A New Chapter Unfolds: SecureAuth Announces Acquisition of Cloudentity

Data Privacy Framework Statement

Effective Date: October 09, 2023

1.    Introduction & What This Statement Covers

We at SecureAuth Corporation (“SecureAuth”, “we”, “us”, “our”) care about protecting personal data. This Data Privacy Framework Statement (the “Statement”) tells you how we process the personal data we process on behalf of our customers while providing, implementing, and supporting our services.

Our services include identity and access management solutions (such as SecureAuth IdP or Arculix by SecureAuth), the provision of our consulting services, customer support (via Zendesk and Jira), and other systems that we use to assist our customers, (collectively, the “Services”).

This Statement also describes how we handle personal data through the services available through these subdomains: downloads.secureauth.com, docs.secureauth.com, cloud.secureauth.com, community.secureauth.com, www.secureauth.com, and support.secureauth.com.

This Statement does not apply to personal data we collect by other means, such as personal data that we receive directly through our marketing website(s) or the personal data of our employees.

Our customers use our platform to process their own employees’, customers’, and vendors’ personal data. In that case, we act only as a service provider. In general, we only access such personal data if required by law, or if the customer asks us to in connection with customer support or account administration matters in relation to the Services.

2.    Our Role with Respect to Personal Data

SecureAuth acts as an agent, also known as a data processor, for the personal data we process for our customers while providing our Services. This means that the organization that entered into the contract governing use of the Services (the “Customer Agreement”) (our “Customer”) chooses the type of personal data they give us to process on their behalf. This organization may be your employer or someone else. We usually do not have a direct relationship with the people whose personal data we get from our Customers.

3.    Why We Process Personal Data

We process personal data according to the instructions of our Customers.

4.    How We Obtain Personal Data

We receive personal data:

  • From our Customer and its representatives while providing the Services.
  • From providers of third-party services that integrate with our Services
  • When the information is submitted to our websites.
  • When you participate in a focus group, contest, activity, or event, apply for a job, ask for support, interact with our social media, or otherwise communicate with us.

5.    What Personal Data We Process

We process the following types of personal data:

  • Biographical information: name.
  • Professional information: company/employer.
  • Contact information: email and phone number.
  • Account information: username, user ID, and password.
  • Usage information: Services metadata, log data, messages, and the date and time the Services are used.
  • Device information: device type, unique device identifier, operating system, settings, application ID, crash data, browser type and settings, and host address.
  • Location information: location from IP addresses.
  • Cookie information and similar tracking information.
  • Personal data received from other companies’ services.

6.    Our Purposes to Process Personal Data

We process your personal data for the following purposes:

  • To provide, update, maintain and protect our Services, websites, and business.
  • To follow the law, legal process, or regulation.
  • To communicate with you and respond to your requests, comments, and questions.
  • To develop and provide search, learning and productivity tools and additional features.
  • To send emails and other communications about the Services, including security and account-related communications and marketing communications.
  • To administer accounts and keep track of billing and payments.
  • To contact you regarding billing, account management, and other administrative matters, such as invoicing and payments tracking.
  • To investigate and help prevent security issues and abuse.
  • To provide application logs to Customer administrators for troubleshooting and monitoring of the applications.
  • To assist our Customers as they request.

7.    How Long We Keep Personal Data

We keep personal data for as long as instructed as our Customer tells us to. We delete the personal data that our Customers give us within six (6) months after our agreement with the Customer ends.

We will not delete this personal data within the six-month period if the law says we have to keep it, the Customer asks us to keep it longer, or the information cannot be traced back to a specific person anymore and it is considered fully anonymized and consequently is no longer considered personal data.

8.    How We Share Personal Data

8.1.         How We Share Personal Data with Other Companies

We share personal data with our affiliates, business partners, and service providers, who process personal data on our behalf. These third parties must agree to use the personal data only to help us in providing our Services or if the law says they have to.

Our service providers provide:

  • Internet hosting services.
  • Customer service and support ticket management software.
  • Analytics services.
  • Video conferencing and screensharing software.
  • Cloud desktop management services.
  • Customer identity and engagement services.
  • Monitoring services.
  • Project management software.
  • Marketing software.
  • Telephone and web conferencing services.
  • Email, communications, and collaboration software.
  • CRM software.

