Effective November 14, 2022
Focus IP, Inc., doing business as Tracer (“Tracer”) provides products and services related to brand protection as well as domain name management and registrar services. As a provider of brand protection services, Tracer detects and removes fraudulent and infringing uses of our customers’ brands. As a domain name registrar, Tracer provides registrar and domain portfolio management services in compliance with the rules and regulations adopted by domain name regulatory authorities.
- Personal Information We Collect and How We Use That Information
The personal information which Tracer collects about you will depend on the services you access and how you choose to interact with us. Although we do not generally process sensitive personal data (such as social security numbers or credit card information), we do collect and utilize the following personal data in connection with conducting our business:
- Login Credentials: We collect personal information to facilitate secure access to our Platform by our customers and other users interested in our services.
- Contact Details: Our customers and interested parties visiting our website provide us with names, emails, telephone numbers, and other personal contact information so that we can provide information about new or existing Tracer services, inform them of upcoming events of interest, or communicate with them about their services to fulfill our contractual obligations.
- Suspected Bad Actor Information. We collect names and other personal information such as emails, IP addresses, and domain names from various internet channels to identify and prevent bad actors from infringing on or using our customers’ brands for fraudulent or other illegal activity.
- Customer Billing Information: We collect financial and personal contact information for the purpose of billing our customers.
- Website User Information: We collect demographics and usage information (length of visit, pages viewed, etc.) about users of our website to better understand which content and tools are most useful to such users and to enhance and improve our services and website content.
- Computer/Device Information: We collect information such as IP addresses about devices used to access our website.
- Domain Registration and Administration: We collect names, emails, telephone numbers, and other personal contact information from our domain management customers to facilitate and communicate with them about the registration, renewal, modification, and transfer of their domains.
- Domain Information/WHOIS Database: Under ICANN and domain registry requirements, we maintain a public WHOIS database with personal and other contact information about the owners of the domains which we manage.
- Updates of WHOIS Registries: We are also required to provide updates of domain owner information to the third-party registries for the purpose of providing publicly searchable databases of domain ownership. We also search those databases in connection with our brand protection services to identify suspected bad actor owners of domains being unlawfully used to commit fraud, sell counterfeit goods, or the like in violation of our customers’ brand rights.
- Employees and Prospective Employees and Contractors: We collect names, emails, telephone numbers and other personal information from our employees, contractors, and candidates for employment for the purpose of employing, contracting with, or evaluating such individuals.
In connection with our brand protection services we collect personally identifiable information about individuals suspected of using our customers’ brands to engage in fraud, phishing, the sale of counterfeit goods, or other illegal activities. We collect that information from various public online digital channels such as marketplaces, social media, mobile app stores, and websites. We then use that personal information to take the enforcement actions requested by our customers against the bad actors to stop further fraudulent, infringing, or illegal activities.
When you use our website, you may be asked to provide additional personal information, which we will use to contact you and send information regarding our services. In some cases, if you choose not to provide such additional personal information you may be unable to access all of our website content. We do not collect personally identifiable information to send out marketing materials without your consent. If you should receive any such materials, you can opt-out of receiving future marketing materials by emailing us at the following address: DPO@Tracer.ai.
- Domain Name Registration Data Collection and Use
If you ask us to register and manage your domain names, we are required by third party domain registries and the Internet Corporation for Assigned Names and Numbers (“ICANN”) to collect each domain owner’s contact information (“Contact Information”) consisting of the owner’s name, postal address, fax number (where available), e-mail address, and telephone number, along with similar information for the technical, administrative and billing contacts associated with the domain. We are required to publish the domain Contact Information in a publicly available WHOIS registry.
The Contact Information provided by our domain management customers is also used by us to register and renew their domain names, administer their accounts (such as notifying the customer about renewals, updates, or other related matters), and provide other related services requested by the customer. Tracer also logs other identifying details necessary for the provision of domain management services and ensure that we act only on a customer’s authorization. These include written communications, confirmations, requests for renewals and modifications, related correspondence, payment source information, log files, billing records, communications information such as source IP address, HTTP headers and any other records concerning domain registration (dates, times, zones and sessions).
When Contact Information is collected by Tracer from our corporate customers, that information typically contains the personal data of the customers’ employees. Accordingly, our customers contractually represent that, in providing us with the personal data of such individuals, or an individual in whose name the customer is registering a domain name, the customer has notified each of such individuals of the following: (1) that their personal information will be provided to Tracer and the third party registries, (2) purposes for which their personal data will be used, and (3) how the individuals can access and correct their personal data in the manner described below.
