Table of Contents
1. Acceptable Use Policy
MetaMap’s platform helps businesses understand the merits of their customers, recruits, or employees, to make better informed decisions. To do this, we need to make sure we can keep our platform running, which in turn requires our platform to be used responsibly.
This Acceptable Use Policy is meant to help our customers—both the end users who use our platform to access services or employment opportunities, and the businesses who use our platform to assess the merits of these end users—understand what we consider to be irresponsible uses of our platform. If we identify a violation of this Acceptable Use Policy (in our sole discretion), we reserve the right to take steps necessary to protect our platform, including terminating or suspending a user’s account or access to our platform and services. Wherever possible and when we are allowed to do so, however, we will do our best to notify you before we need to take action under this Acceptable Use Policy.
Here’s what we won’t allow:
- Compromising the integrity of our systems. This could include probing, scanning, or testing the vulnerability of any system or network that hosts our services, unless we have given you express permission to do so
- Tampering with, reverse-engineering, or hacking our services, circumventing any security or authentication measures, or attempting to gain unauthorized access to our services, systems, networks, or data
- Modifying, disabling, or compromising the integrity or performance of the services, or our systems, network or data.
- Interfere with or disrupt the integrity or performance of any service or third-party data contained in such service.
- Overwhelming or attempting to overwhelm our infrastructure by imposing an unreasonably large load on our systems that consume extraordinary resources (CPUs, memory, disk space, bandwidth, etc.). This includes overwhelming our system with large and sudden spikes in traffic or verification volume, which may require us to slow, throttle, or even temporarily pause your access to our services
- If you are a business using our services, and you are aware of a potential spike in traffic (for example if you are releasing a new service, performing a migration, expanding to a new region, or enabling the service for an additional division of your business), it is essential that you notify us as soon as practicable so that we can plan for this and avoid having to take remedial action
- Misrepresenting yourself (including by “spoofing”, “phishing”, manipulating headers or other identifiers, impersonating anyone else, using measures designed to confuse biometric verification techniques, or falsely implying any sponsorship or association with MetaMap or any third party)
- Using the services to violate the privacy of others, including publishing or posting other people's private and confidential information without their consent
- Using the services for any illegal purpose, or in violation of any laws (including data, privacy, sanctions, anti-corruption, and export control laws)
- Modify, Copying, or Creating derivative works based on the services or any part, feature, function or user interface thereof
- Decoding, reverse engineering, or decompiling a service
- Accessing a service to (1) build a competitive product or service, (2) build a product or service using similar ideas, features, functions or graphics of the service, (3) copy any ideas, features, functions or graphics of the service, or (4) determine whether the services are within the scope of any patent.
- Use the service to store or transmit malicious code.
- Frame or mirror any part of any service, other than framing on our customer's own intranets or otherwise for its own internal business purposes or as permitted by us.
- Use the service to store or transmit infringing, libelous, or otherwise unlawful or tortious material.
Uploading, sharing, submitting, or otherwise providing content that:
- Infringes MetaMap’s or a third party’s intellectual property or other rights, including any copyright, trademark, patent, trade secret, moral rights, privacy rights of publicity, or any other intellectual property right or proprietary or contractual right
- You don’t have the right to submit
- Is deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic (including child pornography, which we will remove and report to law enforcement, including the National Center for Missing and Exploited Children), indecent, harassing, hateful
- Encourages illegal or tortious conduct or that is otherwise inappropriate
- Contains viruses, bots, worms, scripting exploits, or other similar materials
- Could otherwise cause damage to MetaMap or any third party
In this Acceptable Use Policy, the term “content” means: (1) any information, data, text, software, code, scripts, photos, graphics, videos, messages, tags, interactive features, or other materials that you post, upload, share, submit, or otherwise provide in any manner to the services and (2) any other materials, content, or data you provide to MetaMap or use with the Services.
2. Data Processing Addendum
This Data Processing Addendum (the “Addendum”) is incorporated into the Master SaaS and Services Agreement (the "Agreement") by and between MetaMap and Merchant.
WHEREAS, the Agreement requires MetaMap to process certain personal information about Merchant’s customers on behalf of Merchant;
WHEREAS, the Parties wish to supplement the Agreement and to specify the terms governing MetaMap’s processing of this information, in order to ensure that privacy and confidentiality are maintained appropriately;
NOW, THEREFORE, in consideration of the agreements contained herein, the receipt and sufficiency of which are hereby acknowledged by this Addendum, the Parties agree as follows:
Exhibit A: Description of Processing
Name: Customer and its Authorized Affiliates.
Contact person’s name, position and contact details:
Activities relevant to the data transferred under these clauses: Performance of the Services pursuant to the Agreement.
Data Importer: MetaMap
- CATEGORIES OF DATA SUBJECTS
Customers of Merchant
- CATEGORIES OF PERSONAL DATA
Customer can configure the Platform and Services to collect and process different Personal Data, at their discretion. This Personal Data can include:
- Full Name
- Contact information (email, phone, physical address)
- Government Identifiers
- Biometric Information (facial photographs)
- Financial Information
- Professional Information
- Device Information
- PURPOSE OF THE PROCESSING
MetaMap will Process Personal Data as necessary to perform the Services pursuant to the Agreement, and as further instructed by Customer in its use of the Services.
- DURATION OF PROCESSING
MetaMap will Process Personal Data for the duration of the Agreement, as specified in this Addendum, unless otherwise agreed upon in writing by the parties.
- TECHNICAL AND ORGANIZATIONAL MEASURES
Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, and will make reasonably available descriptions of such safeguards at the request of Merchant.
3. Entity list
For the purposes of the SaaS Master Service Agreement with MetaMap, please find below a list of our operating entities. The billing of your Services will be done with the corresponding entity and will be communicated to you by your Account Executive.
Legal Department, MetaMap
What Information We Collect About You and Why
When our platform is used to verify your identity, we may collect the following types of information about you:
- Contact information such as your name, address, email address, phone numbers, etc.;
- Government IDs and ID numbers, or other documents (such as utility bills) you want to use to verify your identity;
- Biometric information you provide us, such as a selfie;
- Credentials you provide us to connect your accounts;
- Financial information such as information about your bank accounts that you choose to connect; and
- Device Information such as information about your mobile device, computer, browser, your IP address, your precise location, and information associated with cookies stored on your device.
We use this information at your direction to provide our services to our merchants, who use this information to verify your identity, conduct legal compliance checks (for example, to make sure you are not a sanctioned individual) and/or your eligibility for various products and services (for example, to determine whether you are eligible for a particular type of bank account, or to determine the terms of a loan). Additionally, we use this information to help all of our merchants more broadly assess risk and fraud, for example by providing them insights, reporting, and analytics. Finally, we may use this information (when permitted):
- To meet our legal requirements, and to enable our merchants to meet their legal requirements;
- To investigate or prevent suspected fraud, threats of harm or criminal conduct, or violations of our contracts or policies;
- To provide merchant support or answer questions;
- To improve our products and services, including to develop and test new products or features; and
- To provide reporting and analytics.
When and Why Do We Share Your Information
When we process your personal information, we will share that information with parties you are already interacting with. For example, if you use our service to prove your eligibility for a particular service or product offered by a bank, we will share your information with that bank on your behalf. We also share your information with service providers who help us offer our platform (for example the web hosting providers we use). When we share your information in this way, we do so under a contract with the service provider.
Additionally, we may share your information:
- to investigate or prevent suspected fraud, threats of harm or criminal conduct, or violations of our contracts or policies;
- to help us conduct marketing and advertising;
- to comply with legal requirements, or to respond to court orders or other similar government or legal demands; or
- if we merge with or are acquired by another company.
Where We Send Your Information
We provide our services to merchants and individuals located around the world. As a result, we often need to transfer your information outside of your state or country, including to the United States. This data may be subject to the laws of the countries where we send it. When we send your information across borders, we take steps to protect your information, and we try to only send your information to countries that have relatively strong data protection laws.
If you are located in the European Union, the United Kingdom or Switzerland, when we transfer your information to the United States this information is protected by contractual commitments approved by the European Union called Standard Contractual Clauses.
How We Protect Your Information
We take the security of our platform very seriously, and do our best to try and protect your information. There is always, however, some risk associated with any technology that transmits or stores electronic information through the Internet. This means we cannot guarantee the absolute security of your information, even while we do our best to protect it.
How We Use “Cookies” And Other Specific Technologies
Your Rights Over Your Information
You may be located somewhere that offers you specific legal rights over your information. Regardless of where you are located, however, we believe you should have the right to access and control your information. When we are allowed to do so, we will honor requests from you to access, cancel, oppose, delete, or correct your personal information, and will not penalize or discriminate against you for doing so. To make such a request, please email us at email@example.com.
While we would like to extend these rights to everyone, there are some situations where we are legally prohibited from doing so. Specifically, when we handle your information solely on behalf of our merchants, we sometimes do so as a “data processor” to them, meaning that we do not have the legal right to respond to requests from you. In those situations, we will let you know that we are unable to assist, and will try (to the extent possible) to direct your request to the relevant merchants.
We also explain where you may have specific additional legal rights below, in the section titled “Additional Information for Specific Regions.”
Additional Information for Specific Regions
Some countries require a “legal basis” for any processing of your personal information. We primarily process your personal information at your direction and with your consent. Where we are not processing your personal data at your express direction, we generally do so based on our legitimate business interests, including:
- To improve our products and services;
- To conduct marketing; and
- To provide customer service
If you are a merchant who uses our platform to help onboard or manage your customers (our end users), you should know that we are “data controllers” of data we receive about end users.
How to Contact Us
If you would like to ask about or make a complaint about how we handle your information, please contact our Data Protection Officer at firstname.lastname@example.org.
2001 Gateway Pl., Suite 151E
San Jose, CA 95110
2700 19th St.
San Francisco, CA 94110
Last Updated: February 22, 2023
5. Service Level Agreement
Terms used but not defined herein shall have the meanings given to them in the Master Services Agreement.