Circadian Risk, Inc. Privacy Policy

Last Revised: May 29, 2020

Circadian Risk, Inc. (collectively with its subsidiaries, "the Company," "we," "us," and "our,") respects your privacy and is committed to protecting your privacy through our compliance with this mobile application privacy policy (the "Policy"). This Policy should be read in conjunction with our Mobile Application End User License Agreement, into which this Policy is incorporated by reference.

This Policy describes:

  • The types of information we collect from you or that you may provide when you use the Vulnerability Inspection Application, (including all related documentation, the web Portal, and website available at https://www.circadianrisk.com/, collectively, the "Application").
  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, then please do not use our Application. By using our Application, you agree to the terms of this Policy. This Policy may change from time to time (see below, "Changes to this Policy"). Your continued use of our Application after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

What We Collect and How We Collect It

To ensure that we provide you with the best possible experience, we will store, use, and share information about you in accordance with this Policy.

Information You Provide to Us

Personal Information is any information that can be used to individually identify you from a larger group, such as data including, but not limited to, your:

  • first and last name
  • email address
  • credit card information
  • organization name
  • building location
  • campus location
  • information that is collected via camera footage
  • information that you provide in open text boxes

You may provide us Personal Information when you:

  • request information
  • schedule a demonstration
  • submit an employment application
  • subscribe to our emails
  • register yourself with the Application.

The information that you provide in each case will vary. In some cases, we may ask you to create a username and password that should only be known to you. Additionally, all credit card transactions are handled by a contracted third-party PCI-DSS compliant data processor, such as Stripe, which is responsible for processing and securing your credit card information.

You should also understand that some of the Personal Information we collect may be related to health records, diagnoses, and patient conditions. Company is not a health provider. Company is a business that provides security and vulnerability risk assessment for businesses. Unless otherwise established by an agreement between Company and a Covered Entity (i.e., a doctor, pharmacy, or insurer) as defined by the Health Insurance Portability and Accountability Act ("HIPAA"), Company does not collect "Protected Health Information" as defined under HIPAA. Therefore, such information is not entitled to the same regulated protections set forth under HIPAA. Regardless, your information will be handled in accordance with this Policy.

In addition to Personal Information, the Application may also collect information that could be considered sensitive with respect to an organization's security ("Customer Data"). Examples of Customer Data may include floorplans, camera footage, and vulnerability assessments. All Customer Data will be handled in accordance with this Policy, as well as the terms of the End User License Agreement and any applicable Master Services Agreement and Business Associate Agreement.

Automated Information Collection

When you download, access, and use the Application, the Application may also use technology to automatically collect non-Personal Information such as information in the following categories:

  • Usage Details: When you access and use the Application, we may automatically collect certain details about your access to and use of the Application, including location data, any Application screens accessed, and possibly application activity logs.
  • Device Information: We may collect information about your mobile device and Internet connection, including your device's IP address, operating system, browser type, mobile network, or carrier information.
  • Location Information: The Application collects and stores locally real-time information about the location of your device through a "use current location" feature. This information is collected at the street-level by the Company.

One of the Company's trusted third-party partners is Google Analytics. The Application sends aggregated, non-Personal Information to Google Analytics for the purpose of providing Company with the ability to conduct technical and statistical analysis on the Application's performance. For example, the Application may send your location at a street-wide level, your device's operating system, your internet service provider, which screens have been viewed within the Application to Google Analytics. For more information on how Google Analytics supports the Application and uses information sent from the Application, please review Google's privacy policy available at https://www.google.com/policies/privacy/partners/.

Do Not Track Disclosure

Other than as disclosed in this Policy, the Application does not track users over time and across third-party websites to provide targeted advertising. Therefore, the Application does not operate any differently when it receives Do Not Track ("DNT") signals from your internet web browser.

Your Choices and Selecting Your Privacy Preferences

We want to provide you with relevant information that you have requested.

If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Any transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.

We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the "unsubscribe" link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.

Any such communications you receive from us will be administered in accordance with your preferences and this Policy.

Accuracy and Access to Your Personal Information

We strive to maintain and process Personal and Customer Information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ technologies designed to help us maintain information accuracy on input and processing.

Where we can provide you access to your Personal and Customer Information in our possession, we will always ask you for a username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.

To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that screen, or contact us directly for assistance. Some Customer Information changes may need to be discussed through contact directly with Company.

