Your privacy is very important to us. This Privacy Notice (the “Notice”) will help you understand who Duo is, what information we collect, how we use it, and what choices you have. This Notice only applies to personal information we collect through our websites (such as https://www.duo.com) ("Website"), product feedback and surveys and in connection with our events, sales and marketing activities. When we talk about “Duo,” “we,” “our,” or “us,” in this Notice, we are referring to Duo Security, Inc. and its group companies, including Duo Security UK Limited. By sharing your personal information with us, and by continuing to use our Website, you confirm that you have read and understood the terms of this Notice. For personal information that we collect:
when you register for an account with Duo, use or otherwise interact with our services and related mobile and web-based applications, please see our services privacy notice;
when you apply for a role with Duo via the Website or otherwise, please see our applicant privacy notice
If you have any questions, comments or concerns about any aspect of this Notice or how we handle your information, please reach out to our team using the details provided under the “Contact Us” section of this Notice.
Trust and transparency are foundational to what we do at Duo. We are committed to being open about how we approach privacy at Duo, and aim to communicate with you about privacy in a way that is easy for you to understand. To support these goals, we developed these Privacy Principles to highlight our commitment to responsibly protecting and handling your personal information. Our Privacy Principles help guide decisions we make at every level of our organization, every day, so that we can fulfill our mission to democratize security in a way that is consistent with our core values as well as our legal obligations.
Our core Privacy Principles are:
We provide security solutions, including multi-factor authentication, trusted access and secure single sign-on tools for our customers. Find out more here. Duo Security, Inc. is a company incorporated under the laws of the State of Delaware, USA and whose principal office is located at 123 North Ashley Street, Suite #200, Ann Arbor, Michigan 48104, USA. Duo Security UK Limited (company no: 09581350) is a company incorporated under the laws of England and Wales whose registered address is located at 6th Floor One London Wall, London, United Kingdom, EC2Y 5EB.
We know that personal information is defined slightly differently across the world. That said, at Duo, we define it as any information that could be used to identify you or another individual. We think that this broad definition enables us to better respect your privacy and safeguard the information entrusted to us. The personal information that we may collect about you broadly falls into three categories - information you provide to us, information we collect automatically, and information provided to us by third parties.
Information you provide to us: Certain parts of our Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details (like your name, email address and phone number) to register an account with us, complete surveys, to subscribe to marketing communications (like newsletters) from us and/or to submit inquiries to us. We may also collect personal information from you offline, such as when you attend one of our events or during phone calls with sales representatives. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will generally be made clear to you at the point we ask you to provide your personal information
We will also generally let you know prior to collection whether the personal information we are collecting may be provided on a voluntary basis and the consequences, if any, of not providing the information.
The personal information we collect may include contact information such as your name, address, telephone number or email address and contact preferences. It may also include professional information, such as your job title, department or job role, as well as the nature of your request or communication. We also collect information you choose to provide to us when completing any 'free text' boxes in our forms (for example, for event sign-up, product feedback or survey requests). In addition, we may collect personal information shared by you on our message boards, chat features, blogs and our other services where you are able to post information and materials. Any information that is shared by you in those forums becomes public information and may appear in public ways, such as through search engines or other publicly available platforms, and may be “crawled” or searched by third parties. It could also be read or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.]
Examples of how we use this information include:
To respond to your requests or provide you with information you request.
To send administrative or account related information to you.
To post testimonials (with your prior consent).
To communicate with you about our events or our partner events.
To provide you with marketing and promotional communications (where this is in accordance with the law). For more information about managing your marketing preferences, please see the "Your rights, controls and choices" section of this Notice
To comply with and enforce applicable legal requirements, agreements and policies.
To prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behaviour, and criminal activity.
For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize and improve our Websites, products and services.
Information we collect automatically: When using our Websites or interacting with our online advertisements or marketing emails (collectively with our Websites, the "Online Properties"), we automatically collect certain information from your device. In some countries, including countries in the European Economic Area (the “EEA”), this information may be considered personal information under applicable data protection laws. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology."
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Online Properties, including the pages accessed and links clicked.
Information provided to us by third parties: From time to time, we may receive personal information about you from third party sources (including, for example, sales and lead generation and marketing management service providers), but only where we have checked that these third parties either have your consent or are otherwise legally permitted to provide your personal information to us. The types of information we collect from third parties generally includes name, work email address and phone number, job title and company, and we use the information we receive from these third parties to offer our services, as well as maintain and improve the accuracy of the records we hold about you.
In general, we use the information we collect to gain a better understanding of who uses and interacts with our Online Properties, where they come from, and what content on our Online Properties is of interest to them. We also use this information for our internal analytics purposes and to improve the quality and relevance of our Online Properties.
We may share the information described in this Notice with others. We generally do this where it is necessary to support the Online Properties, where you have requested or authorized us to do so, with your consent (where applicable), or as otherwise permitted or required by applicable law.
The trusted third parties with whom we share your personal information include:
Our group companies. We share information with entities that we control, are controlled by us, or are under our common control, to maintain the Online Properties. Duo Security, Inc. is the party responsible for overall management and use of personal information by these affiliated parties.
Our third party service providers and partners. We share information with service providers and partners who help us maintain, improve and secure the Online Properties.
