At AuthNull, data privacy is important to us. This AuthNull Privacy Policy (“Privacy Policy”) details our privacy practices for the activities described in this Privacy Policy. Please take the time to read this Privacy Policy carefully in order to understand how we collect, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding our processing of your Personal Data.
If you are a California resident, please review the section of this Privacy policy for California Residents section
In this Privacy Policy, “AuthNull,” “we,” “our,” and “us” each mean AuthNull, Inc. and the applicable AuthNull affiliate(s) involved in the processing activity. The addresses of our offices, where AuthNull, Inc. and our affiliates are located, can be found at https://authnull.com/contactus
AuthNull is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated. Please note that this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own websites and applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services.
Each of our customers, not AuthNull, controls whether they provide you with an account or other access to the AuthNull identity cloud service through their subscription, and if they provide you with such accounts or other access through their subscription, they control what information about you that they submit to our service. This content may include contact information (such as your first and last name, email address, and phone number), professional information (such as the department you work for at your place of employment), or other types of information that a customer chooses to submit. Use of this content by AuthNull is governed by agreements between AuthNull and the Customer.
For detailed privacy information applicable to situations where an AuthNull customer (and/or a customer affiliate) who uses AuthNull’s cloud products and services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a customer (and/or its affiliates), who is the responsible controller of the applicable Personal Data.
If your Personal Data has been submitted to us by or on behalf of an AuthNull customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the AuthNull customer who submitted your Personal Data to us. If we are able to verify the AuthNull customer, we will refer your request to that customer and support them as needed in responding to your request within a reasonable timeframe.
Additional information and safeguards regarding AuthNull’s data protection obligations (including for international transfers) to our customers are set forth in our subscription agreement form and related documents, including our Trust & Compliance Documentation available at https://trustcenter.authnull.com
This Privacy Policy applies to the processing of Personal Data that we collect in the following ways, as detailed in this section.
We collect information about you when you provide it to us, when you interact with our products and services, websites and electronic systems, when you attend events and visit our offices, and when other sources provide it to us, as further described below.
Based on our current practices (and including our practices over the last 12 months), we collect the following categories of information about you:
We collect contact and/or professional data about you in person, through communications, including communications from you or your colleagues, and through our websites. For example, you provide your contact and professional information to us when you sign up to learn more about AuthNull’s products and services, download content, register for an event, and visit our offices. If you attend an event, we may also receive contact and professional details about you when you choose to scan your attendee badge or by providing a business card or other method(s) whereby you share Personal Data with us. Typically, contact data includes your name and contact methods, such as telephone number, email address, and office or other mailing address, and professional data includes details such as the organization you are affiliated with, your job title, and industry.
When you sign up for an account to try AuthNull, subscribe to any AuthNull service via AuthNull or another entity (such as a marketplace or authorized reseller), have the ability to submit a support request, or are designated an administrator of any part of the AuthNull Service, then information is provided to us about you (“Administrator Data”). Administrator Data usually includes your name, email address, phone number, address, billing information, business contact information, credentials information (including AuthNull training and credentials), subscription and service configurations you select, and other details you may provide to us about you or include in your profiles in AuthNull communities and other support portals. We may also receive any Personal Data you share via tooling used to provide support, e.g., videoconferencing or other communication methods you participate in.
If you use consumer products made available by AuthNull (“AuthNull Consumer Products”), then we may receive various types of information and content from you that you choose to share, including contact information (such as your first and last name, email address, and phone number), additional multi-factor authentication factor setup details, content you upload (such as identification or other documentation), and information regarding the websites and applications that you visit and use through AuthNull Consumer Products for authentication. We also receive Ancillary Data, including device data, Usage Data, and metadata, as described below for the purposes described below.
Depending on your jurisdiction, if we collect sensitive data from you, we will do so by providing you with additional notice or confirming your consent upon collection, if required by applicable law.
