Privacy Policy

Terms, Conditions, & Privacy Policy

Shadowtrack Technologies, Inc., hereafter called Shadowtrack®, has implemented safeguards to protect confidential information. Shadowtrack does not sell, rent, or otherwise disclose our mailing lists, enrollee, agency, officer, or any information about our site visitors.

Shadowtrack does not track visitors or enrollees via our corporate website. Our site captures limited information about visits to our site to analyze general traffic patterns that determine where visits are derived from, for marketing and maintenance purposes only. If you choose to email us and provide personally identifiable information about yourself, we will not use that information for any purpose other than to respond to your inquiry unless you otherwise consent.

Shadowtrack is committed to handling your information with the highest standards of information security. Your credit card information is stored only in encrypted form. We restrict access to your personally identifiable information to employees on a need-to-know basis in order to provide solutions to you. We maintain physical, electronic, and procedural safeguards to guard your nonpublic personal information.

Shadowtrack has a credit card processing engine that combines Secure Socket Layer (SSL), PGP encryption, and proprietary technologies too process payments easily and securely. Additionally, the processor is certified with Visa’s Cardholder Information Security Program (CISP) and adheres to the Payment Card Industry (PCI) Data Security Standard. CISP and PCI further ensure the security of customer account information and are intended to protect cardholder data.

The security of your Shadowtrack® account also relies on the protection of your password. Shadowtrack will never ask you to send your password or other sensitive information to us in an e-mail, though we may ask you to enter this type of information on the Shadowtrack website.

This privacy policy governs your use of the software application Shadowtrack for mobile devices. The Application is used as a tool to fulfill your court ordered, diversionary, probation, or parole requirements. The application will send alerts to your mobile device to complete a verification call, location verification, interview, video conferencing, and/or sobriety test. The Application obtains information regarding your tracking history. Registration with us is optional. However, please keep in mind your assigned officer or supervising agent will be notified if you fail to complete your enrollment or any portion of the Shadowtrack program.

Shadowtrack has a video conferencing solution called ShadowView that is only available to enrollees and authorized Users/Hosts (Officer, Caseworker, etc.).

  • ShadowView meetings can only be initiated by the host for the greatest level of control and security.
  • When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear from you as soon as you join a meeting. If you don’t want to share sound or video, you must notify the host immediately.
  • ShadowView allows the host to record the meeting for future reference. Shadowtrack does not keep a copy of this recording. However, the host my download the recording for their records. If you do not want the host to record the session, you must advise the host immediately.
  • Be careful before sharing your screen. Most solutions have functions to allow you to share with the group what’s on your screen – for example, a slide show. But before sharing your screen, make sure you don’t have open documents, browser windows, or other things on your screen you don’t intend for others to see.
  • If confidentiality is crucial, video conferencing may not be the best option. No conferencing solution can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics with your host.
  • ShadowView includes safeguards to keep information private. We do not share your information with third parties.
  • ShadoView recommends updating to the latest version of the software (Browser, iOS, or Android) with patches and fixes. Only accept updates directly from the solution’s website.
  • By using this solution, you indemnify Shadowtrack and all of its affiliates for any breach in data sharing by the host.

Shadowtrack has a face recognition solution called ShadowFace that is only available to Enrollees and authorized Users (Officer, caseworkers, etc.). The purpose of this solution is to positively identify an Enrollee during a verification session so that the assigned officer, court, or supervising agent can confirm that the Enrollee is abiding by their court ordered community supervision requirements.

  • During the enrollment process, the app will request the Enrollee to capture an image of their face (Enrollment Image)
  • The stored enrollment image will be compared to a verification image when requested by the app during a verification session in order to positively identify the enrollee or to detect spoofing attempts
  • Recognition data is not shared with any 3rd party other than with an Enrollee’s assigned officer, court, or supervising agent
  • The face data collected on the Enrollee is size, pitch, roll, yaw, and key landmarks
  • All facial recognition data is securely stored on an independent cloud server without any personally identifiable information
  • All facial recognition data is stored for a period of up to seven years (7) after the Enrollee is removed from the program. This retention time period is dictated by the supervising agency
  • The Enrollee must agree to opt in to this solution by accepting the clear language on the app during the enrollment process

When you receive location alerts the mobile application will use GPS technology (or other similar technology) to determine your current location. We can share your tracking history with a court, probation officer, law enforcement, or anyone associated with your case. We will share your information with third parties only in the ways that are described in this privacy statement.

