BlockScore, Inc. DBA Cognito (“BlockScore”, “Cognito”, “we” or “us”) respects your privacy and wants you to be informed about what we do. Cognito provides services (the “Cognito Services”) designed to help online businesses (our “Customers”) comply with regulations and to detect and prevent fraud and other malicious behavior on their services’ properties, such as their websites and mobile applications (“Customer Sites”).
This Service Privacy Notice (this “Notice”) explains who we are and how we collect, share, and use personal information about you when: (i) you use the Cognito Services as an authorized end user under our Customer’s (your employer’s) account (“Authorized User”); or (ii) you interact with any of the Customer Sites that use the Cognito Services as a digital end user (“End User”). We also include information about how you can exercise your privacy rights. “You” or “your” may be an End User or Authorized User depending on the context.
PART I. GENERAL INFORMATION AND KEY TERMS
Who we are
Cognito is a Software-as-a-Service (SaaS) company based in Bend, Oregon United States. We help our Customers comply with regulations requiring End Users to be identified and to detect and other malicious behavior on their Customer Sites using our identity verification service.
In doing so, we need to collect and process information about End Users who interact with Customer Sites. Our identity verification system collects information from the End User and computer systems to predict and prevent fraudulent activity in real time.
How the Cognito Services work
We process the Customer Data through our cloud-based identity verification service and return information about the likelihood that the End User providing the information is the person who they claim to be.
We also may provide a two-factor authentication feature to ensure that the End User providing information has possession of the phone number or email address associated with the identity. To provide this feature, we use certain Customer Data provided by our Customers to send verification codes to End Users such as via text messages or emails, which they can enter to confirm their identity when they login to use a Customer Site or create a new account.
PART II. WHAT WE COLLECT AND HOW WE USE IT
Information We Collect About End Users
Information provided by our Customers: Our Customers decide the scope of Customer Data they wish to use for analysis with Cognito Services and configure the system to require and use certain information in process flows. For example, a Customer may configure Cognito Services to ask for limited contact information unless that information cannot provide sufficient verification, and then to ask for additional evidence such as a photo ID. Some of the information about the End User includes:
Information we automatically collect when you visit Customer Sites: As further explained below, we use certain standard tracking technologies to automatically collect certain information about your device when you interact with and use Customer Sites. Some of this information including, for example, your IP address and certain unique identifiers, may identify a particular computer or device and may be “personal data” in some jurisdictions, including the EU. Depending on whether you visit a Customer Site via an app using our SDK or a webpage, the information we collect includes:
Information we collect from third party sources: We combine or enhance the information we collect about you with information we receive from third parties. For example, we receive information such as whether an IP address is commercial or private, whether a phone number is a landline, or whether an email domain is free. We also work with providers that match information provided against third-party sources such as credit header files, utility records, motor vehicle records and other reputable sources.
How We Use End Users Information and the Legal Bases
Cognito only uses Customer Data to provide, maintain, improve, and develop the Cognito Services and to comply with its legal obligations.
For example, we process Customer Data through our cloud-based identity verification service to return match information to our Customers for particular events or activities on the Customer Site or our site. We may also use Customer Data to optimize and improve the Cognito Services and to validate the identity of End Users seeking to exercise their privacy rights. In addition, when our Customers’ use the Cognito two-factor authentication feature, we process Customer Data, such as their End Users’ telephone number or email address, to send a verification code to End Users via text message or email. This allows our Customers who use this feature to validate their End Users’ identities by ensuring possession of phone numbers or email addresses associated with identities.
We base our processing of your personal information on: (i) our legitimate interests in operating the Cognito Services and better detecting and preventing fraud and malicious behavior on our and Customer Sites; and (ii) our and our Customers legitimate interest in combating fraud and maintaining safe online experiences for our Customers and their End Users and (iii) our and our Customers need to process Customer Data to comply with legal obligations such as Know Your Customer (KYC) and complying with privacy requests from End Users.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, including any legitimate interests relied upon, please contact us.
