and choices
You may exercise the below Rights and Choices by emailing us at privacy@authenticlabs.com. Our mailing address is:
Authentic Labs, LLC
Attn: Privacy
PO Box 19046
Boulder, CO 80308
Your Rights. Subject to the rights granted to other individuals, and our rights under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.
Access. You may receive a list of your Personal Data that we process to the extent required and permitted by law.
Rectification. You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly to the Application or Service via your account settings menu.
Erasure. To the extent required by applicable law, you may request that we delete your Personal Data from our systems. You may request erasure of your Contact Data by emailing us at privacy@authenticlabs.com.
Data Export. To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Objection. Where we process data in accordance with our legitimate interests, you can object to that processing to the extent allowed by law. You can stop future collection of all data by the Application by uninstalling it.
Regulator Contact. You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
California Rights. Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding twelve months. This request must be emailed to us at the address above.
Your Choices. You may use our Site and Application without providing any Personal Data. You may opt out of or withdraw your consent to direct marketing communications. You may cease direct marketing from us in relation to any Service that collects your email by emailing privacy@authenticlabs.com, or by clicking the unsubscribe link in any promotional email we send you. If a third-party service collects your Personal Data, please see their privacy policy for more information on your choices.
11. Security
We use appropriate technical and organizational means to protect your Personal Data. For example, we use SSL to encrypt data in transit and we encrypt data at rest. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure and we do not warrant complete security of your Personal Data, the Site, Services, or the Application. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us is compromised), please immediately notify us of the problem.
12. General Data Protection Regulation (GDPR) information
Controller. Authentic Labs, LLC, a Colorado limited liability company, is the data controller for Personal Data collected through the Site and the Application. The legal bases of our processing as a Controller of your Personal Data are in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at privacy@authenticlabs.com.
PROCESSING PURPOSE USE:
Authentication
Analytics
Marketing
Support
Cookies and Similar Technologies
PROCESSING PURPOSE DISCLOSURE:
Service providers
Marketers
Corporate events
LEGAL BASIS
These processing activities are within our legitimate business interests, including without limitation:
Direct Marketing
Advertising
Improvement of the Site and Application for individual users
Determining the effectiveness of marketing campaigns
Securing our Services and network, investigating suspicious activity or violations of our Terms of Use or other policies; and protecting the safety of Personal Data, including preventing exploitation or other harms to which users may be particularly vulnerable.
We balance our interests with any potential impact on you when we process your Personal Data for our legitimate interests. You may object to this processing as permitted by applicable law.
PROCESSING PURPOSE DISCLOSURE
Legal Disclosures. Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.
PROCESSING PURPOSE USE
Consent
Cookies and similar technologies
If we rely on your consent, you have the right to withdraw it anytime in the manner indicated in that service, or by contacting us at privacy@authenticlabs.com.
Processor. When we provide authentication Services to third parties, we act as a Processor of any data collected, as “Processor” is defined by Article 28 of the GDPR. We only process that data pursuant to instructions contained in an agreement between us and the Controller of that data, which agreements will include a commitment from Authentic Labs to keep your data confidential. If necessary, we will assist Controllers in handling data subject access rights requests, security obligations, requests from supervisory authorities, and other GDPR obligations. We will only engage of sub-processors that meet the same GDPR obligations as we do.
Privacy Shield & Dispute Resolution. Through AWS as noted in Section 7 above, we comply with the principles of the Privacy Shield Framework. We adhere to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity, and purpose limitation, access, and recourse/enforcement/liability. If any Privacy Shield-related complaints cannot be resolved between an EU user and Authentic Labs, we will settle unresolved complaints using JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. If required by law, we will work with the appropriate panel of DPAs or individual DPA in the EU to resolve disputes. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. The services of JAMS are provided at no cost to you.
13. CCPA privacy policy (do not sell my personal information)
Under the CCPA, among other rights, California consumers have the right to:
Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business delete any personal data about the consumer that a business has collected.
Request that a business that sells a consumer's personal data, not sell the consumer's personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
14. Children's information
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
Website does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
15. Changes to this Privacy Policy
This Privacy Policy is subject to occasional revision. If we make any changes to this Privacy Policy, we will change the “Last Updated” date above.
