Sontiq logo

Sontiq Privacy Notice

  • This notice was last modified on and has an effective date of July 1, 2024.

We have recently updated our Privacy Notice. Be sure to review it carefully to understand our privacy practices.

 

This Privacy Notice (“Notice”) provides information about how Sontiq, Inc., now a TransUnion Company, (“Sontiq,” “we,” “us,” or “our”) handles personal information and describes the rights you may have regarding your personal information. It applies to our brands: EZShield, IdentityForce, and CyberScout, our online and offline services, and the processing of personal information you may provide to us or that we collect or maintain about you, to include personal information you may supply when you use our websites, mobile apps, and other online services that provide a link to this Notice (collectively, our “Services”). If you do not agree to the terms of this Notice, please do not provide us with any personal information and do not use our Services.

This Notice does not cover practices of other TransUnion businesses or products, nor your interactions with us as a job applicant. Please see those respective privacy notices listed on the left-hand panel of this page for more information on those privacy practices. We also recommend that you review our Terms of Use, which governs your use of our website.

Click here to print our full Terms of Use.

Click here to print a copy of this Privacy Notice.

Analytics Disclosure: We use Google Analytics 360, including Google Tag Manager and Google Ads. If you would like to learn more about Google Analytics, or opt out of this data collection and sharing activity, please use this link: https://www.google.com/policies/privacy/partners/. Please visit our Cookie Policy for information regarding our tracking technologies.


Notice at Collection: We collect personal information as detailed in this Notice. The categories of personal information that we collect and the sources from whom we collected the personal information are listed below under “Personal information we collect.” The purposes for which we collect and use personal information are listed below under “Purpose for collecting and use of personal information” To learn more about your privacy rights, including your right to opt out of the sale or sharing of your personal information, please navigate to the “Privacy rights and choices” sections below. Our retention practices are outlined below under “Retaining personal information.” This Notice does not apply to data we receive from third parties unless it is combined with personal information you have provided to us.


1.  Personal information we collect

We may collect different types of personal information about you from various sources, including directly provided by you, through our partners or affiliates, or from commercially or publicly available data sources. The personal information collected varies based on the product or service purchased or otherwise obtained by our customers and consumers.

Some of the products and services we offer may include collecting information about you from credit bureaus, identify verification and fraud prevention services, social media platforms, and others consistent with the product or service. We also gather information from or about you when you use our Services, including accessing our websites, mobile applications, and other online services, as well as marketing and analytics providers.

In the past 12 months, we may have collected the following categories of personal information from the sources listed further below:

  • Identifiers. In general, you can use our Services without revealing personal information about yourself. However, we may ask you to provide personal identifiers such as name, alias, address, email address, Internet Protocol (IP) address, insurance or other policy numbers, other online identifiers, or other similar identifiers.
  • Financial Information and Medical Information. Financial information may include information provided by you directly such as a bank account number, routing number, credit card number, debit card number, or any other financial information, as well as information obtained from consumer reporting agencies as it may apply in our providing our Services to you. We generally do not collect medical information in providing our products or services, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
  • Characteristics of Protected Classifications. May include information about race, color, religion, creed, national origin, sex, age, disability, veteran status, and other Categories of Sensitive Personal Information (further described below). We do not generally require the collection of this type of personal information.
  • Commercial Information. Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Biometric Information. May be used to establish identity, including but not limited to fingerprints, retinal scans, voice prints or facial recognition. We do not collect this type of information in providing our Services.
  • Internet or Other Electronic Network Activity Information. Including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
  • Geolocation Data. May be obtained using IP address, GPS (where enabled on your smart device), and/or similar technologies when accessing our websites, mobile applications, or other online services. You may be able to change the settings on your device to prevent it from providing your location.
  • Sensory Data. We record audio calls made to our support center for quality purposes. We may collect personal information when you communicate with us electronically, such as using email. Other types of information, such as visual, thermal, olfactory, or similar information are not collected.
  • Professional or Employment-Related Information. We do not generally collect this type of information, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
  • Non-Public Education Information (per the Family Educational Rights and Privacy Act). We do not generally collect this type of information, but it may be collected incidentally when providing select Identity Theft or Identity Restoration services, as applicable.
  • Inferences Drawn from other Personal Information. Insights that we may use to build a profile about you; including profiles, preferences, and behaviors drawn from collection and analytics of any of the other categories of personal information.
  • Categories of Sensitive Personal Information. This includes, but is not limited to, information such as Social Security number, passport number, and driver’s license number.

