Last Modified: 8/5/2025

Version: 1.0

This Privacy Notice lets you know how MI Technology, LLC (“Company,” “us,” or “we”) may collect, use, and share your Personal Information, and the choices that are available to you to protect this information. We respect your privacy and we value the importance of securing this information, which is why we take significant measures to safeguard your Personal Information while we offer industry-leading verified digital identity services.

This Privacy Notice applies to our online platform, including the associated platforms and mobile applications (“App”) as well as our websites: www.aspiretech.us, knowledge.merits.com, app.merits.com, keep.ks.gov, help.keep.ks.gov, aceohio.org, help.aceohio.org, parentalchoice.ok.gov, and help.parentalchoice.ok.gov (the “Site”) and other interactions (e.g., customer service and other communications) you may have with our Company (the “Service” or the “Services”).

This Privacy Notice does not apply to any third-party applications or software that integrate with the Services through our platform (“Third-Party Services”) or any other third-party products, services or businesses, including Organizations. Each of these Third-Party Services are responsible for their own applicable privacy practices; please refer to their privacy notices to review your rights.

This Privacy Notice applies to individuals globally, however there is additional information related to International Transfers and California Residents. Please refer to those sections if they apply to you.

By using our Services, visiting our Site, or otherwise interacting with our Company (e.g. by submitting a ticket or interacting with our content) you consent to the collection and use of your Personal Information in accordance with this Privacy Notice.

For purposes of this Privacy Notice:

We collect pieces of information from you and about you in connection with the use of our Services. Some of this data may include information that identifies you or your device(s) or is reasonably associated with you, this is Personal Information. We collect Personal Information from the following sources:

The following are categories of data that we may have collected about you from one of these sources while providing our Services:

We may also collect, use, and disclose aggregated or de-identified data that does not reasonably identify you and is not considered Personal Information.

We collect Personal Information from you when you visit our Site; create an account for our Service to receive Merits; use our Services; request a demo, subscribe to our content or download our whitepapers; respond to a survey; post reviews; provide testimonials; communicate with us through third-party social media sites; fill out a form; attend an event; apply for a job; request customer support; or otherwise interact with us.

You may give us permission to use the information contained in your Merits so that you may receive advertisements or promotions related to your interests and Merits.

This type of Personal Information may include:

We collect Personal Information about you from the Organizations that we do business with in order to issue Merits to you and deliver our Services. The information contained within each Merit varies depending on the type of Organization that we work with in order to deliver our Services. This information could include Personal Information such as your name, email address, contact information, mailing address, and additional sensitive information such as your driver’s license number, date of birth, license numbers, ID numbers and Health Information (defined further below).

Organizations, through their authorized administrators (an “Authorized User”) may share your Personal Information with us so that you may easily claim and access your Merits. Please review the applicable privacy practices of each Organization with which you have a relationship (i.e. who issues Merits to you through our Service) to understand the basis on which they have shared information with us and their policies with regard to protecting your Personal Information.

Based on our relationship with some Organizations in the healthcare industry, we may collect Personal Information about you that falls into these categories and is collectively referred to as “Health Information”:

We only collect, process, or store “Protected Health Information” and “Additional Health Information,” (collectively “Health Information”) to provide Services to Organizations to issue Merits, in accordance with HIPAA requirements, and the contractual agreements we have with our healthcare customers i.e. Organizations. Should you have any questions or concerns about how your Health Information is processed by our Company, please review the privacy notice from the Organization with which you have a relationship with to understand the basis upon which they have shared information with us and their policies with regard to your Health Information. In the event that there is a conflict or inconsistency about the handling of Health Information between (i) this Privacy Notice and (ii) our compliance obligations with HIPAA and contractual commitments with the applicable Organization, the latter will govern.

When you use our Site or Services, certain information is automatically generated and stored about you and/or your visits. This information may include the following:

Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons and unique advertising identifiers, to collect information about your activity, browsers, and your device. We may also use these cookies to collect general usage, volume and statistical information. Some cookies may remain on your computer after you leave the Service. To learn more about how we use cookies and your choices, please review our Cookie Policy.

The device you use to access the Service may provide your location to the Service. If you enable the location-based features on your device, we will automatically receive information about your location when you use the Service. Your device may allow you to deactivate location-based services. If you deactivate location-based services, your device should no longer send information about your location to third parties, including our Company, but be advised that if you turn off location-based services on your device, certain aspects of the Service may not be available to you.

