Privacy Policy
1. Introduction
Micruity is committed to maintaining the privacy of personal information about our Customers, Prospects, End Users and Visitors. In this policy, we explain how Micruity (Micruity Inc. and its subsidiaries) handles any personal data that we obtain through our apps, our website micruity.com or when you contact us by mail, phone, email or other electronic means. We will follow the law when you share personal data with us.
When you continue to use our apps or browse our website, such as reading the content, clicking on a link or contacting us by mail or phone, you consent to us using your personal data in the way that we describe here.
2. How and why we obtain and use personal information
Micruity makes its services available to Customers or Subscribers and their End Users via Micruity apps, the internet, email, or API endpoints. If you are one of our Customers or Subscribers, we generally collect Business Contact Information. Customers are engaged in transacting business with Micruity, Subscribers receive communications from Micruity, and End Users are affiliated with Customers. Business Contact Information means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number.
We collect, use, and disclose certain Personal Data at the direction and on behalf of our Customers/Subscribers and their End Users in order to complete a transaction; service, maintain, and protect your account; respond to inquiries from you or your representative (such as a Customer Support Agent); develop, deliver, and offer products and services; efficiently operate and manage our business; fulfill legal and regulatory requirements. We may collect both public and non-public information from Customers and Visitors from various sources., Some examples include:
- Information from you or your representative on applications or forms (for example: your interactions with customer service or other representatives at your recordkeeper, asset manager, insurer, employer or plan sponsor; information collected about you when you visit our websites or use our applications; information you provide regarding your preferences)
- In order to process an income election application on behalf of a Customer we may send the End User’s (and their spouse’s and beneficiaries’ if applicable) name, date of birth, primary address, email address, phone number, social insurance number/social security number, identity verification documents and banking information (“Personal Data”) to an issuer financial institution. Other transactional activity information may be collected during this process. Micruity shall only use information that is necessary to deliver requested services to our Customers or Subscribers.
- Information from third-party (public or private) sources (for example marketing service providers, government agencies and other regulatory bodies)
Micruity has no direct business relationship with End Users. Micruity does not collect, access, store, disclose or use such Personal Data, except as directed by our Customers and Subscribers or as required by law. Customer or Subscriber is responsible for obtaining any consent necessary for the completion of a transaction. Micruity is not responsible for the privacy practices of companies, including Customers and Subscribers to whom it receives or sends Personal Data. Micruity reserves the right to use anonymous data for any purpose at its sole discretion.
If you disclose any personal information relating to other people to us or to our service providers in connection with our services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Online Privacy Statement.
We collect the following information when you use our websites or contact us:
When you browse the website or contact us with commercial inquiries: we collect general analytics data and any contact and other information you provide to us.
When you contact us by mail, phone or through the contact form or chat on our websites: we collect your name, email address or phone number, and any other information you may provide to us.
When you contact us about a job opening: we collect any relevant information you provide to us.
By signing up for a newsletter, requesting information and providing feedback or completing any other form on this site, the visitor agrees that Micruity may collect, use, and store information provided for the applicable business purposes indicated on the page. Micruity may use this information to provide other information, products or services (for example, on subsequent visits to this site or through an email subscription).
We use this information:
- For our own marketing communication correspondence, including following up on leads.
- To reply to your information request when you contact us with a question.
- To keep you in our recruitment database if you contact us about job openings.
- To be able to provide our service to our Customers, for onboarding, support and billing.
Do not track:
Micruity does not track its Customers to provide targeted advertising and therefore does not respond to Do Not Track signals.
Retaining personal data:
We will retain Personal Data only as long as necessary to fulfill the identified business purpose. Even if we return or destroy Personal Data it may persist on electronic backup or archival media made in the normal course of business for an additional period of time or for legal or tax reasons.
We store:
- General contact information related to inquiries for at least two (2) years.
- Marketing information for at least two (2) years.
- Recruitment information for at least five (5) years.
- Other information as required to deliver our SaaS offerings
3. Information we obtain about you
Sometimes we obtain your personal data from other parties for general marketing purposes, such as companies that provide us with an overview of publicly available information on people that have submitted a job application. We will use this information in the same way as the information that you provided to us.
4. Legal Basis
We process data from End Users on the basis of our and our customer’s legitimate interest to deliver our services in a regular manner.
