You should understand that by using our online sites, products, and services (collectively, the "Service"), you agree that we may collect personally identifiable information for specific uses in the development and maintenance of the High Fidelity platform and to improve the experience for the platform's community of users.
The remainder of this document explains how we think about privacy and how we manage the user information we record.
1. Company Philosophy
As a practical matter, certain forms of identifying information are required in order to use the High Fidelity platform. A user must be able to authenticate their identity to access assets acquired through the platform and to manage the environments they have built using High Fidelity technology. Users typically want to be able to verify their identity to other users with the mutually trusted systems that High Fidelity provides. This kind of information, and additional facts about a user that might be collected to make it easier to manage authentication (e.g. a personal email, proof of identity), are things that a user might reasonably anticipate a company like High Fidelity would store.
You should understand that High Fidelity stores this kind of personally identifiable information as is necessary to operate the services the company provides. It is the company's goal to make the use of this form of information as transparent to users as possible and, where practical, to put the management of this information into the hands of users directly.
Online systems may collect other forms of information, namely details about a user's activities and choices online. This information can be valuable in two ways: first, behavioral data is often useful to diagnose problems or defects in the way an online service works. Secondly, this kind of information is often understood to be predictive of a user's future choices and interests. In this second case, behavioral data is collected for individual users to create a user profile that may be used to programmatically modify the experience a user has online.
These two different applications have very different implications for user privacy, and should be treated differently, accordingly:
- You should understand that High Fidelity collects diagnostic information relevant to improving the platform, as will be explained below.
- High Fidelity expressly rejects the creation of systems to predict behavior and monetize users based on collected information. Furthermore, the company will not share information of this sort with third parties to facilitate their exploitation of user profiles.
High Fidelity respects the privacy of users and believes that their online choices and decisions (i.e behavioral data) are subject to some of the same protections as personally identifiable information. These are described below.
Finally, several legal jurisdictions have granted online users certain rights regarding how this kind of information is handled (e.g the European Union's GDPR rulings). High Fidelity is committed to honoring these rights.
2. Types of Information We Collect
As explained above, we collect two types of information: personal information and behavioral information. We may use personal and behavioral information to create a third type of information, aggregate information.
For clarity's sake, personal identifiable information (Personal Information) is information that identifies (whether directly or indirectly) a particular individual, such as the individual's first and last name, postal address, e-mail address and/or telephone number.
Behavioral Information means information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual or an individual's computing device. In its origin, however, behavioral information is derived from user activity. This is acutely true for systems like High Fidelity where factors like user movements, gaze, choice of avatar, spatial location, and proximity to other users can potentially be profiled.
Aggregate Information means information about groups or categories of individuals which does not identify and cannot reasonably be used to identify an individual. Aggregate information is essentially anonymized and abstracted behavioral information for users.
We collect and use the following categories of information:
- Activity information. For each user session, we log a wide variety of user actions, including but not limited to:
- Visits to virtual spaces
- Items added to a scene by you
- Whether you are using tools we provided to protect you against interference by others
- Whether you are in HMD mode or using High Fidelity from the desktop
- Whether you access a High Fidelity control interface (e.g. the tablet)
- Whether you purchased an item successfully
- The profile of your computer (operating system, graphics card, memory capacity)
- What body tracking hardware you have available
- Your current refresh rate and other hardware performance metrics
- Your chosen audio device
- Your progress through user tutorials
- Whether you crashed while using High Fidelity
- When you left the application
This data is considered behavioral. Activity information is collected both for anonymous users and users that register with High Fidelity.
This information is tokenized, meaning that an abstract token is used to connect relevant pieces of information together (rather than any personal identifying information).
3. Integration with Service Providers
In addition to the information collected by High Fidelity on High Fidelity servers, we also take advantage of third party services to improve our offerings to users. Specifically:
- Payments: Users that elect to make a purchase through High Fidelity are asked to share their payment credentials with a third-party provider (e.g. Braintree).
- Newsletter: Users that elect to sign up for the High Fidelity newsletter must agree to share an email address so that the newsletter can be delivered to them. The service we use (e.g. Mailchimp) allows users to opt out of the newsletter after signing up.
- Analytics: High Fidelity stores some user and behavioral information with a service (e.g. ClearStory) that aggregates user behavior to produce trends and community metrics.
- Defect identification: High Fidelity logs IP information and crash messages to a third-party services (e.g. Backtrace) to capture aggregate data on common causes for application crashes.
- Defect and feature communication: High Fidelity uses a hosted defect tracking system (e.g. Manuscript) to manage user submitted issues, support request, and feature suggestions. This system records the email submitted by a user so that the company can respond to requests.
- User Notifications: In the process of signing up for a High Fidelity account, users are asked to provide an email. If an email is provided, it is used to facilitate lost account retrieval and to send new users an orienting welcome message. New user emails are sent (e.g. using Sendgrid), which stores registered emails.
- Social media posting: High Fidelity offers the ability to post images to Facebook and Twitter. You can review their policy on cookies and tracking at https://www.facebook.com/policies/cookies/ and
https://help.twitter.com/en/rules-and-policies/twitter-cookies. Facebook has the following data protection regulation: https://www.facebook.com/business/gdpr. You can find similar details for Twitter here: https://gdpr.twitter.com/en/dpa.html
Additionally there are a few special cases of information collection/retention to note:
Forms of Personal Information Not Covered by This Policy
- Inactive users: If you discontinue your use of our Service, we may keep certain elements of your account that are necessary for the regular operation of our business as it relates to anti-fraud and other protective measures.