Sources of Personal Information

  • Information you provide directly. We may collect personal information directly from you through use of our products or services. If you register for an account or subscribe to our newsletter, through “contact us” forms or when interacting with our website, we may collect your personal information.
  • Information third parties provide. We may supplement the personal information we collect directly from you with information from third parties. This allows us to: enhance our ability to provide the services you have requested, tailor our content to you, and offer you opportunities that may be of interest to you.

Our website may allow access to third-party websites, online services, or applications. In return, the third party may provide personal and other information to us. For example, if you select a social media icon (such as for Facebook, Twitter, or Instagram), we may have access to information from them.

  • Information collected automatically. We may use a variety of tracking technologies that automatically collect certain information whenever you visit or interact with our website. When we associate this usage information with personal information we maintain, we will treat it as personal information.
  • YouTube API Services. Within your Sontiq Member Dashboard, you may allow us to collect user information like username, image, and posts from YouTube, via YouTube API services for the purposes of providing monitoring services and alerting you to digital threats that may affect you. We do not use YouTube API Services to collect, access, sell/share with external parties, or serve third party advertisements to users, including by way of Google or YouTube end user credentials. Our use of YouTube APIs is subject to this Privacy Notice. By connecting your YouTube account to our Services, you agree to be bound by the YouTube Terms of Service and Google Privacy Policy. In addition to exercising your privacy rights via the Sontiq Member Dashboard or through methods described in section 5.1 below, you can also revoke our access to your data via the Google security settings.
     

2. Purpose for collecting and use of personal information

We will use your personal information for the purposes for which we collected it and related purposes. We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the personal information was collected. We may use your personal information that is subject to this Notice for the following purposes:

  • Providing you with and to improve our products and services, including internal research to develop and demonstrate technology
  • Providing services on our behalf or on behalf of another organization, including internal business purposes, maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services
  • Detecting and protecting against security incidents, and malicious, deceptive, fraudulent, or illegal activity and prosecuting the same
  • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide
  • Debugging to identify and repair errors in our systems and to improve our website including the user experience, marketing endeavors, and our offerings
  • Customizing your experience on our website and serving specific content or ads that are relevant to you
  • Contacting you regarding your use of our website and, in our discretion, changes to our website and its policies
  • Verifying your location, delivering relevant content based on your location, and to enable the location-based services
  • Authenticating financial information and verifying valid requests for credit reports
  • Providing you with special offers or promotional and marketing materials (including sweepstakes and contests) on behalf of us or third parties, including to provide newsletters and let you know about new products, services, or upcoming events
  • For legal purposes, as permitted by law, or for the protection of others
  • For auditing and reporting obligations
     

3.  Disclosing for a business purpose and selling/sharing personal information

We may disclose your personal information and other information with third parties for business purposes (for example, to fulfill your requests, to provide our products and services to you, to protect the interests of Sontiq and others, and in the event of a transfer of the business).

Our third-party service providers and vendors are required to take appropriate security measures to protect your personal information. We do not allow our third parties to use your personal information for their own purposes. There are times when we disclose information in an anonymized or aggregated form with our partners. In these cases, the identity of the individual(s) whose information is shared cannot be directly discerned from the information we provide.

In accordance with applicable laws and their defined terms – NOTICE: We and this website may sell your sensitive personal data. Sontiq may share your personal information for a targeted advertising purpose. We may transfer personal information (identifiers) to credit reporting agencies in a manner that may be considered a sale or sharing of personal information under state privacy laws and regulations. Sontiq does not knowingly sell or share personal information of minors under the age of eighteen (18).

In the prior 12 months, we may have disclosed (business purpose) or sold/shared (commercial purpose) your personal information to different third parties, as detailed below.

  • Banks/credit unions
  • Collection agencies
  • Consumer data resellers
  • Data analytics providers
  • Data brokers, which include data aggregators, data compilers, and data compilers/originators
  • Financial technology (fintech) companies
  • Government agencies
  • Identity verification companies
  • Insurance carriers/agencies/partners
  • Internet service providers
  • Marketing companies
  • Operating systems and platforms
  • Retail merchants
  • Service providers
  • Social networks
  • Survey providers
  • TransUnion Companies (related companies including our parent company, subsidiaries, affiliates)
     

The following data may be processed by third-party service providers:

  • Name, address, date of birth, telephone number, email address monitoring
  • Social security number monitoring
  • Credit and credit score monitoring
  • Driver’s license number monitoring
  • Passport number monitoring
  • Medical account number monitoring
  • Credit card monitoring
  • Bank account monitoring
  • Monitoring bank and credit card transactions
  • Social media account monitoring
  • Court records monitoring
  • Payday loan monitoring
  • IT services
     

4.  Managing your account and authorizations

You are responsible for the accuracy of the information you share with us. This information may be reviewed and updated through our website’s registration forms or via the “Manage Account” tab on your Sontiq Member Dashboard

You may also contact us directly to update or delete your contact information or to request that we stop sending you any form of communication (see “Contact information” section below). You have the choice to opt out of our marketing email communications at any time by using the opt-out provision/unsubscribe link at the bottom of every email.

