Privacy Policy

Last Modified: June 9, 2021

Note: Spruce gets no data about DID or VC usage, contents, or metadata from
DIDKit or Credible; this entire policy refers to direct and voluntary
interactions between Service users and Spruce as an entity on an opt-in basis.

This privacy policy (“Policy”) describes how Spruce Systems, Inc. (“Spruce” “Company”, “we”,“our”, “us”) collects, uses, shares, and stores personal information of Spruce’s services, including any associated features or functionalities, websites and user interfaces, as well as all content and software applications associated with our services (collectively, the “Services”).

By using the Services, you accept the terms of this Policy and our Terms & Conditions (“Terms”), and consent to our collection, use, disclosure, and retention of your information as described in this Policy. If you have not done so already, please also review our Terms. The Terms contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

Please note that this Policy does not apply to information collected through third-party websites or sites that you may access through the Services, or that you submit to us through email, text message or other electronic message or offline.

If you are engaging with the Services from the European Union (EU), see our Notice to EU Data Subjects for our legal bases for processing and transfer of your data.

What We Collect#

We get information about you in a range of ways. Information You Give Us. Information we collect from you includes:

  • Account registration or user information, such as your name, display name or social media account handles when you sign up for use of our Services;
  • Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Services, receive customer support or otherwise correspond with us;
  • Anonymized usage information, such as information about how you use the Services and interact with us; and
  • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.

Information We Get From Others. We may get information about you from other third party sources and we may add this to information we get from your use of the Services.

Information Automatically Collected. We may automatically record certain information about how you use our Services (we refer to this information as “Log Data“). Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, the pages or features of our Services which a user browsed and the time spent on those pages or features, the frequency with which the Services are used by a user, search terms, the links on our sites that a user clicked on or used, referral url, and other statistics. We use this information to administer the Services and we analyze (and may engage third parties to analyze) this information to improve and enhance the Services by expanding features and functionality and tailoring to our users’ needs and preferences.

We may use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level. For more information, please see the section entitled “Cookies Policy” below.

We may also use data analytics sites to help us offer you an optimized user experience.

Use of Personal Information#

To comply with law#

  • We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

To communicate with you#

  • We use contact and personal information in some circumstances, such as your social media information, to communicate to you about updates or changes to the use of our Services.

To optimize our platform#

  • In order to optimize your user experience, we may use your personal information to operate, maintain, and improve our Services. We may also use your information to respond to your comments and questions regarding the Services.

With your consent#

  • We may use or share your personal information with your consent, such as when you instruct us to take a specific action with respect to your personal information, or you opt into third party marketing communications.

For compliance, fraud prevention, and safety#

  • We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

Sharing of Personal Information#

  • We do not share or sell the personal information that you provide us with other organizations without your express consent, except as described in this Policy. We disclose personal information to third parties under the following circumstances:

Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Policy.

Business Transfers. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

Compliance with Laws and Law Enforcement; Protection and Safety. We may share personal information for legal, protection, and safety purposes.

  • We may share information to comply with laws.
  • We may share information to respond to lawful requests and legal processes.
  • We may share information to protect the rights and property of the Company, our agents, customers, and others. This includes enforcing our agreements, policies, and terms and conditions.
  • We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.

Professional Advisors and Service Providers. We may share information with those who need it to do work for us. These recipients may include third party companies and individuals to administer and provide the Services on our behalf (such as customer support, hosting, email delivery and database management), as well as lawyers, bankers, auditors, and insurers.

If you are engaging with the Services from the European Union (EU), see our Notice to EU Data Subjects for our legal bases for processing and transfer of your data.

International Transfer#

The Company has offices outside of the EU and has affiliates and Services providers in the United States and in other countries.Your personal information may be transferred to or from the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

EU users should read the important information provided below about transfer of personal information outside of the European Economic Area (EEA).

How Information is Secured#

We retain information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this Policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

We employ industry-standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.

Information Choices and Changes#

Accessing, Updating, Correcting, and Deleting your Information - You may access information that you have voluntarily provided through your account, and to review, correct, or delete it by sending a request to support@spruceid.com. You can request to change contact choices, opt-out of our sharing with others, and update your personal information and preferences.

Tracking Technologies Generally - Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. For more information, please see the section entitled “Cookies Policy” below.

