Shadowtrack Technologies, Inc., hereafter called Shadowtrack®, has implemented safeguards to protect confidential information. Shadowtrack® does not sell, rent, or otherwise disclose our mailing lists, enrollee, agency, officer, or any information about our site visitors.

Shadowtrack® does not track visitors or enrollees via our corporate website. Our site captures limited information about visits to our site to analyze general traffic patterns that determine where visits are derived from, for marketing and maintenance purposes only. If you choose to email us and provide personally identifiable information about yourself, we will not use that information for any purpose other than to respond to your inquiry unless you otherwise consent.

Shadowtrack® is committed to handling your information with the highest standards of information security. Your credit card information is stored only in encrypted form. We restrict access to your personally identifiable information to employees on a need-to-know basis in order to provide services to you. We maintain physical, electronic, and procedural safeguards to guard your nonpublic personal information.

Shadowtrack® has a credit card processing engine that combines Secure Socket Layer (SSL), PGP encryption, and proprietary technologies too process payments easily and securely. Additionally, the processor is certified with Visa’s Cardholder Information Security Program (CISP) and adheres to the Payment Card Industry (PCI) Data Security Standard. CISP and PCI further ensure the security of customer account information and are intended to protect cardholder data.

The security of your Shadowtrack® account also relies on the protection of your password. Shadowtrack® will never ask you to send your password or other sensitive information to us in an e-mail, though we may ask you to enter this type of information on the Shadowtrack® website.

This privacy policy governs your use of the software application Shadowtrack® for mobile devices. The Application is used as a tool to fulfill your court ordered, diversionary,  probation, or parole requirements. The application will send alerts to your mobile device to complete a verification call, location verification, interview, video conferencing, and/or sobriety test. The Application obtains information regarding your tracking history. Registration with us is optional. However, please keep in mind your assigned officer or supervising agent will be notified if you fail to complete your enrollment or any portion of the Shadowtrack® program.

Shadowtrack® has a video conferencing service called ShadowView that is only available to enrollees and authorized Users/Hosts (Officer, Caseworker, etc.).

  • ShadowView meetings can only be initiated by the host for the greatest level of control and security.
  • When you join a meeting, your video camera and microphone may be on by default. Be aware that participants may be able to see and hear from you as soon as you join a meeting. If you don’t want to share sound or video, you must notify the host immediately.
  • ShadowView allows the host to record the meeting for future reference. Shadowtrack® does not keep a copy of this recording.  However, the host my download the recording for their records. If you do not want the host to record the session, you must advise the host immediately.
  • Be careful before sharing your screen. Most services have functions to allow you to share with the group what’s on your screen – for example, a slide show. But before sharing your screen, make sure you don’t have open documents, browser windows, or other things on your screen you don’t intend for others to see.
  • If confidentiality is crucial, video conferencing may not be the best option. No conferencing service can guarantee the security of your information, so consider alternatives if you need to talk about particularly sensitive topics with your host.
  • ShadowView includes safeguards to keep information private. We do not share your information with third parties.
  • ShadoView recommends updating to the latest version of the software (Browser, iOS, or Android) with patches and fixes. Only accept updates directly from the service’s website.
  • By using this service, you indemnify Shadowtrack® and all of its affiliates for any breach in data sharing by the host.

Shadowtrack® has a face recognition service called ShadowFace that is only available to Enrollees and authorized Users (Officer, caseworkers, etc.). The purpose of this service is to positively identify an Enrollee during a verification session so that the assigned officer, court, or supervising agent can confirm that the Enrollee is abiding by their court ordered community supervision requirements.

  • During the enrollment process, the app will request the Enrollee to capture an image of their face (Enrollment Image)
  • The stored enrollment image will be compared to a verification image when requested by the app during a verification session in order to positively identify the enrollee or to detect spoofing attempts
  • Recognition data is not shared with any 3rd party other than with an Enrollee’s assigned officer, court, or supervising agent
  • The face data collected on the Enrollee is size, pitch, roll, yaw, and key landmarks
  • All facial recognition data is securely stored on an independent cloud server without any personally identifiable information
  • All facial recognition data is stored for a period of up to seven years (7) after the Enrollee is removed from the program. This retention time period is dictated by the supervising agency
  • The Enrollee must agree to opt in to this service by accepting the clear language on the app during the enrollment process

When you receive location alerts the mobile application will use GPS technology (or other similar technology) to determine your current location. We can share your tracking history with a court, probation officer, law enforcement, or anyone associated with your case. We will share your information with third parties only in the ways that are described in this privacy statement.

We may disclose User Provided and Automatically Collected Information: As required by law, such as to comply with a subpoena or similar legal process; when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; Our service providers do not have an independent use of the information we disclose to them and have agreed to adhere to the rules set forth in this privacy statement.

We will retain User-Provided data for as long as you use the Application and for a reasonable time thereafter. You can stop all collection of information by the Application easily by uninstalling the Application. If you uninstall or log out of the application your assigned officer or supervising agent will be notified.

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing,” means using cookies on a computer/handheld device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

If you have any questions or concerns about our policy, please contact Shadowtrack® via email at support@Shadowtrack.com or at 877-396-0385. Our corporate office is located at ONE LAKEWAY 3900 North Causeway Boulevard Suite 1200, Metairie, LA 70002

Security Policy

Organizational Security

Information Security Program

  • We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.

Third-Party Audits

  • Our organization undergoes independent third-party assessments to test our security and compliance controls.

Third-Party Penetration Testing

  • We perform an independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.

Roles and Responsibilities

  • Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all of the security policies.

Security Awareness Training

  • Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

Confidentiality

  • All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.

Background Checks

  • We perform background checks on all new team members in accordance with local laws.

Cloud Security

Cloud Infrastructure Security

  • All of our services are hosted with [Amazon Web Services (AWS) | Google Cloud Platform (GCP)]. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit [AWS Security | GCP Security].

Data Hosting Security

  • All of our data is hosted on [Amazon Web Services (AWS) | Google Cloud Platform (GCP)] databases. These databases are all located in the [United States]. Please reference the above vendor specific documentation linked above for more information.

Encryption at Rest

  • All databases are encrypted at rest.

Encryption in Transit

  • Our applications encrypt in transit with TLS/SSL only.

Vulnerability Scanning

  • We perform vulnerability scanning and actively monitor for threats.

Logging and Monitoring

  • We actively monitor and log various cloud services.

Business Continuity and Disaster Recovery

  • We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.

Incident Response

  • We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.

Access Security

Permissions and Authentication

  • Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
  • Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.

Least Privilege Access Control

  • We follow the principle of least privilege with respect to identity and access management.

Quarterly Access Reviews

  • We perform quarterly access reviews of all team members with access to sensitive systems.

Password Requirements

  • All team members are required to adhere to a minimum set of password requirements and complexity for access.

Password Managers

  • All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.

Vendor and Risk Management

Annual Risk Assessments

  • We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.

Vendor Risk Management

  • Vendor risk is determined and the appropriate vendor reviews are performed prior to authorizing a new vendor.
Revision 0504-20200607
05/23/2022 3:25 p.m.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.