Last updated: August 28, 2014
Duo Security complies with the U.S. -E.U. and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from the European Union and Switzerland. To learn more about the Safe Harbor programs principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit http://www.export.gov/safeharbor. See our Safe Harbor certification here: https://safeharbor.export.gov/companyinfo.aspx?id=24519.
If you have questions or concerns regarding our compliance with the U.S. E.U. and U.S. Swiss Safe Harbor framework, you should first contact Paul DiMarzo at firstname.lastname@example.org. If you do not receive acknowledgement of your inquiry in 30 days, or your inquiry has not been satisfactorily addressed, you should contact ICDR/AAA, our Safe Harbor Dispute Resolution provider as described below.
Information We Collect
Personal Data. Providing Personal Data to us is by opt-in only. You can opt-in by signing up for or using the Service through the Site or the App, which requires you to create an account and collects your name, email address, and telephone number. Your employer’s service administrator may provide this information on your behalf. We collect this information in order to be able to provide you with the Service and to manage your account. We also collect your company name and assign you an account name based on your company name.
We also collect your email address when you email us for information or sign up for our newsletters and email updates, in order to send you this information. You can unsubscribe from our newsletters and updates by clicking “Unsubscribe” at the bottom of the newsletter or email update.
Device Information. We also collect device-specific information (e.g. mobile and desktop) from users in order to provide the Service (such as a user’s hardware model, operating system and web browser versions, unique device identifiers, and mobile network information including phone number). We may need to associate your user’s device -specific information with your Personal Data on a periodic basis in order to confirm you as a user and to check the security on your device.
Service log information. When users use the Service, we may automatically collect and store certain information in server logs. This may include which users (by username) are accessing the Service, how they are accessing the service (including the device-specific information referenced above and type of integration), the dates and times they access the Service, where they are accessing the service (by Internet protocol address) and device event information such as crashes, system activity, and hardware settings. We may need to associate this information with your Personal Data on a periodic basis in order to confirm you as a user and to check the security on your device.
By design, the Service does not allow us to collect your users passwords. In general, we use the information we collect to provide the Service and for billing purposes. We may also use the information we collect to improve the Service for all users.
We will retain your information for as long as your account is active or as needed to provide you the Services. We will retain and use your and your users’ information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Do We Share Information with Third Parties?
Duo Security may transmit or share information with its third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Service, which may require that users’ information be transferred. Although Duo Security owns the software, code, databases, all rights to the Duo Security service, you retain all rights to your data.
Duo Security also uses third party intermediaries to send out emails on our behalf and to provide customer support including via live chat software. We provide customer emails to our third party vendor who sends our emails on our behalf for these purposes only. Third party intermediaries and vendors are not authorized to use your information for any other purpose.
We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Terms and Conditions, or as otherwise required by law.
Credit Card Information
Accessing and Updating Your Personal Data
You can modify your account information at anytime by using the Service administrative interface available at https://admin.duosecurity.com or by emailing our customer support at email@example.com. We will respond to your request to access within 30 days.
We employ or our third party advertising partner employs a software technology called clear gifs (also known as “Web Beacons” or “Web Bugs”), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.
We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
Website Log Files
As is true of most Websites, we and our third party utility-tracking partners gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data.
We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
Protection of Information
Duo Security maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have any questions about security on our Website, you can contact us at firstname.lastname@example.org.
Links to Other Sites
Our Website contains links to other sites that are not owned or controlled by Duo Security. Please be aware that we, Duo Security, are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every Website that collects personally identifiable information. This privacy statement applies only to information collected by our Website and Service.
Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We post customer testimonials on our Site, which may contain Personal Data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at firstname.lastname@example.org.
From time to time we may provide you the opportunity to participate in contests or surveys. If you participate, we will request certain Personal Data from you at the time of the survey. Participation in these surveys or contests is completely voluntary and you have a choice whether or not to disclose this information. The requested information typically includes contact information, such as email or phone number.
We use this information to improve our service to send our customers update on how we are improving the service based on their feedback.
Choice and Consent
If you wish to opt out and withdraw your consent, you may do so at any time by writing to: email@example.com. If you opt out and withdraw your consent you will no longer be able to use the Service or receive updates and we will not have any means by which to respond to your inquiries.
International or Cross-Border Transfer of Your Personal Data and Your Express Agreement
California Do Not Track Disclosures and Other Disclosures under CalOppa
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), as we do not collect any information from anyone under 13 years of age. The Site and its content are directed to people who are at least 18 years of age or older.
Access to Your Information
You have a right to access, review, change, update or delete your Personal Data at any time by contacting us at firstname.lastname@example.org or by postal mail at Duo Security, Inc., 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104 (“Data Controller” and “Data Recipient”).
Contact Us About Complaints, Questions, Comments, Notices and Disputes
- By post: Duo Security, Inc., 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104
- By facsimile: 1-866-760-4247
- By email: email@example.com
Duosecurity.com has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the International Center for Dispute Resolution/American Arbitration Association (ICDR/AAA), operated by the American Arbitration Association. If you do not receive timely acknowledgment of your complaint, or if Duosecurity.com does not satisfactorily address your complaint, please visit the AAA EU SAFE HARBOR web site at http://www.icdr.org to obtain more information or to file a complaint.
Terms of Service
When you access and use the Service, you are subject to the Duo Security Terms of Service available for review at https://www.duosecurity.com/terms.