1. INTRODUCTION

This XRI I-Broker Privacy Policy (the "Privacy Policy"), sets forth the privacy commitments of 1id.com ("1id") to our Registrants and to the integrity of the XRI integrity and infrastructure.

XDI.org is an international public trust organization that exists for the benefit of the entire Internet community. XDI.org is devoted to the work of creating an environment of trust for Internet users, and that means that we and other bodies operating under the governance of XDI.org are striving to enhance the privacy and security techniques available to you as an Internet user. In keeping with its purpose and principles, both XDI.org and 1id take your privacy interests very seriously.

1id actively protects the privacy of visitors to our website, participants in discussion lists, email correspondents, and others who interact directly with 1id. 1id also protects the privacy of information concerning i-name registrants and others when 1id has access to it. Finally, through a chain of agreements beginning with the XDI.org Intellectual Property Rights ("IPR") Agreement, the XDI.org Global Service Provider ("GSP") Agreement, and our agreement with the XRI Registry Operator, 1id seeks to ensure that we and our subcontractors and licensees do the following: (i) communicate 1id's privacy practices clearly and conspicuously and (ii) implement broadly accepted "Fair Information Practices" in handling personal information.

1id wants to make sure that you are informed concerning what personal information is collected about you, who uses it and for what purposes, what choices you have concerning communications with you and data sharing with others, how your personal information is secured, how you can access and update or correct the information about you, and how you can control what information about you appears in the public i-name registry. Please note that while we repeatedly refer in this Privacy Policy to privacy in the sense of protecting the confidentiality of information relating to individual persons ("Personal Information"), we also take similar steps to protect the confidentiality of information about corporations and other organizations that register for global i-names or i-numbers or otherwise participate in the XDI community. As the XDI community and technology evolve, we will strive to update this Privacy Policy and to keep it consistent with the XDI.org privacy principles published at www.xdi.org.

2. DEFINITIONS

   2.1   Diligent Efforts. "Diligent Efforts" means, with respect to a given goal, the application of material and substantial energy toward the achievement of that goal as expeditiously as possible.

   2.2   Global Services Specifications (GSS) . "Global Services Specifications" or "GSS" shall mean the specifications published by XDI.org governing the operation of services offered by XDI.org and its authorized agents. The GSS is located at http://gss.xdi.org.

   2.3   Registrant. "Registrant" means an individual or organization that enrolls with 1id to obtain a service from the GRS Registry System.

   2.4   Registration Agreement. "Registration Agreement" means the document under which a Registrant registers with 1id for one or more services from the GRS Registry System.

   2.5   Service. "Service" means services provided by 1id in connection with the XRI under the Registration Agreement, and includes contracting with Registrants, collecting registration data about the Registrants, and submitting registration information to a Contact Agent or Contact Data Custodian.

   2.6   XRI. "XRI" means the URI-compatible scheme and resolution protocol for abstract identifiers used to identify and share resources across domains and applications as set forth by the OASIS XRI Technical Committee (http://www.oasis-open.org/committees/xri/).

Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined, or, if not defined herein, shall have the definitions set forth in the 1id Agreement.

3. NOTICE REGARDING CHILDREN

1id websites and email discussion lists are not designed for children, and 1id does not monitor postings or communications among participants in discussion groups for content that would be inappropriate for minors. 1id does not encourage the registration of i-names by minors without the permission and participation of a parent or legal guardian, established to the satisfaction of 1id. 1id will not knowingly communicate with a child under the age of 13 without parental permission. Any questions concerning this policy should be directed to https://1id.com/@1id or cs@1id.com.

4. FAIR INFORMATION PRACTICES

1id models its treatment of personal information on internationally accepted principles of "Fair Information Practices." 1id requires those with whom we contract to apply these Fair Information Practices in developing their own specific policies and procedures for handling personal information.