Our marketing partners. We share information with our marketing partners to send emails on our behalf, or for co-branded or co-sponsored marketing and promotional events (such as conferences) offered in connection with another company or companies. If you register for or participate in these marketing and promotional events, we and the partner companies may receive information collected in connection with the co-branded or co-sponsored marketing and promotional events. Our Notice will apply to our use of your personal information. We have no control over any other companies’ privacy practices, so please read their applicable privacy notice.
A competent law enforcement body, regulatory, government agency, court or other third party. We will share personal information where we have a good faith belief that doing so is necessary (i) to comply with applicable law, (ii) to enforce our terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or those of our affiliates, You or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Other third parties. We will share information with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we will inform the acquiring or resulting company that it must use your personal information only for the purposes disclosed in this Notice.
Other third parties with your consent.
Security is what we do, and we take the security of the personal information you provide to us very seriously. We use appropriate administrative, organizational, technical and physical safeguards that are designed to protect the personal information we collect and process about you. The measure we use are designed to provide a level of security appropriate to the risk of processing your personal information, and to help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). That said, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so you should take care in deciding what information you send us in this way.
We only keep your personal information for as long as we have an ongoing legitimate business need to do so (for example, to fulfill the purposes outlined in this Notice, to operate the Online Properties, to provide the Services or to comply with legal, tax or accounting requirements, to enforce our agreements or to comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We operate internationally. Therefore, you should be aware that we may transfer or process your personal information in countries other than the country in which you are a resident. These countries may have data protection laws that are different than the laws of your country, and in some cases may not be as protective.
Specifically, our Website servers are located in the United States, and our group companies and third party service providers, including Amazon Web Services (“AWS”) and partners, operate in the United States and in other countries around the world. This means that when we collect your personal information we may process it in any number of places around the world.
Wherever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information in accordance with this Notice. Additionally, when using or disclosing personal information transferred from the European Union, we use standard contractual clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards, or obtain your consent. If you would like a copy of our standard contractual clauses or more information on the appropriate safeguards we have implemented with our third party service providers and partners, please contact us using the details provided below.
If you are resident in or a visitor from European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information: where we need it to perform a contract with you; where the processing is in our legitimate business interests; or, where required by applicable law, we have your consent to do so. In some cases, we may have a legal obligation to collect personal information from you.
If we ask you to provide personal Information to comply with a legal requirement or to enter into a contract, we will make this clear at the relevant time and advise you whether the information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests, we will make clear to you at the relevant time what those legitimate interests are. Typically, our legitimate interests include: providing and improving our technology, products and services; for our marketing activities; and measuring the effectiveness of our marketing and promotional campaigns.
If you have questions or need further information about the legal basis we rely on to collect and use your personal information, please contact us using the contact details provided under the “Contact Us” section of this Notice.
Our Website may contain links to other sites that are not owned or controlled by us. Please be aware that Duo Security is not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. This Notice applies only to information collected by our Website.
Our Website includes plugins of social media platforms, such as facebook.com of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; Twitter.com of Twitter Inc., 795 Folsom St., Suite 600, San Francisco CA 94107, USA; and google+ of Google Inc., 1600 Amphitheatre Parkway Mountain View, California, 94043, USA. Social Media Features and Widgets are either hosted by a third party or hosted directly on our websites. You can generally identify the plugins by the respective network’s logo, for instance in combination with a pictogram of a clenched hand with a raised thumb or the addition of a “recommendation”, “like” or “comment.” Details about purpose and extent of data collection, as well as processing and use of the data, by the social media networks can be obtained by reading the privacy policies of Facebook, Twitter and Google.
We do not knowingly collect or store any personal information from anyone under 13 years of age. The Website is directed to people who are at least 18. If you are under the age of 18, you may not use the Website.
You have the following data protection rights, controls and choices.
You can access, review, change, update or delete your personal information at any time by. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. We do not charge you to update or remove your personal information.
You can request to have us remove your personal information from a Website testimonial or remove your personal information from our blog or community forum. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
If you are a resident of the European Economic Area (EEA), you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
You can opt out of receiving promotional emails or text messages from us by clicking the “unsubscribe” link in the email, by visiting this unsubscribe page or by emailing firstname.lastname@example.org. If you choose to no longer receive marketing information, we may still communicate with you about such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing or administrative related purposes.
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Please note, though, that withdrawing your consent will not impact the lawfulness of any processing we conducted before you withdrew your consent, nor will it impact the processing of your personal information we conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area ("EEA"), Switzerland and certain non-European countries (including the US and Canada) are available here.
If you would like to exercise any of your rights relating to your personal information, please start by contacting us using the contact details provided under the “Contact Us” section of this Notice.
We respond to all requests we receive from individuals wishing to exercise their data protection rights under applicable data protection laws. To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your personal information.
From time to time, we may change this Privacy Notice in response to changing technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you (this notice may be by email to you at the last email you provided us, by posting notice of such changes on the Website, or by other means, consistent with applicable law) if these changes are material and, where required by applicable law, we will obtain your consent.
You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
We encourage you to contact us if you have any comments or questions about this Privacy Notice or our related privacy practices. You may reach us at email@example.com or at our mailing address below:
ATTN: Privacy Committee
Duo Security, Inc.
123 North Ashley Street, Suite #200
Ann Arbor, MI 48104, USA
If you are resident in the EEA, the controller of your personal information is Duo Security, Inc.