At, PREY your security and privacy are our priority. We use a design based on data minimization and will only ask the most basic information for your account creation. We are transparent in the gathering and processing of your personal data. Consequently, we have decided to adhere the highest standard of privacy by complying with the European General Data Protection Regulation (GDPR) and making those rights available to all of our users so you can know that both your devices and your data are safe with us.
We will NEVER request unnecessary information unless it is necessary to provide a better service.
We will NEVER sell your personal information or data from your devices to a third party.
We will NEVER enable the functionalities of our software without your prior consent or request. By adding a device to your account, location tracking is set to ON by default. You can change this at any time on your settings.
We will NEVER access your personal information or data from your devices without your prior consent and will do so solely for support purposes.
If you have any concerns about how we protect and process your data, please do not hesitate to contact us at privacy[at]preyhq.com.
THE INFORMATION WE COLLECT
We only request the minimum amount of data to create your account, this includes your name and country; however, it is important to highlight that the only way for us to identify you as a user is through the e-mail you used to register, which will be the official channel of communication between us. Under the General Data Protection Regulation (GDPR), the basis for us processing personal data is the provision of a service.
Once the software is installed on your device the default settings for location awareness is “on”, this mean that your devices will send all location changes to our servers. You can set this option to “off” in which case we won’t ever get the location information of your devices unless they are set to missing or you specifically request it. Once a device is set to “missing” you can start receiving reports and have the camera take pictures, this option can be turned off in the report settings. A device marked as ‘missing’ sends technical identification data to our servers along with the geo-localization, images and files you decide to retrieve from it.
Currently, we have two mailing lists, one for updates from our Blog with security and technology news and another one of commercial information for clients. You can unsubscribe of your subscriptions here. These lists are intended solely for our exclusive use and we do not disclose any information to third-parties.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
For any inquiries with regards to the use and disclosure of your personal information, please submit a written request to privacy[at]preqhq.com.
You can use our Support Forum free of charge; all your questions and suggestions are welcome. To access this Forum, you need to sign-in with a User Name and e-mail for validation and contact purposes. You are responsible for the information you voluntarily decide to include in your profile, you keep full control over it and can delete it whenever you like. The only exception to this rule applies to the content of your posts, which remains for registration and coherence and is never deleted. However, if you want your user name to be removed from your posts, you can contact us at privacy[at]prehq.com.
PURPOSE OF OUR DATA COLLECTION
We collect your name, mail and country when you create an account for the purpose of user identification. This collection is based on the fulfillment of a service so that we can provide both support and help with your account or password recovery. Well store this information for as long the account exists, you can delete it by deleting your account.
When you add a device by installing our software well start collecting your location by default and can collect some files if you use the file retrieval function. This collection is based on the fulfillment of a service and its only purpose is to help you safely recover or track your devices and its content. We do not share nor sell this information to third parties. Well store this information for as long the account exists, you can delete it by deleting your account.
If you exercise a data right such as data deletion or portability well collect and store such requests based on a legitimate interest so that we can probe our compliance.
Our website, including the user panel of PREY ANTI-THEFT, uses first and third-party cookies to obtain anonymous or deidentified usage statistics with the purpose of providing you with a better service. The FirstSession and LastSession cookies are used to obtain the last website you browsed before visiting preyproject.com. We do not do tracking outside our website nor do we install these cookies without your prior consent. To check the detailed content of each of these cookies or opt-out click here. The other cookies used on our website are essential to its operation and their objective is to facilitate its usability and configuration, they don’t track any Personally Identifiable Information (PII) whatsoever.
Following the California Online Privacy Protection Act (CalOPPA) and given that there is no existing standard governing the Do Not Track signals, we do not comply with these requests nor can we ensure third-party cookies in our website will.
Third-party cookies on our website and panel include Hotjar, Google Analytics, Google Adwords, Mixpanel, Facebook’s Pixel, Active Campaign, Linkedin, Twitter, Intercom, and Pipedrive. All of them require your express consent.
SERVICE PROVIDERS AND WHO WE SEND INFORMATION TO
At Prey, we work with renowned international organizations to offer a better service and an enhanced user experience; thus, we must transfer some data to third-parties. Such transfers are specific and regulated as per the terms and conditions of each of such organizations that are obliged to provide the same level of security and protection we do, and report any issue to us.
We use the services of Hotjar, Google Analytics and Google Adwords to obtain anonymized information about surfing our website. No personally identifiable information is sent, except for your IP address. Also, they get localization information and data from your browser. The business purpose of this processing is auditing, to register visit and usability metrics. Cookies are used to obtain this information, which require your prior consent.
We use Mixpanel to measure the interaction of our users with the application’s panel. We send your login data, including your e-mail, country, region, city, time zone, number of devices, user type and account id. Cookies are used to obtain this information, which require your prior consent and it is intended solely for our exclusive use. This is done for the purpose of maintaining the quality of our service.
We use Crashlytics and Bugsnag to obtain an anonymized record of the errors and bugs of our software. None of these transfers contain Personally Identifiable Information and are done for the purpose of debugging.
We use Facebook’s Pixel to obtain information about visits to our website and track our ads. Cookies are used to obtain this information, which require your prior consent. Facebook fully complies with the GDPR. With regards to the CPPA, the business purpose of this collection is auditing.
We use Pipedrive, Outreach and Active Campaign as platforms to administer the commercial information of our clients. We send to them the information you fill in the document download forms of our website or those you use to obtain commercial information. This information is intended solely for our exclusive use. In addition, we use them as a cookie, but as all of the cookies we use, they require your express consent to send to us anonymous demographic data, hardware/software information, localization, interaction with the website and your IP address. All of the above have a Privacy Shield certification ensuring the protection of our user’s personal data in accordance with this policy. These transfers are done on our behalf to process and fulfill orders and transactions.
We use Helpscout as a customer service platform. We do not send more information other than that provided in the support tickets, which is intended only for our exclusive use. This treatment is done on our exclusive behalf to provide customer service.
We use Braintree and Chargebee to manage payment for our PRO services. Your payment information is sent encrypted and secured under the strictest market standards. They both have GDPR and PCI-DSS compliance.
We use Google Cloud Storage and Amazon Web Services to store data from our users and servers. Both companies are fully compliant with the GDPR and the CCPA and follow the strictest standards of security and scrutiny.
If you use the option to access our services through Facebook, Twitter or other social network or login service provided by third-parties, you are subject to their own data privacy and processing policies. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Prey is potentially liable.
FILE RETRIEVAL AND PRIVACY
Under no circumstance, our file retrieval functionality constitutes a back-up or administration system in the Cloud. We do not check nor do we have access to the files you retrieve, and we will never check their content. If you use the retrieval functionality, the files will be hosted in Google Cloud Storage and we do not have access to that information. Your files will be available during thirty (30) days from the retrieval request.
AUTHORIZED USE AND MULTI-USER ACCOUNTS
Prey Anti-Theft is a security application aimed at facilitating the search for and access to lost devices of our users. The purpose of Prey-Anti-Theft is not to register or track people down, and according to our terms and conditions, you agree to such limitations. Likewise, you may only install Prey in devices you are legally authorized to do so.
In the case of our multi-user accounts, you should be aware that all administrators may enable your devices as lost. At any time, you can know who the administrators of your account are by checking your account’s information in the application’s panel. If you have any problems with this functionality or you would like access to administrators to be removed contact us at privacy[at]preyhq.com
DATA RIGHTS AND REQUESTS
At Prey, we respect your ownership over your personal data; therefore, you can exercise your right to access, modify and remove it easily from the Panel. If you wish to cancel the processing of your personal data, you only have to uncheck your devices as lost because Prey does not make passive tracking of your devices, unless you expressly require it. If you decide to remove the personal data associated with your Prey account, you can do so in the Panel. If you wish to request the removal of all your personal data, you can request a full data deletion by sending an email to privacy[at]preyhq.com. Such requests can only be made once every five (5) months.
You have the right to access your personal and the portability of such information. If you request it, we will send you all the personal data you may have shared with us in a machine-readable format. You can exercise this right once every three (3) months; through the user panel or by sending a request to privacy[at]preyhq.com.
If you decide to close an account, we delete all your data. Nevertheless, we keep a record of payment history, data deletion and portability requests as a backup for legal reasons. The lawfulness of these backups is based on the compliance of a legal obligation.
At Prey, we believe that words must translate into actions. Our desire to protect your data is at the core of our business. We are made up of a team of highly trained, multi-disciplinary and multi-national professionals, who are all contractually bound by non-disclosure agreements and confidentiality clauses to protect the information of our users. Access to our servers has state-of the-art encryption and compartmentalization; none of our employees has access to the information of your account information or your passwords. The support service is limited to be used solely for such purposes and it requires due confirmation of the identity of our users.
CALIFORNIA CONSUMER PRIVACY ACT
Prey complies with the California Consumer Privacy Act of 2018 (CCPA.). Your consumer data rights are laid out on the “DATA RIGHTS AND REQUESTS” sections. As laid out there, you can exercise your data rights on your user panel. If you want to exercise them through other means, a verifiable consumer request will require for us to verify your identity.
With regards to subdivision c section 1798.110, the categories of personal information we may have collected over the past 12 months are the following:
|Identifiers||Prey service: Account name, Ip address, email address. Sales contact: First and Last name. Unique identifiers are assigned to devices when added to your account.|
|Information related to bank accounts, health insurance and other financial information||None. Payment and/or credit card information is handled through either Chargebee or Braintree both with PCI-DSS compliance.|
|Characteristics of protected classifications under California or federal law (such as race or gender)||None.|
|Commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered)||Payment and subscription history.|
|Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)||E-mail. Advertisement interaction through cookies which require previouse consent.|
|Biometric information (such as call recordings)||None. There can be face pictures on the reports if the front camera is used to take pictures when setting a device to missing.|
|Geolocation information||Yes, device tracking is on by default, can be opted out by the user.|
|Sensory information (such as audio, electronic, visual, thermal, olfactory, or similar information)||When you add a device, we register: Devce name, Battery, Hardware, OS type and version, public and private IP address, MAC address. Files that you decide to retrieve.|
|Professional or employment-related information||Job title, company name and business type only through the sales quote.|
|Inferences drawn from the above information about your predicted characteristics and preferences||None.|
|Other information about you that is linked to the personal information above||None.|
EU-US PRIVACY SHIELD
In compliance with the Privacy Shield Principles, Prey Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Prey Inc. at: privacy[at]preyhq.com.
Prey Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB EU Privacy Shield for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1.
Consequently, we are subject to the investigation and enforcement authority of the US Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Privacy Shield to the appropriate authorities if legally requested by public authorities or to meet national security or law enforcement requirements.
CHANGES TO THIS POLICY
Any change to this policy or to the way we provide our service in a way that alters or limits your current rights will be properly notified to you through the user panel and it will require your express consent. Minor modifications that don’t alter neither your rights nor privacy expectations will be uploaded automatically to our website.
A transparent relationship with our clients is of the utmost importance to us; your data and devices are safe with us.