Fair Information Practices are described in international conventions and guidelines as well as in national privacy laws and guidelines, prominently including the following:

The various conventions, laws, and guidelines around the world dealing with Fair Information Practices are very similar in principle and intent, even though they differ somewhat in details and terminology. The common principles can be summarized as these:

  • Purpose and collection limitation: Personal information should be collected by fair and lawful means, preferably with the knowledge of the individual, and it should be used and disclosed only for legitimate, announced purposes.
  • Data quality and accuracy: The personal information collected should be relevant, complete, and not excessive for the intended purpose. The information should come from reliable sources. The information should be kept as accurate and up-to-date as needed for the intended purposes, and it should be retained no longer than needed for those purposes.
  • Notice and awareness: Individuals normally have a right to know when personal information about them is being collected, stored, used, or disclosed to others. They should be told what kinds of information are collected, who has access to it, how it will be used, how it will be protected, and what options they have with regard to its collection and use.
  • Choice and consent: Individuals should be given choices, wherever feasible, as to what personal information is collected and how it is used. To illustrate, there are legal and business requirements as to what information must be collected, stored, and disclosed to banks or intermediaries when they order a service and pay for it by credit card, but further use of some of those personal details (for example, to create a marketing mailing list) should be subject to an opt-in or opt-out choice by the individual.
  • Access and objection: Individuals should be given a reasonable opportunity (a) to review the information that has been collected about them, (b) to challenge its accuracy or completeness, and (c) to object to its further processing.
  • Security: The personal information should be protected at all times by appropriate technical and organizational security safeguards to prevent loss or misuse, destruction or alteration of the data, or unauthorized access or disclosure. (Note that OASIS standards and XDI.org Global Services Specifications may prescribe particular security measures for certain XRI or XDI functions, but this general principle applies in all cases where personal information is handled.)
  • Accountability, enforcement, and recourse: Organizations that handle personal information should appoint responsible persons to develop privacy and security policies, train relevant staff and contractors, and take appropriate steps to ensure that their privacy and security policies are effective and enforced. They should provide contact points for questions and complaints by individuals and ensure that there is some practical form of recourse and redress for persons injured by privacy lapses or abuses.

5. 1ID'S PRIVACY PRACTICES

1id's specific privacy practices, described in the following sections, are designed to take account of the principles of Fair Information Practices listed above. 1id encourages your questions and comments so that 1id can ensure that these privacy practices are as comprehensive and effective as possible.

6. WEBSITES

1id uses log files, as most website servers do, to record certain technical information about visits to our website, including the IP address and the DNS name of the access provider (such as your Internet Service Provider), the type of browser used, referring and exit pages, platform type (where available), a date and time stamp, and possibly the number and sequence of pages visited. Unless your IP address or associated DNS name identify you specifically, none of this information reveals who you are, and we do not link it to other data in an effort to discover the identity of a site visitor. 1id staff and consultants use this information solely to administer the site, analyze trends, and track the use of the site in the aggregate so that we can make improvements to better meet user needs. Any log data that we publish, such as the total number of hits or users in a given period, is disclosed only in an aggregate form that does not reveal personally identifiable information. 1id deletes its log files periodically and strongly recommends all partner sites to do the same.

Please remember that any comments or documents that you post on the 1id's open access portion of its website should be considered public and may ultimately be viewed by site visitors and also accessed by spiders, web crawlers, or search engines. Use care in posting comments and documents, because any personal information that you post on a website may become public information.

7. EXTERNAL LINKS

1id websites may contain links to websites operated by other parties. 1id does not control those external websites and cannot be responsible for their privacy practices.

8. EMAIL

Please use discretion in sending email messages to 1id staff or role accounts (such as "postmaster"). 1id will endeavor to store, use, and disclose email only as needed to answer your requests and perform our oversight, administrative, standards-development, and educational functions. But electronic mail is not a reliably secure medium of communication, and 1id cannot guarantee the confidentiality of email messages in transit or stored on the servers of ISPs, employers, or others to whom emails may be manually or automatically routed and who are outside the direct control of 1id. If you feel a message is particularly sensitive, you might consider sending it from a private email account or device, addressing only known individuals, and perhaps protecting the contents by using a strong public key encryption technology such as PGP.

To receive a 1id publication or subscribe to a 1id email list, you must provide your email address -- without it, you won't receive anything from us. Although 1id does not require subscribers to provide their names, your email program or Internet Service Provider may automatically include your name with the email containing your subscription request. If so, 1id will record your name with your email address, only for the purpose of ensuring that you are not confused with someone else when we have to manually sort out subscription problems. 1id will delete your name from the email list database at your request, and we will delete your email address at any time from the email list database if you follow the posted instructions for "unsubscribing" (please allow a few days for an unsubscribe request to take effect).

