Prey's Privacy Policy

At, PREY your security and privacy are our priority. We use a design based on data minimization and will only ask the most basic information for your account creation. We are transparent in the gathering and processing of your personal data. Consequently, we have decided to adhere the highest standard of privacy by complying with the European General Data Protection Regulation (GDPR) and making those rights available to all of our users so you can know that both your devices and your data are safe with us.

We will NEVER request unnecessary information unless it is necessary to provide a better service.

We will NEVER sell your personal information or data from your devices to a third party.

We will NEVER enable the functionalities of our software without your prior consent or request. By adding a device to your account, location tracking is set to ON by default. You can change this at any time on your settings.

We will NEVER access your personal information or data from your devices without your prior consent and will do so solely for support purposes.

If you have any concerns about how we protect and process your data, please do not hesitate to contact us at privacy at preyhq dot com.

The information we collect

We only request the minimum amount of data to create your account, this includes your name and country; however, it is important to highlight that the only way for us to identify you as a user is through the e-mail you used to register, which will be the official channel of communication between us. Under the General Data Protection Regulation (GDPR), the basis for us processing personal data is the provision of a service.

Once the software is installed on your device the default settings for location awareness is “on”, this mean that your devices will send all location changes to our servers. You can set this option to “off” in which case we won’t ever get the location information of your devices unless they are set to missing or you specifically request it. Once a device is set to “missing” you can start receiving reports and have the camera take pictures, this option can be turned off in the report settings. A device marked as ‘missing’ sends technical identification data to our servers along with the geo-localization, images and files you decide to retrieve from it.

Support forum

You can use our Support Forum free of charge; all your questions and suggestions are welcome. To access this Forum, you need to sign-in with a User Name and e-mail for validation and contact purposes. You are responsible for the information you voluntarily decide to include in your profile, you keep full control over it and can delete it whenever you like. The only exception to this rule applies to the content of your posts, which remains for registration and coherence and is never deleted. However, if you want your user name to be removed from your posts, you can contact us at privacy at preyhq dot com.

Purpose of our data collection

We collect your name, mail and country when you create an account for the purpose of user identification. This collection is based on the fulfillment of a service so that we can provide both support and help with your account or password recovery. We'll store this information for as long the account exists, you can delete it by deleting your account.

When you add a device by installing our software we'll start collecting your location by default and can collect some files if you use the file retrieval function. This collection is based on the fulfillment of a service and its only purpose is to help you safely recover or track your devices and its content. We do not share nor sell this information to third parties. We'll store this information for as long the account exists, you can delete it by deleting your account.

If you exercise a data right such as data deletion or portability we'll collect and store such requests based on a legitimate interest so that we can probe our compliance.

We can collect your location, demographic data, ip address, hardware and software information, user interaction with our website and/or panel if you agree to use cookies on our website and as such is based on consent. The purpose of this collection is to help us better understand who and how uses Prey. You can delete this information by making a data deletion request.

Cookies

Our website, including the user panel of PREY, uses first and third-party cookies to obtain anonymous or unidentified usage statistics with the purpose of providing you with a better service. The FirstSession and LastSession cookies are used to obtain the last website you browsed before visiting preyproject.com. We do not do tracking outside our website nor do we install these cookies without your prior consent. To check the detailed content of each of these cookies click here.

Service providers and who the organizations we send information to

At Prey, we work with renowned international organizations to offer a better service and an enhanced user experience; thus, we must transfer some data to third-parties. Such transfers are specific and regulated as per the terms and conditions of each of such organizations that are obliged to provide the same level of security and protection we do, and report any issue to us.

We use the services of Hotjar, Google Analytics, Customer.io , Fathom Analytics and Google Adwords to obtain anonymized information about surfing our website. No personally identifiable information is sent, except for your IP address. Also, they get localization information and data from your browser. The business purpose of this processing is auditing, to register visit and usability metrics. Cookies are used to obtain this information, which require your prior consent.

We use Crashlytics and Bugsnag to obtain an anonymized record of the errors and bugs of our software. None of these transfers contain Personally Identifiable Information and are done for the purpose of debugging.

We use Facebook’s Pixel and Linkedin Pixel to obtain information about visits to our website and track our ads. Cookies are used to obtain this information, which require your prior consent. Facebook and Linkedin fully complies with the GDPR. With regards to the CPPA, the business purpose of this collection is auditing.

We use Pipedrive and Customer.io as platforms to administer the commercial information of our clients and potential clients. We send to them the information you fill in the document download forms of our website or those you use to obtain commercial information. This information is intended solely for our exclusive use. In addition, we use them as a cookie, but as all of the cookies we use, they require your express consent to send to us anonymous demographic data, hardware/software information, localization, interaction with the website and your IP address. All of the above have a Data Privacy Framework Program ensuring the protection of our user’s personal data in accordance with this policy. These transfers are done on our behalf to process and fulfill orders and transactions.

We use Helpscout and Zendesk as a customer service platform. We do not send more information other than that provided in the support tickets, which is intended only for our exclusive use. This treatment is done on our exclusive behalf to provide customer service.

We use Braintree and Chargebee to manage payment for our PRO services. Your payment information is sent encrypted and secured under the strictest market standards. They both have GDPR and PCI-DSS compliance.

We use Google Cloud Storage and Amazon Web Services to store data from our users and servers. Both companies are fully compliant with the GDPR and the CCPA and follow the strictest standards of security and scrutiny.

In cases of onward transfer to third parties of personal data of EU and UK individuals received pursuant to the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, Prey may be required to disclose such data in response to lawful requests by public authorities, including those made to meet national security or law enforcement requirements.

