2idi Privacy Policy

Overview

In this policy "2idi" refers to the i-broker and registrar services provided by 2idi Corporation, and "2idi staff", "us" and "we" refers to the 2idi staff, board members, professional advisers, volunteers and consultants, all of whom are bound by law or contract to keep information they receive as part of their assistance to 2idi confidential.

2idi is an identity services provider with the goal of providing people with complete control over their identity-related transactions. 2idi and the 2idi staff are devoted to the work of creating an environment of trust for Internet users, and that means we are striving to enhance the privacy and security techniques available to you as an Internet user.

Please note that while we repeatedly refer in this Privacy Statement to privacy in the sense of protecting the confidentiality of information relating to individual persons ("Personal Information"), we also take similar steps to protect the confidentiality of information about companies and other organizations that register for global i-names or i-numbers or otherwise participate in the global XDI community.

We want to make sure that you are informed concerning what Personal Information is collected about you, who uses it and for what purposes, what choices you have concerning communications with you and data sharing with others, how your Personal Information is secured, how you can access and update or correct the information about you, and what information about you appears in the public i-name registry.

As a global i-broker retailer, 2idi complies with all terms and requirements of the XDI.ORG XDI.ORG Global Service Provider Agreement. As a local (community) registrar and i-broker service provider, and as a California corporation dedicated to your privacy, we additionally support and comply with the requirements of the Online Privacy Protection Act as defined by the California Office of Privacy Protection.

As the XDI community and technology evolve, we will update and improve upon this Privacy Statement, as published on our principal website, http://2idi.com/. Finally, we commit to assist our customers in protecting and controlling the privacy and security of their Personal Information, and to adhere to the purpose and principles of Identity Commons, to which we subscribe. It's not just a good idea — it's at the core of our business model.

Information We Collect and How We Use It

2idi's core business model is based on user control of their Personal Information. As such, the only Personal Information we collect consists of what you choose to give us so that we can provide you with the services that you desire. At all times you have the ability to view, modify or delete the information that 2idi stores for you. As we create new services, we will offer you new ways to share specific portions of your information — often while maintaining control over how it is used — with third parties. In such cases, we will assist you in assessing the trust that you can place into such third parties that want access to your data, but ultimately, the choice is yours.

In the next few sections we describe specific cases of how and when we may collect data from you, how it is stored and for what purposes it is used.

Registrant Information

When you register a global i-name or i-number with an i-broker retailer such as 2idi, the global i-name you choose, an associated i-number, and a pointer to your i-broker is listed in the global public registry. This information, along with your account authentication credential (such as a password) is also stored by your i-broker (2idi).

When you provide additional Personal Information to 2idi as may be required by a particular service, we use, store, and share that data only to the extent necessary to provide the service you request. We keep a secure database of our registrants and provide information and updates at your request to a global public registry, as well as providing any other 2idi services you request. According to your directives, we process and collect payment for these services (see Payment section, below), provide you with authenticated access to your i-name account, publish your personally configured contact gateway, correct any technical problems with your services, investigate and resolve questions and disputes, send you notices regarding updates, renewals, and special offers. As more sophisticated i-broker services come online, you may elect to provide negotiated access to portions of your Personal Information so as to enable form filling, interest matching, address book and calendar sharing, and other services offered by us or from third parties.

2idi employs technical and organizational safeguards, including password access controls and physical security, to protect Personal Information as long as it is in our possession, and we retain Personal Information only as long as needed for the purposes listed above. 2idi will not use, sell, rent, or otherwise disclose Personal Information for any purpose without your express permission.

Payment and Credit Card (Billing) Information

Credit card transactions with 2idi are processed by Authorize.net. A professional payment authorization service was chosen for added security and reliability. Only the purchase price, product description and the credit card information provided by the customer is supplied to Authorize.net, which uses the information to process payment transactions as described in the Privacy Statement published on its website. Information about these transactions is maintained by us pursuant to state and federal laws, and is covered by this Privacy Policy. 2idi does not maintain a copy of the credit card number, except for the last four digits, on its servers.

