DISMISS
The ZenKey App is live. We’re actively integrating apps and websites. Learn More.

ZenKey Privacy Policy

Last Updated on September 15, 2020.

This Privacy Policy describes how we, ZenKey LLC, collect and use personal information. If we collect information about you, the information we collect, and how we use it, depends on how you interact with us or how you use our services. We may collect and use personal information, as described in this Privacy Policy, from people who interact with us in one or more of the following ways:

In this Privacy Policy, "you" refers to you in general, and should be read as appropriate to the way (or ways) you interact with ZenKey LLC or use our services.

Other terms used in this Privacy Policy have the following meanings:

  • "De-identified Data" is data not capable of being identifiable to a device or person.
  • "Personal information" means any information relating to an identified or identifiable person, including data collected via a mobile or electronic device that identifies or can be used to identify a person.
  • A "Participating Carrier" is a wireless carrier that provides the ZenKey App to their End Users.
  • A "Service Provider" is a business that has entered into an agreement with ZenKey LLC and uses certain ZenKey Services and that generally provides services to End Users. (For example, if a bank uses ZenKey Services to strengthen authentication of its customers who use the bank's website or mobile application, that bank would be a "Service Provider.")
  • "Usage Data" refers to data that is collected automatically from a computer or device when interacting with a website or using an app. For example, Usage Data may include IP address, browser type, browser version, native platform the browser is running on, time and date of use, pages of a website visited and time spent on those pages, unique and anonymized device identifiers, and other diagnostic and clickstream data.
  • "ZenKey Services" (or "our services") refers to the solutions and services supplied by ZenKey LLC in cooperation with the Participating Carriers.

Interaction with Participating Carriers' Privacy Policies. While this Privacy Policy describes the limited information ZenKey LLC collects about End Users to enable End Users to connect to or interact with Service Providers, the privacy policy of the relevant Participating Carrier generally governs the collection, use, and sharing of End Users' personal information for ZenKey Services offered through the ZenKey App. Those Participating Carrier privacy policies may be accessed via the ZenKey App or the Participating Carriers' corporate websites. (Please find links to the privacy policies of Participating Carriers at the end of this Privacy Policy.)

Limits of this Privacy Policy. This Privacy Policy does not apply to information collected by Participating Carriers, apps provided by Participating Carriers (including the "ZenKey by" Participating Carrier apps), Service Providers, third parties, third-party websites, or third-party applications, including any that may be linked to or accessible from or on our public website or the Developer Sites.

  1. Types of Data Collected

a. Types of Data Collected about End Users

ZenKey LLC collects limited information about End Users in order to enable their use of ZenKey Services to connect to or interact with Service Providers. This includes information that we use to identify an End User's Participating Carrier.

In connection with Service Providers' use of ZenKey Services, we collect information about End Users that may include but is not limited to:

  • Carrier Code (MCCMNC);
  • Phone Number;
  • SubID of the End User (to derive the first six digits equivalent to Carrier Code (MCCMNC)); and/or
  • IP Address of the End User's device.

Usage Data. We may also collect Usage Data (as described above) from End Users when End Users visit the ZenKey Discovery Services via a web browser or in the ZenKey App.

b. Types of Data collected about Visitors

ZenKey LLC also collects certain information about visitors to its public website, including but not limited to the following:

  • Usage Data. We collect Usage Data (as described above) about Visitors in order to provide a reliable, safe website, and for the other purposes described in this Privacy Policy.
  • General Personal Information. If you, as a Visitor, register through our public website or communicate with us through our public website, we may collect or ask you to provide us with contact information or other general, biographical information, such as your name, email address, and mobile phone number.

c. Types of Data Collected about Developers

ZenKey LLC collects more detailed information about Developers, including but not limited to the following:

  • General Personal Information. We may collect or ask you to provide us with contact information or other general, biographical information, such as your name, mailing address, email address, phone numbers, mobile device identifier, and wireless network profile data. For example, if you register as a new user on one of the Developer Sites, we may ask you to provide us with your email address, name, street address, state, province, ZIP/postal code, city, country, phone number, company name, job title, or other information. If you register as a user of one of the Developer Sites, you may also be asked to provide identification, such as a copy of your driver's license.
  • Usage Data. We may also collect Usage Data (as described above) automatically from your computer or device in the course of using one of the Developer Sites.

d. Tracking and Cookies Data

This section only applies if you are an End User, Visitor or Developer.

