Cybersecurity and Privacy Policy

Introduction

Intelligence Trust LLC (“us”, “we” or “our”) operates the CheckNGN mobile app (the “App”) and www.checkngn.com web site (the “Site”). This document informs about our policies regarding the collection, use and disclosure of Personally Identifiable Information ("PII") we receive from users of the App as well as about our cybersecurity policies and procedures with respect to data breach and notifications.

Information Collection and Use

We use PII only for providing the services offered and improving the App. By using the App, the consumer agrees to the collection and use of information in accordance with this policy. While using our App, we may ask the consumer to provide us with certain personally identifiable information, or we will receive that information automatically from the social login provider (Facebook, Google) if the consumer chooses to authorize us to accordingly. PII may include, but is not limited to:

  1. Name
  2. E-mail address
  3. Addresses
  4. Phone numbers

Additionally, upon posting a repair request, and only at that time, the consumer will make available the following information to shops:

  1. Vehicle make, model, year, VIN and mileage, as well as the repair request title and description - all these are required for shops to be able to estimate the necessary repairs as accurately as possible
  2. Vehicle location, essential if towing is required, and also mapping your current location to the participating repair facility including distance

Privacy and Security

The privacy and security of your PII as well as other data you submit through the App is of paramount importance to us. While we strive to use commercially acceptable means to protect consumer information, we cannot guarantee its absolute security. The consumer has a right to request a copy of all PII that we maintain on his/her behalf and to amend or correct the PII, as well as the right to have his/her account entirely disabled and their information removed from our servers. At such a point, repair request information located at shops (i.e. at shop related data keys) which have provided bids or repairs to that consumer will be kept, as that information will be considered as belonging to those shops.

Cyber Security

We use a combination of administrative, preventative and detective controls to assure our App and our users data is secured against cybersecurity attacks to maintain Confidentiality, Integrity and Availability. We rely on a reputable company (Google, through their Firebase service) as a back-end for our data, which handles connection security according to the highest standards to date. For administrative access, we use two-factor authentication, so the possibility of a breach is at industry minimum.

From a consumer perspective, access to data is provided in a perfectly isolated fashion. In other words, excluding the data administrator (which securely connects as described above) a consumer is the only one that has access to his or her own PII.

Security Monitoring and Incident Response

No additional information is shared with the shop. Payment is handled by CheckNGN and not by shops.

When Leaving Repair Rating/Reviews

We leverage endpoint-based controls to facilitate security logging and monitoring of user activities, exceptions, faults, and events in accordance with business, legal, and regulatory requirements. Collected logs and associated analysis are appropriately archived, protected from unauthorized access, and regularly reviewed.

We have established and maintain an incident response process and where required, reporting processes for disclosures of PII in the event of data loss or a data breach. If we have reason to believe that users data was compromised we will:

  1. Notify them in writing at the last known address on file, or
  2. Notify them by email if such one is available
  3. Notify all recognized consumer reporting agencies in the event the breach exceeds 500 records

All notifications will be in within 48 hours of discovery unless otherwise requested by law enforcement. We will also notify respective state administrators according to their individual disclosure requirements. In Minnesota it is pursuant to section 325E.61.

Changes To This Policy

This policy is effective as of the date in the header and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being published on the Site or in the App. We reserve the right to update or change our Cybersecurity & Privacy Policy at any time. Continued use of the App after we post any modifications to the Cybersecurity & Privacy Policy on the Site or in the App will constitute consumer’s acknowledgment of the modifications and his/her consent to abide and be bound by the modified policy.