Introduction

Card Integrators Corporation dba CI Solutions, a California corporation (“CI Solutions,” “we,” “us,” or “our”), respects your privacy. This Badge App Privacy Policy explains how information is handled when authorized users access and use the Badge App. The Badge App allows authorized users to access a digital version of an ID card on an iOS device. The app may be used by schools, school districts, colleges, universities, businesses, agencies, healthcare organizations, membership organizations, and other CI Solutions customers.

This policy applies only to the Badge App. It does not replace the broader CI Solutions Privacy Policy that applies to the CI Solutions website, Badge ID platform, Bulk Print Services, support services, and other CI Solutions products and services.

1. What the Badge App Does

The Badge App allows an authorized user to view a digital version of an ID card issued or managed by a CI Solutions customer.

Depending on how the customer configures the service, the digital ID card may display information similar to what appears on a physical ID card, such as:

• name;
• photo;
• school, organization, employer, or agency name;
• ID number;
• role, status, grade, department, or classification;
• barcode;
• QR code;
• card serial number;
• other customer-configured credential information.

The customer determines what information appears on the digital ID card and who is authorized to access the app.

2. Information the App Handles

The Badge App is designed to collect and use only the limited information necessary to authenticate users, match the authenticated user with the correct backend record, support account reset, protect account security, and display the authorized digital ID card.

Single Sign-On Authentication

The Badge App uses single sign-on authentication. When you sign in through a single sign-on provider (“SSO Provider”), the SSO Provider may ask you to enter your username and password. CI Solutions does not directly collect, receive, or store your SSO username or password through the Badge App.

After successful authentication, the SSO Provider sends the app or CI Solutions an authentication token. CI Solutions uses this token to confirm that you are authorized to access the app and to match your authenticated user ID with the correct record in CI Solutions’ backend system.

One-Time PIN for Account Reset

When your account is being reset, the Badge App may collect a one-time PIN that you enter for verification.

CI Solutions uses the one-time PIN only to verify the reset process and help protect your account from unauthorized access.

Digital ID Card Information

The Badge App may display digital ID card information configured by the CI Solutions customer. This information may include your name, photo, organization, ID number, role, status, barcode, QR
code, card serial number, or other customer-configured credential information.

CI Solutions processes this information to provide the mobile ID service requested by the customer.

3. Information the App Is Not Designed to Collect

Based on the Badge App’s current functionality, the app is not designed to collect the following directly from your device:

• device contact lists;
• precise or approximate location;
• photos, videos, audio, contacts, or files from your device;
• payment information or financial information;
• health, fitness, biometric, or other sensitive personal information;
• browsing history;
• advertising data;
• advertising identifiers;
• marketing identifiers;
• analytics identifiers;
• crash logs, performance data, or diagnostic data, unless separately
  disclosed in an updated version of this policy and applicable App Store
  disclosures.

If CI Solutions later adds third-party software development kits, analytics tools, crash reporting tools, advertising tools, diagnostic tools, or similar services to the Badge App, CI Solutions will update this policy and applicable App Store disclosures as required.

4. What We Do With the Information

CI Solutions uses information handled through the Badge App only to:

• authenticate users;
• provide access to authorized app functionality;
• match an authenticated user ID with the correct backend record;
• display the authorized digital ID card;
• support account reset and account security processes;
• prevent unauthorized access;
• maintain the security and integrity of the app and related systems;
• provide support and troubleshooting;
• comply with applicable legal, contractual, and customer requirements.

CI Solutions does not use information handled by the Badge App for:

• advertising;
• targeted advertising;
• marketing;
• behavioral profiling;
• cross-app tracking;
• cross-site tracking;
• sale to third parties;
• sharing with data brokers or advertising networks.

5. Information From Students and Minors Under 13

The Badge App may be used by schools, school districts, and other educational organizations that serve students, including students under the age of 13. When CI Solutions processes student or minor information through the Badge App, we do so on behalf of and at the direction of the applicable school, school district, or educational organization.

The app may be used to support school-authorized safety and operational practices, including:

• digital student ID display;
• student identification;
• transportation or bus pass identification;
• cafeteria, library, attendance, check-in/check-out, campus service, or
  access-related identification;
• replacement card or credential workflows;
• authorized school operational practices.

CI Solutions does not knowingly collect personal information from children under 13 through the Badge App for advertising, marketing, behavioral profiling, or tracking purposes.