Cookies are small data files sent to your browser from a website and stored on your computer or device, and they may include a unique identifier assigned by the website. Other tracking technologies we use are beacons, tags, and scripts, to collect and track information and to analyze and improve the Developer Sites, our public website and websites that are used to provide ZenKey Discovery Services.

Types of Cookies We Use. We may use session cookies (to operate our websites), preference cookies (to remember your preferences and various settings), and analytics cookies (to measure your use of our websites, compile a record of this usage information, and help us improve and develop our websites). For more details related to your choices related to certain analytics cookies, please see the section below labeled "Third Party Analytics."

Browser Cookie Settings. You can instruct your browser to refuse all cookies or to indicate when a cookie is used. However, if you do not accept cookies, you may not be able to use some portions of our public website or of a Developer Site.

Browser ID. Although not technically a cookie, the Browser ID is assigned by ZenKey LLC and saved in the local storage of an End's User browser. The Browser ID is a unique and opaque identifier (meaning that it does not, by itself, reveal personal information), that is used for the ZenKey Discovery Services.

Masked ID. Similar to the Browser ID, the Masked ID is a de-identified string saved in the End User's local storage, that is used for the ZenKey Discovery Services.

"Do-Not-Track" Signals. Our websites do not respond to "do-not-track" or similar browser settings.

  1. Use of Data

This section applies if you are an End User, Visitor or Developer.

We use the collected data for various purposes, including to:

  • provide our services to Service Providers under the Developer Portal Terms of Service and/or any other contractual agreements that a Service Provider may enter into with ZenKey LLC;

  • provide and maintain our websites;

  • notify you about changes to our public website, Developer Sites or ZenKey Services;

  • allow you to participate in interactive features of our websites and the Developer Sites when you choose to do so;

  • to operate and provide the ZenKey Services (including ZenKey Discovery Services)

  • provide customer support;

  • gather analysis so that we can improve our public website, the Developer Sites and ZenKey Services;

  • generate reporting to summarize usage of the ZenKey Services;

  • create billing records for Service Providers and/or Participating Carriers, for use of ZenKey Services;

  • monitor the usage of our websites;

  • detect, prevent and address technical issues;

  • provide Service Providers with news, special offers and general information about other services and events that may be of interest unless you have opted out of receiving these types of marketing messages;

  • maintain the safety and security of our websites and other systems, or to prevent illicit activity;

  • comply with legal obligations; and/or

  • create aggregate, de-identified data that does not identify specific individuals or Service Providers, which we may use for any lawful purpose.

We may also use personal information for any other purpose with your consent.

  1. Disclosure of Data

This section applies if you are an End User, Visitor or Developer.

Personal information that you provide or that we collect as described in this Privacy Policy, may be disclosed to third parties as follows:

  • Suppliers. Suppliers are third-party entities and individuals that we work with to provide the ZenKey Services. Your personal information may be shared with Suppliers who use the personal information on our behalf to operate the ZenKey Services.
  • Requested Transactions. Your personal information may be shared with Participating Carriers and Suppliers in order to complete a transaction requested by you or a Service Provider.
  • Corporate Restructuring. If we are involved in a merger, acquisition, asset sale, or similar corporate transaction, personal information that we hold may be transferred as part of that transaction. In this case, will endeavor to provide notice before your personal information is transferred and becomes subject to a different privacy policy.
  • As Required by Law. Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid orders or requests by public authorities, such as a court or a government agency, or to cooperate with law enforcement investigations.
  • To Enforce Rights. We may disclose your personal information to enforce our contractual rights, take precautions against liability, investigate suspected or actual illegal activities, or to investigate and defend ourselves against third-party claims or allegations.
  • Safety. Your personal information may be shared if we believe that disclosure is necessary or appropriate to protect the rights, property, or personal safety of our customers, others, or ourselves.
  • With Your Consent. We may otherwise share your personal information with your consent, such as to provide requested information, products or services, or otherwise to fulfill a contractual obligation to you.
  • Whenever we disclose personal information, we seek to minimize the disclosure to only that information that is necessary for the purpose of the disclosure.

Disclosure of Statistical Data. We may use personal information to generate aggregate statistical data, which does not identify individuals or Service Providers, and we may use and disclose that aggregate statistical information without restrictions.

No Third Party Direct Marketing. It is our policy not to disclose personal information about you to third parties for those third parties' direct marketing purposes unless you first affirmatively agree to that disclosure.

  1. Security of Data

This section applies if you are an End User, Visitor or Developer.

