JEM Privacy Policy

Effective Date: November 27, 2019

This policy describes the ways The Praxis Group, LLC, doing business as JEM and JEMPass (hereinafter, “JEM”, “we”, “our” or “us”) collect, store, use and protect your (“you”, “Customer” and “User”) data and Credentials. The purpose of this policy is to ensure that JEM provides you notice of our data collection and use policies. Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in the Terms of Service.

Privacy Is Important to JEM

Here at JEM, your privacy is important to us and this policy provides an overview of how we employ, disclose, and process your personal data and Credentials.

How You Accept This Policy (Please Read Carefully)

By using the Products, Software, or Site, you agree to the use, disclosure, and procedures outlined in this Privacy Policy.

Changes to This Policy

We may amend this policy at any time by posting a revised version on our website. The revised version will be effective at the time we post it. In addition, if the revised version includes any substantial changes to the manner in which your data will be processed, we will provide you with prior notice by posting notification of the change on the “Privacy Policy” area of our website.

Information We Keep and How We Use It

Depending on the way in which your JEM installation is configured, JEM devices, applications, databases or servers may use, collect or store some combination of three kinds of user information:

  • Encrypted Customer Vault Data
  • Customer Account and Service Data
  • Biometric Data

We strive to handle all data securely and with respect for your privacy and data confidentiality. The specific ways in which we treat and use each type of data is described below.

Encrypted Customer Vault Data

The services that JEM provides is made possible by data you store in an encrypted JEM Vault (“Encrypted Customer Vault Data”). This includes data about your login credentials that you enter into your JEM Vault manually, through the JEM Import feature, or automatically using one of various JEM Extensions for supported web browsers.
Encrypted Customer Vault Data includes information such as such as Usernames and Passwords (together called “Credentials”), as well as the domains or websites to which these usernames and credentials pertain, e.g., google.com.
Credentials stored in the JEM Password Manager Software are encrypted in such a manner that we are not capable of decrypting or deciphering them, even when they are stored in our systems. The cryptographic keys required for decrypting these Credentials remain always and solely in your possession and under your control. We do not have any way of accessing, viewing, using or providing decrypted Credentials on our systems.
Your passwords that are stored in encrypted form in your JEM Vault can only be decrypted when:

  1. You present your biometric data (e.g., your registered fingerprint) to your JEM device in conjunction when prompted to do so by a computer that you have previously paired to that JEM, OR
  2. You present you biometric data (e.g., you fingerprint or you’re an image of your face) when prompted to do so by the JEM app on your supported mobile device or tablet, OR
  3. You supply your Administrative Access Key to a JEM client app when prompted.

We never receive or store unencrypted Credentials on our systems.
Information on the Domains for which you have stored Credentials in your JEM Vault is stored in unencrypted form on your devices and in our systems.
Regardless of how it is stored, Encrypted Customer Vault Data belongs to the customer. We claim no rights to it beyond those necessary to provide services to you. You may add, modify, and delete Encrypted Customer Vault Data whenever you wish.
If you do not wish to provide Encrypted Customer Vault Data to us, do not enter data into a JEM Vault; without such a Vault, you cannot provide us with Credential Vault Data.
Please note that JEM has NO WAY to recover or restore your Credential Vault Data should you lose access to all your paired and personalized JEM devices and JEM Authenticator apps, and your Administrative Access Key. Store your Administrative Access Key in a safe place, e.g., with other critical and sensitive documents such as passports.

Customer Account Data and Service Data

Your purchase and use of JEM Products will naturally result in our collection of some Customer Account and Service Data about you.
Customer Account and Service Data includes data elements such as your name, address, phone numbers, email address, payment credential(s) and device IDs. We collect and retain only enough Customer Account Data to fulfill your orders and provide ongoing services, support and, at your option, periodic updates from JEM or its partners and affiliates. This data is never used for any other purpose.
Customer Account and Service Data is kept confidential. It is visible to our staff. We retain the right to hold and use Customer Account and Service Data to provide our services, troubleshoot problems, analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments.