- Intellectual property claim notices: If you notify us of an intellectual property claim, the information in your claim notice may be shared with other parties to the disagreement or third parties in our discretion and as required by law.
- Information you provide in public forums on our Service. Our sites and applications may offer chat, forums, community environments (including multiplayer gameplay) or other tools that do not have a restricted audience. If you provide Personal Information when you use any of these features, that Personal Information may be publicly posted and otherwise disclosed without limitation as to its use by us or by a third party. We have no obligation to keep private personally identifiable information that you have made available to other users or the public using these functions.
You may request removal of your Personal Information from a public forum message by contact Customer Support at email@example.com with the understanding that this service does not purport to protect against previous capture of your posts and messages.
- Personal chat and communication: Information sent either one-to-one or within a limited group using our message, chat, post or similar functionality.
- Steam and social media channels: Information you introduce to High Fidelity from applications on third-party sites or platforms (such as social networking sites), including linking your profile from a third-party site or platform to your registered account (e.g. by linking your account to Steam).
- Live feed or recorded in-world experiences: Broadcast services (e.g. YouTube) can be used to capture and broadcast imagery and events recorded in High Fidelity, including information you share that may identify you.
4. How We Collect Your Information
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. Each browser is different, so consult the "Help" menu of your browser to learn how you change your cookie preferences. Please note that if you reject all cookies, you may not be able to use certain of our (or other companies') web pages.
The High Fidelity installed application has both a client and server component. The High Fidelity client logs your user name and IP when you sign on. At any time when using High Fidelity, your IP address and behavioral activity are logged by the application and stored in a central database. You may also at your discretion associate an email with your account for account retrieval purposes.
You may elect to turn off the logging of your client status. This information is primarily used to diagnose crashes and improve the product.
Users may not turn off the tracking of IP address while using High Fidelity as that information is required to manage your location in-world and manage the visual and audio information presented to you during your session.
We provide more detail below on how you can remove your personally identifying information from the High Fidelity system below.
5. Use of Your Information by High Fidelity
High Fidelity will be the data controller for the information collected about you while using the platform. "Data controller" is defined as the person or business entity that is responsible for the processing of data collected by a service that anticipates storing Personal Information. You have certain rights with respect to your interaction with the data controller for a service you choose to use.
Except under certain limited circumstances as set forth here and in our Terms of Service, High Fidelity does not disclose to third parties the Personal Information or other account-related information that you provide to us without your permission. You understand, however, that High Fidelity may disclose your Personal Information or other account-related information under the following circumstances (outside of the service providers described elsewhere in this document):
- If we believe in good faith that such disclosure is necessary under applicable law, or to comply with legal process served on High Fidelity;
- In order to protect and defend the rights or interests of High Fidelity, its products and services, and/or the other users of such products and services;
- In order to report to law enforcement authorities, or assist in their investigation of suspected illegal or wrongful activity, or to report any instance in which we believe a person may be in danger; and
- To other business entities, should we plan to merge with or be acquired by that business entity.
The company limits its use of information about you to the following activities:
- Optimize or improve our products, services and operations
- Detect, investigate and prevent activities that may violate our policies or be illegal
- Connect you through our marketplace to products and services
- Communicate with you about your account or transactions with us and send you information about features on our sites and applications or changes to our policies
- Consistent with local law and choices and controls that may be available to you.
6. Sharing Your Information
We will not share your Personal Information outside of High Fidelity except in limited circumstances :
- When you direct us to share your Personal Information with third-party sites or platforms, such as social networking sites or Steam. Please note that once we share your Personal Information with another company, the information received by the other company becomes subject to the other company's privacy practices.
- When companies perform services on our behalf; however, these companies are prohibited from using your Personal Information for purposes other than those requested by us or required by law.
- When we share Personal Information with third parties in connection with the sale of a business, to enforce our Terms of Service or rules, to ensure the safety and security of our users and third parties, to comply with legal process or in other cases if we believe in good faith that disclosure is required by law.
- In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We take reasonable measures to help protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.
8. Privacy Shield Frameworks
We are based in the United States and the information we collect is governed by U.S. law. By accessing or using the Service or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, where you may not have the same rights and protections as you do under local law. If we transfer personal information from the European Union or Switzerland to the United States, we relay on the Privacy Shield Frameworks to authorize these transfers.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, High Fidelity is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will also provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
High Fidelity's accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, High Fidelity remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless High Fidelity proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, High Fidelity commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact us by email at firstname.lastname@example.org.
High Fidelity has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
9. Your Rights and Choices
You may update, correct or delete information about you at any time by requesting such deletion at email@example.com.
You may exercise your right to withdraw your consent to the Service at any time. The withdrawal of consent will require deactivation of your account. To withdraw consent and deactivate your account, please contact support at firstname.lastname@example.org. If you wish to exercise your right to data portability or right to erasure, please email us at email@example.com, but note that we may retain certain information as required by law or for legitimate business purposes.
We may also retain cached or archived copies of information about you for up to 24 months. You have the right to lodge a complaint with a supervisory authority.
You may opt out of receiving promotional emails from us by following the instructions in those emails. You can also adjust your communications preferences by adjusting the settings in your account. If you opt out, we will still send you non-promotional emails, technical messages, and other messages related to our ongoing business relations.
Comments and Questions
185 Clara Street, Suite 100
San Francisco, CA 94107
United States of America