Use Cases

End User Privacy Statement

Last Updated August 25, 2021

BlockScore Inc. D/B/A Cognito (“BlockScore”, “Cognito”, “we”, “our”, or “us”) offers an identity verification, fraud detection, and watchlist screening services globally to companies, firms and financial institutions (our “Customers” or “Customer”). You may be asked by one of our Customers to complete various checks using our service. This end user privacy statement (“Privacy Statement”) explains how your personal data (“Your Personal Information”) may be used when we carry out this service on behalf of our Customers.

Our services are intended only for individuals 18 years or older. If you are under 18, please do not use our service.

When we provide our services to our Customers, our Customers determine the purposes and means by which Your Personal Information is processed (and is considered a data controller). We act on our Customer’s instructions with respect to how and why Your Personal Information is processed. Cognito is a data processor where it is facilitating identity verification, watchlist screening, and antifraud screening services at the direction of our Customers. Our Customers direct us to collect Your Personal Information. Cognito acts as a processor when directed to collect information from you, including Your Personal Information, and Cognito receives instructions from our Customers about whom to collect personal data from and when to collect and process Your Personal Information. We use Your Personal Information to provide Cognito Services to our Customers.

You should always check the privacy policies of our Customers and direct any queries and request to exercise your rights in respect of Your Personal Information to them.

Some of the Cognito Services may be accessed directly by you, including through our websites that reference this policy (e.g. (collectively “Sites”).

In some instances, for example, if you are a Customer or if you wish to make an enquiry about our services on behalf of a Customer or potential Customer, if you are an employee or wish to apply for a job with us or if you visit our website, we may be a data controller. We describe how and why we use personal data in these circumstances in our Privacy Policy at which governs use of our Site, including use of Cookies and other tracking technologies.

Cognito will not ever sell Your Personal Information to any third parties. Our Customers decide how we use Your Personal Information, control their data retention policies, and may specify how long to retain Your Personal Information.

Depending on the service required by our Customers, we may process Your Personal Information on our Customers’ behalf as described in this Privacy Statement, so we encourage you to read it carefully.

1. Overview

When Cognito provides its services to our Customers, you will be asked to provide information about yourself to us. On behalf of our Customers, we carry out cloud-based identity verification and watchlist screening services. Our system collects information from you and about you to predict and helps to prevent fraudulent activity in real time. The collection and use of Your Personal Information are described below. We then complete these services and provide the results direct to our Customers.

Our Customers determine the scope of the request for information and what personal information about you might be used for analysis with the Cognito services. Customers configure the system to require and use certain information to verify your identity. A Customer may configure Cognito services to ask for limited information. If the requested information is insufficient to provide verification, the Cognito services may request additional information to complete the verification process.

If you are not satisfied with the result of any processing, you should direct your query to the Customer, who will be able to review it.

2. Information We May Collect

Depending on the services requested by our Customers, we may collect Your Personal Information in the following ways:

Information you provide: We collect Your Personal Information when you provide information requested by the Customer to us. If you choose not to provide the requested information, we will not be able to provide our Customer with the Cognito services. Please contact the Customer to discuss alternative identity verification and screening options, if available for your region or nationality.

To find out more about the types of personal information that may be requested from you, see below:

Some of the potential information about you that may be requested on behalf of our Customers includes contact details, including your name, email address, postal address, phone number, date of birth, and/or government ID numbers; and/or photo and video information, including pictures, sometimes called selfies, and video information assessing whether a person matches their photo ID and appears to be a live person.

We collect data directly from you through industry-standard techniques such as JavaScript code, SDKs, form submissions, image collection, video collection, and behaviors using tools our Customers embed on their Customer Sites.

Information used to verify a mobile device or email: We also may provide a two-factor authentication feature to our Customers to help provide measures to ensure that the person providing information has possession of the phone number or email address associated with that identity. To provide this feature for our Customers, we may use Your Personal Information provided by our Customer or by you to send verification codes to you, such as via text messages or emails, which you can then enter to confirm your identity when you log in to use a Customer Site or create a new account.

Information we automatically collect when you visit Customer Sites. Our services use certain standard tracking technologies to automatically collect certain information about your device when you interact with and use Customer Sites. Some of this information includes, for example, your IP address and certain unique identifiers, may identify a particular computer or device and may be considered “personal data” in some jurisdictions, including the EU.

