Partner Data Polices

Trufina recognizes its critical responsibility to ensure that we exercise the utmost respect for the consumer's right to privacy. To this end, Trufina maintains strict adherence to the following:

- the USA Fair Credit Reporting Act guidelines

- the USA Driver’s Privacy Protection act

- the USA Gramm-Leach Bliley Act

Trufina requires that its Partners adhere to the following guidelines, which will insure that they are in compliance with the aformentioned laws and guidelines.

Trufina’s guiding principle is that Users control their account and associated information. Trufina’s platform 1) facilitates the ability for a User to have their identity attributes independently verified and stored (the database), and 2) provides the User tools to securely view, grant access to, or augment individual elements of their identity. The Trufina platform also offers a set of API’s that enable Partners to ask their User’s to verify specific identity attributes.

The below Guidelines define how a Partner will use data provided by the Trufina API software.

Guidelines

1) When using the Trufina platform, as described above, a User’s information will only be viewed, disseminated, modified, or deleted as is explicitly requested or acknowledged by the User. Additionally, User information will only be made available to Partner through the mechanisms of the Trufina API software.

2) Partner will only be given access to information in Trufina’s database when a User authorizes the Partner to access the data. The Partner fully recognizes their obligations to support and implement practices which protect the confidential nature of the information in the Trufina database, and assure respect for the consumers' right to privacy.

3) To this end, it is important that the Partner take industry standard precautions to secure their systems (hardware and software) used to access Trufina's information systems. Portions of Trufina's site make extensive use of Secure Sockets Layer (SSL) encryption, the Internet's leading encryption standard, as well as password-like identifying information. SSL is used to encrypt the information being sent between Trufina and Partner. The Partner must also ensure that all of the Partner personnel who have been granted access to User information adhere to the security guidelines provided herein.

4) The Partner will submit their current Privacy Policy and End User License Agreement to Trufina during initial Partner registration. The Partner will clearly state, to the User, their use of that User’s data, through their own End User License Agreement and Privacy Policy. Trufina will review these for compliance with the guidelines set out in this document. When a User gives Partner access to their information, the Partner’s Privacy Policy will be presented to the User for review.

5) At any time, a User may choose to revoke, deny access to, or delete their identity information, or their entire account from Trufina’s database. A User may also change, revoke or deny access by the Partner to any personal identity information previously available to the Partner from the Trufina database. If the User takes such action, Trufina will notify the Partner upon Partner's subsequent request for such information specifying the change in permissions. The Partner must modify their database to change or delete that identity information accordingly.

6) Partner will clearly label the User data provided via Trufina as ‘verified by Trufina’. Data from other sources will be clearly differentiated from data provided by Trufina.

7) Partner shall use its best efforts to ensure the confidentiality of all Partner identification keys provided by Trufina. Partner shall indemnify Trufina against any damage or disruption to Trufina’s systems or business caused by Partner’s employees, subcontractors, subcontractor employees or its clients whether as a result of their access to such systems or compromise of confidentiality or otherwise.

8) As security threats and vulnerabilities, along with the technologies and methods available to mitigate the associated risks, present an ever-changing landscape; these guidelines may periodically change.

9) Partner understands that its use of Trufina networking and computing resources may be monitored and audited by Trufina without further notice. Trufina may from time to time, upon seven days notice, audit the security mechanisms Partner maintains to safeguard access to Trufina information, systems and electronic communications. Audits may include examination of systems security and associated administrative practices.

10) In cases where the Partner is accessing Trufina’s information and systems via Trufina’s API software, the Partner agrees to have available upon request, audit trail information and management reports regarding the handling of individual User’s information.

11) Partner shall be responsible for and agrees to provide a standard of care to ensure that Trufina’s API software, which accesses Trufina’s information systems, is secure and protects against unauthorized modification, copying and placement on systems which have not been authorized for its use.

Reporting

1) An officer of Partner will notify Trufina in writing immediately if it wishes to change or modify the Partner’s End User License Agreement or Privacy Policy. If this Privacy Policy does not adhere to the above Guidelines, the Partner must remove all Trufina provided User information from their databases at Trufina’s request

2) Audit trail reports shall be made available to Trufina upon request.

3) Partner agrees to report to Trufina any compromise or suspected compromise of security that may lead to a compromise or threat to Trufina’s information systems or User’s information stored by Partner.