Privacy Policy

Last Updated: June 16, 2020

We believe in creating ethical technology as a means to drive peace of mind whilst preserving your privacy. That’s why we only collect the bare minimum of personal information about you and all metrics are anonymized. See below for details.

1)   Acknowledgement

Your use of Authentic Labs, LLC’s ("Authentic Labs", "we" or "our") website (the “Site”), application (the “Application”), or third party applications that link to this policy and use our authentication services (“Services”) indicates your acknowledgement of the practices described in this Privacy Policy. We may update it from time to time, and we will provide notice of these changes if we believe it is necessary. Unless we require your consent, you agree those updates by continuing the use the relevant application.

2)   Children

Though Authentic Labs may authenticate products such as toys or consumer products, our Site, Services, and Application are all targeted towards adults. If you are under the age of 16 or a child under applicable law (a "Child"), please do not provide us any Personal Data (defined below). We do not target Children with our Site, Application, or Services, nor do we knowingly collect Personal Data from Children. If you or your Child accidentally provide us with a Child’s Personal Data, please contact us at privacy@authenticlabs.com.

3)   Types of Data We Collect

Depending on how you interact with us, we may collect and process information that relates to identified or identifiable individuals ("Personal Data"). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change).

4)   Information You Provide to Us

  1. Brands with accounts on our Site ("Brands"):
    • Account Data: Data you provide on behalf of your company to see our analytics, such as name, email address, and phone number.
  2. Other visitors to our Site:
    • Email: You may choose to receive marketing and news from Authentic Labs by providing us your email address. We do not require this for you to use our service.
    • Contact Data: You may choose to contact us through our Site. We will collect name, email, and whatever else you include in your message.
  3. Users of our Application:
    • Camera Data: We use your camera to authenticate products. We do not collect your camera images, however; we process all camera data on the device.
    • Support Data: If you choose to contact us for support in the Application, we may collect Personal Data about you that you provide.

5)   Information We Collect Automatically

  1. Brands, other visitors to our Site:
    • Interaction Data: We collect data about the way you interact with the Site, including IP address, time spent on pages, and other data.
    • Cookies and Similar Technologies: (collectively "Cookies"). Cookies are small pieces of information that a website stores on your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to improve our Site and Services.
  2. Users of our Application or Services:
    • Authentication Data: In order to authenticate a product, we collect information like the operating system, browser, device type, date and time of scan, and product scanned. We assign each authentication a unique user ID ("UUID").
    • Geolocation Data: We may collect location data down to city level through the Application, subject to applicable law regarding consent. We do not link this Geolocation Data with other information to create a user profile.
    • Anonymous Application Analytics: Anonymous application usage analytics. Users may opt out of collection of this information in settings

6)   Information We Collect Automatically

Subject to your Rights and Choices below, we process your data in the following ways:

Account Data
Use it to provide Brands aggregate analytics on authentication
Amazon Web Services, Inc. ("AWS") as host of Site and Application. For more information on AWS' privacy practices, see their Privacy Policy.
As long as your Brand retains an account with Authentic Labs
Email
Send newsletters, surveys, offers, and other promotional materials related to Authentic Labs, and for other direct marketing purposes.
With MailChimp. For more information on their privacy practices, please see MailChimp's Privacy Policy.
As long as you choose to receive marketing. See Section 10 below for more information.
Contact Data
Answer your query
Will vary based on query.
For as long as necessary to provide the service you request
Camera Data
Process the image locally on your device
We do not share Camera Data
Never retained
Support Data
Support your inquiry
Will vary based on query
For as long as necessary to provide the requested support
Interaction Data
Generate aggregate analytics to improve our Site and Services.
AWS as Site and Application host.
Indefinitely, though this data has been anonymized without a method to trace it back to a user.
Cookies
Distinguish between unique Site visitors; improve our Site and Services; targeted or behavioral marketing.
AWS as Site host. Third party cookie providers as detailed in Section 9.
Will vary based on cookie. Please see Sections 5(a)(ii) and 8 for more information.
Authentication Data
Provide an authentication dashboard to Brands. We may also create de-identified or aggregate data records from this Data by excluding or changing information that makes the information personally identifiable to you. We use this data for a variety of purposes, such as to analyze request and usage patterns so that we may enhance the content of our Site, Services, or Application.
Brands; AWS as services host; Amplitude as analytics partner. For more information about Amplitude's privacy practices, see their Privacy Policy. We do not share individually-identifiable Interaction Data with Brands.
For as long as we deem necessary to provide the Services and authentication, but not longer than one year after a Brand ceases to have an Account.
Geolocation Data
If a Brand chooses to collect this Data and you consent under applicable law, we use city-level Geolocation Data in the Services.
Brands; AWS; Amplitude.
For as long as necessary to provide the Services, but not longer than one year after a Brand ceases to have an Account.

7)   Other Transfers and Disclosures of your Personal Data

  1. International Data Transfers. We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data as the European Union does. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, through AWS, and pursuant to Model Clauses (as approved by the Article 29 Working Party) agreed upon between AWS and Authentic Labs. Please see the Amazon Web Services Privacy Shield FAQ for more information on how your data is transferred from overseas.
  2. Legal Disclosures of Data
    • i) Business Transactions. If Authentic Labs is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
    • ii) Disclosure for Law Enforcement. Under certain circumstances, Authentic Labs may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
    • iii) Legal Requirements. Authentic Labs may disclose your Personal Data in the good faith belief that such action is necessary to:
      1. To comply with a legal obligation;
      2. To protect and defend the rights or property of Authentic Labs, LLC;
      3. To prevent or investigate possible wrongdoing in connection with the Service;
      4. To protect the personal safety of users of the Service or the public; or
      5. To protect against legal liability.

