Trustable Technology Mark Assessment Form 1.0 (Responses) Public
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBABBBCBDBEBFBGBHBIBJBKBLBMBNBOBPBQBRBSBTBUBVBWBXBYBZCACBCCCDCECFCGCHCICJCKCLCMCNCOCPCQCRCSCTCUCVCW
1
TimestampEmail Address
Name the company or organization responsible for the device to be certified.
Which country is the company based in?
Do you have the authority to legally bind the company or organization?
Please state your full nameStreet Address Line 1Street Address Line 2CityState/Province/RegionZip Code/Postal Code
Trustable Tech contact email address
Public contact email addressDevice name
What is the core functionality of the device?
Device websitePrimary device typeAdditional device typesKeywords
For data collected via the device you wish to certify, do you offer the same privacy and security protections for all users, regardless of citizenship or geographic location?
Please elaborate.
Do you employ Privacy-by-Design practices in the design, manufacturing, and deployment of your device?
Please elaborate.
Do you have a published privacy policy that specifically applies to this device?
Please elaborate.
Do you have a published policy concerning acceptable uses of data collected from the device?
Please elaborate.
Can users perform a factory reset on the device?
Please elaborate.
Do you agree not to assert or authorize the assertion of any legal action against any user of a certified device for examining, studying, auditing, analyzing, or researching whether the use of personal data gathered by the device is fair, accountable, or transparent?
Please elaborate.
Are users able to delete the data about them collected by the device?
Please elaborate.
Are users able to export the data about them collected by the device?
Please elaborate.
Are there safeguards in place to prevent your company from seeing individual user data?
Please elaborate.
Do you maintain a list of every entity that you knowingly give access to user data?
Please elaborate.
Can you revoke such access from any such entity?
Please elaborate.
Do users own the device if they purchase it?
Please elaborate.
Do you provide a transparency report concerning requests for user data, records, or content?
Please elaborate.
Have you assessed your device to see if it is compliance with the General Data Protection Regulation (GDPR)?
Please elaborate.
Is there an easy way for your users to access and see the data you collect from them?
Please elaborate.
Is there an easy way for your users to access and see the data you infer about them?
Please elaborate.
Is there an easy way for users to understand in which ways you collect, process, and share data (user data, personal data, inferred data)?
Please elaborate.
Do you provide a publicly available change log of the device's software and firmware updates?
Please elaborate.
Do you provide an easy way to contact support staff?
Please elaborate.
Do you disclose where user data is stored and processed?
Please elaborate.
Do you agree not to assert or authorize the assertion of any legal action against any user of a certified device for examining, studying, auditing, analyzing, or researching data protection, privacy, or security issues related to the device?
Please elaborate.
Do you employ Security-by-Design practices?
Please elaborate.
If there any other features or functionalities in addition to the core functionality, can you explain why those are included?
Please elaborate.
Do you clearly communicate for how long you commit to providing security updates?
Please elaborate.
Do you have a strategy to deliver security updates?
Please elaborate.
Do you disclose data or security breaches?
Please elaborate.
Is there a bug bounty program for your device?
Please elaborate.
Do you employ cryptographic security for your device?
Please elaborate.Do you escrow keys?Please elaborate.
Do you employ best practices for the device passwords?
Please elaborate.
In case the device changes owners (re-sell, re-use, etc.), is there an easy way for a secure full wipe of user data?
Please elaborate.
Do you guarantee ongoing software and security updates?
Please elaborate.
Do you guarantee providing all services required for the device to function?
Please elaborate.
Does the device work fully in the case that your servers are switched off (for example due to technical issues, change of ownership, etc.)
Please elaborate.
Does the core functionality of the device still work in the case that your servers are switched off (for example due to technical issues, change of ownership, etc.)
Please elaborate.
Does your device work without an active internet connection?
Please elaborate.
Do you meaningfully ask for consent if you plan any firmware updates that would significantly change the nature of the device and allow users to opt out without risking their device working as advertised?
Please elaborate.
Do you agree not to assert or authorize the assertion of any legal action against any owner of a certified device (or their agent) for reselling or repairing the device?
Please elaborate.
Are users allowed to open the device for repairs?
Please elaborate.
Do you provide spare parts for repairing the device?
Please elaborate.
Do you provide documentation for repairs on the device?
