Privacy Policy

Last updated [Monday, Dec 16th, 2019]
Effective: April 14th, 2022

Introduction

This Privacy Policy describes how Embody collects, uses and discloses information, and what choices you have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make the Privacy Policy clearer and more understandable by organizing it into the sections listed in the Table of Contents below;

Providing a series of examples that help illustrate how the policies may be implemented by Embody and;
Defining and capitalizing a few terms that are used more than once for simplicity and brevity.

When we refer to “Embody”, we mean the Embody entity that acts as the controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.

Table of Contents

Applicability of this privacy notice
Information we collect and receive
How we store your information
Our stand on sharing and disclosing information
Security
Age Limitations
Identifying the data controller and data processor
Your information protection rights
Changes to our privacy policy
Contacting data protection authority
Contacting Embody

Applicability of this privacy notice

This Privacy Policy applies to Embody’s Immerse APIs including the associated Embody mobile and desktop applications for example plugins, drivers, game packs, SDK and libraries (collectively, the “Services”), embodyvr.co, embodyvr.io and other Embody websites (collectively, the “Websites”) and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Embody. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of Embody’s business.

Information we collect and receive

Embody may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways. The following table lists the type of information being collected for different Embody products and services.

Service/Product	Information
Immerse API	Customer, Account, Device, Location, Log, Services Metadata
Immerse Gaming	Customer, Account, Authentication, Device, Location, Log,Services Metadata, Third Party Provider, head and eye-tracking data
Immerse Plugin	Customer, Account, Authentication, Device, Location, Log,Services Metadata
Embody Shopping Cart	Third Party Provider, Cookies
Embody Website	Third Party Provider, Cookies

Customer Information: In order to experience spatial audio that is personalized to every user, customers submit a photograph of their right ear to Embody.

Other Information:

Account Information: To start using the service, the users supply Embody with information about their email address and the name of the OEM partner that is providing the service.

Authentication Information: Embody authenticates a user as a trial and / or a paid user. For a paid user, Embody records the details of the transaction which includes the name of the OEM provider, the type of the product and the amount paid.

Device Information: Embody collects information about devices accessing the Services, including type of device, what operating system is used, device settings, audio settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information often depends on the type of product used, name of the OEM provider, type of the device used and its settings.

Location Information: Embody receives information from the user that helps us approximate the location. We may for example use the name of the OEM provider and the Internet Protocol (IP) address received from your browser or device to determine an approximate location.

Head Tracking Data: Embody collects head and eye-tracking data in real-time, without storing any video recordings, and without collecting any other personal information during this process.

Log data: As with most websites and technology services delivered over the Internet, Embody's servers automatically collect information when you access or use our Websites or Services and record it in log files and database. This log data may include the IP address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
Cookie Information: Embody uses cookies and similar technologies in our Websites and Services that help us collect Other Information. The Websites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Websites and Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy.

Services Metadata: Embody collects information about the type and version of external or internal service used. Example of external services are Immerse Gaming, Immerse API, SpatialMix etc. Example of internal services include micro services that support creation, update and download of the personalized head response transfer function(HRTF). Embody also receives information on the status and settings of the HRTF.

Third Party Providers: Embody uses third party providers, for example Shopify to process payments and SquareSpace to host part of its web services. These services use cookies and other tracking technologies to maintain functionality and security. For details on their cookie and privacy policy, please visit the following links.

Additional Information: We receive additional information if you participate in a focus group, data collection and validation activity, apply for a job, request support, interact with our social media accounts, interact with our products at a public or a private event, or otherwise communicate with Embody.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as email and image of the right ear are not provided, we may be unable to provide the Services.

How we store your information

Embody anonymously stores the customer information i.e the photo of the user from the storage of the other information on third party serves. This is done by separating the storage of the user’s image and the other user-specific information. The name of the OEM provider and the user details are hashed to protect the identity of the user’s image. Embody may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Embody to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements. Below is the network and system configuration detailing client communication with Embody servers.

Figure 1. Network & system configuration showing client communication with the Embody server.

How we use your information

Embody uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, Embody uses Other Information:

To provide, update, maintain, troubleshoot and protect our Services, Websites and business.
As required by applicable law, legal process or regulation.
To communicate with you by responding to your requests, comments and questions.
To provide a better listening experience
To send emails and other communications
To investigate and help prevent security issues and abuse.

Our stand on sharing and disclosing information

Research: Embody may use an anonymized images of users in research, for example: training of machine learning models to predict a personalized HRTF.

Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide data annotation, virtual computing and storage services.

During a Change to Embody’s Business: If Embody engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Embody’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.

Aggregated or De-identified Data: We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Embody investor or customer on the engagement and experience of users with personalized HRTF.

To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Slack or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
With Consent. Embody may share Other Information with third parties when we have consent to do so.

Security

Given the nature of communications and information processing technology, Embody cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

Age

To the extent prohibited by applicable law, Embody does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. For more information on acceptable age group, see GDPR guidelines here.

Identifying the data controller and the data processor

Embody is the data collector as well as the data processor of customer and other information. Generally speaking, the GDPR treats the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking, enabling right to access, etc. A data subject who wishes to revoke consent for his or her personal data therefore will contact the data controller to initiate the request, even if such data lives on servers belonging to the data processor. The data controller, upon receiving this request, would then proceed to request the data processor remove the revoked data from their servers. The data “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Your information protection rights

Embody’s processing of your Personal Data is subject to the General Data Protection Regulation. As Embody’s customer, you have a right to edit, delete or restrict processing of your information. You also have the right to obtain a machine-readable file containing all the data and information that we have collected and processed.

Embody relies on its legitimate interests, described above, to process your data. Embody may also process customer and other Information that constitutes your personal data for direct marketing purposes and you have a right to object to Embody’s use of your personal data for this purpose at any time.

In order to exercise any of your rights, you can send an email to privacy@embodyvr.co . Your request will be processed by the Embody privacy and security team.

Changes to our privacy policy

Embody may make changes to this Privacy Policy from time to time. As laws, regulations and industry standards evolve and change, this may require those changes, or our business may change. We encourage you to review our Privacy Policy routinely to stay informed and be aware of any changes that may be implemented. If Embody makes changes that alter your privacy rights, Embody will provide additional notice, through either email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Once any updated terms or revisions Embody’s Privacy Policy are in effect, the customer will be bound by them if the customer continues to use the Software.

Contacting data protection authority

To communicate with our Data Protection Officer, please email privacy@embodyvr.co

Data Protection Authority

Subject to applicable law, you also have the right to (i) restrict Embody’s use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:

Contacting Embody

Please feel free to contact Embody directly if you have any questions about this Privacy Policy or Embody’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at privacy@embodyvr.co or at our mailing address below:

For Customers and Authorized Users who use third party servers established for Customers in the USA and Canada:

EmbodyVR Inc.
60 East 3rd Avenue, Suite 120
San Mateo, CA, 94401
United States of America

For Customers and Authorized Users who use third party servers established for Customers outside of the USA and Canada:

EmbodyVR Inc.
60 East 3rd Avenue, Suite 120
San Mateo, CA, 94401
United States of America