ooTao Privacy Policy

Overview

In this policy "ooTao" refers to the i-broker and registrar services provided by ooTao Corporation, and "ooTao staff", "us" and "we" refers to the ooTao staff, board members, professional advisers, volunteers and consultants, all of whom are bound by law or contract to keep information they receive as part of their assistance to ooTao confidential.
ooTao is an identity services provider with the goal of providing people with complete control over their identity-related transactions. ooTao and the ooTao staff are devoted to the work of creating an environment of trust for Internet users, and that means we are striving to enhance the privacy and security techniques available to you as an Internet user.
Please note that while we repeatedly refer in this Privacy Statement to privacy in the sense of protecting the confidentiality of information relating to individual persons ("Personal Information"), we also take similar steps to protect the confidentiality of information about companies and other organizations that register for global i-names or i-numbers or otherwise participate in the global XDI community.
We want to make sure that you are informed concerning what Personal Information is collected about you, who uses it and for what purposes, what choices you have concerning communications with you and data sharing with others, how your Personal Information is secured, how you can access and update or correct the information about you, and what information about you appears in the public i-name registry.

  • We actively protect the privacy of visitors to the ooTao and EZIBroker websites, participants in discussion lists, email correspondents, and others who interact directly with ooTao.
  • We also protect the privacy of i-name registrants, as indeed, such privacy is essential to our service offering.
  • Finally, through a chain of agreements beginning with the XDI.ORG Intellectual Property Rights ("IPR") Agreement and the XDI.ORG Global Service Provider ("GSP") Agreement, we have agreed to do the following:
    • communicate our privacy practices clearly and conspicuously and
    • implement broadly accepted Fair Information Practices in handling Personal Information.

As a global i-broker retailer, ooTao complies with all terms and requirements of the XDI.ORG XDI.ORG Global Service Provider Agreement. As a local (community) registrar and i-broker service provider, and as a California corporation dedicated to your privacy, we additionally support and comply with the requirements of the Online Privacy Protection Act as defined by the California Office of Privacy Protection.
As the XDI community and technology evolve, we will update and improve upon this Privacy Statement, as published on our principal website, http://ooTao.com/. Finally, we commit to assist our customers in protecting and controlling the privacy and security of their Personal Information, and to adhere to the purpose and principles of Identity Commons, to which we subscribe. It's not just a good idea — it's at the core of our business model.

Information We Collect and How We Use It

ooTao's core business model is based on user control of their Personal Information. As such, the only Personal Information we collect consists of what you choose to give us so that we can provide you with the services that you desire. At all times you have the ability to view, modify or delete the information that ooTao stores for you. As we create new services, we will offer you new ways to share specific portions of your information — often while maintaining control over how it is used — with third parties. In such cases, we will assist you in assessing the trust that you can place into such third parties that want access to your data, but ultimately, the choice is yours.
In the next few sections we describe specific cases of how and when we may collect data from you, how it is stored and for what purposes it is used.

Registrant Information

When you register a global i-name or i-number with an i-broker retailer such as ooTao, the global i-name you choose, an associated i-number, and a pointer to your i-broker is listed in the global public registry. This information, along with your account authentication credential (such as a password) is also stored by your i-broker (ooTao).
When you provide additional Personal Information to ooTao as may be required by a particular service, we use, store, and share that data only to the extent necessary to provide the service you request. We keep a secure database of our registrants and provide information and updates at your request to a global public registry, as well as providing any other ooTao services you request. According to your directives, we process and collect payment for these services (see Payment section, below), provide you with authenticated access to your i-name account, publish your personally configured contact gateway, correct any technical problems with your services, investigate and resolve questions and disputes, send you notices regarding updates, renewals, and special offers. As more sophisticated i-broker services come online, you may elect to provide negotiated access to portions of your Personal Information so as to enable form filling, interest matching, address book and calendar sharing, and other services offered by us or from third parties.
ooTao employs technical and organizational safeguards, including password access controls and physical security, to protect Personal Information as long as it is in our possession, and we retain Personal Information only as long as needed for the purposes listed above. ooTao will not use, sell, rent, or otherwise disclose Personal Information for any purpose without your express permission.