CONTACT INFORMATION. We welcome your comments or questions about this Policy, and you may contact us at: support@spruceid.com.*

CHANGES TO THIS PRIVACY POLICY. We may change this privacy policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any changes, we will change the Last Updated date above. Any modifications to this Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Services (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Eligibility#

If you are under the age of majority in your jurisdiction of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving their parent's verified consent, we will use that information only to respond directly to that child (or their parent or legal guardian) to inform the child that they cannot use the Services and subsequently we will delete that information.

Notice to California Residents#

Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Site of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

Personal Information

With respect to EU data subjects, “personal information,” as used in this Policy, is equivalent to “personal data” as defined in the European Union General Data Protection Regulation (GDPR).

Sensitive Data

Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data).

Legal Bases for Processing

We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information,which are described in the table below. If you have questions about the legal bases under which we process your personal information, contact us at support@spruceid.com.

Processing Purpose - Legal Basis

To communicate with you and to optimize our Services. These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).

We use your personal information to comply with applicable laws and our legal obligations.

Where our use of your personal information is based upon your consent, you have the right to withdraw it at any time by contacting us at support@spruceid.com.

Use for New Purposes#

We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.

Your Rights#

Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Services-related and other non-marketing communications.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to support@spruceid.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at support@spruceid.com or submit a complaint to the data protection regulator in your jurisdiction.

Cross-Border Data Transfer#

Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Policy by visiting our site or using our Services.

Whenever we transfer your personal information out of the EEA to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

Assignment and Third Parties#

Assignment#

Your information will remain subject to the terms of this Privacy Policy even if the Services undergo an organizational transition. However, we may transfer your information to a successor entity upon a merger, consolidation, or other reorganization in which our Services participate or to a successor not-for-profit assignee or licensee of all or substantially all of our Services’ assets. You hereby consent to such transfers and our Services may assign and transfer all of the rights, benefits, duties, and obligations of this Privacy Policy, under the circumstances described in this paragraph.

Accessing Third-Party Sites from our Site#

Our Services may provide links to websites of other organizations or companies that may offer materials and services as well as links to other sites. In using our Services or the linked sites of other organizations or companies, you may have the option to sign up for email lists operated by these organizations or companies. If you choose to request that your address be removed from the organizations’ or companies’ lists, we cannot control whether or not they will immediately stop using your address. To stop receiving communications from these organizations or companies, you should contact them directly.

Application of This Privacy Policy#

This Privacy Policy applies only to the privacy of users of our Services. If you follow links and move from our Services to external websites owned or operated by other entities or individuals, you should read the privacy policies of those external websites carefully. The terms by which the owners or operators of those websites manage your information could differ from how our Services manages your information. Our Services are not responsible for the practices of these third parties.

Cookies Policy#

We understand that your privacy is important to you and are committed to being transparent about the technologies we use. In the spirit of transparency, this policy provides detailed information about how and when we use cookies.

Do we use Cookies?#

No, but we reserve the right to in the future. We and our marketing partners, affiliates, and analytics or site providers may use cookies, web beacons, or pixels and other technologies to ensure everyone who uses the Services has the best possible experience.

What is a Cookie?#

A cookie (“Cookie”) is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list below. We update this list periodically, so there may be additional cookies that are not yet listed. Web beacons, tags and scripts may be used in the Services or in emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our site/analytics providers on an individual and aggregated basis.

Why use cookies?#

We may generally use Cookies for the following purposes:

  • To recognize new or past customers.
  • To improve our Services and to better understand your visits on our platforms.
  • To serve you with interest-based or targeted advertising.
  • To observe your behaviors and browsing activities over time across multiple websites or other platforms.
  • To better understand the interests of our customers and our website visitors.

We may also use functional Cookies and Cookies from third parties for analysis and marketing purposes. Functional Cookies enable certain parts of the site to work properly and your user preferences to remain known.

If you want to learn more about cookies, or how to control, disable or delete them, please visit http://www.aboutcookies.org for detailed guidance. In addition, certain third party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing.

We may link the information collected by Cookies with other information we collect from you pursuant to this Policy and use the combined information as set forth herein. Similarly, the third parties who serve cookies in our Services may link your name or email address together with information they collect, which may include past purchases made offline or online, or your online usage information. If you are located in the European Economic Area, you have certain rights that are described above under the header “Notice to EU Data Subjects”, including the right to inspect and correct or delete the data that we have about you.