To verify your identity, we may ask you to provide additional information before making these changes. We will make good faith efforts to make the requested changes in our systems as soon as reasonably possible. We may need to retain prior information as business records in some situations.

Withdrawing Consent. In some very limited cases we may process your personal information based upon your consent. You have the right to withdraw your consent for processing in these situations at any time. You can withdraw your consent by deleting the information from your Sontiq Member Dashboard or by contacting us directly.

Advertising. Many companies, including Sontiq, serve advertisements across Internet sites. Third-party analytics service providers may be used to gauge the use of these ads on third-party sites, the viewing of ads, and the viewing of our content. The advertisements presented may be based on your interests and activities across the Internet and mobile media.

Our third-party network advertisers and ad exchanges may set and access their own technologies on your device. This may include use of an identifier, such as a cookie or similar tracking technology, on your device. These third-party technologies, combined with personal information we may provide, may:

  • help deliver advertisements that might interest you
  • prevent you from seeing the same advertisements repetitively
  • recognize you across the devices you use
  • understand the usefulness of the advertisements that have been delivered to you

This Notice does not apply to the collection or use of the information by these third parties, but you can review more information regarding our use of tracking technologies in our Cookie Policy.
 

5. Privacy rights and choices – United States

As applicable under privacy laws, when Sontiq is acting as a data controller you may take advantage of certain privacy rights, such as to request access, correction, or deletion of your personal information. You may also have the right to appeal a denial of your privacy rights.

To exercise your privacy rights by submitting a verifiable request (subject to limitations and exceptions under applicable law), visit your Sontiq Member Dashboard, submit your requests via the forms listed below, or contact us directly.

  • If you have a Sontiq account, use your Sontiq Member Dashboard to update your information or make a privacy request.
  • You can also make your privacy request without setting up an account by continuing as a guest via the following self-service forms.
    • Click here to submit an Access Request
    • Click here to submit a Deletion Request
    • Click here to submit a Correction Request
  • Alternatively, you can reach us by phone (toll-free) at 1-888-6-SONTIQ or 1 (888) 676-6847, or by email at privacy@sontiq.com
  • Depending on the type of privacy request, we may require additional personal information, need you to answer knowledgebase questions regarding data associated with you, or provide a passcode sent to your phone number. We will use that information to verify your identity so we can respond to your request.
  • If we return this information to you electronically, the information will be in a portable format, and to the extent that it is technically feasible, we will provide the information in a readily useable format that can be easily transferred to another entity.

To make an opt-out request or confirm a limitation on our use of your sensitive personal information (subject to limitations and exceptions under applicable law), click here to submit your requests.

  • At this time, we are not using personal information for purposes of profiling, automated decision making, targeted advertising, or cross-context behavioral advertising subject to the right to opt out.
  • At this time, we are not collecting sensitive personal information subject to the right to limit.
  • To exercise your right to opt out of the sale or sharing of your personal information through trackers or cookies on our websites, please visit our Cookie Policy.

In some instances, Sontiq offers its services to customers as a service provider/data processor or subject to other exceptions under the applicable state privacy laws. Where Sontiq is acting as a service provider/data processor, we are processing data on behalf of others who will provide you with applicable privacy rights.

Explanation of Privacy Rights and Choices

  • Right to Access/Know. You may have the right to request a privacy report detailing the personal information collected, disclosed, sold, and shared about you and the purpose for doing so, unless such request proves impossible or would involve disproportionate effort.
  • Right to Correct. You may have the right to request that we correct inaccurate personal information that we collect or maintain about you, subject to verification.
  • Right to Delete. If we collected or maintain personal information about you, you may have the right to request the deletion of this personal information, unless an exception applies under applicable law.
  • Right to Opt Out of the Sale/Sharing. You may have the right to opt out of the sale/sharing of your personal information to third parties.
  • Right to Opt Out of Profiling/Automated Decision Making, Targeted Advertising, or Cross-Context Behavioral Advertising. At this time, we are not using personal information for purposes of profiling, automated decision making, targeted advertising, or cross-context behavioral advertising subject to the right to opt out.
  • Right to Limit the Use of Sensitive Personal Information. At this time, we are not collecting sensitive personal information subject to the right to limit.
  • Right to Appeal. If you believe we have denied any of your consumer privacy rights in error, you may have the right to appeal by replying to our denial message or any communication from us.