2
FR00001PassedSnipsFrancePB2018-12-03mael.primet@snips.aiSnips
Snips AI is a 100% on-device and private-by-design Voice AI platform which can be embedded in any device
https://snips.aiIoT
Entertainment, Health & Fitness, IoT, Robotics, Smart Home, Smart City, Sound/Voice, Wearable, The platform is 100% on-device and private-by-design and can be embedded in any device
voice,AI,private-by-design,privacy,dialog,natural language,embedded,open-source,snips
YesWe do not collect data on the usersYes
Our platform runs 100% on-device, offline, and does not require to send any data to the cloud, which is as much private-by-design as you can get
Not applicableWe do not collect user dataNot applicableSnips does not collect user dataNot applicable
Snips is a Voice AI platform, and it is the responsibility of the device manufacturer to provide a factory reset on each device
Yes
Snips AI is private-by-design and does not collect user data
Not applicable
Snips AI is private-by-design and does not collect user data
Not applicable
Snips AI is private-by-design and does not collect user data
Yes
Snips AI is private-by-design and does not collect user data
Not applicable
Snips AI is private-by-design and does not collect user data
Not applicable
Snips AI is private-by-design and does not collect user data
Not applicable
Snips AI a Voice AI platform, it is up to the device manufacturer to define ownership
Not applicable
Snips AI is private-by-design and does not collect user data
Yes
Snips AI is the first GDPR-compliant Voice AI platform because we are 100% on-device and private-by-design
Not applicable
Snips is private-by-design and does not collect user data
Not applicable
Snips is private-by-design and does not collect user data
Not applicable
Snips AI is private-by-design and does not collect user data
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide software updates for their devices
Yes
We provide Service Level Agreements for partnerships, and our staff is reachable on multiple channels
Not applicable
Snips AI is private-by-design and does not collect user data
Yes
Snips is a Voice AI platform being open-sourced over time, which allows users and clients to ensure that the code their device is running is private-by-design
Yes
Snips does not collect user data, and use the latest security updates and best practices when developing code
Not applicable
Snips is a Voice AI platform, it is up to the integrator to define additional functionalities
Yes
Each partnership or integration has security and maintenance contracts
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to update their devices
Not applicable
Snips does not collect data, we would communicate on security breaches if there was a reason to
Not applicable
Snips is a Voice AI platform, it is the responsibility of each device manufacturer to provide a bug bounty program
Not applicable
Snips AI functions offline and does not require cryptographic security as there is no data communication
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide keys escrow
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide a password authentication
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide a secure cleanup of user data
Yes5 years or longerYes5 years or longerYes
Snips AI is 100% on-device and works offline
Yes
Snips AI is 100% on-device and works offline
Yes
Snips AI is 100% on-device and works offline
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide an update mechanism for software
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide legal guarantees for their users
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide legal guarantees for their users
Not applicable
Snips is a Voice AI platform, it is up to the device manufacturer to provide repair options
Not applicable
3
DE00001Passed. Review remarks: Please note that the reviewer manually ported the answers from an earlier version of the assessment form. Also, there were a few NO answers; in the context of this device which is designed not to collect user data, and designed to work independently from central servers or even user accounts, we see no issue with these NOs. The company answered all requests for clarifications swiftly.Vai Kai UG (haftungsbeschränkt)GermanyPB2018-12-03matas@vaikai.comVai Kai Companion
VaiKai Time Companion doll helps children to learn through their senses
https://vaikai.com/Entertainmenttoy, play, kids, children, familyYesAll users are equalYeshttps://medium.com/@vai_kai/privacy-of-toys-ed61bac940cdhttps://vaikai.com/data-and-privacy/YesYeshttps://medium.com/@vai_kai/privacy-of-toys-ed61bac940cdYesConnect the doll to USB and hold the button for 10 secondsYesNot applicableThe only data we collect is app analytics that can be disabled by the user at any given point.Not applicableYes
Dolls dont' collect data. We anonymize the app usage data.
YesYesYesNot applicableYesWe have done a self-assesmentNot applicableNot applicableNot applicableOur app displays how features are avalaible in different firmware versions. We have started a public page with firmware changelog: https://vaikai.com/software-changelogNot yetYesYesYesNoNot applicableNot applicableWe are transmitting no personal data to or from device.YesNot applicableNoN/AWe dont store or transmit data with the deviceNot applicableNoNot applicableYes24 monthsNoYesNot applicableDolls dont require any backend servers to operateYesYesWe plan toYesYesOn their own risk obviouslyNoWe try to repair/replace any deviceNo
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu