Key Principles
First things first: we use apps and websites like these, too. We want our information to be safe when we use other services, and we want you to know that your information is safe when you use ours. That's our bottom line, and we want to know if you ever feel like that's not the case.

Because your privacy is our top priority, we:

• Do encrypt your data whenever it is stored or moved between parts of our service
• Do minimize the information that anyone else using our Service can see about you

• Don't ask for personal information unless we can properly secure it
• Don't store personal information on our servers unless it’s required for us to provide you this Service
• Don't share your personal information with anyone without your permission, except to develop and provide our Service, comply with the law, or protect your rights and ours

Here is our privacy policy, which incorporates the above principles:

Introduction
This Privacy Policy applies to Amity mobile apps, websites, and other software components (“our Service”). It is our policy to respect your privacy regarding any information we may collect while you are using our Service. If you have questions about this policy, please contact Copiri at support@copiri.com.

Definitions
Throughout this privacy policy we’ll talk about two different types of data: PII and non-PII. Here’s what we mean by each:

• Non-Personally-Identifying Information (“Non-PII”) is any piece of information, or any group of pieces of information, that does not in and of itself identify a specific person. Non-PII is often tangential: the fact that you have a nose, for example, is something about you that can be confirmed when someone already knows who you are; it does not, however, uniquely identify you on a planet full of other people with noses.
  
  
• Personally-Identifying Information (“PII”) is any piece of information, or any group of pieces of information, that can be used to identify a specific person. PII can enter our Service through a variety of methods, and can be entered by you, by us, by administrators of our Service, or by other users. No matter how we receive PII, however, we will store and process it in accordance with this privacy policy.

Non-PII we collect and how it is used
As you use our Service, we collect information about your usage. This information is typically of the sort that browsers and servers make available, such as browser type, language preference, referring site, the date and time of your request, etc. Our purpose in collecting non-PII is to better understand how you are using our Service. From time to time we may release non-PII in the aggregate (for example, by publishing statistics about how many people have visited our site in the last 30 days).

PII we collect and how it is used
When you choose to use our Service, we ask for information that can be used to uniquely identify you: PII. The amount and type of PII that we gather depends on how you choose to use our Service. If you use Amity, for example, we ask for your name, email address, and Lodge/Grand Lodge affiliation, at a minimum. Depending on the features of our Service that you use, we may ask for more; we can’t show you nearby Lodges, for example, unless you give us your location. In any case, we only collect enough information as we need in order to fulfill the purpose of your use of that part of our Service. You can always refuse to provide the information we ask for, but that may prevent you from being able to access parts of our Service.

If you choose to use our Service in a way that requires specific permissions or PII, we will also restrict the use and storage of the PII we receive as much as possible. For example: if you choose to provide us with your location in order to find other Masons near you, this service runs in the background and even when the app is closed. Your location data does not leave your device, however, and is not stored or processed by Copiri. On the other hand, when you search for nearby Lodges, we do send your location to our servers to find them. This only happens when you request it, though, and is not collected in the background or when the app is off.

Data we collect that may be PII
We also collect information about your usage that could be PII. This includes data like your Internet Protocol (IP) address (as part of our web server’s standard logging process) or your location (when you have enabled location services in your app or browser). We use this information to do things like fight spam, troubleshoot geographically-localized problems, and provide you with the parts of our Service that require it. Whether or not this data can uniquely identify you, though, we treat it as if it can.

PII You Provide to Third Parties
In some cases we provide Amity-branded services of third parties for increased security, and in those instances you are providing your PII directly to that third party. For example, we do not collect or store your credit card information when you make a purchase; rather, we work with our credit card processor, who is certified to perform these functions, to allow you to provide the information directly to them. This approach increases security for you, and our agreement with any such third party includes a restriction on using your PII for any other purpose than the action in question.

Aggregated Statistics
We collect data about your (and other Masons’) behavior as you use our Service, in order to understand and improve your experience. This data may contain PII and/or non-PII. We may then anonymize the data by removing the PII and aggregating it into general statistics. We may then display the statistics publicly (for example, which parts of our Service are most popular?), or provide them to others, such as your Lodge or Grand Lodge.

