Privacy Policy | Converus

Privacy Policy of Converus, makers of EyeDetect and VerifEye

Home Privacy Policy

Converus Privacy Policy

Last Modified: February 26, 2025

Converus, Inc. (“Converus,” “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this Global Privacy Policy (“Privacy Policy”). This Privacy Policy describes the types of information we may collect from you when you use our websites (www.converus.com, www.converus.es, www.converus.net) or other Converus products, apps, or services. This Privacy Policy also describes how Converus uses information collected, with whom it is shared, how it is protected, and the choices offered to you regarding the collection and use of such information.

Please read this Privacy Policy carefully. By using Converus products, apps or services, you agree to the terms of this Privacy Policy. If you disagree with the terms of this Privacy Policy, do not use Converus products, apps or services.

Types of Information Collected During Product or App Use

Converus develops and sells its products, apps, and services directly to End Customers (“Customers”), which could include entities that use Converus Products to conduct credibility assessments on job applicants and/or current employees (where legally applicable) and/or for conducting diagnostic tests on specific topics. Converus also develops and sells its products, apps and services directly to third-party, authorized Converus Service Providers (“Service Providers”) who provide products, apps or services to their End Customers (“Customers”). A list of authorized Service Providers can be viewed at https://converus.com/find-a-partner/.

While using Converus products, Customers and authorized Converus Service Providers may collect personal information from you, which is information about you that can be used to uniquely identify you, such as your name, email address, photograph, voice recording, or video recording, if you consent to provide such information.

Converus products or apps may also collect information that does not uniquely identify you if you consent to provide such information. This information could include non-biometric pupil measurements and movements of your eyes, cardiovascular activity, respiratory activity, electrodermal activity, and answers to True/False or Yes/No test questions. Converus collects such information in various ways, including if you request information from Converus, download, use, and/or install Converus products or apps, or when contacting Converus customer support.

In some instances, if you consent, you may disclose your personal information to an authorized Converus Service Provider to utilize Converus products, apps, or services. The authorized Converus Service Provider may disclose some of your personal information collected with Converus, in which case that information will be protected according to the terms of this Privacy Policy. Authorized Converus Service Providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes you disclosed it to them.

Converus must receive or collect some information to operate, provide, improve, understand, customize, support, and market Converus products or apps, including when you install, access, or use those products or apps.

Converus products and apps do not require or collect “sensitive information,” to be defined here, such as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information related to sexual preferences or orientation to process credibility assessments.

Information You Provide includes:

  • Converus Account Information: Converus will require some basic information from you to create an account through any Converus products, including, but not limited to, name, contact information, or other similar information.
  • Customer Support and Other Communications: When you contact Converus for customer support or similar needs, you may provide information relevant to your use of Converus products or apps, information such as your name, email, or other contact information provided when you contact us, and any other information helpful for resolving your issue.
  • Test Taker Information: Converus products or apps can collect information about test takers before and after using relevant Converus products or apps. This information can include personal information, contact information, and user feedback about their testing experience. Depending on the test taken, Converus may collect information, including a test taker ID number, photograph, voice recording, or video recording of your eyes or face.
  • Payment Information: Converus may collect some personal financial information while collecting customer payments. Converus do not retain credit card payment information but may be retained by a merchant account provider.

Automatically Collected Information includes:

  • Device Information: Converus will collect information about your mobile device upon installation of Converus apps to ensure compatibility, including the hardware model, operating system version, app version, network connection information, battery level, signal strength, and access device features necessary for the use of any installed Converus app, like camera and storage.
  • Connection Information: Converus will collect device and connection-specific information when you install, access, or use Converus apps, including network information, carrier network, IP address, and browser information.
  • Usage and Log Information: Converus will collect information about your use of Converus apps, such as diagnostic and performance information. This includes information about how you use Converus apps, log files generated through use, diagnostic information, and performance logs.

How Converus Uses the Information Collected

Converus may use the information obtained about you to:

  • Our services: Converus uses information provided by users to operate, improve, and provide our products, apps, and services. Information you provide while using Converus products is used to process the results of any credibility assessments. Your information helps us understand your needs and interests and tailor our other products, apps, and services accordingly. Converus also uses your information to respond to your questions and comments and provide more robust customer support.
  • Security: Converus uses information collected by Customers and authorized Converus Service Providers from test takers to ensure our products, apps, or services are used correctly and safely. This includes collecting data to ensure our Terms of Use and other agreements are enforced appropriately and comply with applicable legal requirements and industry standards.
  • Communications: Converus uses information to communicate with you about our products, apps and services, as well as offers, events, and other promotions.

In addition to the uses described above, Converus may use the information collected through login information, cookies, or other means to identify and authenticate visitors. Converus may also combine the information collected with publicly available information. Converus may use that combined information to communicate with you about our products, apps, and services that may interest you, for promotional purposes, and other purposes described in this Privacy Policy.

Converus may also use the information obtained about you in other ways that we provide specific notice at the time of collection. However, during the regular course of business, which is to process credibility assessment data, Converus’ response to customers or authorized service providers is to reject any information identified as “sensitive” as it is not required.