In accordance with the regulatory requirements imposed on Tracer as a domain name registrar, Tracer is required to disclose its domain customers’ Contact Information (which may, as discussed above, include the personal data of individuals) in the following instances: (1) WHOIS data is made available to the public for free query-based access (as discussed above); (2) domain-related data, including communications between Tracer and its customers, is made available to ICANN and the domain name registries pursuant to their rules and regulations; (3) Tracer must escrow domain related data as often as required to reputable third parties appointed by ICANN or domain registries; and (4) third parties are able to access WHOIS data in bulk provided they agree, in pertinent part, not to use such data improperly, such as for the transmission of spam or unsolicited email. If a domain name customer orders additional products and services from Tracer, that order may require the disclosure of personal data to additional third parties. Customers will be notified at the time of the order about the nature and scope of any such disclosure of personal data and the applicable third parties who will be receiving such data.
Tracer also collects and uses publicly available WHOIS domain ownership information maintained by other registrars and third-party registries in connection with our brand protection services in order to identify the domain owners of websites and domains suspected of using our customers’ brands for fraud or other illegal activities, and to take appropriate action against such parties..
- Do We Share Access to Personal Information?
Any third-party vendor who assists us in providing services to our customers or who assists in other aspects of our business are carefully vetted to ensure that, to the extent that we must provide them with access to certain personal information, those vendors will adequately safeguard such data with at least the same level of safeguards as Tracer has.
- Security Protections
We take all reasonable and necessary precautions to maintain the security of the personal data which we collect. Any financial information which Tracer collects is collected via secure means and used only for billing purposes. Our website uses state-of-the-art technology to secure all personal information we collect, including our customers’ billing and account information. We limit physical access to our database servers to only those employees with a need for such access, all of whom are subject to appropriate background checks. In addition, we have installed state-of-the-art cybersecurity measures to guard against unauthorized intrusion into our system. All Tracer employees are bound by written non-disclosure obligations to protect confidential and personal information and any employees who violate those obligations will be subject to disciplinary action, up to and including immediate termination.
Despite all our precautions, data transmissions over the internet can never be guaranteed to be completely secure. As a result, while we do our utmost to protect your information, we cannot ensure or warrant the security of any information you give us. Accordingly, all personal information which you provide to us is done at your own risk. We recommend that you do not divulge your user identification or password to anyone and that you do not provide access to your Tracer account to any third party. Also remember to sign out of your account, close the browser window and delete any cookies once you have completed your work within your Tracer account.
- How Long We Keep Personal Data
We retain your personal data only for as long as necessary to provide services and perform our operations. The period for which we retain such data depends on the purposes for which we collected such information and our relationship with you. Our considerations include: whether our duties and responsibilities require that we retain personal information for a certain period, whether your relationship with Tracer has ended, what specific instructions regarding retention you have provided to us, the period needed to fulfill the purposes for which we collected such information, the existence of any legal claims or proceedings relating to the information, and any retention periods required or recommended by law, regulations or industry associations (such as ICANN). We will keep your personal information only for as long as required for the purposes set forth in this Policy, or as required in order to comply with applicable privacy laws or legal requirements to which we are subject.
- Compromise of Personal Information
In the event any personal information is compromised as a result of a breach of Tracer security, Tracer will promptly notify, by email or as otherwise required by applicable law, those persons whose personal information has been compromised.
- Modification and Deletion of Personal Information
Our website gives you the option of modifying your personal account information at any time by clicking on the “My Account” link in your account page. You may also modify your account information at any time by sending an email to DPO@Tracer.ai. Once your website access is cancelled or you are no longer a user of the website, your personal information will be deleted within twelve (12) months, or as earlier required by applicable law.
Tracer does not knowingly collect personal information about children under the age of 13 years. If we learn that we have inadvertently done so, we will take immediate steps to delete that information.
- International Users and Transfers of Personal Information
Tracer has committed to refer unresolved Privacy Shield-related complaints to PrivacyTrust, an alternative dispute resolution provider located in the United States and within the EU and worldwide. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit PrivacyTrust at: https://www.privacytrust.com/about/ for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.
The Federal Trade Commission has jurisdiction over Tracer’s compliance with the Privacy Shield Principles. Additionally, an individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance and for resolution of claimed violations of the Privacy Shield Principles not resolved by any of the other Privacy Shield mechanisms. Please see the Privacy Shield website for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Moreover, in conjunction with the Privacy Shield, Tracer commits to cooperate with the panel established by the EU data protection authorities (“DPAs”) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by the panel and/or Commissioner, as applicable, with regard to data transferred from the EU and/or Switzerland, as applicable.
Notwithstanding the foregoing, please be advised that in the context of an onward transfer of personal information, a Privacy Shield organization has responsibility for the processing of any personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Tracer shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Principles unless Tracer proves that it is not responsible for the event giving rise to the damage.
