Privacy Policy

LOCUS’ Website Privacy Policy

Introduction

This policy describes the types of information that LOCUS (“We” or “Company”) may collect from you or that you may provide when you visit the website portal.locusdata.io (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • On this Website.

  • In email, text, and other electronic messages between you and this Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Information We Collect

The only specific personal information, such as your name or e-mail address, collected via our Website is the information you choose to give us. We gather this information for our use only. Such information will be used as a means of contacting you only with your permission. None of this information is provided to third parties.

Information Collected From You

The information we collect on or through our Website may include:

  • Information that you provide by filling in forms on our Website.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Your search queries on the Website
  • Records of your agreement to any terms related to products or services, including name, title, employer/company name, and date/time of agreement.

Information Collected Automatically

In order to identify usage trends and evaluate our Website, We collect information provided by our servers and user surveys. This information is compiled and analyzed on an aggregate basis and is used only by us. Specifically, this information may include

  • your IP address,

  • host name,

  • pages you visit on our site,

  • certain browser information, and

  • the referring URL.

In addition, our server logs give us the capacity to determine which host names or host addresses received and responded to our surveys.

The technologies we use for this automatic data collection may include Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Our Website uses “cookies” in some limited instances. You may disable cookies for our domain. Our Website may include links to other sites, including but not limited to social media (including Facebook, LinkedIn, and Twitter). We are not responsible for the privacy practices or content of such sites. Your interactions with these links, companies and features are governed by the privacy policy of the company providing it.

Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

How We Use Your Information

We use information that we collect about you or that you provide to us:

  • To present our Website and its contents to you.

  • To provide you with information, products, or services that you request from us.

  • To fulfill any other purpose for which you provide it.

  • To notify you about changes to our Website or any products or services we offer or provide though it.

  • To provide, support, personalize, and develop our Website, products, and services.

  • To create, maintain, customize, and secure your account with us.

  • To provide you with support and to respond to your inquiries.

  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests if you have requested such information

  • In any other way we may describe when you provide the information.

  • For any other purpose with your consent.

We do not disclose or sell your personal information to third parties without your consent. We may disclose personal information that we collect or you provide as described in this privacy policy for the following purposes:

  • To our subsidiaries and affiliates.

  • With your consent, to fulfill the purpose for which you provide it, or for any other purpose disclosed by us when you provide the information.

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

Accessing or Correcting Your Information

You may contact us using the Contact Information below to request access to, correct or delete any personal information that you have provided to us. We may not be able to delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights and choices regarding our use of your personal information. For more information, please see the Privacy Notice for California Residents below.

Data Security

We have implemented commercially appropriate measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Changes to our Privacy Policy

Any changes to these policies will be posted on our Website. We may revise these policies from time to time. Your use of this Website is governed by the most current version of these policies. By continuing to access or use our Website, you agree to these policies as revised.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: privacy_tos@camsys.com

LOCUS’ Privacy Notice for California Residents

This Privacy Notice for California Residents supplements the information contained in LOCUS’ Website Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.

This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

Information We Collect

Our website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). In particular, our Website collects the following categories of personal information from its consumers:

  • Identifiers that you chose to provide us, such as name and email address, and collected automatically, such as IP address

  • Internet activity collected automatically, such as cookies, and other information on a consumer's interaction with a website

Personal information does not include:

  • Publicly available information from government records.

  • Deidentified or aggregated consumer information.

  • Information excluded from the CCPA's scope.

Use of Personal Information

We do not disclose or sell your personal information to third parties without your consent. We may use the personal information we collect for one or more of the following purposes:

  • To present our Website and its contents to you.

  • To provide you with information, products, or services that you request from us.

  • To fulfill any other purpose for which you provide it.

  • To notify you about changes to our Website or any products or services we offer or provide though it.

  • To provide, support, personalize, and develop our Website, products, and services.

  • To create, maintain, customize, and secure your account with us.

  • To provide you with support and to respond to your inquiries.

  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests if you have requested such information

  • In any other way we may describe when you provide the information.

  • For any other purpose with your consent

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you the information required under the CCPA.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

  • Debug products to identify and repair errors that impair existing intended functionality.

  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

  • Comply with a legal obligation or other applicable law.

  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at the Contact Information below. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We endeavor to respond to a verifiable consumer request in a timely manner and in accordance with applicable law.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this notice, or wish to exercise your rights under California law, please do not hesitate to contact us at: privacy_tos@camsys.com

LOCUS’ Product Privacy Practices

LOCUS is committed to consumer privacy. Our data products are exclusively composed of Aggregated Consumer Information (as defined by Cal. Civ. Code § 1798.140). Accordingly, the sale of these products does not constitute the 'sale of personal information' under the CCPA/CPRA.

These Privacy Practices describe how LOCUS collects, processes, safeguards, and shares data in compliance with applicable laws and industry best practices.

  1. Data Collection

LOCUS ingests daily mobility data from smartphones and connected vehicles within the United States and Canada, which is provided to LOCUS from third party vendors.

We require that data received from our vendors is collected with explicit user consent. Data originating from mobile applications is provided from individual’s devices who have opted for location tracking, and contains a mobile device identifier without names or other types of personal information. LOCUS further anonymizes this data as described below.

  1. Vendor Compliance
  • Our data vendors are expected to continuously monitor state and federal regulations, proactively adjust their data feeds to remain compliant, and notify us in advance of any regulatory changes.
  • Our data vendors are responsible for complying with applicable privacy laws, including the CCPA and PIPEDA. We conduct due diligence to confirm vendors are maintaining compliance with applicable privacy laws.
  • Several of our vendors also follow European Union privacy laws, which impose stricter requirements.
  1. Data Anonymization and Processing
  • Upon ingestion, data is pseudonymized by replacing device identifiers with a secure hash. This internal-only hashed data is then aggregated into statistical groups. The final data products available for license contain only these aggregated counts and do not contain hashed identifiers. The commercial data products we make available via Databricks Marketplace consist solely of aggregated consumer information—that is, group-level mobility statistics that relate to categories of consumers and are not linked or reasonably linkable to any identifiable consumer or household. We do not provide customers with device-level or individual-level location data.
  • Sensitive location information, such as hospitals, schools, and places of worship, is either removed by our vendors or obfuscated to a precision of two decimal degrees (of latitude and longitude).
  • LOCUS products apply custom clustering algorithms. Data is first clustered by device-hash, then aggregated.
  • We supplement and weight our samples using census and employment data to ensure representativeness across multiple population criteria.
  1. Data Sales and Sharing

We do not sell personal information or sensitive personal information. We only sell aggregated, anonymized data that cannot reasonably be linked, directly or indirectly, with a particular consumer, household, or device. This data is used for location and transportation analytics and solutions.

  1. Security and Compliance Practices

LOCUS practices are in alignment with SOC 2 principles and LOCUS enforces rigorous security and operational controls, including:

  • Strict Access Controls: Role-based access controls are applied across all environments, following the principle of least privilege. Access is promptly updated or revoked upon role changes or termination.
  • Secure Development Lifecycle: All code undergoes peer review, version control, and automated security and quality checks within our CI/CD pipelines, including unit tests, integration tests, and data validation.
  • Encryption: All data is encrypted both at rest and in transit when transferred into the LOCUS Data Portal.
  • Auditability: Full audit logs are maintained across all environments, ensuring version history, collaboration, and accountability.
  • Monitoring & Incident Readiness: Systems are continuously monitored for unauthorized activity to enable rapid detection and response to potential incidents.
  1. Contact Information

For questions regarding LOCUS’ Privacy Practices, please contact:

Jason Lemp

200 River's Edge
Suite 420
Medford, MA 02155

jlemp@locusdata.io 

512-736-9158