Privacy Policy

This Privacy Policy describes how Embody collects, uses and discloses information, and what choices users have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make the Privacy Policy clearer and more understandable by:

  • Organizing it into the sections listed in the Table of Contents below;

  • Providing a series of examples that help illustrate how the policies may be implemented by Embody and;

  • Defining and capitalizing a few terms that are used more than once for simplicity and brevity.

  • When we refer to “Embody”, we mean the EmbodyVR Inc. entity that acts as the controller or processor of your information, as explained in more detail in the 'Identifying the data controller and processor’ section below.

     

    Table of Contents

  • Applicability of this Privacy Policy

  • Information we collect and receive

  • How we store your information

  • How we use your information

  • Our stand on sharing and disclosing information

  • Security

  • Age Limitations

  • Identifying the data controller and data processor

  • Your information protection rights

  • Changes to our Privacy Policy

  • Contacting data protection authority

  • Contacting Embody

 

Applicability of this Privacy Policy

This Privacy Policy applies to Embody’s Immerse APIs including the associated Embody mobile and desktop applications, for example plugins, drivers, game packs, SDK, mobile apps and libraries (collectively, the “Services”), embodyvr.co, embodyvr.io, embody.co and other Embody websites (collectively, the “Websites”) and customer service inquiries, user conferences (collectively, the “Support Interactions”), you may have with Embody. If you do not agree with the terms, do not access or use the Services, Websites, Support Interactions or any other aspect of Embody’s business.

Information we collect and receive

Embody may collect and receive User Information and Other Information in a variety of ways. The following table lists the type of information being collected for different Embody products and services.

privacy_policy_table1.png

User Information:

In order to experience spatial audio that is personalized to every user, users submit a photograph of their ear to Embody. The ear image is used only for the purposes listed below

  • Embody machine learning algorithms predict a personalized spatial audio profile which may be optimized or more suitable for the User than a generic spatial audio profile.

  • During Support Interactions, where the OEM or the User wants Embody to debug an is- sue with the User’s personalized spatial audio profile and grants permissions to Embody to access User's ear image.

  • Embody may use anonymized User’s ear images in research, for example: training of machine learning algorithms to improve personalized spatial audio profile prediction.

 

Other Information:

  • Email Address: To start using the Services, the Users supply Embody with their email address.

  • OEM Name: If Embody Service is delivered on an OEM device, Embody may collect in- formation about which OEM devices Users are using to access the Embody Service.

  • User Authentication Information: Embody authenticates a User as a trial and / or a paid customer. For a paid customer, Embody records the details of the transaction which include the name of the OEM device, the type of the Services and the amount paid.

  • Device Information: Embody may collect information about devices accessing the Services, including type of device, what operating system is used, device settings, audio settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information often depends on the type of product used, contract with OEM, type of the device used and its settings.

  • IP Address: Embody may receive User’s Internet Protocol (IP) address from User’s browser or device to provide User an optimal service.

  • Log Data: As with most websites and technology services delivered over the Internet, Embody's AWS and Third Party Providers servers automatically collect information when you access or use our Websites or Services and record it in log files and database. This log data may include the IP address, browser type and settings, the date and time the Services were used and browser cookie data.

  • Cookies Information: Embody uses cookies and similar technologies in our Websites and Services. The Websites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Websites and Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy.

  • Third Party Providers: Embody uses third party providers, for example AWS to process and store the data, Shopify to process payments and SquareSpace to host part of its web services. These services use cookies and other tracking technologies to maintain functionality and security. For details on their cookie and privacy policy, please visit the following links.

    • Shopify

    • SquareSpace

    • AWS

  • Services Metadata: Embody collects information about the type and version of external or internal service used. Example of external services are Immerse Driver, Immerse API, Embody plugins, game packs, SDK and libraries. Example of internal services include micro services that support creation, update and download of the personalized spatial audio profile.

  • Additional Information: We receive additional information if you participate in a focus group, data collection and validation activity with Embody, apply for a job at Embody, re- quest support from Embody, interact with our social media accounts, interact with our products at a public or a private event, or otherwise communicate with Embody.



Generally, no one is under a statutory or contractual obligation to provide any User Information or Other Information. However, certain User Information or Other Information is collected automatically and, if some information, such as Email Address and User Information are not provided, Embody may be unable to provide the Services.

 

How we store your information

Embody anonymously stores the User Information i.e the image of the User’s ear is stored separately from the storage of the Other Information on Embody’s AWS servers. This is done by separating the storage of the User Information and Other Information as illustrated in Figure 1.

API.png

User Information including user’s ear image is stored on AWS S3 storage, which is ISO, PCI and SOC compliant. User Information is also hashed to protect user’s privacy rights. Only upon receiving a request and authorization from the OEM or User to debug an issue with User’s personalized spatial audio profile, User Information including User’s ear image is cross-referenced to respective user’s Other Information. For more details on AWS S3 security policies, please visit AWS policies, architecture, and operational processes.

Other Information is stored in AWS database RDS, which is ISO, PCI and SOC compliant.