We may engage third parties for analytics activities, including as provided for below:

If you elect to use our App to access our Services, we may receive information, including Personal Information, that you have provided to the App or that the App may otherwise collect from or about you.

If you log in to the Service using credentials associated with your account at third-party services such as Facebook, LinkedIn or Twitter (each, a “Third-Party Service”), you allow our Company to access certain information associated with your account with the Third-Party Service. The information you allow us to access may vary according to the privacy settings you establish with the Third-Party Service. We encourage you to review the privacy policies of any Third-Party Services from which you access their services.

We process all Personal Information that we receive from an Organization (“Organization Data”) in accordance with the Organization’s instructions, the contractual agreement between our Company and the Organization, and as required by applicable law. Under applicable data privacy laws, our Company is a processor of Organization Data and the Organization is the controller of Organization Data. The controller, i.e. the Organization, is solely responsible for ensuring the accuracy, integrity, legality and completeness of the Organization Data we process to issue Merits. The Organization may, for example, use the Services to grant you a Merit, access, modify, export, share and remove Organization Data and otherwise apply its policies to the Services.

We use your Personal Information in order to provide you with our Services, to interact with you with your consent, and to help verify your identity with the Organizations that we do business with. Here are some of the ways we may do that:

This section describes how our Company may share and disclose your Personal Information. Each Organization that issues Merits through our Services develops their own policies and practices to share and disclose Organization Data to our Company. We do not control how Organizations or third parties choose to share or disclose Organization Data. When we share information with third parties for a business purpose, we enter into a contractual agreement that describes the purpose and requires that the recipient keeps the information confidential and does not use it for any purpose other than performance of the contract. Here are some ways in which we may share your Personal Information:

Over the last twelve months, we have not sold any Personal Information.

Our Company will retain Organization Data in accordance with an Organization’s instructions, and as required by applicable law. Please Note: If you or an Organization asks us to delete Organization Data, we will delete such data as soon as reasonably practicable. For more detail about our process should you wish to delete Organization data please contact us at privacy@aspiretech.us. Unless you submit a request to the Organization who issued the Merit or you reach out to us directly, we will retain your Merits and the associated Personal Information contained in them for as long as you have an account with us. Once you have deactivated your account, we will only keep your Personal Information for the period of time needed for by our Company to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes and enforce our agreements.

We may retain certain information as required by law, or for business reasons as we deem necessary to fulfill the purposes identified in this Privacy Notice. We may also retain cached or archived copies of your information (including location information) for a certain period of time.

You have the right to request a disclosure of the information that we have access to. More specifically, you can review, access, correct, amend, or request the deletion of Personal Information that we have access to. You have the right to object to the use of your Personal Information.

We want to remind you that updating your account information will not update any inaccurate information contained within your Merits. If you would like to change any information relating to your Merits, or remove a Merit from our platform, you must contact the Organization that issued the Merit directly. If you would like us to pass an email message on to your Organization, we would be happy to do so. Please contact us at help@aspiretech.us and we will pass that request on to the relevant Organization via email.

To exercise your rights under this Notice, please send an email to privacy@aspiretech.us with “Request related to my Privacy Information” in the subject line of your email.

Once we receive your request, we will ask you for some additional information to ensure that we can verify your identity and then we will respond to your request within a reasonable amount of time. We aim to respond to verifiable consumer requests within 45 days of receipt. If we need more time (no more than 90 days), we will inform you of the extension via email. If you have an account with us, we will reply back to the email address associated with your account. If you do not have an account with us, we will respond to the email address that we received from you when you sent in your request.

Please note: Certain information about yourself will always be visible to other users of the Service, and your decision to use the Service indicates your acceptance of these settings.

You may opt out from receiving promotional communications from us by following the instructions in those communications. If you opt out, we may still send you other kinds of communications, including those related to your current accounts or your use of the Service, however you should no longer receive promotional communications from us, unless you opt back in. If you have any issues with your opt-out, please contact help@aspiretech.us and our team will help you.

Should you decide that you no longer wish to maintain your account with our App, you can use this link to request that we deactivate your account at https://www.aspiretech.us/opt-out. Please be mindful that, by deactivating your account, you will no longer have access to any Merits that have been issued to you through our platform. If any Organization sends you another Merit in the future using a different email address, you will be reinvited. Therefore, please complete the opt-out process for every email address that is associated with your profile. If you ever wish to opt back in, please email help@aspiretech.us or create a new account.