We may disclose User Provided and Automatically Collected Information: As required by law, such as to comply with a subpoena or similar legal process; when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; Our service providers do not have an independent use of the information we disclose to them and have agreed to adhere to the rules set forth in this privacy statement.

We will retain User-Provided data for as long as you use the Application and for a reasonable time thereafter. You can stop all collection of information by the Application easily by uninstalling the Application. If you uninstall or log out of the application your assigned officer or supervising agent will be notified.

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing,” means using cookies on a computer/handheld device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

If you have any questions or concerns about our policy, please contact Shadowtrack® via email at support@Shadowtrack.com or at 877-396-0385. Our corporate office is located at 5100 Village Walk Suite 100, Covington, LA 70433.

Cookies Policy

We use cookies and similar technologies on our website to provide you with a better browsing experience, analyze site traffic, and personalize content. By continuing to browse our site, you consent to our use of cookies as described in this policy. ‍

What are Cookies:

Cookies are small text files that are stored on your device (computer or mobile device) when you visit our website. They help us remember your preferences, track your activity on our site, and improve your user experience.

Types of Cookies:

We use several types of cookies on our website:

Strictly Necessary Cookies:

These cookies are essential for our site to function properly. They enable you to navigate our site and use its features.

Analytics Cookies:

These cookies help us understand how you interact with our site, which pages you visit, and how long you stay on each page. We use this information to improve our site’s performance and user experience.

Functional Cookies:

These cookies allow us to remember your preferences (such as your language or region) and provide enhanced, more personalized features.

Managing Cookies:

You can manage cookies through your web browser settings. Most browsers allow you to block or delete cookies, and you can also choose to accept or reject cookies on a site-by-site basis. However, please note that blocking or deleting cookies may affect your user experience on our site.

Third-Party Cookies:

We may also use third-party cookies on our website, such as those from Google Analytics and Google AdSense. These cookies are subject to the respective third-party privacy policies and are not governed by this cookies policy.

Updates to this Policy:

We may update this cookies policy from time to time to reflect changes in our use of cookies or legal requirements. We encourage you to review this policy regularly to stay informed about how we use cookies on our website.

If you have any questions or concerns about our cookies policy, please contact us at Support@shadowtrack.com.

Organizational Security

Information Security Program
  • We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
Third-Party Audits
  • Our organization undergoes independent third-party assessments to test our security and compliance controls.
Third-Party Penetration Testing
  • We perform an independent third-party penetration at least annually to ensure that the security posture of our solutions is uncompromised.
Roles and Responsibilities
  • Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.
Security Awareness Training
  • Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
Confidentiality
  • All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Background Checks
  • We perform background checks on all new team members in accordance with local laws.

Cloud Security

Cloud Infrastructure Security
  • All of our solutions are hosted with [Amazon Web Services (AWS) | Google Cloud Platform (GCP)]. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit [AWS Security | GCP Security].
Data Hosting Security
  • All of our data is hosted on [Amazon Web Services (AWS) | Google Cloud Platform (GCP)] databases. These databases are all located in the [United States]. Please reference the above vendor specific documentation linked above for more information.
Encryption at Rest
  • All databases are encrypted at rest.
Encryption in Transit
  • Our applications encrypt in transit with TLS/SSL only.
Vulnerability Scanning
  • We perform vulnerability scanning and actively monitor for threats.
Logging and Monitoring
  • We actively monitor and log various cloud services.
Business Continuity and Disaster Recovery
  • We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
Incident Response
  • We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.

Access Security

Permissions and Authentication
  • Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
  • Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
Least Privilege Access Control
  • We follow the principle of least privilege with respect to identity and access management.
Quarterly Access Reviews
  • We perform quarterly access reviews of all team members with access to sensitive systems.
Password Requirements
  • All team members are required to adhere to a minimum set of password requirements and complexity for access.
Password Managers
  • All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Vendor & Risk Management

Annual Risk Assessments
  • We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
Vendor Risk Management
  • Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Data Collection Policy

This Data Collection Policy describes how we collect, use, and protect the data that our users provide to us through our platform.

