Search for blog posts, documentation, or pages

Privacy Policy

Last updated: MAY 13, 2015

Duo Security, Inc. (“Duo Security” or “we”, “us” or “our”) is committed to protecting the privacy of individuals who visit our websites, including, but not limited to https://www.duosecurity.com (collectively, the “Website”) and the customers and users of our services and mobile and web-based applications (collectively, the “Services”). This Privacy Policy describes how we collect, use, share, transfer and disclose Personal Information (as defined below). This Privacy Policy covers information we collect online, not offline. The Services are owned and operated by Duo Security, Inc., 123 North Ashley Street, Suite #200, Ann Arbor, Michigan 48104, USA.

Terms not otherwise defined in this Privacy Policy have the meanings assigned to them in Duo Security’s Service Terms and Conditions located at https://www.duosecurity.com/terms (the “Service Terms and Conditions”). When you access and use the Services, you are subject to the Service Terms and Conditions and this Privacy Policy.

Any Personal Information we collect through the Services will be used only in a manner consistent with this Privacy Policy.   When you sign up for or access the Services, including blog updates or newsletters, or when you email us for information, you expressly agree to the use of your information for the purposes described in this Policy If you do not agree with this Privacy Policy or any changes to it, you should not sign up for, use or access the Services or any features of the Services.

Changes to Our Privacy Policy

If we decide to change our Privacy Policy, we will post the updated Privacy Policy on the Website and update the Privacy Policy modification date. Please check back regularly to review any changes to this Privacy Policy. This policy was last modified on May 13, 2015.

Safe Harbor

Duo Security complies with the U.S.-E.U. and U.S.-Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce (the “Safe Harbor”) regarding the collection, use, and retention of personal data (as defined by the Safe Harbor) from the European Union and Switzerland. To learn more about the Safe Harbor principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, please visit http://www.export.gov/safeharbor. See our Safe Harbor certification here: http://safeharbor.export.gov/companyinfo.aspx?id=24519.

U.S.-EU Safe Harbor Framework

Personal Information

“Personal Information” is information about you that is personally identifying, such as your name, email address, or telephone number, and that is not otherwise publicly available. The definition of Personal Information depends on your physical location and may include other types of information as well, such as some of the information referred to under the subheadings “Device-Specific Information and “Service Log Information”, depending upon your physical location. Only the definition of Personal Information that applies to your physical location will apply to you under this Privacy Policy.

Information We Collect and How We Use This Information

Personal Information. In many cases, your employer has established an account with us. Your employer’s service administrator may provide your email address to us, which we collect in order to be able to provide you and your employer with the Services and to manage your account. We also collect your company name and assign you an account name based on your company name. Prior to authorizing you to become a user of the Services, your employer is responsible for obtaining your consent in accordance with applicable laws. Even though your employer has your consent to provide us with your Personal Information, when you begin using the Services, you are also providing your consent to the terms in this Privacy Policy and our Service Terms and Conditions.

If you establish your own account, or sign up for our newsletters and email updates, Personal Information is provided to us by opt-in only.  You can opt-in by signing up for or using the Services through the Website or the mobile application, which requires you to create an account and collects your name, email address, and telephone number. We also collect your email address when you email us for information or sign up for our newsletters and email updates, in order to send you this information. You can unsubscribe from our newsletters and updates by clicking “Unsubscribe” at the bottom of the newsletter or email update.

If you do not opt-in, you will not have access to certain Services and we will have no way of contacting you to send you updates or respond to your inquiries.   By opting in you are providing your express consent to the collection, use, retention, processing, transfer, and disclosure, including cross-border disclosure, of your Personal Information as explained in this Privacy Policy.

Device-Specific Information. We also collect device-specific information (e.g. mobile and desktop) from you in order to provide the Services. For example, this information includes your device’s hardware model, operating system and web browser versions as well as unique device identifiers and characteristics (such as, whether your device was “jail broken”, whether you have a screen lock in place and whether your device has full disk encryption enabled), IP addresses and mobile network information, including phone number. We may need to associate your device -specific information with your Personal Information on a periodic basis in order to confirm you as a user and to check the security on your device.

Service Log Information. When you use the Services, we may automatically collect and store certain information in server logs. This may include which users (by username) are accessing the Services, how you are accessing the Services (including the device-specific information referenced above and type of integration), the dates and times you access the Services, from where you are accessing the Services (by IP address) and device event information such as crashes, system activity, and hardware settings. We may need to associate this information with your Personal Information on a periodic basis in order to confirm you as a user and to check the security on your device.

