Last updated: May 07, 2020
A Note to Users Outside the United States. IMI is based in the United States. The Site and Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Site and Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
A Note to California Residents. Please see our "Notice to California Residents" section related to your rights under the California Consumer Privacy Act ("CCPA").
A Note to European Economic Area Residents. Please see our "Notice to EU Data Subjects" section related to your rights under the General Data Protection Regulation ("GDPR") and our "EU-US Privacy Shield and Swiss-U.S. Privacy Shield" section related to IMI's Privacy Shield certification.
A Note to Residents of Switzerland. Please see our "EU-US Privacy Shield and Swiss-U.S. Privacy Shield" section related to IMI's Privacy Shield certification.
Information We Collect
We collect information from individuals who interact with our Site and Services, including those who incorporate the Service into their website ("Users") and the end users who interact with the Service through the websites of our Users.
We collect the following categories of information:
- Information that can be used to identify or contact an individual ("Personal Information"), such as name and email address. We collect Personal Information from our Users when they give it directly to us (for example, by filling in a form when signing up for an account).
- Information collected automatically as a result of a Visitors or Users use of the Site or the Services ("Analytics Information"), such as IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and time stamp of access, and other similar information. Some Analytics Information is collected on our behalf by third parties we engage for that purpose, and some Analytics Information is collected through a variety of tracking technologies, including cookies (see "See Third Party Analytics and Tracking Technologies", below).
- Information collected as a result of individuals answering prompts through the Service ("Labeled Data"), such as image labeling data, text converted from audio files played to those individuals, answers to questions, and other prompts generated by the Service for purposes of labeling data for use in machine learning applications.
How We Use Information
We use the information we collect for the following purposes:
- To provide a market for Labeled Data. Our Service enables high volume data labeling and human review for machine learning systems as a service to website owners and companies who need help getting their data labeled. To that end, we disclose Labeled Data to our customers interested in acquiring Labeled Data.
- To administer User accounts and provide the Service. We use Personal Information in order to associate specific accounts with Users and to provide them the Service, to respond to requests or inquiries, to provide support or technical assistance, and to facilitate payments.
- To improve to Site and the Service. We use Analytics Information to improve our existing and develop new services and offerings and to customize existing and future product offerings to the wants and needs of our Users.
- To derive market insights. We use Analytics Information to analyze the market and conduct business analyses related to the Site and our Services, and for other research purposes.
- To secure our services and systems. We use Analytics Information to secure our systems by identifying potential threats and vulnerabilities, and to otherwise protect the information we collect.
- For any legitimate business purpose, provided that the information is anonymized.
How We Share Information
We share or disclose information in the following cases:
- Upon direct request from a Visitor or User, or otherwise where specific consent was given.
- With our customers and others interested in acquiring Labeled Data.
- With vendors we engage to provide essential aspects of the Site and the Service, such as data storage and hosting, and only for those purposes.
- With vendors to help us collect and use Analytics Information.
- As necessary to comply with applicable law, including governmental requests, law enforcement requests, and otherwise to protect the rights, privacy, safety, or property of you, us, or others.
- With others for any legitimate business purpose, provided the information is anonymized.
Third Party Analytics and Tracking Technologies
We use Sentry to collect debugging data when a user experiences an error. For information on how Sentry collects and processes data, please click here. We have executed a Data Processing Agreement ("DPA") with Sentry.
We use Cloudflare to optimize our web traffic. For information on how Cloudflare collects and processes data, please click here. We have executed a DPA with Cloudflare.
We use Customer.io for programmatic notifications to users. For information on how Customer.io collects and processes data, please click here. We have executed a DPA with Customer.io.
We previously used Google Analytics to collect Analytics Information. For information on how Google Analytics collects and processes data, please click here. We have executed a DPA with Google.
We use Honeycomb.io for analysis of our systems. For information on how Honeycomb.io collects and processes data, please click here. Honeycomb.io has certified under the EU-US Privacy Shield framework and complies with GDPR data protection requirements.
How We Secure Information
We implement appropriate technical and organizational measures to protect the information we collect and store. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at email@example.com.
To the fullest extent permitted by law, the Site and the Service (and any other associated services, information, data, features, and other content or materials) are provided on an “as-is” and “as-available” basis. To the fullest extent permitted by law, IMI excludes all warranties, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Managing Your Information
You may access, correct, amend, or delete certain Personal Information you may have provided us through your User account (if you are a User). If you are unable to do so, or have any questions about Personal Information we have collected about you, or would like to entirely delete your account, please contact us at firstname.lastname@example.org.
If you would prefer to block cookies or other tracking technologies, most browsers and mobile devices all you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. You may also use third party tools, including browser plug-ins, to control your cookie preferences.
Information from Children
Our Site and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information of a child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable. Please contact us at email@example.com if you believe we have any information from or about a child under the age of 13.
Notice to California Residents
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA."