The types of information we may collect on behalf of our Customers will depend on whether you visit a Customer Site via an API interface, app using our SDK or a webpage and more details are provided below:

  • Browser and Device Information, including device type and model, manufacturer, operating system type and version, web browser type and version, user agent, telephone carrier name and information, time zone, the network connection type, IP address, hardware-based identifiers, host name, device identifiers, Android/Google Advertising ID, canvas fingerprint, characteristics related to emulation or rooted such as if your device is “jailbroken”, and app name and version. We also collect character set, host name, language, page title and URL, referrer URL, number of fonts, fonts hash, number of plugins, plugins hash, screen height and width, color depth, platform, cookie footprint, maximum touch points, Java-Enabled, session storage, local storage, whether the resolution has been tampered, language or OS, whether ad blocking is enabled, whether do not track is enabled, flash socket IP and flash identifier. The SDK will also collect phone-related metadata such as battery level, device properties, carrier name.

  • Information about your behavior on Customer’s Sites, i.e. information about your activities on Customer’s Sites, session ID, session start and stop time, time zone offset, and location information which may be general location information inferred from your IP address or, in some circumstances, more precise geolocation information based on latitude and longitude coordinates. You may be able to control the collection of location information through particular Customer Sites by changing the preferences on your mobile device. Additionally, Customers may directly provide us with data and information about you and your interactions with the applicable Customer Sites through our Application Programming Interfaces (APIs).

How We Use Tracking Technologies to Collect Information about You. We use standard tracking technologies to automatically collect certain information from your device and browser when you visit or interact with Customer Sites. When you view or use the Cognito Services via a Customer Site, Cognito servers are notified, and we are able to collect information from the browser or application. In addition, we collect data directly from you through standard tracking technologies such as JavaScript or SDK, which our Customers can embed on their websites.

To find out more about the tracking technologies we use, see below.

  • JavaScript Code (JS Snippet), also called a tag or pixel, is a tiny snippet of code inserted into the content of the Customer Site. You can disable JavaScript by changing the settings on your browser. Information about how to change those settings can usually be found on your internet browser provider’s website. Because Cognito does not control these settings, we encourage you to check the information provided on a regular basis to ensure you are aware of any relevant changes.

  • Mobile SDKs (Software Development Kits), or blocks of code embedded into a Customer Site that allow Cognito to collect certain information. You can control the use of certain information Cognito collects through the SDK by following the instructions applicable to your mobile device operating system. You may also be able to control whether and how your mobile device provides location information on particular Customer Sites by changing the preferences on your mobile device. Because Cognito does not control these settings, we encourage you to check the information provided on a regular basis to ensure you are aware of any relevant changes.

  • Canvas Fingerprinting, a tracking technique that allows us to render graphic images from built-in features of HTML5 Canvas in your browser. The canvas image is often rendered differently on different devices because of a number of factors such as, your web browser version, operating system and its settings, and installed graphics hardware, and allows us to distinguish you from other users. If you would like to disable canvas fingerprinting, you may choose to disable JavaScript or download a browser extension that blocks canvas fingerprinting techniques but doing this may impair the functionality of the Cognito Services. Because Cognito does not control these settings or extensions, we encourage you to check the information provided about them on a regular basis to ensure you are aware of any relevant changes.

Information we collect from third party sources. At our Customer’s request and as part of our services for Customer, we may combine the information we collect about you with information we receive from third parties. For example, we may receive information such as whether an IP address is commercial or private, whether a phone number is a landline, or whether an email domain is free. Customers may also ask us to work with providers that match information provided against third-party sources such as credit header files, mobile account records, utility records, motor vehicle records and other reputable sources. For certain countries, your mobile carrier may be asked to disclose your mobile account details for the purpose of verifying your identity, including your name, address, and device details. We may also receive information about you from third parties and/or collect information about you that is publicly available, on behalf of our Customer.

Special categories of personal data. If our Customers require you to provide us with any document that contains your photograph or if you need to verify your identity by providing a photograph or video of yourself, these images may reveal special categories of data about you, for example, information relating to your health (for example, if you wear glasses), your race or ethnicity or relating to your religious or political beliefs. Our facial recognition technology may also use biometric data, which is information that is used to identify you.