1id holds the names and email addresses of correspondents and email list subscribers in the strictest confidence and will not disclose personal information about email senders or email list subscribers without their permission, unless required by law. 1id email servers and archives, email subscription lists, and email subscriber databases are accessed by only a few 1id staff members, for the purpose of maintaining them, and we take every reasonable precaution to protect them against unauthorized access, theft, tampering, and misuse (electronic or otherwise).

The 1id email lists use "cookies" only if you choose to change the default subscriber options for email list participation, and then only to ensure that those options are given effect.

Aggregate information about 1id email subscription lists (such as the total number of subscribers) may be published to promote 1id, but 1id will not publish identifying information about individual subscribers without their permission.

9. DISCUSSION LISTS & ARCHIVES

1id maintains discussion lists with web-based archives. Although 1id keeps email list subscriber information in the strictest confidence, as discussed above, participating in discussion lists may reveal some information about you to all subscribers. This will include your email address and name (if the name is automatically displayed with your emails or revealed by the email address itself), as well as the content or your email message and email signature, if any. You could, of course, participate using an email address and server that do not reveal your name.

Users should consider any discussion list a public forum and exercise caution in disclosing any personal information. You are not likely to know all the other subscribers to an email discussion list, and subscribers may disclose messages to others. Although 1id takes steps to prevent automated programs from harvesting email addresses and other information, third parties may still find a way to access email addresses or messages sent to an email discussion list.

10. SURVEYS

1id may ask website users or email list subscribers to participate in surveys. In all cases, participation will be voluntary. If a survey asks for personal information, answering those questions will be optional. Survey responses will be seen only by 1id personnel and any contractors or consultants assisting 1id in conducting the survey. Survey results will be made public only in the aggregate, without reference to individuals, unless an individual gives us permission to quote and attribute his or her response.

11. I-NAMES AND I-NUMBERS

A key purpose of XRI technology is to allow i-name or i-number registrants to control the sharing of their contact details and other personal information with others. XDI.org and OASIS have developed standards and specifications to enable this privacy-enhancing technology, but it is implemented through 1id or other XDI service providers that have their own commercial relations with i-name and i-number registrants.

XDI.org is the community governance authority for a set of global i-name and i-number registries offered to the public as XDI Global Services. These global public registries are operated by contractors to XDI.org called Global Service Providers. Neither XDI.org nor Global Service Providers collect registration information directly from global i-name or i-number registrants. These registrations are performed by 1id, which is accredited by a Global Service Provider to i-broker accreditation standards determined by XDI.org.

When you register a global i-name or i-number with 1id, you will be asked to provide the information that you want listed in the global public registry, such as a pointer to 1id and an account authentication credential such as a password. You may also be asked to provide certain information that will not be listed in the global public registry but will be stored only by 1id as your i-broker, such as your true identity and (where applicable) affiliation, your contact and payment details, and possibly other relevant information that would allow us to confirm your identity when you make any requests to change, transfer, or terminate your registration, directory listing, or other services.

Global Service Providers (initially, Cordance Corporation), Contact Agents, and Contact Data Custodians are required to provide clear and conspicuous privacy statements that apply the principles of Fair Information Practices as listed in section 4 above. Global Service Providers are also obliged to require the same of 1id who they accredit and others with whom they subcontract to provide XDI Global Services as provided in the XDI.org Global Service Provider ("GSP") Agreement. As a consequence, 1id will maintain our current privacy statement on our website at https://1id.com/1id.privacy.htm and also on our 1id Policy Page at https://1id.com/1id.policypage.htm. 1id encourages you to review that privacy statement before registering. You will need to communicate directly with 1id, rather than with XDI.org, to indicate your preferences with respect to any optional data collection, data sharing, or contacts.

