Last updated: December 27, 2019
Special Note Regarding the Use of our Products by Children: Our products are not directed to children under the age of 16. In the case of our SafePath® Family product, children under the age of 16 may be invited to sign up for the service by a parent or legal guardian. Please see the Product-Specific Details for our SafePath products. Except as provided in connection with our SafePath Family product, if you are under the age of 16, please do not provide personal data in connection with your use of Smith Micro products. We encourage parents and guardians to go online with their children.
Table of Contents
1. Types of Data Smith Micro Collects
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a product or feature, you may not be able to use that product or feature.
The data we collect depends on the context of your interactions with Smith Micro and the choices you make, including your privacy settings, and the products and features that you use. The data we collect can include the following:
Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Demographic data. We collect data about you such as your age, gender, country, and preferred language.
Payment data. We collect data necessary to process your payment if you make purchases, such as your credit card number and the security code associated with your credit card.
Device and Usage data. We collect data about your device and how you and your device interact with Smith Micro and our products. For example, we collect:
- Product use data. We collect data about the Smith Micro products you use, including any products that you purchase and the Smith Micro web pages you visit.
- Device, connectivity and configuration data. We collect data about your device and the network you use to connect to our products. It includes data about the operating systems and other software installed on your device, including product keys. It also includes device identifiers (such as the IMEI number for phones), regional and language settings, and your IP address. Your IP (Internet Protocol) address is a number that is automatically assigned to the computer that you are using by your ISP (Internet Service Provider). This number is identified and logged automatically in our server log files whenever you visit our websites, along with the time(s) of your visit(s) and the page(s) that you visited.
- Environmental Variables. We may also collect certain environmental variables, such as your MAC address, computer type (Windows or Macintosh), screen resolution, OS version, Internet browser, and Internet browser version. These environmental variables are collected by most websites, and can be used to optimize your experience on our website.
- Error reports and performance data. We collect data about the performance of the products and any problems you experience with them. This data helps us to diagnose problems in our products that you use, and to improve our products and provide solutions. Depending on your product and settings, error reports can include data such as the type or severity of the problem, details of the software or hardware related to an error, contents of files you were using when an error occurred, and data about other software on your device.
- Troubleshooting and Help Data. When you engage us for troubleshooting and help, we collect data about you and your hardware, software, and other details related to the incident. Such data includes contact or authentication data, the content of your communications with us, data about the condition of the machine and the application when the fault occurred and during diagnostics, and system and registry data about software installations and hardware configurations.
Location data. For products with location-enhanced features, we collect data about your location, which can be either precise or imprecise. Precise location data can be Global Navigation Satellite System (GNSS) data (e.g., GPS), as well as data identifying nearby cell towers and Wi-Fi hotspots, we collect when you enable location-based products or features. Imprecise location data includes, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.
Social Media. When you interact with our products through various social media, such as when you Like us on Facebook or post a comment to our Facebook page, we may receive information from the social network such as your profile information, profile picture, gender, user name, user ID associated with your social media account, age range, language, country, friends list, and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network.
2. How We Use Personal Data
We use the data that we collect to provide our products, which includes updating and troubleshooting, providing support, and providing personalized recommendations and relevant marketing and advertising. We also use data to operate our business, which includes analyzing our performance and meeting our legal obligations.
When we process personal data about you, we do so with your consent and/or as necessary to complete a transaction or to provide a product that you have requested or authorized, to operate our business, to meet our contractual and legal obligations, to protect the security of our systems and our customers, or to fulfill our other legitimate interests as described this section and in the Reasons We Share Personal Data section below.
In particular, we use your personal data as follows:
Fulfillment of Requests and Provision of Authorized or Purchased Products. We may use your personal data to fulfill the purpose for which you provided it. For example, we will use your personal data to respond to your request for technical support, or to provide you with an ongoing service. We will also use your personal data to complete a transaction or to fulfill our contractual obligations. For example, we may use your payment information to complete an online purchase that you have initiated, and we may use your personal data to deliver a service for which you have subscribed.