We process data from Visitors to our website and people who contact us, including for job openings, on the basis of our legitimate interest in providing information about our business.
5. Sharing Information
We only share your personal data with outside service providers that we use for storing and processing your data, for example:
Companies that provide support functionality.
- Companies that support our recruitment activities.
- Companies that support us in sending emails and other messages related to our marketing.
- Clients, affiliates, or partners such as plan sponsors, asset managers, insurers and recordkeepers that ask us to process your data in order to provide services to you (for example, for annuity election purposes)
- We require these companies to adequately safeguard your personal data and not use your data for any other purpose not authorized by us.
In the event that (part of) our business is sold to another company, transfer of ownership could include the transfer of your personal data to the buyer if the data directly relates to that (part of the) business.
We reserve the right to use and disclose personal data in the event we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Micruity or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property.
Micruity also shall comply with any government or law enforcement entity investigation that provides proper law enforcement warrants and subpoenas.
We do not share, disclose, sell, rent or otherwise provide your information to third parties for marketing purposes or other business purposes.
We may use your information including Personal Data with our affiliates for purposes consistent with this Privacy Policy. Our suppliers and contractors may have access to your Personal Data to perform certain business-related functions such as providing email services and technology services to us.
6. Security
Micruity is committed to maintaining an effective information security program in line with reasonable industry standards. Micruity uses administrative, functional, technical, and physical safeguards to protect:
- the security and confidentiality of information
against any anticipated threats or hazards to the security or integrity of such information - against unauthorized access to or use of information which could result in substantial harm or inconvenience to individuals.
Micruity uses industry-standard security measures such as SSH and TLS. We will continually review and update our security policies and controls as technology changes to ensure ongoing security. We have entered into confidentiality agreements with our suppliers, agents, representatives and employees (“Representatives”) and our Representatives are expected to maintain the confidentiality of such information. Micruity is not responsible for the data security practices of companies from whom it receives or to whom it sends Personal Data.
Please note that no transmission over the Internet can be 100% secure and thus, we cannot guarantee the security of Personal Data. Moreover, any unprotected electronic communication over the Internet is not secure or confidential, subject to possible interception or loss, and possible alteration. We are not responsible for and we shall not be liable for any damages in connection with any Personal Data contained in any unprotected email, text message or any other electronic message sent to us.
Any attempted or actual security breach shall be directed to Micruity’s Risk and Information Security Committee and legal counsel (if applicable), which are responsible for determining response procedures, depending on the severity and nature of the event and applicable laws and regulations.
Depending on where you live, you may have a legal right to receive notice of a security breach, involving your Personal Data, in writing. Should there be a security breach that affects End Users, the Customer or Subscriber shall be responsible for disseminating notice of such a security breach to those End Users.
We take all reasonably necessary steps to protect all information we hold from misuse, loss, unauthorized access, modification or disclosure. All information is kept secure, encrypted at rest and in transit where possible and protected using industry-standard measures. No method of transmission over the Internet or method of electronic storage (including via 3rd parties) is 100% secure; therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
If you become aware of any vulnerability in our site or services, simply send us an email to support@micruity.com and we shall investigate the matter as soon as possible.
7. Data integrity, purpose limitation
We process information in a way that is compatible with and relevant for the purpose for which it was collected as described above. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
8. Cookies Policy
The Micruity website does not use cookies.
9. Your rights
You have the right to request access to your personal data that we process. You also have the right to:
- Rectify incorrect personal data or erase it in certain circumstances.
- Restrict or object to the processing of your personal data.
- Receive your data so that you can use it elsewhere (data portability).
If we serve you through a third party, such as the recordkeeper of your retirement plan or an insurer that issues you an annuity certificate, please contact them directly to access, update/correct, restrict, or receive your data. You also have the right to withdraw your consent at any time, where our processing is based on your consent. Please be aware that a withdrawal of your consent does not affect the lawfulness of the processing of your data before the date on which you withdraw your consent.
Finally, you may have the right to lodge a complaint with a supervisory authority. If you do not know who your supervisory authority is, please contact us and we will tell you.
10. Micruity Risk and Information Security Committee
Micruity has appointed a Risk and Information Security Committee that is responsible for matters relating to privacy and data protection. This Risk and Information Security Committee can be reached at the following address. Reach out to us with any questions you may have about the processing of your personal data by us, or to exercise the above rights, at:
Micruity Inc.