Embody may retain Other Information pertaining to the user as long as necessary for the purposes described in this Privacy Policy. This may include keeping the Other Information after users have deactivated their account for the period of time needed for Embody to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

The User communicates to the Embody server through an HTTPS connection to ensure confidentiality, authenticity and integrity. HTTPS encrypts nearly all information sent between the User and Embody’s AWS servers. Embody uses AWS to host all of it’s services and inherits AWS policies, architecture, and operational processes. Following is the list of AWS services used by Embody and their respective certification.

privacy_policy_table2.png

 

How we use your information

Embody uses the ear image only for the purposes listed below

  • Embody machine learning algorithms predict a personalized spatial audio profile which may be optimized or more suitable for the User than a generic spatial audio profile.

  • During Support Interactions, where the OEM or the User wants Embody to debug an is- sue with the User’s personalized spatial audio profile and grants permissions to Embody to access User's ear image.

  • Embody may use anonymized User’s ear images in research, for example: training of machine learning algorithms to improve personalized spatial audio profile prediction.

    Embody uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, Embody uses Other Information:

  • To provide, update, maintain, troubleshoot and protect our Services, Websites and business.

  • As required by applicable law, legal process or regulation.

  • To communicate with the User by responding to User’s support requests, comments and questions.

  • To provide a better listening experience to the User.

  • To send emails and other communications.

  • To investigate and help prevent security issues and abuse.

  • In case of an audit.



Our stand on sharing and disclosing information

  • Research: Embody may use anonymized User’s ear images in research, for example: training of machine learning algorithms to improve personalized spatial audio profile pre- diction.

  • Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process User Information and Other Information and support our business. These third parties may, for example, pro- vide data annotation, virtual computing and storage services.

  • During a Change to Embody’s Business: If Embody engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Embody’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all User Information and Other Information may be shared or transferred, subject to standard confidentiality arrangements.

  • Aggregated or De-identified Data: We may disclose or use aggregated or de-identified User Information and Other Information for any purpose. For example, we may share aggregated or de-identified User Information and Other Information with prospects or partners for business or research purposes, such as telling a prospective Embody investor or customer on the engagement and experience of users with personalized spatial audio profiles.

  • To Comply with Laws. If we receive a request for information, we may disclose User

  • Information and Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Embody or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.



Security

Given the nature of communications and information processing technology, Embody cannot guarantee that Information, during transmission through the Internet or while stored on our sys- tems or otherwise in our care, will be absolutely safe from intrusion by others. Embody will make its best effort to protect both User Information and Other Information and will protect the User Information and Other Information to a level of security it applies to its Intellectual Property.

Age Limitations

To the extent prohibited by applicable law, Embody does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. For more information on acceptable age group, see GDPR guidelines here.

Identifying the data controller and the data processor

Embody is the data controller as well as the data processor of customer and other information. Generally speaking, the GDPR treats the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking, enabling right to access, etc. A data subject who wishes to revoke consent for his or her personal data therefore will contact the data controller to initiate the request, even if such data lives on servers belonging to the data processor. The data controller, upon receiving this request, would then proceed to request the data processor remove the revoked data from their servers. The data “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Your information protection rights

Embody’s processing of User Information and Other Information is subject to the General Data Protection Regulation. As Embody’s customer, you have a right to edit, delete or restrict processing of your information. You also have the right to obtain a machine-readable file containing all the data and information that we have collected and processed.

 

Embody relies on its legitimate interests, described above, to process User Information and Other Information. Embody may also process User Information and Other Information that constitutes your personal data for direct marketing purposes and you have a right to object to Em- body’s use of your personal data for this purpose at any time.

In order to exercise any of your rights, you can send an email to privacy@embodyvr.co. Your request will be processed by the Embody privacy and security team (privacy@embodyvr.co) as per the following process complaint with General Data Protection Regulations.

Right_to_Information (1).png
  1. Verify the identity of the individual making the request. A key part of User’s rights to their information is ensuring that Embody authenticates the individual is who they say they are. Figure 2 outlines how this is implemented and achieved at Embody.

  2. Explain the implications of full erasure. Erasing all personal details will mean they no longer exist in Embody data universe, so if they reappear legitimately through say a 3rd party data provider or via a subsequent purchase, they will then be treated as a new user. This impact should be identified and explained to the Users to ensure they want actual erasure or restricted processing of their information. Figure 2 outlines how this is implemented and achieved at Embody.

  3. What to erase? All personal data of the User requesting the erasure. If Embody deter- mines that the request is valid and the User has been explained all implications of full erasure, then Embody will erase all User Information and Other Information for the re- spective User.

 

Changes to our Privacy Policy

Embody may make changes to this Privacy Policy from time to time. As laws, regulations and industry standards evolve and change, this may require those changes, or our business may change. We encourage you to review our Privacy Policy routinely to stay informed and be aware of any changes that may be implemented. If Embody makes changes that alter your privacy rights, Embody will provide additional notice, through either email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Once any updated terms or revisions Embody’s Privacy Policy are in effect, the customer will be bound by them if the customer continues to use the Services and Websites.

Contacting data protection authority

Subject to applicable law, you also have the right to (i) restrict Embody’s use of Other Informa- tion that constitutes your personal data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our Data Protection Officer at privacy@embodyvr.co or at our mailing address below:

EmbodyVR Inc.

ATTN: Data Protection Officer

60 East 3rd Avenue, Suite 120 San Mateo, CA, 94401
United States of America