Administrative Communications. We may use your personal data to communicate with you, for example to provide you with updates about your account, security updates, or important changes to our terms, conditions, and policies.
Other Communications. We may use your personal data to inform you of products, programs, services and promotions that we believe may be of interest to you. If you no longer wish to receive promotional emails, you may opt out of receiving promotional emails from us at any time by following the instructions in those messages.
Purchases. When you make a purchase through our website, we may collect your credit card number or other payment account number, billing address and other information related to such purchase from you, and may use such information in order to fulfill your purchase.
Emails to Friends. We may provide functionality to permit you to send messages regarding Smith Micro website-related content to a friend through our website. If you wish to use this feature, you will be required to provide us with, and we will use, your friend's email address in order to facilitate your sending of such message to your friend. By providing any email address to facilitate the sending of messages, you confirm that you have permission to do so.
Promotions. We may operate sweepstakes, contests and similar promotions through our websites. We typically ask you for your name and contact information when you enter a promotion and in the event that you win. You should carefully review the rules of each such promotion, as the rules may contain additional important information about our use of your personal data in connection with the promotion. To the extent that the rules of any promotion conflict with this Policy concerning our use of your personal data, the promotion-specific rules will control.
Internal Business Purposes. We also use personal data for our internal business purposes. For example, we will retain your shopping history on our website to make suggestions to you for products we believe may also be of interest to you. We also use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions about, and report on the performance of our business.
Legal Compliance. We process data to comply with law. For example, we may use customers’ ages to ensure we meet our obligations to protect children’s privacy. We also process contact information and credentials to help customers exercise their data protection rights.
3. Reasons We Share Personal Data
We share your personal data with your consent and/or as necessary to complete a transaction or to provide a product that you have requested or authorized, which may include sharing your data with third parties performing services on our behalf. We will also share data if required by law or to respond to legal process, to protect our customers or to protect our rights or property.
4. How We Protect Your Personal Data
Smith Micro uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, to notify those individuals whose information may have been compromised, and to take such action as may be required by applicable laws and regulations.
5. How to Access and Control Your Personal Data
You can view, edit or delete your personal data online for many of our products. In connection with the use of certain of our products, you can also make choices about our collection and use of your data. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a product or feature, you may not be able to use that product or feature. How you can access or control your personal data will depend on which of our products that you use.
My Smith Micro Online Store. If you have an account with our online store at my.smithmicro.com, and wish to access, edit, or delete your personal data or payment information, you can do so by visiting my.smithmicro/personal-data.
SafePath. If you are a user of our SafePath service, you have procured this service through your wireless or cable service provider, and the terms of your use are as established by your service provider. To modify your account information, update or amend your personal information, or change your password, please log into the account that you have created through your service provider. If you have any questions about reviewing or modifying your account information or if you wish to cancel your account, please contact your service provider directly.
If you cannot access certain personal data collected by Smith Micro via the links above or directly through the Smith Micro products you use, you may contact us at firstname.lastname@example.org. We will respond to requests to access or delete your personal data within 45 days.
Opt-Out. If you receive a marketing-related email from us and do not wish to receive further marketing-related emails from us, you may opt-out by following the unsubscribe instructions at the bottom of such message. If you have one or more accounts with us in connection with our products, you may also choose to unsubscribe by logging in and modifying your profile for the applicable Smith Micro product. If you have more than one account with us, you will need to update your choices for each account. We will endeavor to comply with your request as soon as reasonably practicable and in any event as required by law.
6. Other Important Notices Regarding Our Privacy Practices
Below you will find additional privacy information that you may find important or helpful to your understanding of how we collect and use your personal data.