Information Converus Shares

Converus may disclose aggregated information about our users without restriction. Converus does not share your personal information with third parties except as described in this Privacy Policy. Converus may also disclose your personal information to: (i) comply with any court order, law, or legal process, including to respond to any government or regulatory request; (ii) enforce or apply our Terms of Use and other agreements; and/or (iii) if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Converus, our customers, or others. Information about you collected by third parties is handled by the discretion of those third parties. Information collected by third parties may be governed by contractual terms other than those described in this Policy.

Converus also reserves the right to disclose your personal information to a buyer or other transferee in case of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all our assets. If such a sale, merger, or transfer happens, Converus will make sure to use your personal information in a manner consistent with our Privacy Policy.

Your Choices

Converus offers you the following choices about the information collected from you and how we communicate with you:

Promotional Offers and Marketing Emails. If you do not wish to have your personal information used by Converus to promote our products, apps, or services, you can opt out of these communications. If Converus sends you a marketing email, you may choose not to receive additional marketing email communications by clicking on the “unsubscribe” link at the bottom of Converus marketing emails.

Information Provided by Our Business Customers. If your current or potential employer or an authorized Converus Service Provider provides your personal information to Converus, you may have choices concerning our use or disclosure of such information. Please get in touch with the relevant authorized Converus Service Provider or your current or potential employer to learn about and exercise your choices. A list of authorized Converus Service Providers can be viewed at https://converus.com/find-a-partner/

Accessing and Correcting Your Information
You may send us an email at [email protected] to request access to, correct, or delete any personal information that you have provided to us. Subject to applicable law (such as the General Data Protection Regulation (EU) 2016/679), you may have certain additional rights to request access to and receive information about the personal information we maintain about you, update, and correct inaccuracies in your personal information, and have your personal information blocked or deleted, as appropriate.

Children Under the Age of 11

Converus products, apps, and services are not directed to, and Converus does not knowingly collect or solicit personal information from, children under 11. If Converus collects or receives personal information from a child under 11, it will be deleted. If you believe Converus might have any information from or about a child under the age of 11, please contact us at [email protected].

Security and Storage

Converus has reasonable security measures to protect your personal information, during transmission and once received, from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Our servers are protected by firewall systems, and complete backups are performed regularly. Secure Socket Layer (SSL) technology is used for all transmitted data and encryption is used for data at rest. Encryption and anonymizing techniques are employed to store some data. Please note that no electronic transmission of information can be entirely secure. Converus cannot guarantee that the security measures will never be defeated or fail or that such measures will always be sufficient or adequate.

Other Collection, Use, and Disclosure of Information

In addition to the terms discussed in this Privacy Policy, Converus may also collect other information through other products, apps or services not explicitly mentioned in this Privacy Policy. If you purchase products and/or license products, apps or services from us, all information generated from using such products or software is subject to the terms outlined in the applicable purchase and/or license agreement(s). Converus is committed to consistently treating the collection, use, and disclosure of information in each product, app, or service.

Law, Our Rights, and Protection

Converus accesses, preserves, and shares information described in this Privacy Policy. If it has a good-faith belief, it is necessary to respond according to applicable laws and regulations, legal processes, or government requests. Converus can also use collected information to enforce its Terms of Use or other applicable policies as necessary, including detecting, investigating, preventing, or addressing fraud or other illegal activity, security, or technical issues. Information collected can be used to protect the rights, property, and safety of ourselves, users, or others.

Geographic Restrictions and Data Transfers

Converus is based and operates in the United States. When obtaining personal information about you, Converus may process the information outside of the country in which you are located, including in the United States. The countries where Converus processes your information may not have the same data protection laws as the country in which you are located. Converus will protect your information as described in this Privacy Policy.

Additional General Data Protection Regulation (GDPR) Information

GDPR is a law that protects the personal data of people in the European Union (EU) and the European Economic Area (EEA).

You have rights concerning the information collected described above; these rights include:

  • The right to access– You have the right to request copies of your personal data from us.
  • The right to rectification– You have the right to request that Converus correct any information you believe is inaccurate. You also have the right to request that Converus addresses any information you believe is incomplete.
  • The right to erasure– You have the right to request that Converus erase your personal data, under certain conditions.
  • The right to restrict processing– You have the right to request that Converus restrict the processing of your personal data under certain conditions.
  • The right to object to processing– You have the right to object to our processing of your personal data under certain conditions.
  • The right to data portability– You have the right to request that Converus transfer data that we have collected from you to another organization or directly to you, under certain conditions.

Specific Note on GDPR vis-a-vis EyeDetect, EyeDetect+ and VerifEye

The administration of EyeDetect, EyeDetect+, and VerifEye tests does not require personally identifiable information (PII). The minimum amount of information needed to conduct and score these tests cannot be used as a biometric to identify a person.

According to GDPR Article 4, there are two participants in the use of data. The data controller is the entity that determines which data is processed. A data processor is an entity that uses data to perform a function on the controller’s behalf.

