I. Introduction
At AuthNull, data privacy is important to us. This Privacy Policy details our privacy practices for the activities described herein. Please read it carefully to understand how we collect, share, and process information relating to individuals (referred to as "Personal Data"), and to learn about your rights and choices regarding our processing of your Personal Data.
If you are a California resident, please review the California Residents section of this Privacy Policy.
In this Privacy Policy, "AuthNull," "we," "our," and "us" each mean AuthNull, Inc. and the applicable AuthNull affiliates involved in the processing activity. The addresses of our offices can be found at authnull.com/contact.
II. AuthNull's Roles & Responsibilities
AuthNull is the controller of your Personal Data as described in this Privacy Policy, unless otherwise stated. This Privacy Policy does not apply where we process Personal Data in the role of a processor on behalf of our customers - including where we offer cloud products and services through which customers connect their own websites and applications to our hosted platform, sell or offer their own products and services, or otherwise collect and process Personal Data via our cloud services.
Each of our customers, not AuthNull, controls whether they provide you with access to the AuthNull service through their subscription. If they do, they control what information about you is submitted to our service - which may include contact information, professional information, or other data they choose to submit. Use of such content by AuthNull is governed by agreements between AuthNull and the customer.
For privacy information applicable to situations where an AuthNull customer is the controller, please contact that customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy.
If your Personal Data was submitted by or on behalf of an AuthNull customer and you wish to exercise any rights under applicable data protection laws, please inquire with that customer directly. If you wish to make a request directly to us, please provide the name of the AuthNull customer who submitted your Personal Data to us. If we can verify the customer, we will refer your request to them and support as needed.
Additional information regarding AuthNull's data protection obligations and international transfers is set forth in our subscription agreement and related documents, including our Trust & Compliance Documentation available at trustcenter.authnull.com.
III. Personal Data We Collect and Data Sources
This Privacy Policy applies to the processing of Personal Data that we collect in the following ways. We collect information about you when you provide it to us directly, when you interact with our products, services, websites, and electronic systems, when you attend events and visit our offices, and when other sources provide it to us.
Information You Provide to Us
Based on our current practices (including practices over the last 12 months), we collect the following categories of information:
We collect contact and professional data about you in person, through communications, and through our websites - for example, when you sign up, download content, register for an event, or visit our offices. Contact data typically includes your name, telephone number, email address, and mailing address. Professional data includes your organization, job title, and industry.
When you sign up for an AuthNull account, subscribe to a service, submit a support request, or are designated an administrator, we receive information about you ("Administrator Data"). This typically includes your name, email address, phone number, billing information, credentials, subscription and service configurations, and other details you include in your AuthNull profiles or support portals.
If you use AuthNull Consumer Products, we may receive contact information, MFA setup details, uploaded content, and information about the websites and applications you visit through those products for authentication purposes. We also receive Ancillary Data, Usage Data, and metadata as described below. Where we collect sensitive data, we will provide additional notice or obtain your consent as required by applicable law.
Personal Data We Collect From Other Sources
In the course of doing business, we receive Personal Data from third parties for business or commercial purposes. This typically includes:
- >Business contact information (name, job title, business email, phone number, address) and social profile data (such as LinkedIn or XING) for sales and marketing purposes;
- >Third-party platform usernames and identifying information;
- >Details about job candidates (name, resume, educational and work history, criminal history, and feedback) as permitted by law; and
- >Data used for security purposes to protect our products and services.
Device Data, Usage Data, Ancillary Data, Diagnostic Data, and Metadata
AuthNull collects certain Personal Data when you access and use our websites, applications, software, and products. This allows us to better understand usage and performance, and to provide, fix, and improve our services and detect fraud and security incidents. The data we collect can include:
For the AuthNull Mobility Management product, data may include applications installed on your device. AuthNull uses Ancillary Data to improve security and develop new features. Products that collect Ancillary Data include the AuthNull mobile app and AuthNull Web Products. Through the AuthNull browser plugin, Ancillary Data includes login session details, IP address, user-agent, and web application information.
Some products may collect data about software use and performance - including IP address, username, and host name - to provide support, diagnose issues, and improve our products and services.
We may collect metadata including technical performance data. We use cookies - small text files placed on your browser - in three forms: Essential cookies (required for functionality and security), Functional cookies (for analytics and performance, e.g., Google Analytics), and Targeting or advertising cookies (to understand marketing efforts and reach potential customers). We also use beacon technology in our websites and email communications to help improve our business operations.
IV. How We Use Personal Data
We use your Personal Data to communicate with you about our products and services - including transactional communications, notices, updates, security alerts, and administrative messages. We respond to your questions and help you use our products effectively. You cannot unsubscribe from non-promotional and transactional communications. For promotional communications, you may manage preferences via your administrator settings or our subscription center.