How we protect your PII
Our baseline policy is that we do not disclose PII to anyone. We don’t rent it, we don’t sell it, and we don’t give it away. There are times where sharing is necessary, though, and for those times we have developed strict processes to make sure that your PII remains protected. So, let’s be really clear about this:

• We may share your PII with the Lodge(s), Grand Lodge(s), or other bodies that you claim membership in. This is necessary in order to verify your membership, and since your use of this Service is in the context of such membership. We restrict the amount of PII shared to the greatest extent possible, and share only the data that we believe in good faith to be necessary in order for the body in question to support your membership. Data such as the contents of chats, payment details, etc. do not meet this threshold.
  
  
• We may share your PII with our employees, partners, or vendors… but only if they (a) need to know that information in order to process it on our behalf (for example, a credit card processor for dues payments), and (b) have agreed not to disclose it to others. In addition, if this type of situation arises, we provide only the PII that is absolutely necessary, and no more.
  
  
• Because we provide our Service to Masons like you all over the world, some or all of our employees, partners or vendors may be located outside of your home country; by using our Service, you agree that your PII can be transferred to them, in their home country, so that they can do their jobs. All of our employees, partners, and vendors have committed to uphold this policy and protect your data.
  
  
• We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
  
  
• We may access, preserve and share information when we have a good faith belief that it is necessary to detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm.
  
  
• You may also choose to share your PII with other users, and in this case you are responsible for deciding what is shared and with whom. When you choose to interact with other users, such as by providing your King Solomon's Pass QR Code for them to scan, you are making the active decision to share your personal information with others. Whenever we provide the option for you to share your personal data, we also provide an option for you to limit that sharing. In King Solomon's Pass, for example, you are able to lock your Pass so that no personal information is shown when your Pass is scanned.

Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, and in the case where our legal basis is consent you have the right to withdraw your consent at any time. Since laws such as GDPR require your consent for processing data which may reveal “philosophical beliefs,” however, and since your membership in a Masonic body falls into this description, withdrawal of your consent means that we will delete your account from our systems. Please refer to the “Legal Bases for Processing Your Data” section to find out more about the types of lawful basis that we will rely on to process your personal data.

Now, this is important: no matter how much we work to protect your privacy, we can’t control what other Masons do with your information. If you are a member of Masonic body that uses our Service, your body’s leadership (for example, your Secretary and Grand Secretary and/or their delegates) can access some personal information you provide (such as your contact information, which they should already have, but NOT such as your payment details, messages, and other details that they would not reasonably have). Your fellow Masons can also view what you choose to share among your group.

Emails from us
If we have received your email address (whether directly from you, or from another person or Lodge who uses our Service), we may occasionally send you emails to let you know about activity related to you in your group. We may also email you periodically to tell you about new features, to solicit your feedback, or to keep you up to date with what we’re up to. You may choose to opt out of most of these emails using the links at the bottom of each email, however we will always email you about changes to important things like this privacy policy.

Legal Bases for Processing Your Data
Copiri’s processing of your data falls into two categories, which are described in detail as follows:

• We Have a Contractual Relationship
  Because you have requested a Service from Copiri (for example, the ability to find Lodges near you using Amity), even though the Service is provided at no cost, the law’s view is that you have entered into a contractual relationship with Copiri. Our legal basis for storing and processing your data in these cases is that it is required in order to provide the Service to you, and we will retain your personal data for as long as you continue to use the Amity app.
  
  
• You have Provided Consent
  Some types of information, such as the fact of your membership in a Masonic body (which, in the law’s view, may reveal “philosophical beliefs”), require your specific consent in order for us to store and process it. You provided that consent when you registered for Amity, which was the same point at which you provided this data to Copiri. You are reading our Privacy Policy, our Terms of Service are below; you can also find these documents by visiting the “About” page in the Amity app.
  

Your personal data will not be subject to any automated processing, including profiling, as defined under GDPR.

