Last updated: MAY 13, 2015
Duo Security complies with the U.S.-E.U. and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce (the “Safe Harbor”) regarding the collection, use, and retention of personal data (as defined by the Safe Harbor) from the European Union and Switzerland. To learn more about the Safe Harbor principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit http://www.export.gov/safeharbor. See our Safe Harbor certification here: https://safeharbor.export.gov/companyinfo.aspx?id=29663.
If you establish your own account, or sign up for our newsletters and email updates, Personal Information is provided to us by opt-in only. You can opt-in by signing up for or using the Services through the Website or the mobile application, which requires you to create an account and collects your name, email address, and telephone number. We also collect your email address when you email us for information or sign up for our newsletters and email updates, in order to send you this information. You can unsubscribe from our newsletters and updates by clicking “Unsubscribe” at the bottom of the newsletter or email update.
Device-Specific Information. We also collect device-specific information (e.g. mobile and desktop) from you in order to provide the Services. For example, this information includes your device’s hardware model, operating system and web browser versions as well as unique device identifiers and characteristics (such as, whether your device was “jail broken”, whether you have a screen lock in place and whether your device has full disk encryption enabled), IP addresses and mobile network information, including phone number. We may need to associate your device -specific information with your Personal Information on a periodic basis in order to confirm you as a user and to check the security on your device.
Service Log Information. When you use the Services, we may automatically collect and store certain information in server logs. This may include which users (by username) are accessing the Services, how you are accessing the Services (including the device-specific information referenced above and type of integration), the dates and times you access the Services, from where you are accessing the Services (by IP address) and device event information such as crashes, system activity, and hardware settings. We may need to associate this information with your Personal Information on a periodic basis in order to confirm you as a user and to check the security on your device.
How We Use Information
By design, the Services do not allow us to collect your password. We use the information we collect to provide the Services, for billing purposes, and to improve the Site and the Services. We also use the information we collect for analytical purposes, including use of Performance Data. Performance Data includes de-identified usage information and other aggregate measures of the Services’ performance. We may share de-identified Performance Data with third parties to help us better understand our customers’ needs and improve the Services.
We also use your information for marketing and advertising purposes, including sending you promotional email messages about our products and services and registering you for our events.
We will retain your information for as long as your account is active or as needed to provide you the Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Please contact us as provided in the Notice section below if you have any questions about the information we collect and/or how we use the information we collect.
Duo Security also uses third party intermediaries to send out emails on our behalf and to provide customer support including via live chat software. We provide customer emails to our third party vendor who sends our emails on our behalf for these purposes only. Third party intermediaries and vendors are not authorized to use your information for any other purpose.
We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Terms and Conditions, or as otherwise required by law.
You can modify your account information at anytime by using the Service administrative interface available at https://admin.duosecurity.com or by emailing our customer support at email@example.com. We will respond to your request to access within 30 days.
When you visit our Website or use our Services, we use session “cookies” — a piece of information stored on your computer — to allow us to uniquely identify your browser while you are logged in and to enable Duo Security to process your online transactions. We do not link the information we store in cookies to any Personal Information you submit while on our Website. Session cookies also help us confirm your identity and are required in order to login into your account.
We employ or our third party advertising partner employs a software technology called clear gifs (also known as “Web Beacons” or “Web Bugs”), that help us better manage content on our Website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
As is true of most websites, we and our third party utility-tracking partners gather certain information automatically and store it in log files. This information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer our Website, to track users’ movements around our Website and to gather demographic information about our user base as a whole.
Duo Security maintains reasonable security measures and precautions to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have any questions about security on our Website, you can contact us at firstname.lastname@example.org.
Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
We post customer testimonials on our Site, which may contain Personal Information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at firstname.lastname@example.org.
From time to time we may provide you the opportunity to participate in contests or surveys. If you participate, we will request certain Personal Information from you at the time of the survey. Participation in these surveys or contests is completely voluntary and you have a choice whether or not to disclose this information. The requested information typically includes contact information, such as email or phone number.
We use this information to improve our service to send our customers update on how we are improving the service based on their feedback.
Our customers who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com. In addition, we currently do not honor Do Not Track signals.
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), as we do not collect any information from anyone under 13 years of age. The Website and its content are directed to people who are at least 18 years of age or older.
You have a right to access, review, change, update or delete your Personal Information at any time by contacting us at firstname.lastname@example.org or by postal mail at Duo Security, Inc., 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104.