We do not discriminate against you based on your exercise of your privacy rights, although some of the functionality and features available on our websites may change or no longer be available to you.

In calendar year 2023, we received and responded to privacy requests as set forth in the table below. This data reflects requests received in 2023 from all individuals.
 

Request Type

Requests Received

Requests Complied

Requests Denied*

Mean Days to Resolution

Deletion

322

114

208

32

Correction

9

2

7

10

Opt Out/Do Not Sell

777

777

0

0

Limit Use of Sensitive Data

0

0

0

0

Access Request/Right to Know

55

13

42

19



* Requests may have been denied if (i) the individual’s information was not in systems, (ii) we could not match the individual’s information to a unique identity in our systems, (iii) we were unable to verify the individual’s identity, or (iv) if an exception to compliance was applicable.
 

6. Privacy requests via authorized agent – United States

Using an authorized agent without power of attorney to submit a verifiable privacy request for access, correction, or deletion of a consumer’s personal information: In order to submit a verifiable request for access, correction, or deletion on behalf of another consumer, an authorized agent without power of attorney must provide one item from each of the two sections below.

  1. Signed permission from the applicable consumer authorizing the agent to submit the verifiable privacy request on their behalf, including a description of the type of privacy request. The name of the agent submitting the request must match the name of the authorization.
  2. The applicable consumer must verify their own identity directly with our business by submitting information or documentation that provides sufficient proof of identification, such as
    a. a Social Security number or a copy of a Social Security card issued by the Social Security Administration
    b. a certified or official copy of a birth certificate issued by the entity authorized to issue the birth certificate, or
    c. a copy of a driver’s license or an identification card issued by the motor vehicle administration or any other government issued identification.

Documentation may be sent to:

Sontiq
Attn: Privacy Team
9920 Franklin Square Drive, Suite 250
Nottingham, MD, 21236, USA

You can also email the information to privacy@sontiq.com

To protect the confidentiality of your data, you and/or your authorized agent may choose to submit your data using confidentiality features offered by your email provider.

All personal information provided as part of this process will be deleted after verification has been completed.
 

7. Privacy rights and choices – Outside the United States

With some restrictions, you may make privacy requests with regard to your personal information by using our self-service options or contacting us in the following ways:

Explanation of Privacy Rights and Choices

  • Access. You may request a copy of the personal information we maintain about you. You will not have to pay a fee to access your personal information in Sontiq-owned Member Dashboards while your account is current (or to exercise any of the other rights).
    • For security purposes, we cannot provide your full Social Security number or your full credit card numbers.
  • Transfer. You may request we provide an electronic copy of the information you have provided to us to be shared in a format that may be sent to another entity.
  • Correction. You may request that we modify any incomplete or inaccurate information we maintain about you.
  • Erasure/Deletion. You may request that we delete elements of your information that we collect or maintain.
    • It is not always possible to completely remove all of your information from our systems. This is often due to legal or regulatory requirements.
  • Restrict Processing. You may request that we suspend the processing of your personal information. You may want to do this, for example, if you want us to verify the accuracy of the information or to ask us to confirm the reason for processing.
    • “Automated decision making” is when choices are made by computers without the involvement of a person. Sontiq does not make decisions using automated means.

Explanation of Data Processing

Our privacy practices as required under the European Union General Data Protection Regulation (“GDPR”) have been incorporated into this Privacy Notice.

Legal Basis for Processing. A legal basis for processing personal information is required under the GDPR.

  • We are fulfilling a contract when:
    • Sontiq monitors your personal information and sends alerts,
    • we process payments, or
    • preventing fraudulent access to your accounts.
  • We are meeting the legitimate interests of our business when:
    • we contact you regarding new products and services,
    • we capture analytic information to improve or personalize our products, services, and website, or
    • preventing fraudulent use of our services.
  • We are addressing our legal obligations when:
    • reporting income and related information to tax authorities.

