Privacy Policy

This Privacy Policy describes how AirBadge, LLC (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects Personal Information when Customers and Users access or use our software-as-a-service platform that enables airport credentialing, location access management, applicant intake, and background screening workflows (the “Services”).

This Policy applies to: (a) visitors to our websites located at airbadge.us (the “Site”); (b) airport operators and related entities that purchase or evaluate the Services (“Customers”); and (c) individuals who access the Services at a Customer’s direction, including Customer personnel and prospective employees participating in application, credentialing, and background screening processes (“Users”).

By using the Site or Services, you acknowledge this Policy. Where we process Personal Information under a contract with a Customer, we act as a “service provider” or “processor” to that Customer; in those cases, our processing is governed by our agreement with the Customer and this Policy supplements, but does not override, that agreement. Capitalized terms not defined herein have the meanings in applicable privacy laws.

If you are a Customer, our Data Processing Addendum (DPA) located at airbadge.us/dpa forms part of our agreement and governs our processing as a service provider/processor.

If you are a California resident, please review the California Privacy Notice section below for additional disclosures and rights under the California Consumer Privacy Act (as amended by the CPRA) (“CCPA”).

IMPORTANT NOTICE

A prominent, standalone “Do Not Sell or Share My Personal Information” link is available on our homepage and at: airbadge.us. You may also submit opt-out requests by emailing us at legal@airbadge.us.

1. Our Data Processing Role

Service Provider:
We process Customer employee platform access data on behalf of Customers under the California Privacy Rights Act.
Independent Business:
We collect prospective employee information directly for background screening services, acting as an independent business under CPRA.

2. Information We Collect

Personal Information Categories

  • Identifiers: Name, address, email, SSN, driver’s license, employee ID, login credentials
  • Protected Classifications: Age, date of birth, citizenship, immigration status
  • Professional Information: Employment history, education, licenses, certifications, references
  • Background Check Data: Criminal history, credit reports, driving records, security clearances
  • Biometric Information: Fingerprints for security clearance and identification
  • Geolocation Data: Facility access logs and location stamps
  • Electronic Activity: Login records, system access logs, IP addresses, device information

Sensitive Personal Information

We collect SSNs, login credentials, precise geolocation, biometric identifiers, and background check results including criminal history.

Sources

We collect from: individuals directly, Customer direction, background check providers, government agencies, previous employers, and automated platform usage.

3. How We Use Personal Information

Service Provider Processing (Customer Employee Data):

  • Platform access and account management
  • Security monitoring
  • Service delivery and support
  • Compliance with Customer instructions

Independent Business Processing (Background Screening):

  • Conducting employment background checks and security screenings
  • Creating airport security credentials
  • Verifying identity and qualifications
  • Providing screening reports to Customer employers
  • Meeting aviation security and FCRA requirements

4. How We Disclose Personal Information

We share Personal Information with:

  • Customers: We disclose User and applicant information to the applicable Customer and its authorized administrators for hiring, credentialing, access control, compliance, and security.
  • Service Providers/Processors: Cloud hosting, security, analytics, identity verification, consumer reporting agencies, communications, payment processing, and support tools under contracts restricting use to our instructions and requiring appropriate safeguards.
  • Integration and Data Partners: Third-party systems integrated by the Customer (e.g., HRIS, badging, training vendors), where disclosures are directed by the Customer.
  • Government, Regulators, and Law Enforcement: Where required by law or valid legal process; to protect rights, safety, and security; or in connection with airport/aviation security mandates.
  • Aggregated/De-Identified Data: We may share de-identified or aggregated data that does not identify an individual.

We do not “sell” Personal Information as the term is commonly understood. We do not “share” Personal Information for cross-context behavioral advertising.

5. Your Privacy Rights (California Residents)

Under the California Privacy Rights Act, you have the right to:

  • Know: What personal information we collect, use, and disclose
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate information
  • Opt-Out: Opt out of sale/sharing (though we don’t sell data)
  • Limit Use: Limit use of sensitive personal information
  • Non-Discrimination: Exercise rights without penalty

Federal Retention Requirements – Important Limitation

We may be legally required to retain certain information despite deletion requests. As a provider to federally-regulated airports, we must retain employee credentialing, training, and access records as determined by the data type and applicable regulation as identified below.

Data Type Regulation Retention Authority
Security training 49 CFR § 1542.113 180 days post-termination TSA
CHRC records 49 CFR § 1542.209 180 days post-termination TSA
Access media logs 49 CFR § 1542.211 180 days TSA
Background checks FCRA 5-7 years FTC/EEOC
Threat assessments TSA Directives Varies TSA

When we deny deletion due to federal requirements, we will:

  • Explain the specific regulation requiring retention
  • Specify the retention period
  • Confirm deletion will occur when legally permitted
  • Limit use to compliance purposes only

6. Exercising Your Rights

Online:
Visit “Do Not Sell or Share My Personal Information” at airbadge.us
Email:
legal@airbadge.us
Response Time:
We will respond within the timeframes required by applicable law.
Verification:
We will verify your identity and may request additional information to process your request.
Authorized Agents:
You may designate an agent with written authorization.
Service Provider Data Note:
For Customer employee platform data, we may need to direct you to submit requests to your employer (the Customer), as they control that data.

7. Data Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information, including encryption in transit and at rest where appropriate; access controls; logging and monitoring; vulnerability management; and employee training. No security measure is perfect, and we cannot guarantee absolute security. Customers play a critical role in access governance and account security (e.g., MFA, least-privilege access).

8. Data Retention

We retain Personal Information for as long as necessary to provide the Services to the Customer, comply with legal and regulatory requirements as identified in Section 5 above (including aviation security recordkeeping), resolve disputes, enforce agreements, and for legitimate business purposes. Customers may control certain retention settings and deletion schedules. We may retain de-identified or aggregated information solely for analytics and service improvement.

Federal requirements supersede all other retention periods and CPRA deletion rights.

9. International Data Transfers

We provide Services primarily within the United States. If Personal Information is transferred, stored, or processed outside your state or country, we will protect it as described in this Policy and in accordance with applicable law and contractual commitments with Customers and service providers.

10. Children’s Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect information from children under 18.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification. Continued use after changes constitutes acceptance.

12. Contact Us

If you have questions, concerns, or complaints about this Policy or our privacy practices, contact us at:

  • Email: legal@airbadge.us
  • Address: 1501 S Mopac Expy., Ste. 220, Austin, TX 78746 United States, ATTN: Legal

You may also submit opt-out requests via our “Do Not Sell or Share My Personal Information” page at airbadge.us or by emailing legal@airbadge.us.

13. State-Specific Addendum

Depending on your residence, additional rights may apply:

  • Virginia/Colorado/Connecticut/Utah: Rights to access, correct, delete, and opt out of targeted advertising and certain profiling. Submit requests via airbadge.us or legal@airbadge.us.
  • Nevada: We do not sell covered information as defined under Nevada law. For inquiries, contact legal@airbadge.us.

To the extent of any conflict between this Policy and applicable state law, we will comply with the more protective requirement.

14. Definitions

“Personal Information”
means information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable individual, and includes “personal data” under other state laws.
“Sensitive Personal Information”
includes, for example, Social Security number; driver’s license/passport; precise geolocation; racial or ethnic origin; biometric identifiers; and data concerning criminal history where permitted by law.