Privacy Policy

Last updated: October 29, 2024
 

This privacy policy describes the information Anonyome Labs, Inc. collects and how we use it within the applications, services, and websites. In addition to Anonyome Labs, Inc., all subsidiaries of Anonyome Labs, Inc. also adhere to the content in this privacy policy.

Introduction – Take Control of Your Privacy

This Privacy Policy tells you how we (Anonyome Labs, Inc.) collect, use and share the personal information we collect from users of our websites, including https://anonyome.comhttps://sudoplatform.comhttps://mysudo.com, https://reclaim.mysudo.com, https://support.mysudo.com and https://privacyfiles.com (the “Websites”), our mobile applications (each an “Application”) and online services (“Services”).

Summary

We build our apps with a single intent: Give the user control. This philosophy guides everything we do.

  • We will only ask you for personal information necessary to use our services. In some cases, this is required by industry or government regulations.

    • We use security measures, including encryption, to protect the confidentiality of your data.

      • We mandate that you use our applications and services in a lawful and respectful way. We refer to this as “responsible anonymity”.

      • We do collect anonymized data about how our Applications perform, how areas of the Applications are favored by users, and other performance-based metrics. We do this to improve our product and services. You may opt-out of this in the Application’s settings.

      • We do not sell, trade, or exchange personal information with third parties, and never will.

      • We have no way – nor any desire – to track the precise location of our users.

      User Consent
      By submitting personal information through our websites, Applications or Services, you agree to the terms of this Privacy Policy and you expressly consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy. If you do not agree with our policies and practices, you can choose to stop using our websites, Applications and Services.

      A Note to Users Outside of the United States
      If you are a non-U.S. user of our websites, by visiting the websites and providing us with data, you acknowledge and agree that your personal information may be processed for the purposes listed in this Privacy Policy. In addition, your personal information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your data, you consent to such transfer.

      Anonyome Labs, Inc. complies with the EU-U.S. Data Privacy Framework (including the UK Extension) and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and the United Kingdom, and/or Switzerland to the United States, respectively. Anonyome Labs’ Data Privacy Framework statement is available here.

      The Information We Collect

      Applications and Services
      When you use an Application, we will collect the information that you voluntarily provide to us. For example, when you contact us via email, you are providing an email address and email content, and we use this information in order to communicate with you.

      The virtual cards capability (“Virtual Cards”) and telephony services from some countries offered in our Applications require by law that we verify your legal identity before you can use the capability. In these cases, you may be required to provide your name, address, date of birth and government issued identification document. For telephony services from some countries, you may also be required to provide a non-MySudo telephone number as part of the identity verification process. For Virtual Card services, you will also need to provide information about a funding source for virtual card transactions, such as your credit or debit card, bank account and billing address details. Your legal identity is associated with your Application account only if you use these capabilities.

      The Private Contact Matching capability offered in our Applications provides the option for you to identify who from your device contacts is also using our Applications, so you can easily communicate with them privately and securely. Use of this capability requires your explicit consent in our Applications to search for matches and to be matched in others’ searches. You may also withdraw your consent to participate in this capability from the settings in the Application. To use this capability, you are required to grant the Application access to your device contacts for the purpose of private contact matching. You may provide a telephone number so that other Application users may match with you based on having that telephone number in their contacts. If you choose to use this capability, the Services will send you an SMS to verify your access to the telephone number you provide. You can read more about how your telephone number data is protected in this article: https://support.mysudo.com/hc/en-us/articles/360006496654-What-data-and-metadata-is-collected-stored-by-MySudo-

      When using the VPN Application, we do not log the sites you visit, data transmitted or received with those sites, or the IP addresses from which you connect to the VPN servers.

      When using the Personal Data Removal capability in an Application, you will be required to provide the email address of your account in your email provider. You will also be required to authenticate to your email provider to prove you are in control of the email account. Your password or other authentication credentials for your email account are provided to your email provider as part of a standards based single sign-on flow and are not provided to the Services. When your request the Personal Data Removal capability to analyze your mailbox, you will be asked to grant view-only permissions to access the metadata of your email messages. If you agree to grant these permissions, an access token will be provided from your web browser to the Services for the purpose of analyzing the digital identity footprint based on your email messages. The access token is not retained in the Services.