The security of your data is important to us, but please understand that no method of transmission over the Internet, or method of electronic storage is ever 100% secure. We use a variety of physical, electronic, and procedural safeguards designed to protect personal information from unauthorized access, use, or disclosure while it is under our control. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

  1. Retention of Data

This section applies if you are an End User, Visitor or Developer.

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes.

  1. Transfer of Data

This section applies if you are an End User, Visitor or Developer.

Your information, including personal information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those of your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your personal information. By using or submitting personal information to the ZenKey Services, our public website or the Developer Sites, you hereby consent to such transfer of your personal information to countries where applicable laws may not provide the same level of protection of personal information as the laws of the country or jurisdiction where you are located.

  1. Third Party Analytics

This section only applies if you are a Visitor or Developer.

We may use third-party service providers, including or similar to the following, to monitor and analyze the use of our public website or the Developer Sites.

Google Analytics. Our public website and the Developer Sites use Google Analytics cookies to help analyze how users use the website and Developer Sites. The information generated by these cookies will normally be stored on a Google server in the US. Google Analytics is a web analytics service offered by Google that tracks and reports online traffic. Google uses the data collected to track and monitor the use of our public website, the Developer Sites and certain ZenKey Services. This data may be shared with other Google services. Google may use the collected data to contextualize and personalize the ads provided through its own advertising network. You can opt-out of making your activities available to Google Analytics by installing the Google Analytics opt-out browser add-on (available at https://tools.google.com/dlpage/gaoptout). The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits and activity. (Please, note again that our public website and the Developer Sites do not respond to "do-not-track" or similar browser settings.)

LinkedIn Insight Tag. The LinkedIn Insight Tag is a piece of JavaScript code on our public website and the Developer Sites that enables campaign reporting and provide insights about visitors to those websites. More information can be found at https://business.linkedin.com/marketing-solutions/insight-tag.

RollWorks. NextRoll's Rollworks is a business-to-business platform that helps our marketing efforts by identifying potential customers and engaging them with digital advertising, and by measuring the effectiveness of marketing programs.More information can be found at https://www.nextroll.com/privacy.

Opting Out of Targeted or Interest-Based Advertising. The following organizations provide means to opt out of online targeted or interest-based advertising:

  1. Accessing and Requesting Changes to Your Information

This section only applies if you are a Visitor or Developer.

If you wish to access, correct, update, or delete personal information about you, please contact us as provided in this Privacy Policy. In responding to your request, we may request information from you and use information previously collected to verify your identity, or take other actions that we believe are appropriate. Please understand that we may not be able to alter or delete your personal information, for example if we are required under applicable law to maintain that information or if the information is needed to continue providing our services to you.

  1. Children's Privacy

This section only applies if you are a Visitor or Developer.

Our public website and the Developer Sites are not intended for children under the age of 13. We do not knowingly collect personal information from anyone under the age of 13. If we acquire knowledge that we have collected or received personal information from an identifiable person under the age of 13 through our public website or the Developer Sites, we will delete that information. If you believe that we may have collected any personal information from an identifiable person under 13, please contact us as provided in this Privacy Policy.

  1. Changes to this Privacy Policy

This section applies if you are an End User, Visitor or Developer.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy here and updating the date at the top of this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

  1. Contact Us

This section applies if you are an End User, Visitor or Developer.

If you have any questions about this Privacy Policy, please contact us by using the contact information we provided on our Contact Us page at https://myzenkey.com/contact/

  1. Information for California Residents

This section applies if you are an End User, Visitor or Developer.

Under the California Consumer Privacy Act of 2018 (CCPA), California residents are entitled to additional information about how we collect and use personal information. California residents may also have additional rights regarding their personal information. (Under California law, "personal information" includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or can reasonably be linked, directly or indirectly, with a particular California resident or household, with certain exceptions defined in the CCPA, including an exception for publicly available information.)

a. As a California resident, how is my personal information used?

Under the CCPA, we are obligated to provide California residents with additional information about our information practices, specifically the categories of personal information we have collected in the past 12 months based on the CCPA's statutory definition of personal information, as well as where that personal information comes from, why we collect it, and whether we disclose or sell that personal information.

The following chart provides information required under the CCPA about our information practices over the past 12 months.


Category of Personal Information Collected

Types of Users

Source of the personal information

Why the personal information was collected

Disclosures of the personal information

Identifiers, such as email address, name, phone number, IP address

End Users, Visitors and Developers

- Phone numbers are collected from you or a Participating Carrier when you use the ZenKey Services.