IF YOU PROVIDE ANY INFORMATION TO TRACER THROUGH THE WEBSITE, OR OTHERWISE, YOU REPRESENT AND AFFIRM THAT YOU HAVE THE RIGHT AND AUTHORITY TO DO SO AND THAT YOU HAVE OBTAINED ANY NECESSARY CONSENTS OR AUTHORIZATIONS FROM INDIVIDUAL DATA SUBJECTS TO PROVIDE SUCH INFORMATION, INCLUDING BUT NOT LIMITED TO INFORMATION COVERED BY ANY DATA PROTECTION LEGISLATION OR REGULATION, INCLUDING THE EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR), AND RELATED DATA PROTECTION LAWS.
- YouTube API Services
If you are using a Tracer service we want you to be aware of the following:
- Certain Tracer products and services utilize or require the use of the YouTube API Service (terms available at https://www.youtube.com/t/terms) in order to access the information required to provide the applicable Tracer product or service;
- Such YouTube API Service use is subject to YouTube’s Terms of Service found at (https://www.youtube.com/t/terms) in order to access the YouTube API Services;
- Tracer, through its services, collects YouTube API data to determine online fraudulent and other infringing uses of the intellectual property and content of Tracer customers.
- Tracer uses, processes, and shares the YouTube API data information with its customers making data requests through the applicable product or service and the information is processed internally at Tracer in order to present and share the acquired YouTube API data with the Tracer customers, and/or any external authorized representatives of such customers including their attorneys;
- Tracer’s use of the YouTube API does not permit third parties to serve content to parties who are using the applicable Tracer products or services and no advertisements or third parties materials, other than the YouTube API data, is provided through the YouTube API Services;
- Tracer stores, accesses or collects information directly from its customers’ browsers, including by placing, accessing or recognizing cookies or similar technology on users’ browsers, for purposes of providing the Tracer products or services to customers, in accordance with the Tracer cookies policy set forth separately herein;
- If a Tracer customer has any other questions, concerns, or complaints regarding use of its YouTube API data, customer can contact Tracer with its questions, concerns, or complaints about Tracer’s privacy practices at: Attn: Judith Archbold at: DPO@Tracer.ai.
- Google Analytics
Tracer uses Google Analytics, Google Advt or AdRoll to conduct our business by tracking the behaviors of users of our website. These are tools/services used by many companies. You are hereby notified of the following:
- Tracer collects and processes such user data for the purpose of improving products and services. From time to time, Tracer may wish to contact you, with your prior consent, about our products and services, as well as other content that may be of interest to you;
- Tracer may also utilize user data for purposes of retargeting services, including AdRoll or Google Ad;
- Tracer and/or its third-party vendors, including AdRoll, may place cookies on users’ devices to collect data;
- Tracer may utilize various types of user data to delivering targeted ads;
- From time to time, Tracer utilizes the services of third parties for the purpose of delivering targeted ads and messaging based on analyzing user activity;
- California Privacy Laws
The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights with respect to how we handle any “Personal Information” we collect which could be linked to or identify those residents. As of January 1, 2020, verified California residents have the right to request that companies such as Tracer do the following:
- Provide their personal information collection practices during the prior 12 months, including the categories of personal information collected and the sources of such information, their business purpose for collecting or sharing such information, and the categories of the third parties with whom they share such information.
- Provide a copy of the personal information collected about such residents during the prior 12 months in a format which is readily useable, including by paper or electronic copy.
- Disclose any information sale practices during the prior 12 months, including a list of the categories of personal information disclosed for monetary or other valuable consideration, the categories of third-party recipients. and a list of the categories of personal information that have been disclosed for a business purpose.
- Not sell personal information about such residents, and
- Delete (and direct their service providers to delete) the data subject’s personal information, subject to certain exceptions.
Tracer will not discriminate against any person who chooses to make any of the above requests. In order to make a request for disclosure, California residents may contact us at DPO@Tracer.ai. If you require additional assistance, you may contact our Customer Service staff which is available 24/7 by phone at: (855) 693-3839. We will ask you for information to allow us to reasonably verify your identity and will use that information only for that purpose. We cannot respond to your request or provide you with disclosures if we cannot verify your identity and confirm that any personal information we may hold relates to you. You may make a request up to twice within any 12-month period. We will endeavor to respond within 45 days of receipt of your request. If we require more time (up to an additional 45 days), we will notify you of our need for additional time.
We do not sell your personal data to third parties in exchange for monetary consideration, but during the past 12 months we may have disclosed your personal information to our customers in connection with the services we provide to such customers.
Notice to California customers and Website users regarding California’s “Shine the Light” law:
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. (Note: The Tracer website does not recognize the “do not track signals” that some browsers may employ.)
California Do Not Track Disclosure:
- How To Contact Us
Focus IP, Inc., doing business as Tracer
508 S. 8th St.
Boise, ID 83702
Attn: Judith Archbold, Data Protection Officer
or email us at: DPO@Tracer.ai