File retrieval and privacy

Under no circumstance, our file retrieval functionality constitutes a back-up or administration system in the Cloud. We do not check nor do we have access to the files you retrieve, and we will never check their content. If you use the retrieval functionality, the files will be hosted in Google Cloud Storage and we do not have access to that information. Your files will be available during thirty (30) days from the retrieval request.

Authorized use and multi-user accounts

Prey is a security application aimed at facilitating the search for and access to lost devices of our users. The purpose of Prey-Anti-Theft is not to register or track people down, and according to our terms and conditions, you agree to such limitations. Likewise, you may only install Prey in devices you are legally authorized to do so.  

In the case of our multi-user accounts, you should be aware that all administrators may enable your devices as lost. At any time, you can know who the administrators of your account are by checking your account’s information in the application’s panel. If you have any problems with this functionality or you would like access to administrators to be removed contact us at privacy at preyhq dot com.

Google API limited use disclosure

Prey's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Organizational confidentiality

At Prey, we believe that words must translate into actions. Our desire to protect your data is at the core of our business. We are made up of a team of highly trained, multi-disciplinary and multi-national professionals, who are all contractually bound by non-disclosure agreements and confidentiality clauses to protect the information of our users. Access to our servers has state-of the-art encryption and compartmentalization; none of our employees has access to the information of your account information or your passwords. The support service is limited to be used solely for such purposes and it requires due confirmation of the identity of our users.

EU-U.S Data Privacy Framework (DPF)

Prey has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Prey commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact Prey at: legal at preyproject dot com.

Prey also commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/privacy/dpf/disputes for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.

Dispute resolution and binding arbitration

If you have any inquiries or complaints regarding our privacy practices, please first contact us at legal at preyproject dot com.

We are committed to resolving disputes in accordance with the EU-U.S. Data Privacy Framework Principles. If a privacy concern is not resolved through our internal process, you may submit the matter to our independent dispute resolution provider, BBB National Programs, via their DPF complaint page.

Binding arbitration (Annex I – EU-U.S. DPF)
Under certain limited conditions and as a last resort, individuals may invoke binding arbitration to resolve complaints regarding compliance with the DPF Principles. Prey Inc. is committed to honoring such binding arbitration decisions and is subject to the enforcement authority of the U.S. Federal Trade Commission (FTC).

This option is available only after:

  1. You have contacted Prey directly to attempt to resolve your issue;
  2. You have submitted your concern to the independent dispute resolution mechanism above; and
  3. You have raised the issue with the U.S. Department of Commerce (if applicable) and provided the Department time to respond.

For more information about the arbitration process and eligibility criteria, please visit the Annex I documentation.

California Consumer Privacy Act

Prey complies with the California Consumer Privacy Act of 2018 (CCPA). Your consumer data rights are laid out on the “DATA RIGHTS AND REQUESTS” sections. As laid out there, you can exercise your data rights on your user panel. If you want to exercise them through other means, a verifiable consumer request will require for us to verify your identity.

With regards to subdivision c section 1798.110, the categories of personal information we may have collected over the past 12 months are the following:

Identifiers
Prey service: Account name, Ip address, email address. Sales contact: First and Last name. Unique identifiers are assigned to devices when added to your account.
Information related to bank accounts, health insurance and other financial information
None. Payment and/or credit card information is handled through either Chargebee or Braintree both with PCI-DSS compliance.
Characteristics of protected classifications under California or federal law (such as race or gender)
None.
Commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered)
Payment and subscription history.
Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)
Email. Advertisement interaction through cookies which require previous consent.
Biometric information (such as call recordings)
None. There can be face pictures on the reports if the camera is used to take pictures when setting a device to missing.
Geolocation information
Yes, device tracking is on by default, can be opted out by the user.
Sensory information (such as audio, electronic, visual, thermal, olfactory, or similar information)
When you add a device, we register: Device name, Battery, Hardware, OS type and version, public and private IP address, MAC address. Files that you decide to retrieve.
Professional or employment-related information
Job title, company name and business type only through the sales quote.
Education information
None.
Inferences drawn from the above information about your predicted characteristics and preferences
None.
Other information about you that is linked to the personal information above
None.

Data rights and requests

At Prey, we respect your ownership over your personal data; therefore, you can exercise your right to access, modify and remove it easily from the Panel. If you wish to cancel the processing of your personal data, you only have to uncheck your devices as lost because Prey does not make passive tracking of your devices, unless you expressly require it. If you decide to remove the personal data associated with your Prey account, you can do so in the Panel. If you wish to request the removal of all your personal data, you can request a full data deletion by sending an email to privacy at preyhq dot com. Such requests can only be made once every five (5) months.

You have the right to access your personal and the portability of such information. If you request it, we will send you all the personal data you may have shared with us in a machine-readable format. You can exercise this right once every three (3) months; through the user panel or by sending a request to privacy at preyhq dot com.

If you decide to close an account, we delete all your data. Nevertheless, we keep a record of payment history, data deletion and portability requests as a backup for legal reasons. The lawfulness of these backups is based on the compliance of a legal obligation.

Policy validity  

The herein Privacy Policy became enforceable on May 25th, 2018. We will keep you informed about any essential modifications to this Privacy Policy related to personal data processing.  

Changes to this policy

Any change to this policy or to the way we provide our service in a way that alters or limits your current rights will be properly notified to you through the user panel and it will require your express consent. Minor modifications that don’t alter neither your rights nor privacy expectations will be uploaded automatically to our website.

A transparent relationship with our clients is of the utmost importance; your data and devices are safe with us.