Comments and Support Requests

ooTao provides a comment and support request facility that sends information from the request, including what page it was made from, to the ooTao staff. If you desire a reply and thus include either your email address or i-name, we will store this information so that we can communicate with you until the support request has been satisfactorily handled. The remainder of the comment or support request may be stored beyond that point so that we can maintain a history of support requests and their resolution, so you may wish to take care not to include personally identifying information within the body of the message.

Surveys

ooTao may ask website users to participate in surveys. In all cases, participation will be voluntary. If a survey asks for Personal Information, answering those questions will be optional. Survey responses will be seen only by the ooTao staff conducting the survey. Survey results will be made public only in the aggregate, without reference to individuals, unless an individual gives us permission to quote and attribute his or her response.

Websites and Cookies

We use log files, as most website servers do, to record certain technical information about visits to our website, including the IP address and the DNS name of the access provider (such as your Internet Service Provider), the type of browser used, referring and exit pages, platform type (where available), a date and time stamp, and possibly the number and sequence of pages visited. Unless your IP address or associated DNS name identify you specifically, none of this information reveals who you are, and we do not link it to other data in an effort to discover the identity of a site visitor. ooTao staff use this information solely to administer the site, analyze trends, and track the use of the site in the aggregate so that we can make improvements to better meet user needs. Any log data that we publish, such as the total number of hits or users in a given period, is disclosed only in an aggregate form that does not reveal personally identifiable information. ooTao deletes its log files monthly.
The ooTao website uses cookies only for the duration of a user session to maintain the integrity of the session as the visitor navigates the site, conducts searches, and posts comments or documents. Cookies are also used to enable background authentication of your i-name, though such authentications only occur when explicitly permitted or requested by you.

Email

Please use discretion in sending email messages to ooTao staff or role accounts (such as "postmaster"). ooTao will endeavor to store, use, and disclose email only as needed to answer your requests and provide services to you. But electronic mail is not a reliably secure medium of communication, and ooTao cannot guarantee the confidentiality of email messages in transit or stored on the servers of ISPs, employers, or others to whom emails may be manually or automatically routed and who are outside the direct control of ooTao.
ooTao holds the names and email addresses of correspondents in the strictest confidence and will not disclose any Personal Information about email senders without their permission, unless required by law.

System Notices and Policy Updates

To receive ooTao system notices such as updates to this Privacy Policy, you must provide your email address and opt-in to the service — otherwise you won't receive anything from us. (Note that if you don't provide your email address and opt-in to receiving system notices, you may not be informed of important issues such as a dispute against your i-name.)

Contacting ooTao about Personal Information

Please use our support form to report any privacy policy concerns or suspected violations. We will correct any errors on our part, notify third parties that obtained relevant data from us concerning any necessary corrections or deletions, and try to reach a reasonable accommodation with you with respect to any unusual privacy concerns you might have.
In the event of litigation over alleged privacy breaches by ooTao, we submit only to the jurisdiction and venue of state and federal courts located in San Francisco, California.

Compelled Disclosure

If we are required by law to disclose the information that you have submitted, we will attempt to provide you with notice (unless we are prohibited) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address, or by postal mail if you have entered a postal address. We will independently object to overly broad requests for access to information about users of our site. If you do not challenge the disclosure request, we may be legally required to turn over your information. Note that since the XRI/XDI privacy framework being implemented by ooTao enables your data to be stored anywhere, with your i-broker simply handling the negotiation of data access on your behalf, the actual amount of personally identifying data at ooTao can be minimal and potentially non-existent.

Notice Regarding Children

Our website, services and email discussion lists are not specifically designed for children, and we do not monitor postings or communications among participants in discussion groups for content that might be inappropriate for minors. Along with the privacy that i-names provide comes a degree of responsibility, and thus we do not encourage the registration of i-names by minors without the permission and participation of a parent or legal guardian. We will not knowingly communicate with a child under the age of 13 without parental permission. Any questions concerning this policy should be directed to our support form.

External Links

ooTao websites may contain links to websites operated by other parties. ooTao does not control those external websites and cannot be responsible for their privacy practices.

Effective Date

This Privacy Policy (version 20060620.1) is effective as of 20 June 2006