How We Use Information

By design, the Services do not allow us to collect your password. We use the information we collect to provide the Services, for billing purposes, and to improve the Site and the Services. We also use the information we collect for analytical purposes, including use of Performance Data. Performance Data includes de-identified usage information and other aggregate measures of the Services’ performance. We may share de-identified Performance Data with third parties to help us better understand our customers’ needs and improve the Services.

We also use your information for marketing and advertising purposes, including sending you promotional email messages about our products and services and registering you for our events.

We will retain your information for as long as your account is active or as needed to provide you the Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Please contact us as provided in the Notice section below if you have any questions about the information we collect and/or how we use the information we collect.

Sharing of Personal Information Collected

Except as described in this Privacy Policy, Duo Security does not share, sell, rent, or trade any Personal Information with third parties for their promotional purposes. Duo Security may transmit or share Personal Information with our third party vendors and hosting partners as well as to our customers to provide the necessary hardware, software, networking, storage, and other technology and services required to operate and maintain the Services, which may require that users’ Personal Information be transferred to these third parties. Although Duo Security owns the software, code, databases, and all rights to the Services; you retain all rights to your Personal Information.

We may also share your Personal Information and/or device information with your employer and/or your employer’s third party vendors (with your employer’s consent) in order to operate and maintain the Services. Your device may be subject to your employer’s policies and practices, which are separate from this Privacy Policy. We have no control over your employer’s and your employer’s third party vendors’ privacy practices, so please read their applicable privacy policies. Our Privacy Policy does not apply to, and Duo Security is not responsible for, use of your Personal Information by these other companies.

Duo Security also uses third party intermediaries to send out emails on our behalf and to provide customer support including via live chat software. We provide customer emails to our third party vendor who sends our emails on our behalf for these purposes only. Third party intermediaries and vendors are not authorized to use your information for any other purpose.

Some of our marketing and promotional events, such as conference events, may be co-branded and/or co-sponsored and offered in conjunction with another company or companies. If you register for or participate in such marketing and promotional events, both Duo Security and such other companies may receive information collected in conjunction with the co-branded and/or co-sponsored marketing and promotional events. Our Privacy Policy will apply to you with respect to our use of your Personal Information. We have no control over any other companies’ privacy practices, so please read their applicable privacy policies before providing any Personal Information. Our Privacy Policy does not apply to, and Duo Security is not responsible for, use of your Personal Information by these other companies.

We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Terms and Conditions, or as otherwise required by law.

Credit Card Information

Some of our customers use credit cards, debit cards or other means to pay for our Services. We do not collect credit card, debit card or personal financial account information through our Website. We use a third party vendor, currently Recurly, Inc., to process our subscription billing. When you provide payment information to pay for the Services, you provide it directly to Recurly, and not to Duo Security. You will automatically be routed to the Recurly website to provide the information Recurly requires to process your transaction. Recurly is a third party vendor and has its own privacy policy, which may be different from this Privacy Policy. This Privacy Policy does not cover information collected by Recurly and Duo Security is not covered by, or responsible for, Recurly’s privacy practices or policy. To learn about Recurly’s privacy practices, please read their privacy policy at http://recurly.com/legal/privacy.

Accessing and Updating Your Personal Information

You can modify your account information at anytime by using the Service administrative interface available at https://admin.duosecurity.com or by emailing our customer support at support@duosecurity.com. We will respond to your request to access within 30 days.

Cookies

When you visit our Website or use our Services, we use session “cookies” — a piece of information stored on your computer — to allow us to uniquely identify your browser while you are logged in and to enable Duo Security to process your online transactions. We do not link the information we store in cookies to any Personal Information you submit while on our Website. Session cookies also help us confirm your identity and are required in order to login into your account.

Duo Security uses persistent cookies that only Duo Security can read and use, to identify you as a Duo Security customer and make it easier for you to log into your account. Users who disable their web browsers’ ability to accept cookies will be able to browse our Website, but will not be able to access or take advantage of the Services. For further information about disabling or blocking cookies, please see ‘Can I withdraw my consent?’ in our Cookie Policy at https://www.duosecurity.com/cookies.

The use of cookies by our partners is not covered by our Privacy Policy. We do not have access or control over these cookies. Our partners use session ID cookies to trace user movement on the partners’ sites.

Clear Gifs

We employ or our third party advertising partner employs a software technology called clear gifs (also known as “Web Beacons” or “Web Bugs”), that help us better manage content on our Website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Website Log Files

As is true of most websites, we and our third party utility-tracking partners gather certain information automatically and store it in log files. This information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer our Website, to track users’ movements around our Website and to gather demographic information about our user base as a whole.

