Last Update: July 10th 2019
Policy drafted by the Ryerson University Legal Clinic and reviewed by Ridout & Maybee, LLC
1. ABOUT THIS POLICY
LUCID Inc. (“LUCID”, “us,“ “we,” or “our”) is committed to data and privacy protection in connection with the use of our applications (“App(s)”) and other products, services and features thereof (collectively, the “Services”).
2. HOW OUR APP WORKS
LUCID is a cloud-based machine learning platform that optimizes music for therapeutic outcomes. By measuring the user’s changing emotional state as they are exposed to experiential media, the AI algorithms are able to respond to the user’s state in real-time. With continued use, the platform improve’s its ability to predict the best music for that user in order to efficiently reach their desired state. Each time a user logs into LUCID software, they will be asked to complete a simple emotional self-assessment to reflect how they are feeling. These results enable our machine learning algorithm to provide users with curated music personalized for their mental state. In some LUCID embodiments, our system measures a user’s biometrics, particularly Heart Rate Variability (HRV) and Electrodermal Activity (EDA), to further assess a user’s emotional state throughout the experience. The simple emotional self-assessment is also an instrument that is used for assessment in real-time. Experiences are variable in length and users are provided with an analytics page to demonstrate their changing state throughout the experience.
3. INFORMATION WE COLLECT
A. USER ACCOUNTS
Through our Services you will be required to register a User Account. A User Account is stored information that we keep on individual Users that details their music preferences, responses, and interactions. When you decide to register a User Account, we ask for information, such as:
●Unique User ID
●Emotional and cognitive self-assessment results
B. USER INFORMATION
When you access our App, create a User Account, or otherwise use our Services, we may ask for certain identifiable information that can be used to identify you (herein called “User Information”). This User Information includes email address, age, gender identity, emotional and cognitive self-assessment results and biometrics (HRV and EDA). We do not collect any financial or payment information as User Information. You can elect to provide only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which may be conditioned upon certain eligibility requirements, such as age and biometric activity for a personalized experience.
C. BIOMETRIC DATA
In order to provide a fully personalized user experience, our machine learning requires emotional and cognitive self-assessment at the beginning, throughout and end of the experience, and with some embodiments, a steady stream of biometric data (HRV and EDA). This data is used to feed our system’s algorithms in providing a better overall experience, while providing the user with feedback at the end of the experience (all collected data will be shown on the ‘results’ page of the user experience).
UPDATING & CORRECTING INFORMATION
You may change, request access to or delete any of your User Information or Biometric Data by emailing us at email@example.com. Please indicate your name, email address, and what information you would like to update when you contact us.
4. HOW WE USE INFORMATION
We use the information we collect for the following purposes:
TO PROVIDE AND MAINTAIN THE SERVICES
We use personal data in the first place to be able to offer the Services to you. For example, we need your User Account information to understand to understand parts of your current mood and/or physiological state, in order for the App to provide you with curated musical solutions accordingly in order for the App to provide you with curated musical solutions.
TO PERSONALIZE AND IMPROVE THE SERVICES
We use information we collect from you to create personalized music mixes. We may also process aggregated information to use as an indicator of possible improvements to make on our Services. When possible, we will do this using only aggregated data that is non-identifiable. Non-Identifiable Information is information that does not identify a specific user.
5. SHARING YOUR PERSONAL INFORMATION
We do not share personal information with third parties outside of our organization unless one of the following circumstances applies:
FOR RELEASE REQUIRED BY LAW
We may process and transfer personal information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law. Where possible, we will inform Users about such transfer and processing.
WITH YOUR EXPLICIT CONSENT
We may share personal information with third parties outside LUCID’s organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.
NO RELEASE FOR MARKETING PURPOSES
LUCID will not share, sell, rent, trade, or disclose personal information to any third parties for marketing or commercial purposes, unless you have granted us permission in writing to do so.
6. DATA RETENTION
We will retain User Information and Biometric Data for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you any services, you may delete your User Account by contacting us at firstname.lastname@example.org.
We may retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavor to delete personal information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion.
In addition, we do not delete from our servers files containing non-identifying information that you have in common with other Users. Without your request to delete your information, we will retain personal information for a minimum of one year. We will destroy or anonymize your personal information within three years after it is no longer required to provide the Services.
7. INFORMATION SECURITY
The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to personal information.
We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to personal information stored on our servers or servers operated by Service Providers on our behalf is restricted to authorized personnel, including LUCID employees. Any individuals having access to the information stored on such servers are bound by confidentiality agreements.
However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.
8. YOUR RIGHTS
RIGHT TO ACCESS YOUR PERSONAL DATA
You have the right to access your personal data that we use, collect or disclose. You may do this by contacting us.
RIGHT TO WITHDRAW CONSENT
You have the right to withdraw consent at any time. There is implied consent when you browse the site and expressed consent is given through a sign-on wrap when you give your email. Withdrawing your consent may result in less access to our Services. The withdrawal of consent does not affect the collection, use, and disclosure of the personal information prior to the request for withdrawal.
RIGHT TO UPDATE INFORMATION
You have the right to correct untrue personal data collected by us. Change to information may be done through your user account you had created.
RIGHT TO ERASURE AND OBJECTION TO DATA
You have the right to erase your data from our systems. We will comply with the request unless we have legitimate grounds not to. You may also object to our collection, use, and disclosure if it is out of the scope for the purpose of our Services or for legal compliance. If we do not have legitimate grounds to collect, use, or disclose your personal data, we will cease collection, use, and disclosure upon your objection.
MINOR’S RIGHTS TO DATA
Users under the age of 18 or under the minimum age based on your jurisdiction are not permitted to create accounts without parental consent that is in accordance with applicable laws. If it has come to the attention that we have collected, used, or disclosed any personal data of minors under the relevant minimum age without parental consent, we will proceed to delete the information as soon as possible. If you believe your child has personal information on our Services and you would like it removed, please contact us for deletion of such data.
HOW TO ACCESS THESE RIGHTS
In order to address the rights as stated above please contact our email. You should include the following information: your full name, company name (if applicable), address, and phone number. We may request additional information to identify you for your privacy interest. We have the right to deny requests that are unreasonable, repetitive, or manifestly invalid.
9. OUR CONTACT INFORMATION
514 St. Clair Ave East,
Toronto, ON M4T 1P7