In the course of doing business (and over the 12 months preceding the effective date of this Privacy Policy), we receive Personal Data and other information from other third parties for our business or commercial purposes. This information varies and typically falls into a few categories:
Explanation of Device Data, Usage Data, Ancillary Data, Diagnostic Data, and Other Metadata and Technology Used
Like most websites, applications, and software across the Internet, AuthNull collects certain Personal Data when you access and use our websites, applications, software, and products and services subject to laws applicable in your jurisdiction. This type of data collection allows us to better understand how individuals use and the performance of our websites, applications, and products and services and allows us to provide, fix, and improve our websites, applications, software, and products and services, and detect, investigate, and combat fraud, security incidents, and other deceptive or malicious behavior. The data we collect can include the following:
For the AuthNull Mobility Management product, data collected may include the applications that are installed on your device. Collectively, we refer to this data as “Ancillary Data”. Some of the Ancillary Data, including Usage Data, that we receive is dependent on your organization’s policies and settings and what information it permits to be shared with AuthNull. AuthNull uses Ancillary Data to improve security and to provide and improve its products to customers, including to better understand customer behavior in order to create new features and provide threat-related insights for our customers.
Some of these products that collect and process Ancillary Data include:
— the AuthNull mobile applications (AuthNull app); and
— AuthNull Web Products.
Through the AuthNull browser plugin, the Ancillary Data we collect includes details about your login session, IP address, user-agent, and the web application name and website address, as well as other information that is not personal in nature. In addition, as part of Ancillary Data, we may collect interaction data about your use of the AuthNull browser plugin. We use the information collected through the AuthNull browser plugin for security purposes and to provide features, such as to allow you to better manage your passwords for websites that you visit.
Diagnostic Data. Some products and services may require, or may be enhanced by, your installation of on-premise software (e.g., agents, device management applications). The on-premise software may collect data about the use and performance of the software, including IP address, username, and host name, which may be transmitted and used by AuthNull to provide customer support, to diagnose issues with the on-premise software and/or related products and services, to improve our products and services, and/or for the purposes identified in the applicable agreement(s) between AuthNull and the applicable customer.
Metadata. We may collect metadata about you, including technical data about your performance or use of our website, products and services. One common technology we use to collect metadata that may be considered Personal Data is our use of cookies. Cookies are small text files that are placed on your web browser and that help us recognize your browser or device as a unique visitor in different ways based on the type of cookie. The three main types of cookies are:
Essential cookies. Essential cookies are required for website functionality and security. For example, authentication, security, and session cookies may be required for our website or products to work.
Functional cookies. We use functional cookies to help enhance our websites’ performance, for market research, or other analytics or advertising that is not tied to a specific individual. For example, we may use Google Analytics to help us track how many individuals visited our websites. We may also utilize HTML5 local storage cookies for the reasons described in this section. These types of cookies are different from browser cookies in the amount and type of data they store and how they store it.
Targeting or advertising cookies. We use targeting and advertising cookies to help us understand our marketing efforts and to reach potential customers across the web. For example, we contract with third-party advertising networks that may track your activity over time and across different channels, including our websites, email activity, and other websites and applications that display advertisements. They may use this tracking information to understand and predict your interests, to display an advertisement for AuthNull on another website, or email you with a marketing communication for an AuthNull product.
A second common technology we use to collect metadata that may be considered Personal Data is beacon technology. We use beacons in our websites and in email communications to you. Beacons provide us with information about your activity and help us to improve our business operations and strategy, such as by understanding our email communications’ functionality and improving our websites and content. For example, if you click on a marketing email we send to you about a new product or service, the beacon will provide signals to us that you and your organization may be interested in learning more.
Personal Data: We may collect limited personal data via your interactions with our website.
For the purpose of communicating with you about our products and services and facilitate other interaction. We may use your Personal Data, such as contact data, Ancillary Data, and metadata, to send you transactional communications, notices, updates, security alerts, and administrative messages regarding our products and services that may be useful to you and your organization. We will respond to your questions, provide tailored communications based on your activity and interactions with us, and help you use our products and services effectively. We also use Administrator Data to communicate with you for various purposes, including to provide you with account updates (about your subscription, settings, security, billing, feature and product updates, technical issues, certifications, and other similar content). You cannot unsubscribe from non-promotional and transactional communications. For promotional communications, you may manage your communication preferences via your administrator settings, AuthNull communities, or our subscription center (linked in the Your Information Choices section below).