We use these special categories of personal data only on our Customer’s instructions and in accordance with any of our Customers’ privacy policies and this Privacy Statement and for no other reason.

3. How We May Use Your Personal Information to Provide Our Service to Customers

We process Your Personal Information on behalf of our Customers on their instructions. You need to check our Customers’ privacy policies to find out how and why Your Personal Information is used. We are not responsible for these policies and you should ask the Customer if you have any questions in relation to this.

Our Customers may use our cloud-based identity verification and watchlist screening service and we return information to the Customer about the likelihood that the person providing the information is who they claim to be.

Our Customers may also request us to use facial recognition technology to verify that the photo on your identity document matches the photo or selfie you submit. Facial recognition data will be destroyed by us when the information is no longer needed for verification as specified by Customer.

Cognito uses Your Personal Information to provide the Cognito services to our Customers, and to help our Customers comply with their legal obligations. For example, we process Your Personal Information through our cloud-based identity verification service to return match information to our Customers for particular events or activities on the Customer Site. We may also use Your Personal Information to help Customers validate your identity if you seek to exercise your privacy rights. In addition, when our Customers use the Cognito two-factor authentication feature, we process Your Personal Information, such as your telephone number or email address, to send a verification code to you via text message or email. This helps our Customers who use this feature to validate end users identities by ensuring possession of phone numbers or email addresses associated with identities.

If you do not complete your verification process on our Service, our Customers may request us to use Your Personal Information to send you a prompt by email [or text message] to complete the process. You may follow the link in any email to deactivate these reminders if you do not wish to receive these again.

4. How We May Use Anonymized or Aggregate Information to Maintain, Improve, and Develop our Services

We may anonymize or aggregate to maintain, improve and optimize the Cognito Services. We use anonymous or aggregate information to develop and improve our service. We believe that this does not adversely affect your rights and interests and is likely to be what you might expect.

5. Your Rights and Choices

Depending on your location and subject to applicable law, you may have the rights below with regard to Personal Information we process on Customer’s behalf.

Data Protection Rights

Where we act as a data processor on behalf of our Customers, you must direct any request to access Your Personal Information or to exercise any of your data protection rights to the Customer. We will assist our Customers in responding to your request and will act on their instructions. Our Customers may use our Service to verify your identity as part of this process.

Please see our Privacy Policy available on our Site for more details on how we deal with any requests where we are responsible for processing any personal data as a data controller.

6. Security and Retention

Security safeguards

We use technical and organizational security measures designed to protect personal information processed as part of the Cognito Services against unauthorized access, disclosure, alteration, and destruction.

Data retention

Customers control their data retention policies and may specify how long to retain Your Personal Information. When instructed by a Customer to do so, Your Personal Information will either be deleted or anonymized.

7. Updates to this Privacy Statement

We may revise this Privacy Statement from time to time in response to our Customers requirements for our Services and changing legal, technical or business developments. We will provide any updates on our Site and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share Personal Information previously collected from you, we will post the updated version here. You can see when this Privacy Statement was last updated by checking the “last updated” or “effective” date displayed at the top of this page.

8. Contacting Cognito

Please contact Cognito with any questions or comments about this Privacy Statement or our privacy practices at:

BlockScore, Inc.
Attn: Privacy Officer
340 S Lemon Ave., Suite 4260
Walnut, CA 91789

Cognito has appointed DataRep as its Data Protection Representative for the purposes of the GDPR in the EU/EEA and the Data Protection Act 2018 (as amended) in the UK. If we have processed or are processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data.

If our Customer on whose behalf we have processed Your Personal Information is also located the EEA or UK, you should contact our Customer about Your Personal Information instead of Cognito’s Data Protection Representative. If you still want to raise a question to Cognito, or otherwise exercise your rights in respect of Your Personal Information, you may do so by:

You may also mail your inquiry to DataRep at the following addresses:

For EU ResidentsFor UK Residents
The Cube
Monahan Road
Cork, T12 H1XY
Republic of Ireland
107-111 Fleet Street
EC4A 2AB, London
United Kingdom

Please note when mailing inquiries, it is essential that you mark your letters for “DataRep” and not Cognito, or your inquiry may not reach DataRep. Please refer clearly to “Cognito” in your correspondence. On receiving your correspondence, Cognito is likely to request evidence of your identity to ensure Your Personal Information is not provided to anyone other than you.