8)   Cookies and Similar Technologies

To make our Site and Services more useful to you, we may process usage and other data when you interact with cookies and similar technologies on our Site. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

We use generally use cookies, and similar technologies as follows:

  1. for "essential" or "functional" purposes, such as to enable various features of the Site;
  2. for social media integration e.g. via third-party social media cookies, when you share information using a social media sharing button on our Site or Application, or you engage with our content on or through a social networking website such as Facebook or Twitter; and
  3. for analytics purposes, consistent with our legitimate interests in how our Site is used or performs, how users engage with and navigate through the Site, what sites users visit before visiting our Site, how often they visit our Site, whether an email was received or opened, and other similar information.
  4. subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Site, or for targeting advertising to visitors to our Site.

If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. Please note this does not necessarily opt you out of being delivered advertising. You may continue to receive generic ads. You must opt out of third-party services directly via the third party. You may view a list of other third-party service providers who collect information, and/or opt out of such collection of information about you, by visiting https://www.networkadvertising.org/choices/ or https://www.aboutads.info/choices. Please note, at this time, our Site does not respond to your browser's do-not-track request.

9)   Data Processor List

AWS
Hosting provider
Geography: U.S.
MailChimp
Email List Administrator
Geography: U.S.
Amplitude
Analytics (no Personal Data)
Geography: U.S.
Firebase
ML Kit for Firebase
Instance ID for ML Kit model download.

10)   Your Rights and Choices

You may exercise the below Rights and Choices by emailing us at privacy@authenticlabs.com. Our mailing address is:

Authentic Labs, LLC
Attn: Privacy
1919 14th Street, Suite 700
Boulder, CO 80302
  1. Your Rights. Subject to the rights granted to other individuals, and our rights under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.
    1. Access. You may receive a list of your Personal Data that we process to the extent required and permitted by law.
    2. Rectification. You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly to the Application or Service via your account settings menu.
    3. Erasure. To the extent required by applicable law, you may request that we delete your Personal Data from our systems. You may request erasure of your Contact Data by emailing us at privacy@authenticlabs.com.
    4. Data Export. To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
    5. Objection. Where we process data in accordance with our legitimate interests, you can object to that processing to the extent allowed by law. You can stop future collection of all data by the Application by uninstalling it.
    6. Regulator Contact. You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
    7. California Rights. Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding twelve months. This request must be emailed to us at the address above.
  2. Your Choices. You may use our Site and Application without providing any Personal Data. You may opt out of or withdraw your consent to direct marketing communications. You may cease direct marketing from us in relation to any Service that collects your email by emailing privacy@authenticlabs.com, or by clicking the unsubscribe link in any promotional email we send you. If a third-party service collects your Personal Data, please see their privacy policy for more information on your choices.

11)   Security

We use appropriate technical and organizational means to protect your Personal Data. For example, we use SSL to encrypt data in transit and we encrypt data at rest. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure and we do not warrant complete security of your Personal Data, the Site, Services, or the Application. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us is compromised), please immediately notify us of the problem.

12)   General Data Protection Regulation (GDPR) Information

  1. Controller. Authentic Labs, LLC, a Colorado limited liability company, is the data controller for Personal Data collected through the Site and the Application. The legal bases of our processing as a Controller of your Personal Data are in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at privacy@authenticlabs.com.

    Processing Purpose Use:
    • Authentication
    • Analytics
    • Marketing
    • Support
    • Cookies and Similar Technologies
    Processing Purpose Disclosure:
    • Service providers
    • Marketers
    • Corporate events
    Legal Basis
    These processing activities are within our legitimate business interests, including without limitation:
    • Direct marketing
    • Advertising
    • Improvement of the Site and Application for individual users
    • Determining the effectiveness of marketing campaigns
    • Securing our Services and network, investigating suspicious activity or violations of our Terms of Use or other policies; and protecting the safety of Personal Data, including preventing exploitation or other harms to which users may be particularly vulnerable.
    We balance our interests with any potential impact on you when we process your Personal Data for our legitimate interests. You may object to this processing as permitted by applicable law.
    Processing Purpose Disclosure:
    • Legal Disclosures
    Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.
    Processing Purpose Use:
    • Consent
    • Cookies and Similar Technologies
    If we rely on your consent, you have the right to withdraw it anytime in the manner indicated in that service, or by contacting us at privacy@authenticlabs.com.
  2. Processor. When we provide authentication Services to third parties, we act as a Processor of any data collected, as “Processor” is defined by Article 28 of the GDPR. We only process that data pursuant to instructions contained in an agreement between us and the Controller of that data, which agreements will include a commitment from Authentic Labs to keep your data confidential. If necessary, we will assist Controllers in handling data subject access rights requests, security obligations, requests from supervisory authorities, and other GDPR obligations. We will only engage of sub-processors that meet the same GDPR obligations as we do.
  3. Privacy Shield & Dispute Resolution. Through AWS as noted in Section 7 above, we comply with the principles of the Privacy Shield Framework. We adhere to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity, and purpose limitation, access, and recourse/enforcement/liability. If any Privacy Shield-related complaints cannot be resolved between an EU user and Authentic Labs, we will settle unresolved complaints using JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. If required by law, we will work with the appropriate panel of DPAs or individual DPA in the EU to resolve disputes. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. The services of JAMS are provided at no cost to you.

13)   Changes to This Privacy Policy

This Privacy Policy is subject to occasional revision. If we make any changes to this Privacy Policy, we will change the "Last Updated" date above.