      As is typical of most online services, we automatically collect certain technical data and information that we use to provide and make our Services better. When your Application instance accesses our Services, we store certain information about your requests including date/time, type of request (e.g., send SMS), application version and IP address. We use this information to ensure the integrity and security of our services. This information does not allow Anonyome Labs to associate requests with existing mobile subscriber information including name and address.

      We collect non-personally identifying information about your Application download such as date/time, application store region and application version. We use this information to make our Services better. This information does not allow Anonyome Labs to associate a download with a mobile platform user, e.g., an Apple ID or Google account.

      If enabled in the privacy settings of our Applications, we collect non-personally identifying information about how users use our Application and Services, to improve them. We use Braze and Statsig for this purpose. To modify this setting, read more in this article:  https://support.mysudo.com/hc/en-us/articles/360057400514–How-do-I-disable-opt-out-of-App-Analytics-

      When we advertise our Applications and Services, we collect and process information about the performance of those advertisements, to make decisions about the effectiveness of that advertising. The information processed is only in aggregate – we are unable to associate an Application account with an advertising campaign.

      Information you provide is stored in systems located in the United States. This is the case for both Anonyome controlled systems as well as those of the third-party services mentioned above. We retain this information in the Service for a limited period to maintain our quality of service and handle support requests. You may read more about data retention in this article: https://support.mysudo.com/hc/en-us/articles/360006599413-How-long-do-you-store-information-

      If you choose to accept Push Notifications from our Applications, we store a unique identifier that is only for the purpose of sending notifications via Apple (iOS) or Google (Android) to our Applications on your device and doesn’t allow Anonyome Labs to identify your mobile device’s serial number, SIM phone number or information regarding your Apple ID or Google account.

      Anonyome Labs neither retrieves nor processes information about your Application identities from sites or services external to the Applications and Services.

      Websites
      We store and process certain information that is provided automatically as part of your Web browser accessing our websites. This information includes data/time, IP address, requested URL, referring URL, browser type and browser language/locale. We use this information to analyze trends, administer the websites and to better tailor our websites to our users’ needs.

      We use technology to protect our web sites from spam and other forms of abuse. This does not allow us to know the identity of who is accessing our web sites.

      We collect non-personally identifying information about how users use our web sites, to improve them. We use Statsig for this purpose.

      If you choose to provide your email address to subscribe to privacy, security and cyber safety tips, your email address will be stored and processed on the Marketo platform.

      The MySudo Support Site (https://support.mysudo.com) is hosted on the Zendesk platform. If you choose to participate in the Community feature of this site, you are required to create an account to post messages. Creating an account requires that you provide an email address. This email address is not used by us to contact community users directly.

      Candidate Data
      Thank you for considering a career at Anonyome.  To apply for a role at Anonyome, we may ask that you provide us with some personal information. We will collect and process the information you provide to assess your suitability, aptitude, skills, and qualifications for employment.

      How We Use Your Information

      The purpose of our Applications and Services is to allow users control of their information so they can decide and control when to share their information with others. Generally, it is up to you how your information is shared, what information is shared, and with whom.

      We use your personal information to: (a) provide you the Services that you request; (b) improve the quality of experience you receive when you interact with our websites, Applications and Services; (c) send you administrative email notifications, such as security, support, and maintenance advisories; and (d) respond to your inquiries.

      When you use the Applications and Services, we will share your Sudo information with those third parties designated by you to facilitate the services you are using. For example, if you send an email from a Sudo, your Sudo email address is sent to the receiving email server as part of delivering the email.

      We may disclose information if we have a good faith belief that such disclosure is necessary a) to comply with relevant laws and lawful requests by public authorities, including to meet national security or law enforcement requirements; b) to protect the rights and property of Anonyome Labs, Inc. and/or c) to protect users of the websites, Services and Applications. We refer to this as “anonymity with recourse”.