For more details about the personal information we collect from you, please see the "Information We Collect" section above. We collect this information for the business and commercial purposes described in the "How We Use Personal Information" section above. We share this information with the categories of third parties described in the "Sharing of Personal Information" section above. The Company does not "sell" (as this term is defined in the CCPA) the personal information we collect. Please refer to the "Third Party Analytics and Tracking Technologies" section above for more information regarding the types of third-party cookies, if any, that we use.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.
EU-US Privacy Shield and Swiss-U.S. Privacy Shield
Personal Data collected from individuals in the European Economic Area ("EEA") or Switzerland may be transferred, stored and processed by us and our services providers, partners and affiliates in the United States and potentially other countries whose data protection laws may be different to the laws of your country.
IMI's commitment to comply with the Privacy Shield Principles
Accountability for onward transfers
IMI's accountability for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, IMI remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless IMI proves that it is not responsible for the event giving rise to the damage.
Right of access
You have a legal right to request the Personal Data about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend or delete such Personal Data where it is inaccurate or has been processed in violation of the Privacy Shield Principles.
Resolution of disputes and complaint mechanism
In compliance with the Privacy Shield Principles, IMI commits to resolve complaints about your privacy and our collection or use of your Personal Data. If European Union or Swiss citizens have any queries related to the processing of your Personal Data under the Privacy Shield framework, we encourage you to contact us directly in the first instance at: email@example.com.
Independent recourse mechanism
For any complaints that cannot be resolved with IMI directly, we have agreed to cooperate with JAMS. If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance. These recourse mechanisms are available at no cost to you.
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
IMI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Disclosure of EU or Swiss Personal Data to public authorities and law enforcement agencies
IMI may be required to share your Personal Data in response to lawful by public authorities, including to meet national security and law enforcement requirements.
Notice to EU Data Subjects
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.
Legal Bases for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described below. If you have questions about the legal bases under which we process your personal information, contact us at firstname.lastname@example.org.
To communicate with you
To optimize our platform
For compliance, fraud prevention, and safety
To provide our service
These processing activities constitute our legitimate interests. We attempt to consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
With your consent
Where our use of your personal information is based upon your consent, you have the right to withdraw it at any time in the manner indicated in the Service or by contacting us at email@example.com.
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
Provide you with information about our processing of your personal information and give you access to your personal information.
Update or correct inaccuracies in your personal information.
Delete your personal information.
Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict the processing of your personal information.
Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator at this location.
Cross-Border Data Transfer
Use for New Purposes
Last updated: December 30, 2019
GDPR Note: we believe the hCaptcha anti-bot service (i.e. the Service embedded by websites, games, or mobile apps) includes only so-called "consent-exempt" cookies pursuant to GDPR regulations. Examples of such exempt cookies include:
Technical cookies strictly necessary for the provision of the service. These include preference cookies, session cookies, load balancing cookies, etc.
Statistical cookies managed directly by us (i.e. first party, not third-party cookies), where the data is not used for profiling.
Anonymized statistical third-party cookies.
This is not legal advice, and no warranties are provided regarding this analysis. If you have additional questions or concerns, please contact us at firstname.lastname@example.org. The hCaptcha.com website (the Site) may include additional cookies, as described in this Policy.
What is a Cookie?
A cookie ("Cookie") is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list below. We update this list periodically, so there may be additional cookies that are not yet listed. Web beacons, tags and scripts may be used in the Site or in emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.
To recognize new or past users.
To store your password if you are registered on our Site.
To improve our Site and to better understand your visits on our platforms and Site.
To integrate with third party social media websites.
To serve you with interest-based or targeted advertising.
To observe your behaviors and browsing activities over time across multiple websites or other platforms.
To better understand the interests of our users and our website visitors.
Some Cookies are necessary for certain uses of the Site, and without such Cookies, we would not be able to provide many services that you need to properly use the Site. These Cookies, for example, allow us to operate our Site so you may access it as you have requested and let us recognize that you have created an account and have logged into that account to access Site content. They also include Cookies that enable us to remember your previous actions within the same browsing session and secure our Sites.
We also use functional Cookies and Cookies from third parties for analysis and marketing purposes. Functional Cookies enable certain parts of the site to work properly and your user preferences to remain known. Analysis Cookies, among other things, collect information on how visitors use our Site, the content and products that users view most frequently, and the effectiveness of our third party advertising. Advertising Cookies assist in delivering ads to relevant audiences and having our ads appear at the top of search results. Cookies are either "session" Cookies which are deleted when you end your browser session, or "persistent," which remain until their deletion by you (discussed below) or the party who served the cookie. Full details on all of the Cookies used on the Site are available at our Cookie Disclosure table below.
How to disable Cookies.
If you are located in the European Economic Area, you have certain rights that are described above under the header "Notice to EU Data Subjects", including the right to inspect and correct or delete the data that we have about you.
1. Used to anonymously count visitors, and for technical purposes.
1. 1st party
1. 1 year