We implement security safeguards designed to protect your data, such as HTTPS, encryption technologies, and the technical safeguards outlined by the HIPAA Security Rule where applicable. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. You can learn more about our security practices.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at privacy@aspiretech.us. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a complex password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

To enhance your experience while using this Site or our Services, we may provide links to third-party sites, including sites hosted by Organizations (“Linked Sites”). If you choose to visit a Linked Site by clicking on an advertisement, hyperlink, or otherwise, you will be directed to that third party's Linked Site. Our Company is not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites. Linked Sites may collect additional Personal Information in addition to what we collect as defined in this Privacy Notice. The fact that we link to a Linked Site is not an endorsement, authorization, or representation of our affiliation with that third party. Those sites are beyond our control. Those other websites may place cookies or other files on your computer, collect your data, or solicit Personal Information from you. Your interactions with those Linked Sites are subject to their own privacy policies and terms of use. We encourage you to review the applicable privacy practices on each Linked Site’s privacy notice to understand how your Personal Information is collected and processed on such Linked Sites before providing your information to them. Any concerns related to the collection of information on applicable Linked Sites should be directed to the third-party’s privacy team.

Certain laws require us to indicate whether or not we honor your browser’s “Do Not Track” settings concerning targeted advertising. At this time, our Company adheres to the privacy practices detailed in this Privacy Notice and does not respond to Do Not Track browser requests.

Our Service is intended for use by adults only. Our Company does not promote the Service to children, and does not intentionally collect any personally identifiable information from children under the age of thirteen (13). If you believe that a person under the age of thirteen (13) has disclosed personally identifiable information through the Service, please report this to us immediately by emailing us at privacy@aspiretech.us, with “Notice of Underage Person” in the subject line of your email, and we will remove such information from our files.

Our Services are hosted and operated in the United States by our Company and our third-party service providers. By using our Services, you acknowledge that your Personal Information may be transferred to or accessed, processed, and stored within the United States or other countries for the delivery of our Services. By submitting your Personal Information to us, you consent to such transfers and to the processing and storage of that information in various countries around the world, including countries other than the one in which you reside.

Where required by applicable laws, we will take appropriate measures to ensure adequate protection of Personal Information when transferred internationally and, if necessary, seek your prior consent. Such measures may include the use of data transfer agreements with Organizations or adhering to data privacy safe harbor programs. For instance, if you are located in the European Economic Area (“EEA”), we may store your Personal Information as described in this Notice outside of the EEA in countries such as the United States. When we transfer EEA Personal Information to a third party located in a country not recognised by the European Commission or a country with inadequate safeguards in place, we will take appropriate steps, such as implementing Standard Contractual Clauses with Organizations recognized by the European Commission and implementing organizational measures.

As described above under the “Information You Choose to Give Us” section, there may be Personal Information that you provide directly to us with your consent. Under applicable data privacy laws in the EEA like the General Data Protection Regulation, there are “legal bases” upon which we may process your Personal Information:

Should you have any other questions about international data transfers and the safeguards we have in place, please contact us.

Pursuant to the California Consumer Privacy Act (“CCPA”), residents of California are entitled to additional rights and disclosures regarding their Personal Information. If you are subject to the rights offered under the CCPA, please review our Notice to California Residents for additional information on how to exercise these rights.

This Privacy Notice shall be governed by, construed and entered in accordance with the laws of the State of California, applicable to contracts deemed to be made within such State, without regard to choice of law or conflict of law provisions thereof. Please review our Terms of Services for information relating to dispute resolution.

Since we are committed to improving our Site & our Services, we may need to make changes to this Privacy Notice from time to time at our sole discretion. If we make any material changes, we will notify you by adding a statement to our website, providing you with an in-app notification, and/or sending you an email when we are required to do so by applicable law. You can see when our Privacy Notice was last updated by checking the date at the top of the Notice. By continuing to use the Services after an updated version of the Privacy Notice has been posted, you agree to be bound by the terms of the updated Privacy Notice. You are responsible for periodically reviewing this Notice to ensure that you stay informed about our practices. Should you have an objection to or a question about a change in this Notice, please contact us.

You can reach our data privacy office, by reaching out to dpo@aspiretech.us.