Converus falls into the category of data processor because our web servers process information that EyeDetect service partners (SPs) or clients send to the cloud for scoring resulting from tests they administer. The SP or client administering a test controls which examinee PII data is added to the software during test administration.

Per GDPR, the data controller (SP or client) is most responsible for protecting privacy and the rights of the person for whom the data is controlled. The data controller controls the procedures and introduction of PII during testing, if any. The data controller provides data that is used and processed by the data processor (Converus).

There are some specific data obtained during an EyeDetect test:

1- Eye movements and pupil diameter measurements – gathered by the eye tracker at 60 measurements per second (60 Hz). In the case of EyeDetect, these are not photographs but physical measurements and cannot be used as a biometric.

2- Test responses – the examinee’s computer-based True/False or Yes/No answers to test questions with timestamps. These data cannot be used to identify a specific person.

If the SP or client wishes to protect the name of any examinee during registration before taking a test, the Test Proctor should use an identifying number rather than a person’s name, and the Test Proctor should not take a photo of the examinee. If no photo is taken, the organization will need to find test results for a person based solely on the assigned ID number—after the test is taken, saved, and scored.

Additional CCPA, Utah Consumer Privacy Act, and other USA Privacy Law Information

Depending on where you live and subject to certain exceptions, you may have some or all the following rights:

  • Right to Know: The right to request that Converus disclose to you the information collected or received from you, used or disclosed by us, and information about our data practices.
  • Right to Request Correction: The right to request that Converus correct inaccurate information maintained about you.
  • Right to Request Deletion: The right to request that Converus delete information collected from or about you.
  • Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

Under certain U.S. Privacy Laws, you may choose an authorized agent to make these requests for you. If you use an authorized agent to submit a request, Converus may need to collect additional information, such as a government issued ID, to verify your identity before processing your request to protect your information.

If you have additional questions about this policy, how to exercise your rights under the applicable U.S. Privacy Laws, and, as applicable, to appeal a consumer rights action, please contact us.

Additional Information on the EU-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework

Note: On this page, the EU-U.S. Data Privacy Framework is referred to as “EU-U.S. DPF,” the UK Extension to the EU-U.S. DPF is referred to as “UK Extension to EU-U.S. DPF,” and the Swiss-U.S. Data Privacy Framework is referred to as “Swiss-U.S. DPF.”

i. Converus complies with EU-U.S. DPF, and UK Extension to EU-U.S. DPF, and Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. Converus has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles (“EU-U.S. DPF Principles”) concerning the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Converus has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles concerning the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, UK Extension to EU-U.S. Principles, and/or the Swiss-U.S. DPF Principles (collectively the “DPF Principles”), the DPF Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

ii. The types of personal data collected by Converus are outlined in the relevant section above.

iii. Converus is committed and subject to the EU-U.S. DPF Principles for all personal data received from the EU, the United Kingdom (and Gibraltar), and/or Switzerland in reliance on the relevant part(s) of the DPF program.

iv. The purposes for which Converus collects and uses personal information are outlined in the relevant section above.

v. In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles, Converus commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF policy should first contact Converus at:

Telephone: +1 801-331-8840
Email: [email protected]
Mail: Converus, Inc.
Attn: Privcy Matters
610 S. 850 E. mailto:Ste #4
Lehi, Utah 84043

vi. The type or identity of third parties to which Converus may disclose personal information and the purposes for which it does so are outlined in the relevant section above.

vii. Your rights to access your personal data are outlined in the relevant section above.

viii. Your choices and the means offered by Converus for you to limit the use and disclosure of your personal data are outlined in the relevant section above.

ix. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Converus Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS Data Privacy Program, a alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland (as applicable)]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS’ website for more information or to file a complaint. The services of a href=”https://www.jamsadr.com/DPF-Dispute-Resolution”>JAMS Data Privacy Program Dispute Resolution are provided at no cost to you

x. The Federal Trade Commission has jurisdiction over Converus’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF principles.

xi. Under certain conditions, you may invoke binding arbitration for complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF compliance not resolved by any of the other mechanisms. For specific information on each framework, visit the following:

xii. Under EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF principles, Converus may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

xiii. Converus shall remain liable under these DPF Principles if its agent processes such personal information in a manner inconsistent with these DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Changes and Updates to Our Privacy Policy

Converus reserves the right to update or change this Privacy Policy anytime. If Converus makes a material change to its Privacy Policy, Converus will provide notice that our privacy practices have changed and provide access to the new policy. In the event we make a material change to how we use your personal information, Converus will provide you with an opportunity to opt out of such new or different use. The date this Privacy Policy was last revised is at the top of the policy. You are responsible for periodically reviewing this Privacy Policy and any additional privacy notices in any purchased or installed Converus products to check for any updates or changes.

Contact Us
If you have any questions about this Privacy Policy or our privacy practices, you may call us at +1 801-331-8840, email us at [email protected].

Converus, Inc
Attn: Privacy Matters
610 S. 850 E., Ste. 4
Lehi, Utah 84043

 

Converus (“with truth”) provides scientifically validated credibility assessment technologies that help protect countries, corporations and communities from corruption, crime and threats.