As of 11 November 2015
Legalese can be tedious. If you don't want to read past this paragraph, please review the key points, as summarized here:
- Authentic8 needs to keep some knowledge about you in order to deliver our service.
- We treat your data with the utmost respect, but we do keep information about how you use the service in order to improve Authentic8.
- We control who within our company has access to your data, and we never share any of your data with any third party except those working directly for us.
- We delete your uniquely identifiable usage data on a 90 day basis, but some anonymized usage data is preserved for capacity planning reasons (see below for what type of data we mean).
- Authentic8 will cooperate with law enforcement, if sufficiently compelled.
- If you have any questions, please don’t hesitate to contact us at firstname.lastname@example.org.
WHAT WE CAPTURE
We generally capture three types of information: website visitor statistics, information to help verify your identity and keep your sensitive data secure, and information to understand how our service is used, to improve performance, and to provide user support.
If you’re just visiting our website:
We want to capture enough information to help us understand how to describe our service and market our products. In order to do that, we will collect certain session information, such as what browser you are using, which website you came from, whether you click any pages, how long you stay on a page, etc.
When you connect to our website, we may deliver a cookie or cookies (referred to as a Visitor Cookie/s) in order to collect site analytics, "personalize" your visit (show you the most relevant pages) or improve security.
- Any information collected is used internally for the purposes of improving our site or our products, and is not shared with third parties except those acting directly for us (for example, a website analytics service like Google Analytics).
- These Visitor Cookies do not track your usage of other sites after you visit our website.
- We register what website you immediately came from (such as Google search results).
- We may use third party analysis tools, such as Google Analytics, in order to understand how our site is being used.
- If you provide your email address as part of a “Learn More” or “Sign Up” process, we will use this address only for the purposes of communicating information about our service to you. We will never spam you, and we will never share your email address with any third party except those working directly for us.
If you subscribe to the Authentic8 service:
- Your data is yours. If you provide us data, we encrypt, retain, and delete it under the terms below (“What we do with the information we capture” and "Retention of data").
- We will not spam you, nor will we share any of your data with any third party for commercial purposes except those working directly for us.
- Based on how you configure the service, Authentic8 can store more or less of your personal and company information, such as name, group structure, website credentials, and other information.
- If you choose to leave our service we will delete your data under the terms described below.
- You are responsible for how you use our service. Authentic8 will cooperate with law enforcement when sufficiently compelled, as described below.
- If the terms of this policy change, we will notify you.
Use of the Authentic8 service requires the installation and use of the Authentic8 client application (or Authentic8 App). This application establishes the secure connection to our service, and is also used to verify you and the identity and integrity of your machine(s). We create a detailed fingerprint of your machine(s), including OS and certain software versions, location as well as certain hardware factors. The Authentic8 App will deliver an Authentic8 certificate to your device, and create a universal device ID. We do not collect information about how you use your computer, files you access, or other similarly private data outside of the scope of our service.
When you setup your Authentic8 account, we collect name, username and certain contact information, including but not limited to email, telephone number, mailing address, and potentially some payment processing information; information that we refer to as Subscriber Data. We allow you to save login credentials within our system, and to set preferences for accessing the Authentic8 service. You can review and edit your information at any time through the Authentic8 account configuration pages.
When you configure website accounts for auto-login within the Authentic8 service, we also collect additional Subscriber Data, such as the credentials associated with those accounts. These credentials are encrypted, stored, and decrypted by secure processes running on restricted machines. Configuring these accounts is an optional, albeit important component of the Authentic8 service.
We collect data about your use of the Authentic8 service itself in order to maintain a high quality of service and to provide customer support. This data, called Usage Data, includes session details to our service, URLs of websites you visit, duration metrics, and more. We do not collect any data entered in to web forms, unless you explicitly ask us to save it as is the case with login credentials, or if a company admin has provided your account and configures the service to collect this data (for more information, see section entitled “If your Authentic8 account is provided by your company”). We collect aggregated statistics and perform analysis of those statistics in order to improve the performance of our service.
Usage Data must contain some uniquely identifiable information, browsing history, and site login details that are attributable to your account. Select Authentic8 personnel may be able to access your Usage Data, but only after getting your permission.