Data Collection Methods
  • We collect data through various methods, including:
  • Account registration: When you create an account with us, we collect your name, email address, phone number, and address.
  • Usage data: We collect data about your use of our platform, including the features you use, the time and duration of your usage, and your IP address.
  • Feedback and support requests: We collect data when you provide feedback or submit a support request, such as your name, email address, and the content of your feedback or request.
  • Payment information: If you choose to subscribe to our paid plans, we collect your payment information, such as your credit card number and billing address.
Types of Data Collected
  • We collect the following types of data:
  • Personal data: This includes your name, email address, phone number, street address, and billing information and if you are an Enrollee, we may collect location data.
  • Usage data: This includes data about how you use our platform.
Purpose of Data Collection
  • We collect data for the following purposes:
  • To provide and improve our platform and solutions.
  • To communicate with you about your account and provide customer support.
  • To process payments for our paid plans.
  • To analyze usage trends and improve the platform.
Legal Basis for Data Collection
  • We collect and process your data on the following legal bases:
  • Consent: We collect your consent to collect and process your data when you create an account with us.
  • Contract: We collect and process your data to fulfill our contractual obligations to you, such as providing access to our SaaS platform.
Data Retention
  • We retain your data for as long as necessary to fulfill the purposes for which it was collected. This includes retaining data to comply with legal obligations, resolve disputes, and enforce our agreements.
Data Security
  • We take data security seriously and have implemented appropriate technical and organizational measures to protect your data. This includes encryption, firewalls, access controls, and regular security audits and we are SOC 2 TYPE 2 Compliant.
Data Sharing
  • We do not share your data with third parties, except as necessary to fulfill our contractual obligations to you or as required by law.
User Rights
  • As a user of our platform, you have the right to access, rectify, or delete your data. You can exercise these rights by contacting us using the appropriate links on the website.
Policy Updates
  • We may update this Data Collection Policy from time to time.

Do Not Track (DNT) Policy

We respect the privacy of our users and understand that some users may prefer not to have their online activity tracked. Therefore, we have implemented a “Do Not Track” policy that allows users to opt-out of certain types of tracking on our website.

What is “Do Not Track” (DNT)?

“Do Not Track” is a feature in most web browsers that allows users to inform websites and online services that they do not want to be tracked. When a user enables the DNT feature, their browser sends a signal to websites indicating that the user does not want their online activity to be tracked. However, please note that there is no standard for how websites should respond to the DNT signal, and the effectiveness of DNT is therefore limited.

What types of tracking does our website use?

Our website uses certain types of tracking, such as cookies and analytics tools, to improve the user experience and to understand how users interact with our website. However, we do not use any tracking data for targeted advertising or other purposes that are not directly related to the operation of our website.

How do I opt-out of tracking on your website?

If you do not want your online activity to be tracked on our website, you can enable the DNT feature in your web browser. Please note that if you choose to enable the DNT feature, certain features of our website may not function properly.

Children’s Online Privacy Protection Policy

We are committed to protecting the privacy of children who use our website. In accordance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for our website or provide any personal information about yourself to us.

What personal information do we collect from children?

We do not knowingly collect personal information from children under the age of 13. If we discover that we have collected personal information from a child under the age of 13, we will promptly delete that information.

How do we use the personal information of children?

We do not use personal information collected from children for any purpose other than to respond to a specific request or inquiry from the child.

Do we share personal information with third parties?

We do not share personal information collected from children with third parties, except as necessary to respond to a specific request or inquiry from the child or as required by law.

How do we obtain parental consent?

We do not collect personal information from children under the age of 13 without obtaining verifiable parental consent. If a child under the age of 13 wishes to register for our solutions or provide personal information, we will ask the child’s parent or legal guardian to provide verifiable consent. Verifiable consent may include providing a signed consent form via postal mail, email, or providing a credit card to verify the parent’s identity.

How can parents review and delete their child’s personal information?

Parents or legal guardians may review their child’s personal information that we have collected by contacting us at the email address provided below. Parents or legal guardians may also request that we delete their child’s personal information by contacting us at the same email address.

If you have any questions or concerns about our Children’s Online Privacy Protection Policy, please contact us at Support@shadowtrack.com.

Revision 0504-20200607

12/20/2024 8:44 AM