June 1, 2020
Naibly aims to provide a platform and service to allow people of diverse backgrounds to come together to accomplish various activities in a collaborative and cordial manner. Since Naibly is a social platform, users interacting on our platform share information with others frequently. This information includes content and messages generated by the user, activities and collaborations that the user participates in, and in certain cases, personal information provided by the user. We take the privacy of our users and the data that they generate on our platform and service very seriously. This policy details what data we store, who has access to that data, how that data is used and what tools and mechanisms we provide to control the visibility and retention of that data.
1. Data Stored
To offer functionality and features of its services and platform, Naibly stores a variety of user data. This user data can be explicitly supplied by the user or implicitly gathered without explicit user action. Detailed below are the data points we store and how they are gathered. The data may by stored locally on devices or on the servers of Naibly or its business partners.
a. Core User Profiles: The core user profile is the minimal information we need to create a user profile for a user to access Naibly functionality. There are two types of core user profiles:
“Identified User Profile” is created when the user explicitly provides personally identifying information either by directly submitting that information to Naibly or by authorizing a 3rd party identify providers like Facebook, Google or Apple to provide information that they have stored to Naibly.
- Identified User ID: A unique identifier associated with the user. This is automatically generated by the user.
Name: The name of the user. This serves as the screen name of user by Naibly in all activities that require an Identified User Profile. This is provided by the user or an authorized 3rd party.
Email: The email of the user. This also serves as the username for login purposes in cases where a 3rdparty isn’t used during authentication. This is provided by the user or an authorized 3rd party.
Password: The password for the user account for login purposes. This may not be required if the user is opting to login using a 3rd party identity provider e.g. Facebook, Google, Apple. This is provided by the user.
Profile picture: A display picture to show alongside the user’s name in various parts of the Naibly application. This is provided by the user or an authorized 3rd party.
3rd Party Identity and Login providers: If authorized by the user, Naibly will request Name, Email and Profile Picture from 3rd party identify providers like Facebook, Google and Apple. Naibly will also delegate login identity verification to these 3rd party identity and login providers.
“Anonymous User Profile” is created for every user automatically per device that they use to access Naibly functionality. This user profile is used to access anonymous parts of the Naibly application.
- Anonymous User ID: The Anonymous User ID serves as a persistent unique identifier that Naibly uses to associate anonymous activity of a user. This ID isn’t associated with the Identified User ID stored in the Identified User Profile and is stored separately. Naibly doesn’t keep a ready mapping between the Anonymous User ID and the Identified User ID. This is automatically generated for the user by Naibly.
- Anonymous Screen Name: The screen of the user that Naibly should use in all activities that the user wishes to participate in anonymously. The user supplies this information and it is only associated with the Anonymous User ID.
b. Extended User Profile: As part of a user’s participation within various activities in Naibly, they may provide information that is specific to their participation and form the extended user profile for that user. Examples are: User Address, User Phone Number. This data is explicitly provided by the user and is stored in the extended section of the Anonymous User Profile or the Identified User Profile depending on whether the user is participating in that activity anonymously or not. Again, we do not maintain a mapping of data between anonymous and identified profiles.
c. Activities: Users on Naibly can create or contribute towards various activities. As part of these activities Naibly records various data points as outlined below:
Creation Data: When the user is the explicit initiator of an activity, Naibly implicitly retrieves and stores the User ID of the user as the initiator of that activity. Depending on whether the activity is Anonymous or Identified the appropriate Anonymous or Identified User ID is retrieved.
Contribution Data: When the user contributes to an activity, Naibly stores information about the activities that the user has viewed and/or participated in based on explicit user action. Any content explicitly provide by the user is also stored in the context of that activity with association to the user. Example of content are: Text messages, reaction, attachments, links, reporting violations.
d. Location Data: Any location data that Naibly gathers is only gathered after the user explicitly gives Naibly permission to do so. Stored location data is associated with an Identified User Profile if one is available. Else the location data is associated with an Anonymous User Profile.
e. Device Data: This data is implicitly gathered by Naibly. It includes information like device type and model, operating system type and version, device identifiers, hardware capabilities and certain hardware activities like Wi-Fi, Bluetooth and cellular network connection status. Any data that is stored is associated with an Identified User Profile if one is available. Else the data is associated with an Anonymous User Profile.
2. Data Access and Usage
a. User Data: The data that is generated either implicitly or explicitly by the user can be categorized into three types based on who other than the user has access to it. Those categories are: Private, Protected and Public.
Private: This is data that is only accessed by the User and by Naibly to perform operations based on user requests. E.g. passwords, location and device data that hasn’t been shared. This data is only used to by algorithms of Naibly or its business partners to service user requests e.g. password to serve login request, location data to validate address or to present content relevant to the user or to provide application features that leverage location data.
Protected: This is data that is only accessible by the User, Creators and Administrators of groups and activities that the user participates in, Naibly and its business partners. E.g. User Address, Mobile Number. This data is used by Creator and Administrators of groups and activities to fulfill the purpose of the group or activity which may include sharing this data with third parties if they are part of the purpose that is being fulfilled. Besides storing, serving, and transforming this data to serve the needs of the user, Naibly or its business partners may also use this data to build more relevant application features and to make recommendations to users.
b. Location/Device Data: Any location or device data collected by Naibly or its business partners, will only be used to provide application features. The data may be shared in detailed, aggregate or calculated forms based on the context. In all cases, this data is only shared with other users if the user explicitly decides to do so. Naibly or its business partners may also use this data to build more relevant application features and to make recommendations to users.
3. Control Mechanisms: We provide the following mechanisms to review and control your private data.
a. History: To review all your activity on Naibly and the data stored, you can make a request via email to email@example.com.
b. Deletion: Naibly only supports the deletion of Core User Profile information (except the User ID). Deleting of the Core User Profile will result in rest of the data not being associated with any identified user and will make that a permanently deactivated account. The user will not be able to log into that account anymore.
Scope: Deleting the Core User Profile will not delete any activity information since that would modify the historical reality of information flow for the rest of the participants on our platform and services. For e.g. if the user participated in an activity using and Identified User Profile, the user's name will still be visible in any participation list for that activity or on any messages that the user sent on that activity. Deleting the Core User Profile will also not delete the User ID of that Core User Profile. All the rest of the data in the Core User Profile will be deleted.
Copies made prior to delete request: Data that is explicitly provided by the user while participating in groups or activities will still be accessible after the Core User Profile is deleted. This includes any Extended Profile Data and Activity data. Since Creators and Administrators of groups and activities may make copies (either soft or hard) as part of fulfilling that activity, that data will still be associated with an identifiable user.
To request the deletion of the Core User Profile information please email firstname.lastname@example.org providing information about the profile to be deleted. At a minimum, we require you to provide the email address associated with the Core User Profile.
7345 164th Ave NE
STE i145 - 1209
Redmond WA 98052