What information does the Service obtain and how is it used?
User Provided Information
The Service obtains the information User provides when User downloads and/or registers with the Service. Registration with Provider is mandatory in order to be able to use the basic features of the Service.
When User registers with Provider and use the Service, User generally provides (a) User’s name, email address, age, username, password, and other registration information; (b) information User provides Provider when User contacts Provider for help; (c) information User enters into Provider’s system when using the Service, such as contact information and project management information.
Provider may also use the information User provided Provider to contact User from time to time to provide User with important information, required notices and marketing promotions.
Automatically Collected Information
In addition, the Service may collect certain information automatically, including, but not limited to, User’s real-time location information, the type of mobile device User use, User’s devices unique device ID, the IP address of User’s mobile device, User’s operating system, the type of Internet browsers User uses, in certain circumstances, and depending on the Services User uses, camera and contact information, information about the way User uses the Service, and Provider may store information on User’s device.
Does the Service collect precise real time location information of the device?
Provider uses GPS technology (or other similar technology) to determine User’s current location either continuously or just when User uses the Service. In fact, the Service’s functionality is based on this feature. Provider will not share User’s current location with other Users or partners.
If User does not want Provider to use User’s location for the purposes set forth above, User should turn off the location services for the Service located in User’s account settings or in User’s mobile phone settings and/or within the mobile application. Please note that the Service’s functionality and utility will be severely limited if User chooses to turn off the location services.
Do third parties see and/or have access to information obtained by the Service?
Yes. Provider will share User’s information with third parties only in the ways that are described in this privacy statement.
Provider may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when Provider believes in good faith that disclosure is necessary to protect Provider’s rights, protect User’s safety or the safety of others, investigate fraud, or respond to a government request;
- with Provider’s trusted service providers who work on Provider’s behalf, do not have an independent use of the information Provider discloses to them, and have agreed to adhere to the rules set forth in this privacy statement.
- if RecycleGO and/or CPS is involved in a merger, acquisition, or sale of all or a portion of its assets, User will be notified via email and/or a prominent notice on Provider’s Website of any change in ownership or uses of this information, as well as any choices User may have regarding this information.
- with any third-parties that User has an account and sync that account with Provider’s Services or to validate certain information that User has provided to us, such as email addresses.
- with a third-party that Provider collaborates with in order to resolve certain issues that may arise from time to time with the services or Application.
What are my opt-out and privacy rights?
User can stop all collection of information by the Service easily by discontinuing use of the Service. For any programs or applications User has downloaded, User may use the standard uninstall processes as may be available as part of User’s device or via the mobile application marketplace or network. User can also request to opt-out via email, at [email protected].
User can also update User’s privacy settings directly within the Service. Changes to these privacy settings may alter the Service’s performance.
How does Provider use User’s information?
Provider may use User’s information to communicate with User, protect Provider and others, to create better User experiences and improve the Service and services offered, and to provide User with the Services and improve such Services.
Data Retention Policy, Managing Users’ Information
Provider will retain User Provided data for as long as User uses the Service and for a reasonable time thereafter. Provider will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. Provider also may store User’s information indefinitely for Provider’s legal and regulatory compliance, to defend legal claims, and to protect against fraud. All of this data will be securely handled and maintained. If User would like Provider to delete User Provided Data that User has provided via the Service, please contact Provider at [email protected] and Provider will respond in a reasonable time. Please note that some or all of the User Provided Data may be required in order for the Application to function properly.
Provider does not use the Service to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided Provider with information without their consent, he or she should contact Provider at [email protected]. Provider will delete such information from Provider’s files within a reasonable time.
Provider is concerned about safeguarding the confidentiality of User’s information. Provider provides physical, electronic, and procedural safeguards to protect information Provider processes and maintains. For example, Provider limits access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve Provider’s Services. Please be aware that, although Provider endeavors to provide reasonable security for information Provider processes and maintains, no security system can prevent all potential security breaches.
Furthermore, the security in Mission Control consists of three parts:
- Encryption: Provider is using the platform recommended OpenSSL to provide AES-256 and AES-128 encryption, where all values are encrypted using the AES-256-CBC cipher. Furthermore, Provider also signs all of these encrypted values using a message authentication code (MAC) to detect any modifications to the encrypted string, so that their underlying value can not be modified once encrypted.
- Hashing: Provider is using the secure Bcrypt hashing for storing User passwords. The hashing implementation takes place into the recommended built-in LoginController, which is responsible for handling the User authentication. Bcrypt is chosen due to its “work factor” adjustability, which means that the time it takes to generate a hash can be increased as hardware power increases, consequently the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with the increase of computation power.
- Client Apps Access Tokens: Provider is using the JSON Web Tokens (JWT) for generating API User access tokens, which are an open industry standard method for representing claims securely between two parties, standardized under the RFC 7519 document. JWT is chosen because it is a compact URL-safe means of representing claims to be transferred between the two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and encrypted as noted above.
If User has any questions regarding privacy while using the Service, or have questions about Provider’s practices, please contact Provider via email at [email protected].