WHAT IS PBB’S MISSION?

To provide application developers with the means to give consumers control of their data
and transparency into how their data is being used.

FREQUENTLY ASKED QUESTIONS

PBB is a Public Benefit Corporation. What is that?

It is a specific type of corporation that allows for a public benefit to be a charter/core purpose for the company in addition to the traditional corporate goal of maximizing profit for shareholders. See Wikipedia for more here.


How do you store my data?

Your data is encrypted and stored in our database. Access to the stored data is governed by the access levels you have assigned. You can always view your data, correct inaccuracies, see how it is being used by applications, download a copy and even request erasure.


What if I lose my password?

By default your account is set as “account recovery enabled” – which means you may re-establish access your account by requesting a recovery link to be sent to your email. This is the standard “forgot my password” process you find at most websites. Optionally, you may disable account recovery – this is the most secure option, however if you forget your password with account recovery disabled you will not be able to access your account unless you remember the password. There is no recovery process available to you when this option is selected.


Does PBB encrypt my data, how does that work?

PBB uses asymmetric public key encryption, among other methods to keep your data secure. In asymmetric encryption there is one key used to encrypt your data, and a different key used to decrypt your data. The key used to decrypt your data is called the private key. The key used to encrypt your data is called the public key. Your public key is available to the API to write/encrypt data for you at any time. However, your private key is only available to the API to read/decrypt data on your behalf when you are logged in. Any data you’ve indicated as being for “Only You” is only accessible by the API when you are logged in. Other access levels have different mechanisms in place to protect the data from unauthorized access.


What are these privacy settings/access levels?

External – Any data marked as “external” is publically available. This is often desirable, for example, when the application you are using has a public profile or user search feature - like LinkedIn or Facebook do. Data that is marked for “external” access could be displayed on a profile page or searched by people who are not logged into the application. You should always be careful about what you mark for external access be sure to read the developer’s statements about the purpose for this data carefully.
Other Users – This access level is very similar to “external” access with the exception that in order to see the data the individual must also be a logged in user of the application.
Internal – Data marked as “internal” access is only available to employees of the company who developed the application. Exactly which employees is further controlled by the application administrator who assigns access within the company. GDPR requires that only users with a need to know be granted such access.
Only You – This access level indicates that this data is only accessible by you via the application (or the PBB member portal). The application may use this data to programmatically personalize your experience. However, this data is not accessible to any other application nor to any other user or employee. For example, the application could display your first name to you on screen without violating this access level since the only person who would see that data is you. Note that in some cases governmental regulation may require the application developer’s company to retain certain data; in this case the employees of the company will continue to have access equivalent to “internal” until the retention period has expired.
Blocked – Data marked as “blocked” will not be stored. If this data was previously assigned a different access level then any data previously received and stored will be deleted when the access level is changed to blocked. Note that in some cases governmental regulation may require retention of certain data; in this case the data will not be deleted until the retention period has expired.


What if I lose my password?

By default your account is set as “account recovery enabled” – which means you may re-establish access your account by requesting a recovery link to be sent to your email. This is the standard “forgot my password” process you find at most websites. Optionally, you may disable account recovery – this is the most secure option, however if you forget your password with account recovery disabled you will not be able to access your account unless you remember the password. There is no recovery process available to you when this option is selected.


How can I edit my data?

1. Sign on to the member portal
2. Find the application in the list that has the data of interest
3. Click or tap to navigate to the application landing page
4. Review each data collection in the list for the data you are looking for (expand each collection to see its content by clicking or tapping the list)
5. Click or tap the data element you want to edit
6. Enter the new value
7. Click or tap “Done”


How do I get you to Forget me?

1. Sign on to the member portal
2. Locate the specific application with the data you want forgotten
3. Navigate to the about page for the application
4. Click the link at the bottom of the page that reads “Forget this app”
5. Repeat for each application you want your data removed from


Who pays for this service?

This service is paid for by the application developer.


What is PBB’s breach notification process?

In the event of a data breach PBB will notify the application developers whose users were impacted by the breach. End users will be notified within 72 hours of the data breach discovery. PBB in conjuction with the application developer will:
- Carry out a thorough investigation
- Inform all impacted end users and appropriate regulators of the breach
- Identify what personal data has been impacted and how
- Draft a comprehensive containment plan


What is GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents.
The Personal BlackBox platform has fully implemented GDPR guidelines.


Contact Us