We use your Personal Data for marketing purposes - including by email and by displaying AuthNull marketing communications on third-party platforms such as Facebook, Twitter, and Google - subject to applicable laws. If we process your Personal Data for a purpose beyond those described above, we will provide notice and obtain your consent where required.
Legal Bases for Processing (UK, EEA, and Similar Jurisdictions)
If you are in the UK, EEA, or another relevant jurisdiction, we collect and process your Personal Data only where we have a legal basis to do so:
- >We need it to operate and provide our products and services, provide customer support, and protect the safety and security of our services;
- >It satisfies a legitimate interest of AuthNull's (not overridden by your data protection rights), such as for research and development or to inform you about our products and services;
- >You give us consent for a specific purpose; or
- >We need to comply with a legal obligation.
If you have consented to our use of your Personal Data, you have the right to change your mind at any time, subject to contractual and legal restrictions and reasonable prior written notice. Where we rely on legitimate interest, you have the right to object; however, this may mean you can no longer use our products and services.
Where we de-identify Personal Data, we commit to maintaining it in de-identified form and will not attempt to re-identify it, except to determine if our de-identification processes satisfy applicable legal requirements.
V. AuthNull's Security Posture & Measures Taken
Security is a critical priority for AuthNull. We maintain a comprehensive, written information security program with industry-standard administrative, technical, and physical safeguards designed to prevent the loss, theft, and unauthorized access, use, disclosure, or alteration of Personal Data.
However, no security system is perfect - we cannot guarantee that Personal Data is absolutely safe from intrusion or unauthorized access. You are responsible for protecting your password(s) and authentication factors and for maintaining the security of your devices. If you use the AuthNull online service via a subscription purchased for you by an AuthNull customer, that customer is responsible for configuring your instance appropriately.
Additional security information can be found in our Trust & Compliance Documentation available at our Trust Center.
VI. Your Information Choices
Your Privacy Choices
You can at any time:
- >Decline cookies on our website; or
- >Opt out of our email marketing campaigns by clicking the unsubscribe link in any marketing email.
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights with respect to your Personal Data that we process as a data controller:
You have the right to access your Personal Data held by us.
You have the right to rectify inaccurate Personal Data and ensure it is complete.
You have the right to have your Personal Data erased or deleted.
You have the right to restrict our processing of your Personal Data.
You have the right to transfer your Personal Data, when possible.
You have the right to object to processing carried out on the basis of legitimate interests, such as direct marketing.
You may opt out of the sharing of your Personal Data with third parties for targeted advertising by clicking the "Your Privacy Choices" link at the bottom of our website. AuthNull does not engage in automated decision-making or profiling that produces legal effects.
You have the right not to receive discriminatory treatment for exercising your privacy rights.
To make a request or if you have questions, please complete our online form or contact us using the information in Section XII. You also have the right to lodge a complaint with your relevant supervisory authority.
XI. Information for California Residents / Your California Privacy Rights
Under the California Consumer Privacy Act of 2018 ("CCPA"), California residents have certain rights regarding their Personal Data. We collect all of the categories of Personal Data described above to run our business and carry out day-to-day activities as described in Section IV. We have disclosed each of these categories with our service providers for various business purposes in the preceding 12 months. We also collect and process Personal Data related to job applicants to recruit and hire, assess qualifications, and comply with legal obligations.
Your Rights Under the CCPA
You have the right to request to know what Personal Data we collect, use, disclose, share, and sell about you.
You have the right to request the deletion of your Personal Data collected or maintained by us.
You have the right to opt out of the sale of your Personal Data. You may opt out by clicking "Your Privacy Choices" at the bottom of our website, or by broadcasting an opt-out preference signal like the Global Privacy Control (GPC) - note that this signal is linked to your browser only.
In some instances, we may use or disclose your Sensitive Personal Data for legitimate business purposes outlined under the CCPA. For any other purposes, we will update this Privacy Policy and provide instructions to limit such use.
You have the right to request the correction of inaccurate Personal Data we hold about you.
You have the right not to receive discriminatory treatment for exercising your CCPA privacy rights.
You may designate an authorized agent to make a CCPA request on your behalf. We may require proof of authorization (a signed permission or copy of a power-of-attorney document) and may still request that you verify your own identity.
We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Data.
To make a request and exercise your rights, please complete our online form or contact us via the information listed in Section XII.
XII. How to Contact AuthNull
If you have questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:
16668 Winchester Club Dr
Meadow Vista, CA 95722
Accessibility
If you are not able to access our form, you may request that a copy be provided in an alternative format by calling 408-368-3404 or emailing privacy@authnull.com.
XIII. Changes to the Policy
This Privacy Policy may be updated from time to time to reflect changes in our practices, technologies, and applicable data protection laws. If we make updates, we will update the effective date at the top of this page.
If we make a materially significant update, we will notify you prior to the update taking effect - such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.