Last Update: January 9th 2020
1. ABOUT THIS DOCUMENT
LUCID Inc. (“LUCID”, “us,“ “we,” or “our”) is committed to data and privacy protection in connection with the use of our applications (“App(s)”) and other products, services and features thereof (collectively, the “Services”).
2. HOW OUR APP WORKS
Each time Users log in to the LUCID App they will be asked to create a profile and enter self-assessment scores based on how they are feeling. These results enable our machine learning algorithm to provide users with curated music personalized for their mental state. The App also modulates the experiential components in response to the user’s biometrics, particularly Emotion-based Facial Recognition that is collected using your phone’s camera. Images are taken and processed by a machine learning algorithm computing emotional features shown through micro-expressions in your face. This computation is done completely at the device level and are disposed of immediately after the numerical values are calculated. We do not store any images taken through this process.
3. INFORMATION WE COLLECT
A. USER ACCOUNTS
Through our Services you will be required to register a User Account. A User Account is stored information that we keep on individual Users that details their music preferences, responses, and interactions. When you decide to register a User Account, we ask for information, such as:
●Unique User ID
●Emotional and cognitive self-assessment results
●Emotional and cognitive scores calculated through facial recognition
B. USER INFORMATION
When you access our App, create a User Account, or otherwise use our Services, we may ask for certain identifiable information that can be used to identify you (herein called “User Information”). We do not collect any financial or payment information as User Information. You can elect to provide only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which may be conditioned upon certain eligibility requirements, such as age and biometric activity for a personalized experience.
C. BIOMETRIC DATA
In order to provide a fully personalized user experience, our machine learning requires emotional and cognitive self-assessment at the beginning and end of the experience, along with biometric data (via facial recognition). This data is used to feed our system’s algorithms in providing a better overall experience, while providing the user with feedback at the end of the experience (all collected data will be shown on the ‘results’ page of the user experience).
UPDATING & CORRECTING INFORMATION
You may change, request access to or delete any of your User Information or Biometric Data by emailing us at email@example.com. Please indicate your name, email address, and what information you would like to update when you contact us.
4. HOW WE USE INFORMATION
We use the information we collect for the following purposes:
TO PROVIDE AND MAINTAIN THE SERVICES
We use personal data in the first place to be able to offer the Services to you. For example, we need your User Account information to understand to understand parts of your current mood and/or physiological state, in order for the App to provide you with curated musical solutions accordingly in order for the App to provide you with curated musical solutions.
TO PERSONALIZE AND IMPROVE THE SERVICES
We use information we collect from you to create personalized music mixes. We may also process aggregated information to use as an indicator of possible improvements to make on our Services. When possible, we will do this using only aggregated data that is non-identifiable. Non-Identifiable Information is information that does not identify a specific user.
5. SHARING YOUR PERSONAL INFORMATION
We do not share personal information with third parties outside of our organization unless one of the following circumstances applies:
FOR RELEASE REQUIRED BY LAW
We may process and transfer personal information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law. Where possible, we will inform Users about such transfer and processing.
WITH YOUR EXPLICIT CONSENT
We may share personal information with third parties outside LUCID’s organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.
NO RELEASE FOR MARKETING PURPOSES
LUCID will not share, sell, rent, trade, or disclose personal information to any third parties for marketing or commercial purposes, unless you have granted us permission in writing to do so.
6. DATA RETENTION
We will retain User Information and Biometric Data for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you any services, you may delete your User Account by contacting us at firstname.lastname@example.org.
We may retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavour to delete personal information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion.
In addition, we do not delete from our servers files containing non-identifying information that you have in common with other Users. Without your request to delete your information, we will retain personal information for a minimum of one year. We will destroy or anonymize your personal information within three years after it is no longer required to provide the Services.
7. INFORMATION SECURITY
The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to personal information.
We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to personal information stored on our servers or servers operated by Service Providers on our behalf is restricted to authorized personnel, including LUCID employees. Any individuals having access to the information stored on such servers are bound by confidentiality agreements.
However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.
8. YOUR RIGHTS
RIGHT TO ACCESS YOUR PERSONAL DATA
You have the right to access your personal data that we use, collect or disclose. You may do this by contacting us.
RIGHT TO WITHDRAW CONSENT
You have the right to withdraw consent at any time. There is implied consent when you browse the site and expressed consent is given through a sign-on wrap when you give your email. Withdrawing your consent may result in less access to our Services. The withdrawal of consent does not affect the collection, use, and disclosure of the personal information prior to the request for withdrawal.
RIGHT TO UPDATE INFORMATION
You have the right to correct untrue personal data collected by us. Change to information may be done through your user account you had created.
RIGHT TO ERASURE AND OBJECTION TO DATA
You have the right to erase your data from our systems. We will comply with the request unless we have legitimate grounds not to. You may also object to our collection, use, and disclosure if it is out of the scope for the purpose of our Services or for legal compliance. If we do not have legitimate grounds to collect, use, or disclose your personal data, we will cease collection, use, and disclosure upon your objection.
MINOR’S RIGHTS TO DATA
Users under the age of 18 or under the minimum age based on your jurisdiction are not permitted to create accounts without parental consent that is in accordance with applicable laws. If it has come to the attention that we have collected, used, or disclosed any personal data of minors under the relevant minimum age without parental consent, we will proceed to delete the information as soon as possible. If you believe your child has personal information on our Services and you would like it removed, please contact us for deletion of such data.
HOW TO ACCESS THESE RIGHTS
In order to address the rights as stated above please contact our email. You should include the following information: your full name, company name (if applicable), address, and phone number. We may request additional information to identify you for your privacy interest. We have the right to deny requests that are unreasonable, repetitive, or manifestly invalid.
9. OUR CONTACT INFORMATION
North Building, 175 Bloor St E, Suite 200
Toronto, ON M4W 3R8