Attn: Risk and Information Security Committee
1401 21st ST, STE R
Sacramento, CA 95811
Email at: support@micruity.com
11. Additional information for California residents
This section is provided for purposes related to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CPRA") and applies solely to the personal information and aspects of the Micruity business that are subject to the CPRA. As used in this section, "personal information" means information that meets the definition of "personal information" as set forth in the CPRA and is not otherwise excluded from the scope of the CPRA.
Depending on your relationship with Micruity and other factors, Micruity may have no obligation to honor a particular CPRA request, because of the nature of the personal information that Micruity collects or maintains. If you participate in a workplace retirement plan, services through a recordkeeper, asset manager, plan sponsor, or employer, CPRA requests should be directed to the recordkeeper, asset manager, plan sponsor, or employer.
Your rights under the CPRA
The CPRA gives certain rights to California residents and imposes certain obligations on those businesses that are subject to the CPRA. As required by the CPRA, set forth below is a description of certain rights that California residents generally have under the CPRA. As used below, a "consumer" means a resident of the State of California and a "covered business" means a business that is subject to the CPRA.
Right to Know/Right to Access.
A consumer has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the categories and specific pieces of information the business has collected. A consumer also has the right to request that a covered business that collects a consumer's personal information disclose to that consumer the following:
- The categories of personal information it has collected about that consumer
- The categories of sources from which the personal information is collected
- The business or commercial purpose for collecting, selling or sharing (if applicable) personal information
- The categories of third parties to whom the covered business discloses personal information
- The specific pieces of personal information that the covered business has collected about that consumer
These disclosures are not required to include any information about activity that occurred prior to January 1, 2022. Please also note that a covered business is not required to honor more than 2 of these requests from the same consumer during any 12-month period.
Right to Delete. A consumer has the right to request that a covered business delete any personal information that the business has collected from the consumer, subject to certain exceptions.
Right to Correct. A consumer has the right to request that a covered business correct inaccurate personal information that a business maintains about a consumer.
Right to Opt-Out of Sale/Sharing. If a covered business sells or shares personal information, a consumer has the right to opt-out of the sale or sharing of their personal information by the business.
Right to Limit Use and Disclosure of Sensitive Personal Information. If a covered business uses or discloses sensitive personal information for reasons other than those set forth in the CPRA, a consumer has the right to limit the use or disclosure of sensitive personal information by the business.
Non-Discrimination. A consumer has the right not to receive discriminatory treatment by the covered business for the exercise of privacy rights conferred by the CPRA.
Categories of personal information we may collect about you
In general, if you are a customer of ours or you otherwise interact with us, we collect various types of personal information about you. The amount and types of personal information we collect will vary depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you. The categories of personal information that we may collect about you are:
- Personal identifiers, such as your name, postal address, email address, online identifier, internet protocol address, account name, or other similar identifiers
Information covered by California's records-destruction law (California Civil Code §1798.80), such as your signature, telephone number, and financial account information - Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Characteristics of protected classifications under California or federal law
- Internet or other electronic network activity information, including, but not limited to, browsing history and search history while using our digital offerings, and other information regarding your interactions with our digital offerings or our advertisements
- Geolocation data
- Audio, electronic, visual, and similar data, such as call recordings
- Professional or employment-related information, such as job title and business contact information
- Education information
- Inferences drawn from any of the information listed above to create a profile about you, such as a profile that reflects your preferences, characteristics, behavior, and attitudes
- Sensitive personal information such as social security number, or account log-in, password or credentials allowing access to your account(s) or to our digital offerings
The retention periods for data elements within each category listed above vary depending on the nature of the data element and the purposes for which it is collected and used. Our retention period for the data elements within each category is set based on the following criteria: (1) the length of time that the data is needed for the purposes for which it was created or collected, (2) the length of time the data is needed for other operational or record retention purposes, (3) the length of time the data is needed in connection with our legal, compliance and regulatory requirements, for legal defense purposes and to comply with legal holds, (4) how the data is stored, (5) whether the data is needed for security purposes and fraud prevention, and (6) whether the data is needed to ensure the continuity of our products and services.