Retention of Your Information
We retain information as long as it is necessary to provide the Service to you and others, including the members and leaders of the organizations in which you claim membership, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide our Service or until your account is deleted. In addition, you can delete some items of information (e.g., profile information) and you can remove individual activities from view on our Service without deleting your account. Additionally, we may retain information where deletion requests are made to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Information connected to you that is no longer necessary and relevant to provide our Service may be anonymized or aggregated with other non-personal data to provide insights which are valuable to us, such as statistics of the use of our Service. For example, we may retain search or attendance records to continue to improve our Service. This information will be anonymized, and no longer associated with you.

Your Legal Rights
If the General Data Protection Regulation or the California Consumer Privacy Act applies to you (or if both do!), you have specific rights under the law(s) in relation to your personal data. To the best of our abilities and where consistent with applicable law, we provide these rights to all of our users:

• The right to be informed about how we use your personal data (which we are sharing in this Privacy Policy);
• The right to know about about any profiling we do, or any automated decision making that we perform (we don’t do either of those).
• The right to request access to your data, which you may do by sending an email to support@copiri.com, or using the contact form here, and to receive from us a copy of the personal data we hold about you;
• The right to receive the copy of your personal data that you request from us in a common format (for example, a .csv or an XML file), if you request it;
• The right to correct any errors that you find in the personal data that we hold about you;
• The right to have the personal data we hold about you deleted ("the right to be forgotten"), in certain circumstances (unless there’s an overriding legal reason we need to keep it);
• The right to opt out of the sale of your personal data (which we don't do anyway);
• The right to restrict processing of your personal data, in certain circumstances; and
• The right to object to the processing your personal data.

These rights are subject to certain rules around when you can exercise them. Please see the EU’s GDPR website for more details.

If you wish to exercise any of the rights set out above, please contact us at support@copiri.com, or using the contact form here. You will not have to pay a fee to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.

Finally, please know that you have the right to make a complaint at any time to your relevant statutory authority. We would, however, appreciate the chance to deal with your concerns before you make a formal complaint, so please contact us first, either by email at support@copiri.com, or using the contact form here, to see if we can resolve the issue.

Security
The security of your personal information is important to us. Our Service has security measures in place to protect the loss, misuse and alteration of the information under our control, whether PII or non-PII. At a minimum we follow industry best practices to protect your information, both during transmission and once we receive it, and in many cases we exceed industry standards.

Unfortunately, no method of transmission over the Internet, and no method of electronic storage, is 100% secure. That’s another important point… but even though we can’t guarantee absolute data security, we do work to stay ahead of the curve by developing and implementing new and ever-improving security protocols and processes to protect your personal information.

Cookies
Cookies are small pieces of data that are stored on your computer (or mobile device) that help a website remember things about you. We use cookies to provide you with our Service, and in accordance with the law we require your consent before placing certain cookies on your device. You can find our complete Cookies Policy below, which is included by reference in this Privacy Policy but documented separately for clarity.

Business Transfers
If Copiri, or substantially all of its assets, were acquired, or in the event that we go out of business or enter bankruptcy, we would transfer user information as one of our assets to a third party. As part of this transfer or acquisition, the third party will be required to abide by this privacy policy.

Scope of this policy
This Privacy Policy applies to Amity mobile apps, websites, and other software components (our Service).

Privacy Policy Changes
We may change this Privacy Policy from time to time. While changes are expected to be minor, we’ll notify you and give you the opportunity to review the revised policy. Your continued use of this site, mobile apps, or services (our Service) after any change in this Privacy Policy constitutes your acceptance of such change.

---

History of Changes to this Privacy Policy

• 12 SEP 2016: Initial establishment.
  
  
• 25 MAY 2018: Clarifications of existing Policy statements to include GDPR-required terminology.
  
  
• 31 DEC 2019: Updates to be more clear about the fact that PII may be shared with the organization(s) in which you claim membership; to expand our terminology from only Masonic Lodges to any Masonic bodies; and to move cookie-related language to our new Cookies Policy.

---

End of Privacy Policy

---