Pixel Tags. We and our service providers may also use so-called "pixel tags," "web beacons," "clear GIFs," or similar means (collectively, "Pixel Tags") in connection with our website pages and HTML-formatted email messages to, among other things, track the actions of website users and email recipients, to determine the success of marketing campaigns and to compile aggregate statistics about website usage and response rates. A Pixel Tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to website visitors and may be associated with cookies on the visitors' hard drives. Pixel Tags allow us to count users who have visited certain pages of our websites, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can tell the sender whether and when the email has been opened.
Transfer, Processing and Storage of Personal Data. Our websites and certain of our other products are operated in the United States of America. We may process the personal data that we collect in your region, in the United States, and in any other country where we or our affiliates, subsidiaries, or service providers operate. We take steps to ensure that the data we collect under this Policy is processed according to the provisions of this Policy and the requirements of applicable law.
We transfer personal data from the European Economic Area to other countries, some of which have not yet been determined by the European Commission to have an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections with respect to your data.
We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If third-party agents process personal data on our behalf in a manner inconsistent with the principles of the Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
If you have a question or complaint related to our participation in the EU-U.S. Privacy Shield, we encourage you to contact us at email@example.com. For any complaints related to the Privacy Shield framework that we cannot resolve directly, we have chosen to cooperate with the relevant Data Protection Authority, or a panel established by the European data protection authorities for resolving disputes. As further explained in the Privacy Shield Principles, binding arbitration is available to address residual complaints not resolved by other means.
Security. We seek to have security measures and tools (such as firewalls, digital SSL certificates, intrusion detection systems, and database encryption) in place to help protect against the loss, misuse and alteration of the information under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. As a result, although we strive to protect your data, we cannot ensure or warrant the security of any information you transmit to us through or in connection with our websites or that is stored by us. You acknowledge and agree that any information you transmit through our websites or upload for storage in connection with our websites is so transmitted or stored at your own risk. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem by contacting us at firstname.lastname@example.org or at our physical address at 5800 Corporate Dr., 5th Floor, Pittsburgh, PA 15237, Attention: Privacy (note however that if you choose to notify us via physical mail, this will delay the time it takes for us to respond to the problem).
Retention Period. We will retain your data for the period necessary to fulfill the purposes outlined in this policy unless a longer retention period is required by law and/or regulations.
Jurisdictional Issues. We host our websites from the United States, and our websites are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States. We do not represent or warrant that our websites, or any part thereof, are appropriate or available for use in any particular jurisdiction other than the United States. Those who choose to access our websites do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. We may limit the availability of our websites, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. By using our websites and submitting any personal data in connection with such use, you consent to the transfer of your submitted personal data to other countries, such as the United States, which may provide a different level of data security than in your country of residence.
Notice to California Residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with the additional rights described below. You may exercise any of the rights described in this section by contacting us at email@example.com. Please reference “CCPA” in your subject line. These instructions are also available by calling our toll-free CCPA hotline at 833-606-0138. Please note that we may ask you to verify your identity before taking further action on your request.
- • Right to Access: You have the right to know and access what data we have collected about you over the past 12 months, including:
- o The categories of personal information we’ve collected about you;
- o The categories of sources from which the personal information is collected;
- o The business or commercial purpose for collecting your personal information;
- o The categories of personal information about you which we shared;
- o The categories of third parties we have shared information to; and
- o The specific pieces of personal information we have collected about you.
Note that we do not sell personal information.
- • Right to Delete: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same). In some instances, however, we may decline to honor your request where an exception applies.
- • Other Rights: You also have the right not to be discriminated against for exercising any of the rights listed above.
Contacting Us. If you have any questions regarding this policy, please contact us by email at: firstname.lastname@example.org or mail us at:
Smith Micro Software, Inc.
5800 Corporate Drive
Pittsburgh, PA 15237
Please note that email communications will not necessarily be secure; accordingly you should not include credit card information or other sensitive information in your email correspondence with us.
a. Smith Micro Websites
b. SafePath Platform