Categories of sources from which personal information is collected
In addition to the sources described in the section above entitled "How and why we obtain and use personal information", depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we may obtain personal information from the following sources:
- You or your representative, such as when using our products, services or digital offerings, when interacting with us or any of our service providers regarding our products, services or digital offerings or when otherwise communicating with us
- Providers of publicly available information
- Another person or other persons (typically people who know you) who provide referral information about you to us or who use the capabilities we offer on certain of our websites and applications to forward an article or other information to you
- Third parties that provide products and services to you through your relationship with us
- Third parties that perform services for us or on our behalf
- Other third-party sources, including government sources, data brokers and social networks
Why we collect personal information
Please see the section above entitled "How and why we obtain and use personal information" for a description of some of the business or commercial purposes for which we collect personal information, including sensitive personal information. In addition to those purposes described above, below are additional business or commercial purposes for which we collect personal information:
- To maintain the accuracy and integrity of our records
- For marketing and communication purposes
- For reporting and analytical purposes
- For training and quality-control measures
- To verify your identity
- To protect against malicious, fraudulent, or illegal activity
- For business analysis, planning, and reporting
- For effectiveness measurements
Categories of personal information disclosed for business purposes
Like most businesses, we disclose personal information, including in some cases certain sensitive personal information, to third parties for our business purposes. Depending on the nature of your relationship and your interactions with us, and on the products and services that we provide to you, we disclose to third parties for business purposes the personal information that is encompassed by one or more of the categories described in the "Categories of personal information we may collect about you" section above, with the categories of third parties listed in the section above entitled "How we share information about you with third parties".
Selling/sharing of personal information
We DO NOT sell your personal information for payment or for any other compensation. The ways in which we share your personal information with third parties on certain of our Websites will not, under the CPRA, be considered to be a “sale” of personal information or “sharing” of personal information for “cross-context behavioral advertising” (as those terms are used in the CPRA).
CPRA Exemptions
Please note that certain types of personal information collected or maintained by a covered business are exempt from the CPRA. For example, a covered business has limited obligations, or in some cases, no obligations, under the CPRA with regard to the following types of personal information:
- Personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102) and implementing regulations, or pursuant to the California Financial Information Privacy Act (Division 1.4 [commencing with Section 4050] of the California Financial Code)
In addition, some businesses are not subject to the CPRA, such as:
- A business that does not do business in the State of California
- A business that is not organized or operated for the profit of financial benefit of its shareholders or other owners
- A business that does not determine the purposes and means of the processing of consumers' personal information
- A business that has annual gross revenue of $25,000,000 or less
Furthermore, under the CPRA, there are a number of situations where a covered business under the CPRA may refuse to honor a CPRA request to delete a consumer's personal information and is allowed to continue to maintain the personal information.
Some examples include situations where retention of the personal information is reasonably necessary to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer or reasonably anticipated within the context of the covered business’s ongoing business relationship with the consumer, or otherwise perform a contract between Micruity and the consumer
- Help to ensure security and integrity to the extent the use of the personal information is reasonably necessary and proportionate for those purposes
- Debugging to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another consumer to exercise that consumer's right of free speech, or exercise another right provided by law
- To enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer's relationship with the business and compatible with the context in which the consumer provided the information
- Comply with a legal obligation
Please note that the description of the CPRA set forth in this privacy policy is a summary of only certain aspects of the CPRA and is not and should not be considered a complete description of the CPRA. In addition to what is described above, the CPRA includes other exemptions that apply to particular types of personal information and particular businesses, as well as additional situations where a covered business is not required to honor a consumer’s request to delete the consumer's personal information.
Submitting a CPRA Request
If you wish to submit a CPRA request to Micruity, you may email support@micruity.com. Before submitting your request, please ensure you have reviewed all the CPRA exemptions, including those described above under the section above entitled "CPRA Exemptions".
You should generally expect to receive a response within 45 days of the date we receive your request. However, in some instances, we may require an additional 45 days to process your request in which case we will notify you and explain why the extension is necessary.
We will need to verify your identity before we can process your request. Through the request process, we will make you aware of any information that you will need to provide to us to process your request. You may have to confirm that you are a California resident and verify your identity or the identities of those authorized to submit requests on your behalf. Additionally, the information you provide will be used to help verify your identity.
This policy is effective as of 1 October 2023 and may be updated from time to time. The latest version can be found at micruity.com.