Protection of Information

Duo Security maintains reasonable security measures and precautions to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access (e.g., your users). However, no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure. If you have any questions about security on our Website, you can contact us at security@duosecurity.com.

Links to Other Sites

Our Website may contain links to other sites that are not owned or controlled by Duo Security. Please be aware that Duo Security is not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. Our Privacy Policy applies only to information collected by our Website and Services.

Public Forums

Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at security@duosecurity.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.

Testimonials

We post customer testimonials on our Site, which may contain Personal Information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at security@duosecurity.com.

Surveys

From time to time we may provide you the opportunity to participate in contests or surveys. If you participate, we will request certain Personal Information from you at the time of the survey. Participation in these surveys or contests is completely voluntary and you have a choice whether or not to disclose this information. The requested information typically includes contact information, such as email or phone number.

We use this information to improve our service to send our customers update on how we are improving the service based on their feedback.

Choice and Consent

By emailing us, signing up for updates or the Service or by using our Services, you expressly consent to the collection, use, retention, transfer and disclosure, including cross-border disclosure, of your information as described in this Privacy Policy.  Each time you email us, sign up for or use our Services, you are giving your express consent to the collection, use, retention, transfer and disclosure, including cross-border disclosure, of your information as described in this Privacy Policy.   If you wish to opt out of uses or disclosures that are incompatible with your original consent, you may do so at any time by writing to: security@duosecurity.com. If you opt out and withdraw your consent you will no longer be able to use the Service or receive updates and we will not have any means by which to respond to your inquiries.

International or Cross-Border Transfer of Your Personal Information and Your Express Agreement

Given that the Internet operates in a global environment and that transfer of your data is necessary to process your registration and use of the Services, to provide updates, and to respond to your inquiries, using the Internet to collect and process Personal Information necessarily involves the transmission of data on an international, or cross-border, basis.  By signing up for or using the Services, and/or by communicating with us by email, you acknowledge and expressly consent to our processing and disclosure of your Personal Information in this way.   The Personal Information of users who are located outside the U.S. will be transferred outside of each eligible country to the United States where our servers are located and where it will be processed and stored on servers owned and operated by Amazon Web Services (“AWS”), which participates in the EU-US Safe Harbor program. You may view the AWS privacy policy at http://aws.amazon.com/privacy. The U.S. does not provide an adequate level of protection according to EU data protection regulations. We will take all steps reasonably necessary to ensure that users’ Personal Information is treated securely and in accordance with the EU/US Safe Harbor Principles and the Service Terms and Conditions in respect of such transfer, but will not otherwise take steps to ensure compliance with applicable laws in each user’s country of residence. By registering for or using the Services, by signing up for updates, or by sending us emails, you expressly agree to such transfer and disclosure.

By accessing signing up for or using the Services, sending us email, or by signing up for email updates, you provide your express consent to our disclosure of your Personal Information to our Subcontractors for the purposes described in this Privacy Policy.

California Do Not Track Disclosures and Other Disclosures under CalOppa

If you are a resident of the State of California, under the California Civil Code, you have the right to request from companies conducting business in California a list of all third parties to which Duo Security has disclosed Personal Information during the preceding year for direct marketing purposes. We only disclose Personal Information as described in this Privacy Policy. As such, we do not disclose Personal Information to third parties for “direct marketing purposes” (as defined under the California Civil Code). In addition, we currently do not honor Do Not Track signals.

Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), as we do not collect any information from anyone under 13 years of age.  The Website and its content are directed to people who are at least 18 years of age or older.

Access to Your Information

You have a right to access, review, change, update or delete your Personal Information at any time by contacting us at security@duosecruity.com or by postal mail at Duo Security, Inc., 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104.

Contact Us About Complaints, Questions, Comments, Notices and Disputes; Enforcement

Duo Security commits to resolving complaints about your privacy and our collection or use of your Personal Information. If you need to provide a Notice to us under this Privacy Policy or if you have complaints about our compliance with this Privacy Policy, you should first contact us as follows:

Duo Security uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Safe Harbor principles. We have further committed to refer unresolved privacy complaints under the Safe Harbor to an independent dispute resolution mechanism, the International Center for Dispute Resolution/American Arbitration Association (ICDR/AAA), operated by the American Arbitration Association. If you have questions or concerns regarding our compliance with the Safe Harbor, you should first contact Paul DiMarzo at pdimarzo@duosecurity.com. If you do not receive timely acknowledgment of your complaint, or if we do not satisfactorily address your complaint, please visit ICDR/AAA web site at http://www.icdr.org to obtain more information or to file a complaint.

Business Transactions

Duo Security may assign or transfer this privacy policy, and your user account and related information and data, to any person or entity that acquires or is merged with Duo Security.