Objection to Processing. You may object to the processing of your personal information. This may be done if you feel it is inappropriate for Sontiq to rely on legitimate interest as a legal basis for processing. When you object, we will limit the processing of your information. Once the objection is resolved, we will either resume processing or delete the Personal Information as appropriate.

International Transfers of Personal Information. Our Services operate in the United States. Information we collect, including personal information, will be transferred, processed, stored, and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located. Your information may be subject to access requests from governments, courts, or law enforcement according to the laws of the United States. Sontiq utilizes Standard Contractual Clauses for the transfer of information outside of the Europe. This participation applies to all personal information that is received from European residents.

Registering a Compliant. There may be times when you have a concern about the processing of your personal information. We ask that you please contact the Sontiq Privacy Office at these times as detailed in our “Contact information” section below.

If you remain dissatisfied, you have the right to apply directly to the United Kingdom Data Protection Authority:

Website

https://ico.org.uk/global/contact-us/

Phone

+44 0303 123 1113

Postal Mail

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire SK9 5AF

United Kingdom


8. Personal information of children

Sontiq does not knowingly collect personal information from children. Our services are not intended for use by nor directed to individuals under the age of eighteen (18). We do not enroll children in our Services although they can be a part of the Services we provide to families and for which their parent or guardian must enroll them directly.

If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information or otherwise comply with applicable law. We do not knowingly sell personal information of children under the age of eighteen (18).

Parent or Guardian Privacy Opt-Out Request (child under 18 years)

If you believe we have collected Personal Information from individuals under the age of eighteen (18), a parent or guardian may make a data privacy opt-out request (subject to the limitations and exceptions under applicable law) by visiting our Opt-Out Form.
 

9. Securing personal information

Sontiq maintains a comprehensive information security program that utilizes administrative (policies, standards, and processes), physical, and technical controls designed to protect the confidentiality, integrity, and accessibility of personal information.

We use industry-standard safeguards to protect your information. While we make reasonable efforts to safeguard personal information once we receive it, the protection of your information cannot be guaranteed as no website is completely secure. You should only access our website within a secure environment.

You are responsible for maintaining the confidentiality of any password(s) and all activities that occur using your password(s). You should notify us immediately of any unauthorized use of your password(s) or accounts, or if you believe your personal information has been exposed.
 

10. Retaining personal information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected or processed, as previously described in this Notice, and consistent with applicable laws. For instance, we retain personal information, collected through our Services and website, for as long as a user’s account is active or as needed to provide Services to our customers. When you give up your membership, your personal information is retained for a short period of time in the event you decide to rejoin.

When determining retention periods, we consider our relationship with you and your information, the nature and sensitivity of the information, and what is reasonably necessary and proportionate to provide and improve our Services. We also adjust retention periods to comply with our legal, reporting, or accounting obligations, to resolve disputes, and to enforce our agreements. We regularly review our retention periods and assess our data minimization practices, retaining the least amount of information for the shortest retention period, while still upholding all our obligations.

11. Corporate reorganization

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, we may share your personal information. We may also share your personal information if we undergo bankruptcy or liquidation, in the course of such proceedings.
 

12. Links to other sites or services

Our websites may contain content, links, or applications that are supplied by a third party. These third parties may also collect, store, or have access to your information when you interact with them for their own commercial purposes. In some cases, you may be directed to other sites and applications that are operated by third parties that we do not control. This includes when you use third-party tools such as Facebook, Twitter, Pinterest, or other posting or content sharing tools.

This Notice does not apply to other third-party sites or services. If you click on a link or browse to a third-party site from our site/service, your activity and interaction is subject to that third-party's rules and policies. We recommend reviewing the privacy statements on those other sites to understand their privacy practices and make an informed decision regarding your use or interaction with their site/service.
 

13. Contact information

If you have questions or concerns regarding this Notice, our privacy practices and the protection of your personal information, or the privacy rights and choices available to you, you may contact us in the following ways:

Email

privacy@sontiq.com

Phone

Within the U.S. (toll-free) 1-888-6-SONTIQ or 1-888-676-6847

Outside the U.S. 01 (508) 644-8726

Postal Mail

Sontiq
Attn: Privacy Team
9920 Franklin Square Drive, Suite 250
Nottingham, MD, 21236 USA


14. Notice changes and effective date

This Notice is subject to change at any time. If we make any changes to this Notice, we will post the revised Notice on this page with its effective date.

We will not use your previously collected personal information in a way that is significantly different than stated in the Notice which was effective on the date the information was collected. However, we may request your consent for any new uses.