For the purpose of marketing our products and services. We use your Personal Data, such as contact data, Ancillary Data, and other metadata about how you use the products and services to send promotional communications that may be of specific interest to you and your organization, including by email and by displaying AuthNull marketing communications on other organizations’ websites and applications, as well as on third-party platforms like Facebook, Twitter, and Google subject to laws applicable in your jurisdiction. These communications are aimed at encouraging engagement and maximizing the benefits that you and your organization can gain from AuthNull’s products and services, including information about new products and features, survey requests, newsletters, and events that we think may be of interest to you and your organization.
If we process your Personal Data for a purpose other than those set out above, we may provide you with a notice and obtain your consent prior to such processing, where required by us under applicable law in your jurisdiction.
Legal Bases for Processing Personal Data (for United Kingdom and European Economic Area and other relevant jurisdictions)
If you are an individual in the United Kingdom, the European Economic Area (EEA), or of another relevant jurisdiction, we collect and process information about you only where we have a legal basis or bases for doing so under applicable laws. The legal bases depend on the products and services that your organization has purchased from AuthNull, or the AuthNull Consumer Products that you are using, as applicable, how such products and services are used, and how you choose to interact and communicate with AuthNull’s websites, systems, and whether you attend AuthNull events. This means we collect and use your Personal Data only where:
— We need it to operate and provide you with our products and services, provide customer support and personalized features, and to protect the safety and security of our products and services;
— It satisfies a legitimate interest of AuthNull’s (which is not overridden by your data protection interests and rights), such as for research and development, to provide information to you about our products and services that we believe you and your organization may find useful, and to protect our legal rights and interests;
— You give us consent to do so for a specific purpose; or
— We need to comply with a legal obligation.
If you have consented to our use of Personal Data about you for a specific purpose, you have the right to change your mind at any time, subject to contractual and legal restrictions, and reasonable prior written notice. This will not affect any processing that has already taken place. Where we are using your Personal Data because we or another entity (for example, your employer) have a legitimate interest to do so, you have the right to object to that use; however, in some cases, this may mean that you no longer use our products and services.
In the event that we de-identify any Personal Data for further use, we commit to maintain and use the information in de-identified form and will not attempt to re-identify the information, except for the purpose of determining if our de-identification processes satisfy applicable legal requirements.
Security is a critical priority for AuthNull. We maintain a comprehensive, written information security program that contains industry-standard administrative, technical, and physical safeguards designed to prevent the loss or theft and unauthorized access, use, disclosure or alteration of Personal Data.
However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including Personal Data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting your password(s) and other authentication factors, as well as maintaining the security of your devices.
If you use the AuthNull online service via a subscription purchased for you by an AuthNull customer, then that customer is responsible for configuring your instance appropriately. Additional information about security settings and configurations can be found in the documentation related to our online service, including the Trust & Compliance documentation available at our Trust center
Your Privacy Choices
You can at any time
(a) Decline cookies on our website
(b) Opt out of our email marketing campaigns by clicking on the unsubscribe link below.
Your Privacy Rights
Depending on your jurisdiction, you may have certain rights with respect to your Personal Data that we process in our capacity as a data controller, subject to applicable law:
Right to Access. You have the right to access your Personal Data held by us.
Right to Rectification. You have the right to rectify inaccurate Personal Data and, taking into account the purpose of processing, to ensure it is complete.
Right to Erasure (or “Right to be Forgotten”). You have the right to have your Personal Data erased or deleted.
Right to Restrict Processing. You have the right to restrict our processing of your Personal Data.
Right to Data Portability. You have the right to transfer your Personal Data, when possible.
Right to Object. You have the right to object to the processing of your Personal Data that is carried out on the basis of legitimate interests, such as direct marketing.