How We Use Tracking Technologies to Collect Information about End Users
We use standard tracking technologies to automatically collect certain information as described in the Information We Collect About End Users section from your device and browser when you visit or interact with Customer Sites.
We may use the following tracking technologies below.
When an End User views or uses a Customer Site, Cognito servers are notified, and we are able to collect information from the browser or application as described above.
Information We Collect About Authorized Users
Information you provide to us when you use the Cognito Services: You or your organization’s administrator may provide certain personal information to us through the Cognito Services when you register for the Cognito Services, when you contact customer support, send us an email or communicate with us in any way in connection with the Cognito Services.
The personal information we collect may include:
If you ever communicate directly with us, we will maintain a record of those communications and responses.
Usage Data may include:
How We Use Authorized Users Information and the Legal Bases
We collect and process personal information for the purposes and on the legal bases identified below. For these purposes, we combine data we collect from different contexts. We use this information to:
SHARING INFORMATION WITH THIRD PARTIES
We may share and disclose information about End Users and Authorized Users in the circumstances below.
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
Processing of personal information in the US and other territories
Your personal information may be transferred to, and processed by Cognito in, countries other than the country in which you are resident, including the United States and other countries around the world where Cognito, its affiliates, service providers or partners operate facilities. These countries may have data protection laws that are different than the laws of your country and may not provide for the same level of protection as your jurisdiction. Regardless of where your data is processed, we take steps to ensure that your personal information will be processed in accordance with this notice.
European Data Transfers
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by: (i) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country’s data protection laws; or (ii) implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
PART IV. YOUR PRIVACY RIGHTS
Depending on your location and subject to applicable law, you may have the rights below with regard to personal information we control about you.
Access, review, change, update or delete your information for EEA, UK, and Swiss residents only
If you are a resident of the European Economic Area (EEA), United Kingdom, and Switzerland, you may access, review, modify, withdraw consent and request deletion of any personal information that we process about you as required by law. Fill out a GDPR request to exercise these rights.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Such information will be securely processed in accordance with this Notice and only used for the purpose of verifying your identity.
California CCPA Rights for California Residents
When we handle personal information as defined under the California Consumer Privacy Act (CCPA) in providing the Cognito Services to our Customers, we do so as a provider of services on behalf of our Customers, “businesses” under CCPA, to assist them in protecting against illegal or fraudulent activity. When requested, we reasonably assist our Customers in responding to consumer requests under the CCPA. Please direct any requests regarding your CCPA rights to the businesses you believe may have collected or transferred to Cognito your information, so that those businesses can properly handle your request. Where we are the party acting as the “business”, we are the correct party to address these requests and provide a CCPA request form to process your request.
Unsubscribe from our mailing list
You may at any time ask us to stop sending marketing communications to you, including by clicking “Unsubscribe” in any e-mail communications we send you. If you have any questions in relation to the “Unsubscribe” process, please feel free to get in touch via the contact details set out below. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.
PART V. OTHER IMPORTANT INFORMATION
We use technical and organizational security measures designed to protect personal information processed as part of the Cognito Services against unauthorized access, disclosure, alteration, and destruction.
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements such as applicable statutes of limitation.
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible because your personal information has been stored in backup archives, then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Children and Sensitive Information
We do not knowingly collect personal information from anyone under 18 years of age. We do not knowingly collect or utilize any personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data for the purpose of uniquely identifying an individual, or data concerning an individual’s health, sex life, or sexual orientation. We ask that you not provide us with such information.
Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments, and the revised version will be effective when it is posted. If we make any material changes to the ways in which we use or share personal information previously collected from you, we will post the updated version here and by means of a prominent notice on our website, or by other means. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
PART VI. HOW TO CONTACT US
Please contact Cognito with any questions or comments about this Notice or our privacy practices at
Attn: Privacy Officer
340 S Lemon Ave., Suite 4260
Walnut, CA 91789