Comments and Support Requests

2idi provides a comment and support request facility that sends information from the request, including what page it was made from, to the 2idi staff. If you desire a reply and thus include either your email address or i-name, we will store this information so that we can communicate with you until the support request has been satisfactorily handled. The remainder of the comment or support request may be stored beyond that point so that we can maintain a history of support requests and their resolution, so you may wish to take care not to include personally identifying information within the body of the message.

Surveys

2idi may ask website users to participate in surveys. In all cases, participation will be voluntary. If a survey asks for Personal Information, answering those questions will be optional. Survey responses will be seen only by the 2idi staff conducting the survey. Survey results will be made public only in the aggregate, without reference to individuals, unless an individual gives us permission to quote and attribute his or her response.

Websites and Cookies

We use log files, as most website servers do, to record certain technical information about visits to our website, including the IP address and the DNS name of the access provider (such as your Internet Service Provider), the type of browser used, referring and exit pages, platform type (where available), a date and time stamp, and possibly the number and sequence of pages visited. Unless your IP address or associated DNS name identify you specifically, none of this information reveals who you are, and we do not link it to other data in an effort to discover the identity of a site visitor. 2idi staff use this information solely to administer the site, analyze trends, and track the use of the site in the aggregate so that we can make improvements to better meet user needs. Any log data that we publish, such as the total number of hits or users in a given period, is disclosed only in an aggregate form that does not reveal personally identifiable information. 2idi deletes its log files monthly.

The 2idi website uses cookies only for the duration of a user session to maintain the integrity of the session as the visitor navigates the site, conducts searches, and posts comments or documents. Cookies are also used to enable background authentication of your i-name, though such authentications only occur when explicitly permitted or requested by you.

Email

Please use discretion in sending email messages to 2idi staff or role accounts (such as "postmaster"). 2idi will endeavor to store, use, and disclose email only as needed to answer your requests and provide services to you. But electronic mail is not a reliably secure medium of communication, and 2idi cannot guarantee the confidentiality of email messages in transit or stored on the servers of ISPs, employers, or others to whom emails may be manually or automatically routed and who are outside the direct control of 2idi.

2idi holds the names and email addresses of correspondents in the strictest confidence and will not disclose any Personal Information about email senders without their permission, unless required by law.

System Notices and Policy Updates

To receive 2idi system notices such as updates to this Privacy Policy or the Terms of Service, you must provide your email address and opt-in to the service — otherwise you won't receive anything from us. (Note that if you don't provide your email address and opt-in to receiving system notices, you may not be informed of important issues such as a dispute against your i-name — see the Terms of Service.)

Contacting 2idi about Personal Information

Please use our support form to report any privacy policy concerns or suspected violations. We will correct any errors on our part, notify third parties that obtained relevant data from us concerning any necessary corrections or deletions, and try to reach a reasonable accommodation with you with respect to any unusual privacy concerns you might have.

In the event of litigation over alleged privacy breaches by 2idi, we submit only to the jurisdiction and venue of state and federal courts located in San Francisco, California.

Compelled Disclosure

If we are required by law to disclose the information that you have submitted, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address, or by postal mail if you have entered a postal address. We will independently object to overly broad requests for access to information about users of our site. If you do not challenge the disclosure request, we may be legally required to turn over your information. Note that since the XRI/XDI privacy framework being implemented by 2idi enables your data to be stored anywhere, with your i-broker simply handling the negotiation of data access on your behalf, the actual amount of personally identifying data at 2idi can be minimal and potentially non-existent.

Notice Regarding Children

Our website, services and email discussion lists are not specifically designed for children, and we do not monitor postings or communications among participants in discussion groups for content that might be inappropriate for minors. Along with the privacy that i-names provide comes a degree of responsibility, and thus we do not encourage the registration of i-names by minors without the permission and participation of a parent or legal guardian. We will not knowingly communicate with a child under the age of 13 without parental permission. Any questions concerning this policy should be directed to our support form.

External Links

2idi websites may contain links to websites operated by other parties. 2idi does not control those external websites and cannot be responsible for their privacy practices.

Effective Date

This Privacy Policy (version 20060620.1) is effective as of 20 June 2006