WHAT WE DO WITH THE INFORMATION WE CAPTURE
We use Visitor Cookies (described above) to help us better understand our market (who is visiting our website), how to improve our site and services (what visitors to our website are looking for), and for some security purposes. As we mentioned above, we may use third-party tools such as Google Analytics to analyze our website traffic.
Subscriber Data is not used for any purpose other than to verify your identity, provide user support and let you log in to websites. It is retained as long as you are a valid subscriber to the Authentic8 service. If you chose to leave the Authentic8 service, you can request to delete your Subscriber Data from the service, and that data–including any stored usernames and passwords–will be purged. You also have the ability to delete certain data yourself from within the service.
Usage Data is used to maintain a responsive and high quality service, and to provide support in case something goes wrong. Access to all sensitive data is limited to a small group of key Authentic8 employees and is governed by internal access controls. Account data is not accessed without customer permission. Some anonymized system statistics are collected and analyzed as part of our ongoing service improvement and capacity planning activities. This aggregated data does not contain any user identifying information.
We perform regular automated backups of data, including Subscriber Data. These backups are encrypted.
WHAT WE DON’T DO WITH THE INFORMATION WE CAPTURE
- We will not spam you. If you believe we are spamming you, please email us at email@example.com as soon as possible.
- We will not share your data with third parties except those working directly for us (the aforementioned website analytics company, for instance).
- It is our policy that we will NOT access any uniquely identifiable credential data without your prior approval.
RETENTION OF DATA
- Visitor cookies expire after 30 days. Our web servers store visit data for 52 days.
- Subscriber Data is stored in our system until it is deleted by you, or upon request, by us.
- Usage Data is deleted on a rolling 90 day basis.
- Anonymized service use statistics, which contains no personally identifiable information and is not attributable to any user or organization, are stored indefinitely for the purposes of performance analysis and capacity planning.
- Backup data is deleted on a rolling 90 day basis.
IF YOUR AUTHENTIC8 ACCOUNT IS PROVIDED BY YOUR COMPANY
- Your administrator may configure the service to give you more or less control over how the service can be used, and which functionality is exposed to you.
- You may be subject to web use policies as part of your employment contract. Authentic8 does not assume any liability if you violate these policies.
- Your administrator will have access to your Subscriber Data and Usage Data, including session count details and site visit and duration details.
- If you create a website account within Authentic8 using your own credentials, your administrator WILL NOT have access to those credentials.
- Your administrator will have access to certain user activity data including your username, websites accessed, session times and durations.
- Your administrator may configure the service to log and access more detailed user activity information including your navigation history and data you enter into web forms. If so this data will be encrypted using your company’s encryption key so that only approved administrators can retrieve it.
- Your administrator may have the ability to export certain account data and Usage Data.
- While Authentic8's data retention policies are listed above, your administrator may have the ability to store data longer than our stated retention period. If you have questions regarding your company's policies, or wonder how your Subscriber Data or Usage Data is handled, please contact your company administrator.
Compliance with laws and law enforcement
Authentic8 cooperates with government and law enforcement officials to enforce and comply with the law. In our sole discretion, if we deem cooperation necessary to respond to legal claims and legal process against specific individuals, to protect property rights, or to protect the safety of the public or any person, or to prevent or stop activity that may be considered illegal or legally actionable, we will make any necessary or appropriate disclosure to government or law enforcement officials.
How we will contact you
If Authentic8 needs to contact you, we will use one of the methods contained in your Subscriber Data.
Please note that URLs in email, telephone calls, and physical mail can be easily spoofed. Authentic8 will never contact you and ask you to reveal any of your account or credential information. Authentic8 will always direct you to log into the service.
Content on other websites you visit through the Authentic8 service
It may become necessary to refine this policy. At the sole discretion of Authentic8, this policy may be updated and we encourage users to check back regularly. If you are an Authentic8 subscriber, you will receive a service alert of any changes to this policy. Continued use of the service or this site after you've been notified of any change will constitute your acceptance of the change. If you don’t agree to the changes, you may request to cancel and delete your account by contacting firstname.lastname@example.org.
If Authentic8 is acquired
If you have questions or comments, please contact us at email@example.com.