Biometric Data

JEM uses Biometric Data about you, e.g., your fingerprint, to secure your Credentials in your Encrypted Customer Vault Data.
JEM generates and stores images of your fingerprint on your JEM device. This Biometric Data is only generated and stored solely on your JEM device. Your Biometric Data never reaches our servers. JEM never extracts your Biometric Data from your JEM device.
JEM also provides apps for mobile devices and tablets made by Apple, and in the future may provide apps for devices running Android as well. On such devices JEM apps do or will utilize biometric identity services provided by the device operating system (e.g., TouchID, FaceID). While we use the authentication and verification service provided by the device’s operating system, we do seek or use your biometric data that may be stored on such devices.

How We Keep Your Information Safe

We understand and accept our responsibility to protect Encrypted Customer Vault Data, Customer Account and Service Data and Biometric Data.
We do not collect Biometric Data in any central repository – it is stored and used solely in your JEM devices, which should remain in your control at all times.
Encrypted Customer Vault Data transmitted to and stored our servers is encrypted using a Vault Encryption Token that based on your Administrative Passphrase. JEM has no access to your Administrative Passphrase or the Vault Encryption Token, and will never request this information. This is meant to ensure that JEM will never have the information required to decrypt your Vault data, even when it is stored in our servers.
Customer Account and Service Data is treated as confidential data.
We limit access to Encrypted Customer Vault Data and Customer Account Data to authorized personnel with a need to access the data. Encrypted Customer Vault Data cannot be decrypted even by those who do have access to it, as we do not have access to the decryption key, which is and should remain solely in your possession and control.

Data Location and Transfer

All Encrypted Customer Vault Data and Customer Account and Service Data is held on servers located within the United States.
JEM Encrypted Customer Vault Data and Customer Account and Service Data is available to members of our worldwide staff.
We may allow you to use a third party cloud storage solutions provider such as Google Drive and/or Dropbox. In such case, we shall only have and use the login data you provide us pursuant to the Terms of Service in order to interact with such third party cloud storage service providers which such providers shall be responsible for the security and storage of your Credentials, as further described in the Terms of Service.

Customer Support System

Our customer support and email services are hosted primarily in the United States. Any information you choose send us through email or our customer support system may pass through and be stored on a variety of intermediate services.

Third-Party Data Processors

Encrypted Customer Vault Data and Customer Account and Service Data are held by third party data processors, who provide us with hosting and other infrastructure services.
Data needed to process payments is collected by our payment processor, Shopify Payments, whose privacy policy is available at: https://www.shopify.com/legal/privacy.

Contacting You

We may use your contact information to communicate with you about your use of JEM Services, provide support, and send you other information such as product updates and announcements. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.

Your Responsibilities for Protecting Your Data

When you create a JEM Profile you will receive or create a Secret Cloud Access Key and an Administrative Passphrase. Your Secret Cloud Access Key is specified by you or generated on your computer and your Administrative Passphrase is something you create yourself. For your protection, you should create a strong and unique Secret Cloud Access Key and an Administrative Passphrase that are not easily guessed by others.
It is extremely important that you understand that anyone with both your Secret Cloud Access Key and an Administrative Passphrase can access your Secure Data. It is equally important that you keep a copy of these keys in a safe place for your own reference, because future access to your Secure Data depends on having access to BOTH your Secret Cloud Access Key and your Administrative Passphrase. We will not ask you for your Secret Cloud Access Key and your Administrative Passphrase, and you should never send either to us.
Due to the nature of our design and the sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to help you with certain customer service requests unless you are listed as an account owner and are communicating from your verified email address. In the event that you change your email address, is very important that you update your email on your JEM account(s) or you may eventually lose access.

Your Right to Knowing to What We Know

You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
Disaster recovery and data availability requirements mean that JEM has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Cookies and Tracking

We set and use cookies (small text files placed on your device) on our own domains and subdomains to store settings that assist with identifying your account for sign-in. We also use third party analytics packages for our public pages that may set cookies on your computer. These are limited to our domains, and do not involve cross-service tracking. You may disable cookies in your browser and continue to use our services without impact.

Consent for Underage Enrollment

Those under the age of 18 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers and team owners are responsible for that authorization when they add someone under the age of 18 to an account.

Disclosure

We will comply with applicable law with respect to providing Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form.

Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.

Updates to our Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to send you annoying email informing you of substantive changes. Previous versions will be made available from this page.

Contact Us

If you have any questions about this Policy, you can contact us via email or postal mail at:
Email: privacy_questions@jempass.com