Privacy Policy

Effective as of June 21st, 2021

This Privacy Policy describes how Bindle Systems (“Bindle,” “we,” “us,” “our”) collects, uses, discloses and otherwise processes personal information we obtain in connection with the services we provide, including through our website and mobile application, Bindle, that link to this Privacy Policy (the “Services”).

About Bindle

Bindle is operated by an open network of labs, physicians, private individuals and institutions collaborating to beat the spread of the COVID-19 virus, and help us get back to normal life during this pandemic. We use modern cryptography to encode medical data into digital certificates, which contains the results of a COVID-19 lab test, vaccination, or proof of infection (or, generalized, any payload of private/personal data), and associate it with a self-sovereign digital identity. Our digital certificates are proprietary mobile “Wallets” anchored on a public/private key pair, where the private key is stored on the secure element (the chipset used to store credit card numbers) of a registered mobile device belonging to you. The Wallet is designed to deliver zero-knowledge proof of health to any third party, in a manner so they can independently authenticate the certificate, and test the encoded diagnosis data against a customizable screening policy.

Our Principles for Protecting Your Data

● Personal information in your Wallet is always encrypted by your unique and private key, which only you can access.

● We will never collect this private key from you, nor can we decrypt any personal information in your Wallet without your explicit permission.

● We cannot see any information about who, what, where, or when you transact with your Wallet. However, we may collect and maintain aggregated, de-identified data relating to your Wallet transactions. We may use aggregated data to understand how our users use our Services.

● We don’t sell your personal information to advertisers or other third parties.

Personal Information We Collect

Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

● Registration and contact information, such as information you provide when you register to use the Services, including your name, email address, phone number, date of birth.

● Wallet information, which includes ID documents such as your state driver license and health information such as your COVID-19 diagnosis. This information is encrypted by your unique and personal private key. Only you will have the private key in your possession. We will never collect a private key from you, nor can we ever decrypt your Wallet information. It is up to you to decide how and with whom you share your Wallet information.

● Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.

● Marketing information, such as your preferences for receiving communications about our products and services, and details about how you engage with our communications.

● Other information you provide to us, such as in emails, on phone calls, or in other correspondence with Bindle or its service providers.

Automatic Data Collection

We and our service providers may use cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies to automatically collect information about your interaction with our services through your computer or mobile device, including:

● Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, and general location information such as city, state or geographic area; and

● Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on our websites and mobile apps, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access, and how you respond to emails we send you.

How We Collect Data Using Your Mobile Device

When we establish your wallet, we ask for access to your device in order to collect data.
We will ask permission to:

● Access your camera in order to take photos as part of creating your account or to upload images when creating certificates.

● Access your photos in order to collect images as part of creating your account or to upload images when creating certificates.

● Access your audio, video and other files in order to provide documentation when creating certificates.

● Access your precise location when creating entry passes so we can provide the location and the approximate distance to the location you are selecting.

How We Use Your Personal Information

We use your personal information for the following purposes:

To provide you the services including to:

● Establish and maintain your account

● Provide information about our Services through announcements, updates, security alerts, and support and administrative messages

● Enable the Services’ security features

● Understand your needs and interests, and personalize your experience with the Services and our communications

● Provide support and maintenance for the services, analyze and improve our Services, and to develop new products and services

● To respond to your requests, questions, and feedback

For marketing purposes. To send marketing emails to the email address you provide to us (provided, however, that any such marketing emails will tell you how to opt-out of receiving further marketing emails).

To comply with the law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. We may offer you opportunities to opt in to allow us to collect, use and share your information for other purposes, and we will do so only if you opt in.

To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable or able to be correlated to you as an individual.

How We Share Your Personal Information

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates that are involved in providing the services to you.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the services (such as customer support, hosting, analytics, email delivery, professional advisors, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

With your consent. We may offer you opportunities to opt in to allow us to collect, use and share your information for other purposes, and we will do so only if you opt in.

Your Choices

Access or update your information. If you have registered to use our services, you may review and update certain personal information in your account profile by logging into the account or emailing us at support@bindlesystems.com

Deactivate your Wallet and delete your Wallet information. You may deactivate your Wallet at any time by deleting the Bindle app from your device. If you have not backed up your wallet, deleting the Bindle app removes all references to your private encryption key and therefore all of the personal information maintained within your Wallet. Because deleting the Bindle app destroys your private key, unless you have chosen to backup your Wallet, the personal information in your Wallet CAN NOT be recovered after you delete the Bindle app and its associated private key from your device. If you have backed up your Wallet and wish to purge your information from our network, please fill out the Wallet Deletion Request Form to purge your Bindle Wallet.

Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of any email correspondence, or by contacting us at support@bindlesystems.com You may continue to receive service-related and other non-marketing emails.

Cookies and Browser web storage. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the services may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Security

Bindle maintains HIPAA Compliant organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Our security program is designed to mitigate risk and to use reasonable and appropriate procedures and technologies to help protect the confidentiality of all personal information.

Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that Bindle is required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.

Data Retention

Bindle retains personal information for as long as necessary to (a) provide our services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of customer agreements.

Creation of Anonymous Data for Analytics

We may create anonymous data from personal information by excluding information that makes the data personally identifiable, and use that anonymous data for our lawful business purposes.

Children

If we have obtained consent from a parent or legal guardian, Bindle may collect, use, and disclose the personal information of a child under 13 as described throughout this Privacy Policy. Parents or legal guardians may contact us to ask if we have collected their child’s personal information, to review or correct that information, and to request that Bindle stop collecting this information or have it deleted. Such requests are subject to Bindle’s verifying to our satisfaction that the requester is in fact the child’s parent or legal guardian.

International Data Transfers

Bindle is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

Other Sites and Services

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Bindle. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time by posting a new version online or within our application. You should check this page occasionally to review any changes. If we make material changes to this Privacy Policy, we will notify you by email, in-app notification, a notice on this website or another method that we believe is reasonably likely to reach you.

Contact Us

If you have any questions or concerns at all about our Privacy Policy, please contact us at:
Bindle Systems, 1055 Saw Mill River Road, Suite 207, Ardsley, NY 10502

privacy@bindlesystems.com