12. REGISTRANT INFORMATION HELD BY 1ID

1id obtains, uses, and stores personal information about registrants - when available - only to the extent necessary for its purposes in providing i-broker services, such as registering and renewing i-names and i-numbers, authenticating change requests, correcting technical problems, resolving disputes, and complying with applicable laws. For these purposes, 1id does not routinely use personal information beyond what is found in the registration application and global public registry and the resolution data associated with an i-name or i-number, such as the Uniform Resource Identifier (URI) of the host i-broker (where applicable). In connection with changes and disputes, 1id may from time to time request additional identifying information from i-brokers, Global Service Providers, Contact Agents, or Contact Data Custodians, and the arbitrators or parties to a dispute may provide 1id with information relevant to dispute resolution proceedings.

1id employs technical and organizational safeguards, including password access controls and physical security, to protect personal information as long as it is in our possession, and we retain personal information only as long as needed for our governance and development purposes.

Unless you give us permission, we will not share your personal information with third parties except as necessary to fulfill its governance and development responsibilities. The categories of third parties that might receive personal information from 1id for these purposes include our contractors and consultants, the affected i-brokers or Global Service Providers, law enforcement agencies, arbitrators, and parties to litigation.

1id will not use, sell, rent, or otherwise disclose Personal Information for marketing purposes without your permission.

13. LEGAL REQUESTS FOR PERSONAL INFORMATION

Please be advised that, as in the case of domain name registrars and Internet Service Providers, 1id, XDI.org, a Global Service Provider, a Contact Agent, or a Contact Data Custodian, could be legally compelled in some circumstances to disclose personal information that we or they may hold, such as the identity of an i-name registrant, to law enforcement authorities or to parties in civil litigation.

14. CONTACTING US ABOUT PERSONAL INFORMATION

Please go to our website at https://1id.com to make change, transfer, or termination requests with respect to your i-name registration and global public registry entries. To review, correct, or ask for the deletion of any personal information that we may have, please contact us at https://1id.com/@1id, email us at cs@1id.com, call us at 1-866-273-7161, or send a letter to 21010 Southbank St., PMB 500, Potomac Falls, VA 20165 USA. 1id may ask for additional information to verify your identity and to facilitate our search for relevant data, which 1id will do to the extent it is indexed or reasonably searchable by name or i-name.

Please contact us at https://1id.com/@1id or email us at privacy@1id.com to report any privacy policy concerns or suspected violations. 1id will correct any errors on our part, notify third parties that obtained relevant data from us concerning any necessary corrections or deletions, and try to reach a reasonable accommodation with you with respect to any unusual privacy concerns you might have.

15. CONTACT AGENTS AND CONTACT DATA CUSTODIANS

XDI.org may accredit one or more Contact Data Custodians, which are unaffiliated with any i-broker, to hold a copy of contact information supplied by an i-name registrant ("Confidential Social Contact Data"). This information can be retrieved and revised by the i-name registrant from the Contact Data Custodian. NeuStar, Inc. serves as the default Contact Data Custodian unless 1id names another accredited Contact Data Custodian.

XDI.org may also accredit one or more Contact Agents, which are unaffiliated with any i-broker, whose function is to provide notice to i-name registrants of claims and disputes relating to the i-name. Contact Agents may obtain Confidential Social Contact Data from Contact Data Custodians for the sole purpose of providing such notice. XRI Contact Services, Inc. serves as the default Contact Agent unless the i-broker names another accredited Contact Agent.

Contact Agents and Contact Data Custodians are required to provide clear and conspicuous privacy statements that apply the principles of Fair Information Practices discussed in Section 4 above.

Only your i-name and the associated Contact Agent are publicly searchable information.

16. JURISDICTION, MODIFICTIONS, AND GSS CONFORMANCE

In the event of litigation over alleged privacy breaches by 1id, 1id submits to personal jurisdiction in the courts of general jurisdiction in Fairfax, Virginia, USA. This policy may be updated from time to time. Proposed alterations shall be posted at https://1id.com/1id.policypage.htm not less than thirty days in advance of the date such alterations shall take effect. 1id shall assure that this Privacy Policy is in conformance with the XDI.org Global Privacy Policy found at section 2.4.3 of the GSS.

This privacy statement applies to:

1id.com
PO Box 4107
Copacabana, NSW 2251
Australia
+1 703 637 6601 (USA)


We process all disputes through email. The address to write to is above.