      We will share your legal identity information with law enforcement agencies in response to a proper and lawful request, such as a subpoena or search warrant. We will not use your legal identity information to communicate with you, nor will we ever sell that information to a third party.

      Virtual Cards

      If you choose to use Virtual Cards, we use the personal data you provide to verify your legal identity. This requires that we share that information with a third-party service provider, GBG IDology, to perform the identity verification. We may share your legal identity information with our issuing bank partners as required by local and/or federal banking regulatory requirements. In addition, the contents of your Virtual Cards related support requests may be shared with our issuing bank partners, as required by their quality control processes. Our issuing bank partners will retain this information for five years.

      When you authorize use of your existing credit card or bank account as a funding source for your virtual cards, information is sent from your device to our payment processors as evidence of your agreement to debit your funding source. That information includes your credit card number, credit card billing address, credit card expiration date, IP address and mobile device user agent at the time you provide your authorization.

      It may be necessary for us to share some of your personal information with a merchant if you open a dispute for a virtual card transaction. In these cases, we only share what is necessary to resolve the dispute.

      Telephony

      If you choose to use telephony services from some countries, we use the personal data you provide to verify your legal identity. This requires that we share that information with the service provider for that telephony number to perform the identity verification. The personal data you provide for this purpose will be retained by the service provider for up to 30 days after your account is closed.

      If you provide your telephone number or choose to give permission to access your device contacts to use the Private Contact Matching capability, we will use that information for this sole purpose. Retention and use of this information is limited to the minimum required to provide this capability. We will use your telephone number to verify that you are its owner, and will we never share or sell that information to a third party. We will use your device contact information to append Sudo contact details to those of your device contacts that use the Applications and are also participating in Private Contact Matching. The device contact data you provide is only retained in the Services while matching is being processed and is not retained after the matching has been completed. If you withdraw your consent to participate in this capability, no further matches will be added to your device contacts and your details will not appear as a match to others in subsequent processing.

      Personal Data Removal Services

      The email address you provide to use this capability is stored for the purpose of uniquely identifying your use of this capability. Notifications essential to your use of this capability will be emailed to the email address you provide.

      If you choose to grant permissions for this capability to access your mailbox, the access granted will be used to access and retrieve the metadata of email messages in your mailbox. The metadata attributes include date, from address, to address, email subject, and other email message headers. The email bodies cannot be accessed with the permissions requested of you by this capability.

      For email accounts provided by Google, we handle that data consistent with the Google API Services User Data Policy. User data obtained through Google Workspace APIs are not used to develop, improve, or train generalized / non-personalized Artificial Intelligence (AI) or Machine Learning (ML) models. Sensitive data obtained through the Google Workspace APIs are not shared with third parties, are encrypted at rest using AES-256 encryption, and encrypted in transit using Transport Layer Security (TLS) with strong cipher suites.

      Your Choices Regarding Your Information

      You have several choices regarding use of information on our Services.

      Under regulations including the European Union’s General Data Protection Directive and the California Consumer Privacy Act (including amendments by the California Privacy Rights Act), users may have certain legal rights to access certain information that Anonyome Labs, Inc holds about them and to request erasure of that information. To exercise those rights, these users may contact Anonyome Labs, Inc. at support@anonyome.com with their request. Anonyome Labs respects users who choose to exercise their rights under such regulations.

      If you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you can opt-out by following the unsubscribe instructions provided in the e-mail you receive, or by contacting us directly (please see Contact Us below). Despite your indicated e-mail preferences, we may send you essential service-related communications, including notices of any updates to our Terms of Service or this Privacy Policy.

      You can stop all collection of information by the Applications by uninstalling the Applications. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

      Third Party Websites

      The websites may contain links to third party websites. When you click on a link to any other website or location, you will leave our website and go to another site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and cannot be responsible for these third-party websites or their content.

      Contact Us

      Do you have any comments, complaints, concerns, questions, requests, or suggestions, about our data collection or processing practices, or about this Privacy Policy? Email us at support@anonyome.com.

      If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request