Cirrent Privacy Statement
This policy statement is effective as of 03/04/2016
Cirrent complies with the U.S. – E.U. Safe Harbor framework and the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Cirrent has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Cirrent’s certification, please visit http://www.export.gov/safeharbor/
Overview of our services
Cirrent is a connected-product technology provider to manufacturers, resellers, retailers, network operators, and service providers (Clients) of commercial and consumer products and services. Our technology and services are used by Clients to connect their products to the internet so that they and their customer users can monitor and control these products remotely, either directly through mobile or web based apps or in sync with other connected products from other connected product suppliers. We provide the communications technology that is embedded in each connected product and we also run the cloud based services that collect, hold, manage, and analyze data from the connected product and communicate between the connected product, the Client and in some cases, the network service provider that manages the public Wi-Fi service that may be available in their customer’s homes..
The information we receive
In order to provide our services, we may receive data from our Client’s connected products. This data is classified as non-personal information as it does not personally identify anyone. We and our third party service providers may collect non-personal information from a user’s connected product. Data from the connected product may include its make, model, device type (e.g. thermostat, light bulb, smart plug, etc.), unique device identifier (UDID) or MAC address, physical location, IP address, the SSIDs and BSSIDs of Wi-Fi networks that the connected device is in range of, network traffic usage patterns, current state of connectivity, i.e. on or off the network and its connectivity history (when it was first setup, when was the last time it was connected, etc.).
The connected product’s IP address is a number that is automatically assigned to it by the network service provider, the UDID (or similar ID) is the unique identification number associated with the connected product, and the MAC address is the unique number assigned to each individual connected product. The IP address, UDID and/or MAC address are identified and logged automatically in our server log files whenever the connected products connects to the Cirrent Cloud, or when the connected product communicates with the Cirrent Cloud, along with the time(s) of such connection(s), the features within the Cirrent Cloud that were accessed and used. Collecting IP Addresses is standard practice on the Internet and is done automatically by many cloud platforms. Please note that we treat IP addresses, UDIDs, MAC addresses, server log files and related information as non-personal information, except where we are required to do otherwise under applicable law.
How the information is used
We use the information we receive through our services to provide connectivity, control and feedback to the connected product, to the Client and in some cases to the network operator that provides the public Wi-Fi service in the customer’s homes. We use the data collected from the connected product to help our Clients assign a new device to one of their customer’s accounts and to prevent unintended users from initially setting up and controlling the the product.
For example, we may use this data to determine that a Wi-Fi password should be sent down to a particular device.
We may also provide connected product information to the Client or network service provider such as its connectivity state and history. This allows the Client or network service provider to provide improved support services to the user (e.g. outbound communications from Client to their customer that are triggered by changes in device connectivity state, such as a change in the network that the product is connected to or if the product suddenly becomes disconnected and can no longer access the user’s private Wi-Fi network). Finally, we may provide connected product state information indirectly to the user through their mobile or desktop app to allow them to control the connected product remotely. If the user connects their connected product through a network service provider’s public Wi-Fi network, we will also provide data to that third party.
This information may be used by the Client or the network service provider to inform its customers of services or products that may be of interest to them.
We may disclose the information we receive, either through our services or submitted to us via email;
- In order to fulfill our obligations to our clients
- If we believe that we have a legal obligation to do so, such as to comply with a subpoena or similar legal process
- In situations where we believe it’s necessary to protect ourselves, our customers or users or to prevent or stop activity we may consider to be, or poses a risk of being illegal or legally actionable activity
- In connection with a corporate merger, acquisition, sale of assets, bankruptcy, or other change in corporate status. You will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.
We may de-identify or aggregate personal information to create data that does not personally identify the users. For example, we may aggregate personal information to calculate the percentage of who use connected products or have more than one connected product in a particular zip code or postal code. We may also use this information in aggregated, non-identified form for research purposes and to help us make sales, marketing or business decisions.
Because non-personal information does not identify an individual in any way, we may share non-personal information with any third party for any purpose.
What we don’t do with data
We don’t attempt to determine any additional personal information not provided directly to us.
We do not sell a user’s personal information to third parties.
We do not provide a user’s personal data to third parties who might create ads or advertising segments related to sensitive interests, such as, medical conditions, certain financial situations, sexual preferences and products, and use of firearms, drugs or alcohol.
We do not deliver ads.
We do not intentionally collect data from children under 13 years of age. If we find that we have collected information from someone under 13 we will delete this information immediately.
Security of information
The security of information is important to us. Certain information provided to us (such as user’s private network password), is encrypted using generally accepted encryption methods.
We follow generally accepted standards to protect the information we receive. However, no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
Sometimes we employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Service Providers”). We may need to share a user’s information with our Service Providers in order to make our services and site available to you. Unless we tell you differently, our Agents do not have any right to use your personally identifiable information or other information we share with them beyond what is necessary to assist us. Cirrent may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
We will retain the information we collect for as long as the connected products are active or as needed to provide the Client services. We will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Updating your information with our Clients
Cirrent has no direct relationship with the end users whose connected product data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Cirrent Client (the data controller) directly. If requested to remove data we will respond within a reasonable timeframe.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to them. Cirrent will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We encourage review of this policy periodically to stay informed about how we collect, use, and disclose data.