Authomate Inc. - Privacy Policy

Last Updated August 11, 2020



Website Visitors:


Like most website operators, Authomate collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Authomate's purpose in collecting non-personally identifying information is to better understand how Authomate's visitors use its website. From time to time, Authomate may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.


Authomate also collects potentially personally-identifying information like Internet Protocol (IP) addresses. Authomate does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described below.


Gathering of Personally-Identifying Information


Certain visitors to Authomate's website choose to interact with Authomate in ways that require Authomate to gather personally-identifying information. The amount and type of information that Authomate gathers depends on the nature of the interaction. For example, we ask visitors who sign up for an account at Authomate.com to provide a user-name and email address. Those who engage in transactions with Authomate are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Authomate collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor's interaction with Authomate. Authomate does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain activities.

Information is also collected when you interact with the App and is transmitted to the Authomate server providing the service. This may include, but is not limited to (a) contact information in the form of email addresses or login IDs, (b) device location (if enabled) and IP address at the time you used the App. (c) the names or URLs of sites, apps, services, and devices for which you used the App to provide credentials (d) the time at which such accesses occurred and (e) Biometric information (as discussed in the next paragraph). (f) Information related to the type and state of the device accessing the service (e.g. model, software version, time since last reboot, etc). This information is used for providing the services including completing the immediate activity and providing an audit log trail as well as for support and product improvement.

Some of Authomate's features rely on the collection, usage, and storage of Biometric Information, specifically face images. These images may be used for confirming the identity of a user, or for display purposes. In either case, these images are made available to the user from whom they are taken and to any of the relevant team's administrators (for a StrongPass for Teams app). By using services that collect this information, you are granting to any present or future team administrators of your team (if any) the legal right and the ability to access this information. The requirement or lack thereof for the collection of biometric data as part of the service is at the team administrator's discretion.

Information collected in conjunction with authenticating or logging a login are kept for 7 months and are then deleted unless (a) required to be retained by law or (b) required to be retained pursuant to a valid warrant or subpoena. Information collected for the purposes of 'training' or establishing the baseline against which authentications will be performed will be retained until the account is deleted plus up to 7 months. Information associated with billing, subscription, payments, and support requests will be retained indefinitely.

Ordinary personally-identifiable information collected and available to the team administrators or other members of the team are in the "legitimate interests" (as defined in the GDPR) of the team owner. In practice, this means that we require most data deletion requests on StrongPass for Teams accounts to originate from or be authorized by a team administrator.


Aggregated Statistics


Authomate may collect statistics about the behavior of visitors in aggregate to its websites. Authomate may display this information publicly or provide it to others. However, Authomate does not disclose personally-identifying information other than as described below.


Protection of Certain Personally-Identifying Information


Authomate discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Authomate's behalf or to provide services available at Authomate' websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Authomate's website or services, you consent to the transfer of such information to them. Authomate will not rent or sell potentially personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Authomate discloses potentially personally-identifying information only as part of the service features, when required to do so by law, or when Authomate believes in good faith that disclosure is reasonably necessary to protect the property or rights of Authomate, third parties or the public at large - in which case disclosure will be restricted to the minimum set of people required to protect those properties or rights.

Authomate presently transfers its data to the United States and stores and processes its data there. Data may be transferred from there to anywhere that an authorized user or device is logged in. For example, were a team administrator to log in from Antarctica, the data that (s)he has access to would be transferred there on request. Information necessary to share credentials or notes may be shared to any location that an authorized device is logged in and requests that information.


If you are a registered user of an Authomate website and have supplied your email address, Authomate may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with Authomate and our products. We expect to keep this type of email to a minimum. If you send us a request (for example via a support email), we reserve the right to publish it (with personal information removed) in order to help us clarify or respond to your request or to help us support other users. Authomate takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.


Cookies


A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. Authomate uses cookies to help Authomate identify and track visitors, their usage of Authomate website, and their website access preferences. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Authomate's website, with the drawback that certain features of Authomate's website will not function properly without the aid of cookies.


Privacy Policy Changes


Although most changes are likely to be minor, Authomate may change its Privacy Statement from time to time, and in Authomate's sole discretion. Authomate encourages visitors to frequently check this page for any changes to its Privacy Statement.