- IP addresses are collected from you automatically when you use the ZenKey Services

- Other identifiers may be collected from you when you register on our public website or the Developer Sites, or communicate with us

- To provide our services to you
- To communicate with you and provide you with information
- To provide customer support

- To our Suppliers
- To the relevant Participating Carrier and other businesses or third parties at your request

Financial information, such as payment cards and financial account numbers

Developers

From you, such as financial information you may provide for payment purposes

- For payment purposes, to provide our services to you as a Developer
- To provide customer support

- To our Suppliers

Characteristics of protected classifications under California or federal law, such as age, gender, race, citizenship

Visitors and Developers

From you, such as when you provide identification to register on our public website or a Developer Site

- To provide our services to you
- To maintain the safety and security of our systems

- To our Suppliers

Commercial information, such as purchases and transaction history

Visitors and Developers

From you, including by automatic collection, when you use our public website, a Developer Site or our other services, or communicate with us

- To provide our services to you
- To communicate with you and provide you with information
- To provide customer support

- To our Suppliers
- To businesses or other third parties at your request

Internet and network activity information, such as your interaction with our public website or the Developer Sites

End Users, Visitors and Developers

Automatically collected from your computer or device and through our public website and the Developer Sites, or for End Users, collected from Service Providers

- To provide, maintain, and improve our websites and our services
- To provide customer support
- To monitor and understand the use of our websites and our services
- To detect, prevent, and address technical issues

- To our Suppliers

General location information derived from IP Address

Visitors and Developers

General (not precise) location information may be derived from your IP address, which is automatically collected from your computer or device through our public website and the Developer Sites. We do not collect location information from mobile devices, cell phone towers, GPS, or other sources.

- To provide, maintain, and improve our websites and our services
- To provide customer support
- To monitor and understand the use of our websites and our services
- To detect, prevent, and address technical issues

- To our Suppliers

Electronic sensory information, such as photographs

Visitors and Developers

From you, such as when you provide identification to register on our public website or a Developer Site

- To provide our services to you
- To maintain the safety and security of our systems

- To our Suppliers

Professional or employment information, such as your company name and job title

Visitors and Developers

From you, when you register on our public website or a Developer Site, or communicate with us

- To communicate with you and provide you with information

- To our Suppliers
- To your wireless carrier and other businesses or third parties at your request

We may also disclose personal information to third parties in the event of a corporate restructuring, as required by law, to enforce our rights, for safety reasons, with your consent, or as otherwise described in Section 3, above.

We do not "sell" personal information (as "selling" is defined under the CCPA).

b. What are my rights as a California resident?

Under California law, California residents have specific rights regarding personal information. California residents may generally exercise the following rights, subject to certain exceptions:

  • Right to access personal information. As a California resident, you may have the right to request that we inform you about the personal information we have collected, used, disclosed and sold about you in the past 12 months, and for us to provide the specific pieces of personal information that we have collected about you. (Please understand that we are not obligated to provide specific pieces of personal information more than twice within a 12-month period.)
  • Right to request deletion of personal information. As a California resident, you may have the right to request that we delete any of your personal information that we collected from you, subject to certain exceptions. Once we receive and confirm your request, we will delete your personal information from our records, unless an exception applies.
  • Right to opt-out of the sale of personal information. As a California resident, you have the right to opt-out of the sale of your personal information by a business that sells your personal information.
  • Right of non-discrimination. As a California resident, you have the right not to be discriminated against because you exercised your privacy rights provided under the CCPA.

c. As a California resident, how can I exercise these rights?

To submit requests to exercise your rights or rights as an authorized agent described above, please use one of the following methods:

Verifiable Requests. We are only obligated to respond to – and we will only respond to – verifiable consumer requests. If we receive a request relating to information about you, we need to know that it is actually coming from you, or somebody legally authorized to act for you, in a way that is appropriate to the nature of the request. We may use any information that we have already collected about you in order to verify your request. Also, if we collect any personal information to verify your request, we will only use that information to verify your request. An authorized agent may submit requests on your behalf using the methods provided above. We may need proof of their authorization, however, which may include directly verifying your identity and confirming that you provided permission to the agent.

For End Users, please understand that the limited amount and nature of the personal information that we collect about End Users may also require you to provide verifiable technical information, such as the information described in Section 1(a) above, in order to enable us to identify personal information concerning you.

  1. Privacy Policies of Participating Carriers

The privacy policies of Participating Carriers are available at the following locations: