Last updated: 31 December 2019
First things first: we use apps and websites like these, too. We want our information to be safe when we use other services, and we want you to know that your information is safe when you use ours. That's our bottom line, and we want to know if you ever feel like that's not the case.
Because your privacy is our top priority, we:
- Do encrypt your data whenever it is stored or moved between parts of our service
- Do minimize the information that anyone else using our Service can see about you
- Don't ask for personal information unless we can properly secure it
- Don't store personal information on our servers unless it’s required for us to provide you this Service
- Don't share your personal information with anyone without your permission, except to develop and provide our Service, comply with the law, or protect your rights and ours
- Non-Personally-Identifying Information (“Non-PII”) is any piece of information, or any group of pieces of information, that does not in and of itself identify a specific person. Non-PII is often tangential: the fact that you have a nose, for example, is something about you that can be confirmed when someone already knows who you are; it does not, however, uniquely identify you on a planet full of other people with noses.
As you use our Service, we collect information about your usage. This information is typically of the sort that browsers and servers make available, such as browser type, language preference, referring site, the date and time of your request, etc. Our purpose in collecting non-PII is to better understand how you are using our Service. From time to time we may release non-PII in the aggregate (for example, by publishing statistics about how many people have visited our site in the last 30 days).
PII we collect and how it is used
When you choose to use our Service, we ask for information that can be used to uniquely identify you: PII. The amount and type of PII that we gather depends on how you choose to use our Service. If you use Amity, for example, we ask for your name, email address, and Lodge/Grand Lodge affiliation, at a minimum. Depending on the features of our Service that you use, we may ask for more; we can’t show you nearby Lodges, for example, unless you give us your location. In any case, we only collect enough information as we need in order to fulfill the purpose of your use of that part of our Service. You can always refuse to provide the information we ask for, but that may prevent you from being able to access parts of our Service.
If you choose to use our Service in a way that requires specific permissions or PII, we will also restrict the use and storage of the PII we receive as much as possible. For example: if you choose to provide us with your location in order to find other Masons near you, this service runs in the background and even when the app is closed. Your location data does not leave your device, however, and is not stored or processed by Copiri. On the other hand, when you search for nearby Lodges, we do send your location to our servers to find them. This only happens when you request it, though, and is not collected in the background or when the app is off.
Data we collect that may be PII
We also collect information about your usage that could be PII. This includes data like your Internet Protocol (IP) address (as part of our web server’s standard logging process) or your location (when you have enabled location services in your app or browser). We use this information to do things like fight spam, troubleshoot geographically-localized problems, and provide you with the parts of our Service that require it. Whether or not this data can uniquely identify you, though, we treat it as if it can.
PII You Provide to Third Parties
In some cases we provide Amity-branded services of third parties for increased security, and in those instances you are providing your PII directly to that third party. For example, we do not collect or store your credit card information when you make a purchase; rather, we work with our credit card processor, who is certified to perform these functions, to allow you to provide the information directly to them. This approach increases security for you, and our agreement with any such third party includes a restriction on using your PII for any other purpose than the action in question.
We collect data about your (and other Masons’) behavior as you use our Service, in order to understand and improve your experience. This data may contain PII and/or non-PII. We may then anonymize the data by removing the PII and aggregating it into general statistics. We may then display the statistics publicly (for example, which parts of our Service are most popular?), or provide them to others, such as your Lodge or Grand Lodge.
How we protect your PII
Our baseline policy is that we do not disclose PII to anyone. We don’t rent it, we don’t sell it, and we don’t give it away. There are times where sharing is necessary, though, and for those times we have developed strict processes to make sure that your PII remains protected. So, let’s be really clear about this:
- We may share your PII with the Lodge(s), Grand Lodge(s), or other bodies that you claim membership in. This is necessary in order to verify your membership, and since your use of this Service is in the context of such membership. We restrict the amount of PII shared to the greatest extent possible, and share only the data that we believe in good faith to be necessary in order for the body in question to support your membership. Data such as the contents of chats, payment details, etc. do not meet this threshold.
- We may share your PII with our employees, partners, or vendors… but only if they (a) need to know that information in order to process it on our behalf (for example, a credit card processor for dues payments), and (b) have agreed not to disclose it to others. In addition, if this type of situation arises, we provide only the PII that is absolutely necessary, and no more.
- Because we provide our Service to Masons like you all over the world, some or all of our employees, partners or vendors may be located outside of your home country; by using our Service, you agree that your PII can be transferred to them, in their home country, so that they can do their jobs. All of our employees, partners, and vendors have committed to uphold this policy and protect your data.
- We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.
- We may access, preserve and share information when we have a good faith belief that it is necessary to detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm.
- You may also choose to share your PII with other users, and in this case you are responsible for deciding what is shared and with whom. When you choose to interact with other users, such as by providing your King Solomon's Pass QR Code for them to scan, you are making the active decision to share your personal information with others. Whenever we provide the option for you to share your personal data, we also provide an option for you to limit that sharing. In King Solomon's Pass, for example, you are able to lock your Pass so that no personal information is shown when your Pass is scanned.
Now, this is important: no matter how much we work to protect your privacy, we can’t control what other Masons do with your information. If you are a member of Masonic body that uses our Service, your body’s leadership (for example, your Secretary and Grand Secretary and/or their delegates) can access some personal information you provide (such as your contact information, which they should already have, but NOT such as your payment details, messages, and other details that they would not reasonably have). Your fellow Masons can also view what you choose to share among your group.
Emails from us
Legal Bases for Processing Your Data
Copiri’s processing of your data falls into two categories, which are described in detail as follows:
- We Have a Contractual Relationship
Because you have requested a Service from Copiri (for example, the ability to find Lodges near you using Amity), even though the Service is provided at no cost, the law’s view is that you have entered into a contractual relationship with Copiri. Our legal basis for storing and processing your data in these cases is that it is required in order to provide the Service to you, and we will retain your personal data for as long as you continue to use the Amity app.
- You have Provided Consent
Retention of Your Information
Information connected to you that is no longer necessary and relevant to provide our Service may be anonymized or aggregated with other non-personal data to provide insights which are valuable to us, such as statistics of the use of our Service. For example, we may retain search or attendance records to continue to improve our Service. This information will be anonymized, and no longer associated with you.
Your Legal Rights
If the General Data Protection Regulation or the California Consumer Privacy Act applies to you (or if both do!), you have specific rights under the law(s) in relation to your personal data. To the best of our abilities and where consistent with applicable law, we provide these rights to all of our users:
- The right to know about about any profiling we do, or any automated decision making that we perform (we don’t do either of those).
- The right to request access to your data, which you may do by sending an email to firstname.lastname@example.org, or using the contact form here, and to receive from us a copy of the personal data we hold about you;
- The right to receive the copy of your personal data that you request from us in a common format (for example, a .csv or an XML file), if you request it;
- The right to correct any errors that you find in the personal data that we hold about you;
- The right to have the personal data we hold about you deleted ("the right to be forgotten"), in certain circumstances (unless there’s an overriding legal reason we need to keep it);
- The right to opt out of the sale of your personal data (which we don't do anyway);
- The right to restrict processing of your personal data, in certain circumstances; and
- The right to object to the processing your personal data.
If you wish to exercise any of the rights set out above, please contact us at email@example.com, or using the contact form here. You will not have to pay a fee to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
Finally, please know that you have the right to make a complaint at any time to your relevant statutory authority. We would, however, appreciate the chance to deal with your concerns before you make a formal complaint, so please contact us first, either by email at firstname.lastname@example.org, or using the contact form here, to see if we can resolve the issue.
The security of your personal information is important to us. Our Service has security measures in place to protect the loss, misuse and alteration of the information under our control, whether PII or non-PII. At a minimum we follow industry best practices to protect your information, both during transmission and once we receive it, and in many cases we exceed industry standards.
Unfortunately, no method of transmission over the Internet, and no method of electronic storage, is 100% secure. That’s another important point… but even though we can’t guarantee absolute data security, we do work to stay ahead of the curve by developing and implementing new and ever-improving security protocols and processes to protect your personal information.
Scope of this policy
- 12 SEP 2016: Initial establishment.
- 25 MAY 2018: Clarifications of existing Policy statements to include GDPR-required terminology.
- 31 DEC 2019: Updates to be more clear about the fact that PII may be shared with the organization(s) in which you claim membership; to expand our terminology from only Masonic Lodges to any Masonic bodies; and to move cookie-related language to our new Cookies Policy.