Information of Minors

We do not intentionally seek to gather information from individuals under the age of eighteen. We do not target the Application to minors, and would not expect them to be engaging with our Application or services. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.

How We Use Your Information

The information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to:

  • Assisting you with items such as personalized experiences, facilitation of product usage, and enforcement of our End User License Agreement.
  • Preventing malicious activity and providing you with a secure experience.
  • Providing service and support for services you request.
  • Providing marketing communications that are effective and optimized for you.
  • Keeping you up-to-date with the latest benefits available from us.
  • Preventing unwanted messages or content.
  • Measuring the performance of our marketing programs.
  • Contacting you about services and offers that are relevant to you.

How We Share Your Information

We do not sell or lease your information to any third party. We may disclose your Personal Information to our trusted third-party business partners in accordance with this Policy. We work with a number of partners that help us process your requests, deliver customer service and support, send email marketing communications, and provide experiences that you have come to expect from us. We will share your Personal Information with these third parties in order to fulfill the service that they provide to us. These third-party partners are under contract to keep your Personal Information secure and not to use it for any reason other than to fulfill the service we have requested from them.

California Residents. We will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.

Except as described in this Policy, we will not share your information with third parties without your notice and consent, unless it is under one of the following circumstances:

  • Responding to duly authorized information requests from law enforcement or other governmental authorities.
  • Complying with any law, regulations, subpoena, or court order.
  • Investigating and helping prevent security threats, fraud, or other malicious activity.
  • Enforcing or protecting the rights and properties of the Company or its subsidiaries.
  • Protecting the rights or personal safety of the Company's employees.

There are circumstances where the Company may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be necessary to share or receive Personal Information with prospective or actual partners or affiliates. In such circumstances, the Company will ensure your information is used in accordance with this Policy.

Third-party Websites and Application
This Policy does not apply to websites, applications, or other domains that are maintained or operated by third parties or our affiliates. Our Application may link to third-party websites, applications and services (such as social media services and the Apple App Store), but these links are not endorsements of these sites applications, and this Policy does not extend to them. Because this Policy is not enforced on these third-party websites or applications, we encourage you to read any posted privacy policy of the third-party website before using the service or site and providing any information.

For Application Users Outside of the United States

Some users of the Application may be located outside of the United States. To provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.

For Application Users in the European Union ("EU")

Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or "GDPR"), individuals in the EU are afforded specific rights with respect to their Personal Information, or "personal data" as defined under the GDPR. For the purposes of this Policy, the Company operates as a data controller. Any personal data we collect from you is processed in the United States and under the terms of this Policy.

Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.

You can exercise any of the following rights by notifying us as described below:

  • Access. You may email us at [email protected] to request a copy of the personal data our Application databases currently contain.
  • Correction or Rectification. You can correct what personal data our Application database currently contains by accessing your account directly, or by emailing us at [email protected] to request that we correct or rectify any personal data that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause information to be incorrect. Where applicable, we will ensure such changes are shared with trusted third parties.
  • Restrict Processing. When applicable, you may restrict the processing of your personal data by submitting a request via email to [email protected] In your email, please explain how you wish us to restrict processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
  • Object to Processing. When applicable, you have the right to object to the processing of your personal data by submitting a request via email to [email protected] When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
  • Portability. Upon request and when possible, we can provide you with copies of your personal data. You may submit a request via email to [email protected] When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
  • Withdraw Consent. At any time, you may withdraw your consent to our processing of your personal data through the Application by notifying us via email at [email protected] Using the same email address associated with your Application account, simply type the words "WITHDRAW CONSENT" in the subject line of your email. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop processing your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
  • Erasure. If you should wish to cease use of our Application and have your personal data deleted from our Application, then you may submit a request by emailing us at [email protected] Upon receipt of such a request for erasure, we will confirm receipt and will confirm once your personal data has been deleted. Where applicable, we will ensure such changes are shared with trusted third parties.
  • Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in a European Union member state, you may also lodge a complaint with the supervisory authority in your country.

Safeguarding the Information We Collect

We take reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.

Changes to this Policy

If we make any changes to this Policy, a revised Policy will be posted on this screen and the date of the change will be reported in the "Last Revised" block above. You can get to this page by clicking on the "Privacy Policy" link (usually at the bottom of the screen).

How to Contact Us

We value your opinions and welcome your feedback. To contact us about this Policy or your Personal Information, please contact us at

248-599-1935
301 E. Liberty Street
Suite 701
Ann Arbor, MI 48104

23896975.1