Right to Opt Out of Sale. You may also have the right to opt-out of the sharing of your Personal Data with third parties for targeted advertising purposes on third-party sites. As described in Section III above, AuthNull may use targeted or advertising cookies for our marketing efforts and to reach potential customers across the web. Depending on your jurisdiction (for example, if you are a California resident), you have the right to opt-out of the sale or sharing of your Personal Data by us as a business. AuthNull shares Personal Data as further described below in Section XI, which may be considered a “sale” of Personal Data under the California Consumer Privacy Act. You may opt out by clicking the “Your Privacy Choices” link at the bottom of our website and selecting your preferences on that page.
Right Not to be Subject to Automated Decision-Making. You have the right not to be subject to automated decision-making, including profiling, which produces legal effects. AuthNull does not currently engage in the foregoing on our websites or in our products and services.
Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights as described above.
If you would like to make a request and exercise your rights described above or have questions or concerns, please complete our online form or reach out to us using the contact information below. You also have the right to lodge a complaint with your relevant supervisory authority.
Under the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights to understand and request that we disclose details about how we handle your Personal Data.
Business and Commercial Purposes for Collection; Disclosures for a Business Purpose
We may collect all of the above categories of Personal Data to run our business and carry out our day-to-day activities, as described above in Section IV. We have disclosed each of these categories of Personal Data with our service providers for various business purposes, as described above in Section V, in the preceding 12 months.
We collect and process Personal Data related to job applicants to recruit and hire, assess and evaluate a job applicant’s skills and qualifications, comply with legal obligations, and send information about positions at AuthNull that may be of interest to individuals.
Your Rights
The CCPA gives you certain rights regarding the Personal Data we collect about you:
Right to Know About Personal Data Collected, Disclosed, or Sold. You have the right to request to know what Personal Data we collect, use, disclose, share and sell about you.
Right to Request Deletion of Personal Data. You have the right to request the deletion of your Personal Data collected or maintained by us as a business.
Right to Opt-Out of the Sale or Sharing of Personal Data. You have the right to opt-out of the sale of your Personal Data by us as a business. AuthNull shares Personal Data as described above, which may be considered a “sale” of Personal Data under the CCPA.
You may opt out by clicking here “Your Privacy Choices” link at the bottom of our website and selecting your preferences on that page. You may also opt out by broadcasting an opt-out preference signal like the Global Privacy Control (GPC), but please note that this signal will be linked to your browser only. If you wish to learn more about the GPC and how to use a browser or browser extension incorporating the GPC signal, you can visit the GPC website here.
Right to Limit the Use and Disclosure of Sensitive Personal Data. In some instances, we may use or disclose your Sensitive Personal Data for the legitimate business purposes as outlined under the CCPA, and for any other purposes as set forth in Section IV, above. If we ever use or disclose your Sensitive Personal Data for a reason other than the legitimate business purposes as outlined under the CCPA and for any other purposes other than those described in Section IV, we will update this Privacy Policy and provide you with instructions to limit the use and disclosure of your Sensitive Personal Data.
Right to Correct Inaccurate Personal Data. You have the right to request the correction of your Personal Data if it is inaccurate and you may submit a request as further described below.
Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
Authorized Agent. You may designate an authorized agent to make a request under the CCPA on your behalf. We may require the agent to demonstrate proof of their authorization by providing us with a signed permission from you or a copy of your power-of-attorney document granting that right. In the case of the former, we may still request that you verify your own identity as described above or directly confirm that you have provided such permission.
Financial Incentives. We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Data.
If you would like to make a request and exercise your rights described above, please complete our online form, or contact us via the telephone number listed in the section below.
XII. How to Contact AuthNull
If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:
AuthNull Inc
16668 Winchester Club Dr Meadow Vista CA 95722
If you are not able to access our form, you may request that a copy be provided to you in an alternative format by calling 408-368-3404 by emailing [email protected].
This Privacy Policy may be updated from time to time, to reflect changes in our practices, technologies, additional factors, and to be consistent with applicable data protection and privacy laws and principles, and other legal requirements. If we do make updates, we will update the “effective date” at the top of this Privacy Policy webpage. If we make a materially significant update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.