CI Solutions does not sell children’s or student personal information.

CI Solutions does not share children’s or student personal information with data brokers or advertising networks.

Where required by applicable law, including the Children’s Online Privacy Protection Act (“COPPA”), CI Solutions relies on the authorization of the applicable school, school district, educational organization, parent, guardian, or other authorized party for the collection and use of student information necessary to provide the Badge App.

Parents or guardians who have questions about student information displayed or processed through the Badge App should first contact their school or district. They may also contact CI Solutions using the information at the end of this policy, and CI Solutions will work with the applicable school or customer as appropriate.

6. Who We Share Information With and Why

CI Solutions does not sell information handled through the Badge App. CI Solutions does not share information handled through the app with data brokers or advertising networks. CI Solutions may share information only in limited circumstances required by law.

With the Customer That Controls the Information

The school, district, business, agency, organization, or other customer that provides or manages the digital ID information may access information related to its users and cardholders.

The customer determines what information is included in the digital ID card and who may access the app.

With SSO Providers

The Badge App relies on an SSO Provider for user authentication. CI Solutions does not control the SSO Provider’s collection or handling of the username, password, or other information
you provide directly to that SSO Provider.

Your use of the SSO Provider may be subject to that provider’s own privacy policy and terms.

With Service Providers

CI Solutions may use trusted service providers that help us provide, operate, secure, support, or maintain the Badge App and related systems. These service providers are authorized to process information only as needed to provide services to CI Solutions and are required to protect information in accordance with applicable contractual obligations.

For Legal, Security, or Compliance Purposes

CI Solutions may disclose information if required to do so by law, legal process, or a valid governmental request, or if CI Solutions believes disclosure is necessary to protect the rights, safety, security, or integrity of CI Solutions, our customers, users, students, cardholders, or systems.

7. How We Store and Protect Information

CI Solutions uses reasonable administrative, technical, physical, and organizational safeguards designed to protect information handled through the Badge App from unauthorized access, disclosure, alteration, or destruction.

These safeguards may include, as applicable:

• authentication controls;
• access controls;
• secure transmission methods;
• role-based permissions;
• system monitoring;
• security logging;
• backup and recovery procedures;
• incident response processes;
• employee confidentiality obligations;
• vendor confidentiality and security obligations.

No method of transmission or storage is completely secure. CI Solutions cannot guarantee absolute security, but we work to protect information using safeguards appropriate to the nature of the information and the services provided.

8. How Long We Keep Information

CI Solutions retains authentication tokens, user identifiers, digital ID records, account reset verification information, and related security records only for as long as necessary to:

• provide Badge App functionality;
• maintain security;
• complete the account reset process;
• comply with customer instructions;
• comply with legal obligations;
• resolve disputes;
• enforce agreements;
• support authorized customer operations.

One-time PINs are intended for temporary verification during the account reset process and are not used for advertising, marketing, analytics, profiling, or tracking.

Customer-provided digital ID information is generally retained in accordance with the applicable customer agreement, customer instructions, legal requirements, and CI Solutions’ retention practices.

9. How to Request Access, Correction, or Removal

Because CI Solutions often processes Badge App information on behalf of a customer, requests to access, correct, or delete information may need to be handled by the customer that controls the information.

For example:

• students and parents should generally contact their school or school district first;
• employees should generally contact their employer first;
• members should generally contact the organization that issued or manages the ID card first;
• other cardholders should generally contact the organization that created or manages the credential first.

When CI Solutions receives a request involving information controlled by a customer, CI Solutions may refer the request to the customer or work with the customer to respond.

Subject to applicable law, customer instructions, contractual requirements, and technical limitations, CI Solutions will support appropriate requests to:

• access information;
• correct inaccurate information;
• delete information;
• deactivate a record;
• remove a Mobile ID from active use;
• restrict certain processing where applicable.

Some information may need to be retained for legal, security, backup, audit, dispute resolution, contractual, or operational purposes.

10. Changes to This Policy

CI Solutions may update this Badge App Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date above and provide notice as required by applicable law, customer agreements, or platform requirements.

If CI Solutions adds new data collection, analytics, diagnostics, advertising, tracking, or third-party SDK functionality to the Badge App, CI Solutions will update this policy and applicable App
Store privacy disclosures as required.

11. Contact Us

If you have questions about this Badge App Privacy Policy or our privacy practices, contact us at: