Privacy policy
Matt3r™ Technologies Inc. Privacy Policy
This Privacy Policy, and any amendments thereto, will apply to K3Y devices (and related software) purchased by pre-order, which are expected to be shipped in late 2024.
Last Updated: June 30,2024, and effective from that date.
Introduction
This Privacy Policy describes how Matt3r Technologies Inc. (“Matt3r”, “us”, “our”, or “we”) may collect, use, and share your personal information (“personal information” refers to any information that can be used, either alone or in combination with other information, to identify you) and vehicle data (the “Information”) collected from your vehicle (the “Connected Vehicle”) while using our K3Y™ device, which is remotely transmitted to us for certain business purposes and to provide you with services through the K3Y device and/or the K3Y companion mobile application, the Consol3™ app (collectively, the “Products and Services”).
This Privacy Policy only applies to the collection, use and sharing of Information obtained from the Connected Vehicle, the Products and Services, and information you provide related to such Products and Services, and does not apply to data collection in other contexts, such as: any other websites, applications, or other products or services that we may provide; any third-party websites or applications that we do not own, operate, or control; or features available through your Connected Vehicle’s infotainment system.
Please read this Privacy Policy carefully and if you do not agree with it, please do not provide us with any Information. Your use of the Products and Services constitutes your acknowledgment and acceptance of our information handling practices as set out in this Privacy Policy and any modifications thereto. If the terms of this Privacy Policy are at any time unacceptable to you, do not provide us with any of your personal information through the Products and Services.
What Information Do We Collect?
Matt3r collects personal information about you that is reasonably necessary for the purposes described below. If you interact with the Products and Services or other digital features, we may automatically collect technical data about you, the Connected Vehicle, and the operation of the Connected Vehicle’s advanced driver-assistance system (ADAS).
When you download the Consol3 App onto your Device
- Account and Contact Data: username, password, name, email address, phone number, payment information (billing data, name, address, card information and expiry date).
- K3Y Device Data: Data about your K3Y device, and if it is plugged into your Connected Vehicle, any data collected from your linked Connected Vehicle.
- Vehicle Data: VIN, Driving Data, Location Data, Vehicle Health Data, Vehicle Sensor Data.
- Device Data: device ID, device type, device operating system, Internet Protocol (IP) address, unique identifier, type of browser, Internet service provider, phone number, and information about the use of the products and services, including screen time, scrolling, specific actions and taps, reactions to alerts, the progress, completion and/or abandonment of in-application purchases, and crash reports.
- App Data: If you use the Consol3 app, we collect the location of your username and password, device, device type, device operating system, Internet Protocol (IP) address, unique identifier, type of browser, Internet service provider, phone number, and information about your use of the Products and Services, including screen time, scrolling, specific actions and taps, reactions to alerts, the progress, completion and/or abandonment of in-application purchases, and crash reports.
When you install the K3Y device in your Connected Vehicle
When you install the K3Y device in your Connected Vehicle and activate it using the Consol3 App, your Connected Vehicle and K3Y device will begin transmitting certain Information to us, including:
- Location Data: geo-location coordinates of your Connected Vehicle
- Driving Data: driving behaviour data, which includes the acceleration and speed at which your Connected Vehicle is driven, travel direction, and use of the steering and braking functions in your Connected Vehicle, timestamps, sensor data, speed, system operations, movement, position, environment (weather, road conditions, traffics signs, and other surroundings);
- Vehicle Health Data: includes Vehicle Identification Number (VIN); odometer, fuel level and consumption, and oil life readings; Diagnostic Trouble Codes (DTCs), engine coolant temperature, fuel injection volume, engine Rotation Per Minute (RPM), and the status of doors, hood, trunk, and hazard lights, Diagnostic Trouble Codes (DTCs) and vehicle faults, battery voltage and other engine data;
- Audio Data: the K3Y device has a microphone and monitors sound signals for certain audio signals relevant to ADAS functioning or driving incidents (e.g. driver alert sounds played by the Connected Vehicle; sounds of crashes, horns, screeching tires) and transmits data relating thereto, but will not transmit raw audio data unless specifically controlled to do so by the User (e.g. through the Consol3 app, or by saying “Hey Matt3r …”); and
- Video Data: footage from the dashcam and any other cameras of your Connected Vehicle.
When you install the K3Y device in your Connected Vehicle and register for the Services, the collection of Information will automatically be activated and your Connected Vehicle will automatically begin transmitting certain Information to us.
We also collect customer feedback information submitted through the app, email, our website, or otherwise, including recordings of any calls for customer support, which we use for quality assurance purposes, when you contact us, provide feedback, make a complaint or other inquiry.
Additionally, when certain features are activated, you might be prompted to enter specific credentials via partnered portals integrated within our applications.
In general, you are not required to provide Information for the below purposes, however your decision to not provide your data may reduce features and functionalities, the impossibility to use our information and Products and Services offered in this context, the denial of access to our Products and Services and/or exclusion from our business activities to the extent the processing of your personal information is key in these contexts.
When and Why Do We Collect Information?
We gather Information when you use our applications or when specific devices connected to our Products and Services are active.
We may use the Information we collect from you in the following ways:
- To provide our Products and Services to you and to administer your accounts.
- To monitor user behavior and patterns.
- For internal purposes including research and development, to analyze safety concerns and trends, provide support, to analyze quality, and to improve, troubleshoot, and evaluate the use of our Products and Services.
- To communicate with you, including by email, phone, and direct mail.
- To reconstruct scenarios in which accidents or other driving incidents have occurred, in order to better understand and improve ADAS functionality by making anonymized and/or de-identified scenarios available to third party ADAS developers; and
- To share the information with law enforcement (as applicable).
We may also anonymize Information in order to use it for research and development purposes. We may combine the nonpersonal data with other data we hold and use it to reconstruct scenarios, to identify trends, and to generate statistics, which may be provided in non-identifiable format to third-parties in order to better understand and improve ADAS functionality.
When we disclose your personal information to third parties, we require them to protect and handle your personal information in a manner consistent with our privacy practices and all applicable laws.
In the course of our activities and for the same purposes as those listed in this Privacy Policy, your personal information can be accessed by, or transferred to the following categories of recipients on a need-to-know basis to achieve such purposes:
- our personnel, including staff and contractors part of our customer service team, billing team, our call centre and IT department;
- our suppliers and services providers providing us with services, such as payment processing;
- our systems providers that provide us with IT solutions, including web service providers, web hosting, cloud service providers, database providers; and
- our professional advisors, including accountants and lawyers, as part of requesting advice or as part of a business transaction involving part of our business or its assets.
Your personal information will remain protected in accordance with this Privacy Policy. Prior to any transfer of personal information, we ensure to have agreements in place with third-party service providers to ensure they only use personal information as necessary and for the agreed upon purpose, to protect the personal information with security safeguards appropriate to the sensitivity of the information, and not to disclose it except as may be permitted by us, as required by law, or as stated in this Privacy Policy.
How Do We Protect Your Information?
We take data and information security seriously. We continuously strive to protect the Information against loss and unauthorized access or use by maintaining and continually updating our formal security program, which employs physical, organizational, and technical security practices to protect the Information, such as:
- All data transmissions are encrypted via Secure Socket Layer (SSL) technology.
- The Information is accessible only by a restricted number of individuals with special access rights to our systems.
- We take numerous security measures to ensure the safeguarding of the Information, including:
- Firewall Protection: The office is secured by advanced hardware firewall devices (Araknis). The office building network is fortified (firewall, Intrusion detection, etc.) due to the presence of a well-known company handling highly sensitive health/medical records.
- Access Control Lists (ACLs): The office router enforces stringent ACLs to regulate incoming and outgoing traffic, enhancing network security.
- Virtual Private Network (VPN) Access: Employees must use a VPN (certificate-based and not Pre-Shared-Key) to securely access the office network and internal resources when working remotely.
- Secure Shell (SSH) Security: SSH access is strictly controlled using certificate-based authentication, with password logins completely disabled to prevent unauthorized access.
- Multi-Factor Authentication (MFA): Company-wide MFA policies (using hardware security keys, Google Authenticator, or phone) are enforced, and employees are required to use their company domain emails (provided by Google).
- Cloud Platform Providers: We leverage Amazon Web Services (AWS) and Google Cloud Platform as our cloud platform providers, both renowned for their industry-leading security practices.
- AWS Services: We employ standard AWS services to implement Internet of Things (IoT), Application Programming Interface (API) backend, file storage, and databases, ensuring robust security and compliance.
- Database Security: Databases are backed up daily, with encryption applied at rest and in transit (HTTPS) to safeguard data integrity and confidentiality.
- File Storage Security: File storage is secured using server-side encryption with Amazon S3 managed keys (SSE-S3) to protect against unauthorized access.
- Key and Certificate Management: Private keys and certificates are never exposed to users, and their exchange is secured using HTTPS, Advanced Encryption Standard (AES) encryption and Public Key Infrastructure (PKI) key exchange mechanisms.
- API Endpoint Protection: API endpoints are fortified with JSON Web Token (JWT) based authorizers (using AWS Cognito authentication/authorization service) or user API keys and are protected by AWS Web Application Firewall (WAF).
- Role-Based Access Control (RBAC): Implemented RBAC to ensure internal services and users only have minimum access to the resources necessary for their roles.
We store the Information for as long as reasonably necessary (i) for us to provide you with the Products and Services; (ii) for us to support all other uses we make of the Information as detailed in this Privacy Policy; and (iii) as required by law or legal process, or as may be needed in the event of anticipated or pending litigation. We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated in this Privacy Policy or to otherwise meet legal requirements. We will dispose of information that is no longer required for the purpose for which it was collected.
Information that we collect may be stored and processed inside and outside your province of residence in Canada or in any other country in which we or our service providers maintain facilities, including in the United States. Information processed and stored in another country may be subject to the laws of general application in the jurisdiction where it is stored, including disclosure or access requests by the governments, courts or law enforcement or regulatory agencies in that country according to its laws.
If your personal information is transferred outside of your jurisdiction, we will take steps to ensure your personal information is adequately protected in accordance with applicable privacy and data protection laws. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact our Privacy Officer using the contact information at the end of this Privacy Policy.
By using our Products and Services or by providing us with the Information, you consent to any such transfer of the Information outside of your country.
Even though we have taken steps to help protect the Information in our control, you should know that we cannot fully eliminate security risks associated with such Information. No security measures can provide absolute protection. We cannot ensure or warrant the security of any Information you provide to us.
How Do We Share Your Information?
The Information will not be sold or shared with external parties for marketing, advertising, or other unrelated uses, with the exception that the Information may be shared, in de-identified or anonymous form, with third parties with which we have a non-disclosure agreement in place, strictly for research and development purposes, or for crash reporting.
We may disclose your Personal Information to third parties only under one or more of the following circumstances:
- Personal information you have given us express permission to disclose to a specific third-party;
- In an emergency to protect your safety, or where we have a good faith belief it is necessary to do so to prevent harm, injury, or loss, and we may use the Information to pursue or defend legal actions, even if harm, injury, or loss has already occurred;
- In response to a search warrant or other legally valid inquiry, request or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by law;
- If the disclosure is necessary or appropriate for the establishment, exercise or defense of legal claims, to protect our rights or those or our employees, contractors and/or customers, to prevent actual or suspect loss or harm to persons or property or to resolve a dispute between us; or
- in connection with business transaction (e.g. a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings)) involving all or part of our business.
Do Not Track and Cookies
We respect Do Not Track signals and do not use cookies for tracking purposes within our applications.
Third-Party Integrations
The Products and Services may contain links to other websites, which are not owned, operated, or controlled by Matt3r, including various extensions available in the Consol3 app which allow you to access third party services. This Privacy Policy only relates to our collection and use of your data through the Products and Services, and we are not responsible for the privacy policies and practices of other third-party websites or services, including from any provided links. We urge you to review the privacy statements of each website or other services that you visit or access to ensure that you understand when, how and why those websites or services use and share your personal information.
For certain features, credentials are entered directly on partner portals integrated within our Control3 app. Matt3r does not access or store these credentials. Please refer to the partner’s privacy statement for information on its privacy practices.
Your Obligations
The nature of our Products and Services means that there may be circumstances where you might let someone else use a product or service that we provide to you (for example, you let someone else drive your Connected Vehicle). It is important that if you do let someone else use one of our products or Products and Services that you inform them of this Privacy Policy and of the privacy choices that you have made.
Your Rights
You have the following rights with respect to your personal information:
- Access, Correct and Erase your personal information: Subject to limited exceptions prescribed by law, you have the right to obtain information on the processing of your personal information and in some cases, to receive a copy of this information. This includes the right to request information about how we process your personal information, what personal information we collect about you and to whom it is being shared. However, to the extent permitted by law, we reserve the right to charge a reasonable fee for copying and sending the information from your file. You also have the right to request that we correct or complete your inadequate, incomplete, or inaccurate personal information.
- Right to opt-out: At any time, you may “opt-out” or withdraw your consent to the collection, use, disclosure or any other form of processing of your personal information, subject to contractual or legal restrictions. We will then stop the processing of your personal information, subject to legally permissible exceptions. Please note that your withdrawal has effect for future processing operations only, and note that if you withdraw your consent to some processing of your personal information, we may not be able to provide you with a particular offering. Similarly, if you cancel your subscription, we will cease collecting your personal information.
- Unsubscribe from email marketing: You may remove yourself from our contact lists by following the unsubscribe instructions in each of the e-mails. You may also remove yourself from our list by contacting us as set out in the “Contact Us” section below. Please note that even if you unsubscribe to such communications, we may contact you for other purposes such as the status of your vehicle or account, or other service-related purpose and update as permitted by law.
If you are a resident of Quebec, you may also have the following additional rights:
- You have the right to request that we cease disseminating your personal information or have hyperlinks associated with your name, and to provide access to personal information, de-indexed in certain circumstances.
- Erasure: Under certain circumstances, you may have the right to request that we delete your personal information.
When you exercise these rights and submit a request to us, we may verify your identity by asking you to authenticate your identity via standard authentication procedures.
We will respond to your request in writing within the time required by law. In certain cases, for instance, when the request involves large volumes of information or we must contact multiple third parties to obtain the information requested, we may need additional time to respond.
If we refuse your request, we will respond to you in writing, provide the reasons for the refusal, and inform you of what remedies you may have.
You may exercise your privacy rights by sending a request to info@matt3r.ai.
Children’s Privacy
We do not knowingly target or collect any information from children under the age of 13. If you are above 13, and above the legal driving age where you reside, but under the age of majority, you must have the consent of your parent/legal guardian to our Privacy Policy to use the Products and Services.
If you are a parent or guardian who has discovered that your minor child has provided us with personally information, we ask that you contact us at info@matt3r.ai to have this information deleted from our records.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time and at our sole discretion, without notice. Changes to this Privacy Policy will be effective immediately on posting to the website found at: [NTD: Include link], and when required by law, we will notify you. You agree to review this Privacy Policy on each visit to such website to inform yourself of any such modifications. You also agree to be bound by any such modifications.
If required by law, we may seek your prior consent.
Contact Us
For any inquiries or complaints concerning this Privacy Policy, please reach out to our Privacy Officer at info@matt3r.ai.