Some of these third parties may be located outside of the United States. However, we require the third party to protect your personal data as well as we do. Sharing your personal data with these third parties does not change our responsibility to protect your personal data within the scope of our Data Privacy Framework certification. However, we will not be liable if we are not responsible for any unauthorized or improper processing, and we will only be liable to the extent that we are responsible for any unauthorized or improper processing.

We also reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any personal data.

We may disclose your personal data if we sell or transfer all or some of our business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your personal data to our subsidiaries or affiliates, but only if necessary for business purposes.

8.2.         How We Share Personal Data with Law Enforcement

We disclose your personal data if the law requires it, or if we think it is necessary for official investigations or legal proceedings. These proceedings may be started by government or law enforcement officials, or private parties.

If we must disclose your personal data to governmental or law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your personal data.

9.    Cookies

Cookies are small files that are stored on your device and contain information about your device. We use cookies to show ads, make our websites and Services work better, authenticate you, analyzing how our websites and Services are used, remember your settings, and improve our websites and Services.

There are two types of cookies: session cookies and persistent cookies. We use both types of cookies. Session cookies are deleted when you close your browser. Persistent cookies stay on your device even after you close your browser, but they have an expiration date. Most of the cookies that our Services and websites place on your device are first-party cookies, which means that they are placed directly by us. Other parties, such as Google, may also place their own cookies through our Services. You can read the policies of these third parties to learn more about the way in which they collect and process information about you.

You can change your browser settings to reject all or some cookies if you prefer not to accept them. However, this may limit the features of the Services you can use. You can learn more about cookies and how to manage them by visiting https://www.aboutcookies.org/.

You can also set your browser to send a “Do Not Track” signal but note that our Services are not set up to respond to “Do Not Track” signals from browsers. You can learn more about “Do Not Track” signals by visiting https://allaboutdnt.com/.

10. Data Integrity & Security

We have implemented and will maintain reasonably designed technical, administrative, and physical measures to protect personal information from unauthorized access, alteration, destruction, use, or disclosure.

11. Your Privacy Rights: Access & Review

If we process your personal data, you may have the right to request access to, update, correct, or delete it.

If we received your personal data in reliance on the Data Privacy Framework (as defined below):

  • You may have the right to opt out of our disclosure of your personal data with third parties and to revoke your consent to our disclosure your personal data with third parties.
  • You may have the right to opt out of your personal data being used for any purpose that is materially different from the purpose(s) for which the personal data was originally collected or which you subsequently authorized.

If you want to access or review your personal data, you should contact the SecureAuth Customer who provided your personal data to us directly. SecureAuth does not have full rights to access all the personal data our customers provide us. So, if you decide to contact us instead of our Customer, please provide the name of the SecureAuth customer when you contact us, and we will forward your request to them and assist them as they respond to your request.

12. Data Privacy Framework

With respect to personal data processed in the scope of this Statement, SecureAuth complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”) as adopted and put forward by the U.S. Department of Commerce regarding the processing of personal data. SecureAuth commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ and https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GwMaAAK&status=Active, respectively.

13. Resolving Disputes

13.1.      VeraSafe Data Privacy Framework Dispute Resolution Procedure

We have agreed to participate in the dispute resolution process provided by VeraSafe, the VeraSafe Data Privacy Framework Dispute Resolution Procedure (“Dispute Resolution”). This will be used if a complaint or dispute cannot be resolved through our internal procedures. As per the terms of the Dispute Resolution, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the Dispute Resolution, please visit this link: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ and submit the required information.

13.2.      Binding Arbitration

If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.

14. U.S. Regulatory Oversight

SecureAuth is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

15. Changes to this Statement

We may make changes to this Statement from time to time. If we make any material change to this Statement, we will let you know by posting the updated Statement to this web page and updating the “Effective Date” at the top of the Statement. You can find a summary of the most recent changes to this Statement at https://www.secureauth.com/updates-to-privacy-notices/ .

16. Contact Us

If you have any questions or concerns about this Statement or how we process your personal data, please reach out to us. You can:

  • Contact Paul Kincaid, our Data Privacy Officer, by email at privacy@secureauth.com
  • Call us on 1-866-859-1526, or
  • Reach us by postal mail at:
    SecureAuth Corporation
    49 Discovery Suite 220
    Irvine CA 92618

Please allow up to four weeks for us to reply.

Privacy Seal

Pin It on Pinterest