Privacy Policy

Asgardeo takes Your privacy seriously. This privacy policy explains what information we collect when You visit https://wso2.com/asgardeo , https://console.asgardeo.io/ or https://myaccount.asgardeo.io/ and how we treat that information. Asgardeo is owned by WSO2, Inc. (“WSO2”) and whenever the terms “we” “us” or “our” appear in this policy, we’re talking about WSO2 and its subsidiary companies. When we use “You” and “Your” in this policy, we mean the person or entity visiting our site or using the services on it.

WHAT INFORMATION DO WE COLLECT?

INFORMATION COLLECTED AUTOMATICALLY

  • When You are browsing through Asgardeo, there is some generic information that we can see automatically, even without a user registration. This includes your I.P. address, your browser type, device info, the time and frequency you access our site, and the URL you came from.
  • This type of generic information won’t reveal your identity as a visitor but is still useful to us to analyse the user regions, frequently visited portions of our site and develop device specific improvements.
  • When You use Asgardeo to create and run applications, we store data such as application logs. We also aggregate non-personally identifiable information about how You use Asgardeo. This information is important to us to analyse the ways in which Asgardeo is used to develop applications, to understand what users’ needs are and to make our service better suited to those needs. Such usage data never identifies You personally.

INFORMATION YOU PROVIDE

  • When you register on Asgardeo, pay for our services or register for an event, newsletter or activity on our site, we ask that You give us all or some of the following information about Yourself:
    • E-mail address
    • Your payment details (if You are paying for a service)
  • Some of the services on Asgardeo, may make it mandatory that You provide some personal details. This is because we won’t be able to process Your payments or provide You with certain services without them. You’re completely free to opt out of this, but that means that You may not be able to fully access those services.
  • When privileged actions like user addition, unlocking a user, assigning a role to a user are performed they are logged for audit purposes.

INFORMATION WE GET FROM THIRD PARTIES ABOUT YOU

We may obtain information from other sources and combine that with information we collect through our services. For example if You create or log into Your account through one of our integration partners (such as Google or Github), we will have access to basic information from that sign-on service, such as Your email and account information.

When You create applications using Asgardeo, You may choose to integrate with various third party services (like messaging services, email or calendar services). In those scenarios, Asgardeo’s access to the third party service will be limited to performing the functions that You specify. Asgardeo doesn’t store any data that resides on these third party services nor does it access that data in any way outside of Your instructions. Asgardeo’s use of information received from Google APIs will adhere to the Google API Services User Data Policy.

If you visit our site in order to apply for particular careers vacancy or to get notifications of any future careers updates, then you may also be asked to upload your resume or curriculum vitae.

We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times, and referring website addresses.

WHY DO WE COLLECT YOUR INFORMATION?

We use the data we collect to,

  • Confirm Identity. To confirm there is a unique identity behind the requests. Email address is used to confirm there is a contactable identity related to the actions you perform and uniquely identify those.
  • Provide the services you ask for. For instance, your country is used to identify the jurisdiction you belong to so that we can handle your data, and provide services adhering to applicable laws. If You need support, we use Your contact details to get in touch with You. If You want to pay for a service, we use Your payment details to process that payment.
  • To improve and customize your content. We try to provide a focused user experience, based on the familiarity level of the user with Asgardeo and the use cases they try to implement. For example if you are a first time user, you will be taken to a quick start guide. Also your name details will be used in all the email communications and within Asgardeo to refer to the identity. We may check on what You have clicked on and what kind of activities or scenarios You run on Asgardeo, to find out what is most commonly used, and in what ways you use our services. We use this feedback to make our service better.
  • Analyse how Asgardeo is being used. We rely on analytics of your browser based activity and applications to improve the performance of our platform. Among examples: we use analytics to evaluate design decisions, find bugs in the systems, and recommend actions and features to users. These are collected in an anonymous manner.
  • To Update you on our services. If there are updates to your service, important information you need to know, or if we think You would be interested in our technology and what we’re doing with it, we’ll get in touch with You using Your contact details. If the registration is done using a third party, we retrieve the same mandatory details from them and store them on our server. This information will then be used for the same purposes as detailed above. Any other optional parameters provided by you will also be stored and used as per the use case configuration of the applications, in compliance with the provided consent. You can unsubscribe from our marketing emails at any time by either clicking on the unsubscribe link at the bottom of the email or by contacting us on the Asgardeo user portal. However, You may still receive important information about Your service, security or payments.

WHO IS YOUR INFORMATION SHARED WITH?

We don’t sell Your information to anyone.

We do share Your information within the WSO2 group, because our affiliate entities also help provide our services. WSO2 Inc is located in the United States of America. Our affiliates are WSO2 (UK) Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), WSO2 Brasil Tecnologia E Software Ltda (located in Brazil), WSO2 Germany GmbH ( located in Germany) and WSO2 Australia Pty Limited ( located in Australia) and other entities we may add on our Contact Us page from time to time.

Data transferred from the European Union to the United Kingdom is on the basis of an adequacy decision issued by the EU commission with regards to data transferred to the United Kingdom. Data transferred from the European Union and United Kingdom to other affiliate entities located around the world is transferred on the basis of Data Transfer Agreements containing Standard Contractual Clauses set out by the European Commission and the United Kingdom. These clauses guarantee certain levels of physical, administrative and technical safeguards of Your data.

WSO2 has also certified to the US Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. However we do not currently rely on the Privacy Shield program for our cross border data transfers, in line with EU regulations.

We may share data with verified technology partners who provide additional services that enhance our services. Your information may also be visible to our service providers who help us run our platform and provide certain services, such as our customer support platform, marketing, analytics and CRM tools. They are only authorized to use information that is strictly relevant for them to perform their tasks, and we make sure that they are under obligations of confidentiality and security to us so that Your data is secure. Our hosting provider is Microsoft Azure. To see more details on how MS Azure protects Your privacy visit https://azure.microsoft.com/en-us/support/legal/. If You use our paid services, we also use a third party payment card processor. We don’t actually see any of Your payment card information and this goes directly to Your payment card processor.

We may also release Your information when we believe release is appropriate to comply with the law, enforce our privacy policy or protect ours or others’ rights, property or safety.

HOW DO WE PROCESS YOUR DATA?

We will only collect and process personal data about You where we have lawful bases. Lawful bases include consent (where You have given consent on one of our forms), contract (where processing is necessary for the performance of a contract with You) and legitimate interests (such as to protect You, us, or others from security threats, comply with laws that apply to us and to administer our business through consolidated reporting, or marketing our services etc.) See the “WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?” section below if You wish to withdraw Your consent or object to any processing of Your personal data.

IS YOUR DATA SECURE?

We implement industry standard security safeguards designed to protect Your data. We encrypt all data at rest (including credentials/tokens to external systems). All our data transfers are done securely through encrypted channels using Transport Layer Security (TLS) technology. We regularly monitor our systems for possible vulnerabilities and attacks and conduct testing. However, we cannot warrant the security of any information that You send us. There is no complete guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative safeguards.

WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?

We store the information we collect about You for as long as is necessary for the purpose(s) for which we originally collected it. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using an industry standard methodology.

WSO2 acknowledges Your right to access Your data. If information pertaining to You as an individual has been submitted to us then You have the right to access, correct, or edit Your data. If You wish, we can provide all the personal information on our records to You or to someone You nominate in a portable format as well.

You can ask us to stop using all or some of Your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if Your personal data is inaccurate or unlawfully held).

You may also choose to delete Your data from our website or service at any time You choose, and unsubscribe from any Asgardeo mailing lists You are on. You can unsubscribe from our emails by clicking on the unsubscribe link which is at the bottom of every marketing email we send. You can click on Your account within the Asgardeo user portal, which will let You do certain functions like updating your profile, managing consents, managing sessions, and, adding security to Your account or You can reach out to us at [email protected] if You wish to delete Your account.

We only ever retain Your personal data after You have ceased using our services, or sent us a request to unsubscribe or delete Your data if it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill Your request to “unsubscribe” from further messages from us.

THIRD PARTY OFFERINGS AND SERVICES

When You choose to integrate certain functionalities with sites or applications outside of WSO2, you are bound by the terms of the particular site or application.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.

By using our website and services, You consent to our Privacy Policy and any revisions thereto. If You do not agree with our privacy policy or any changes we make to it, You may delete Your profile.

CONTACT US

For further information about our privacy policy or any concerns or complaints, please contact our Data Protection Officer at [email protected] or for Asgardeo specific requests email [email protected].

For EU/EEA/UK residents:

If You are located within the European Union, the United Kingdom or the European Economic Area, WSO2 (UK) Limited will be the controller of Your personal data provided to, or collected by or for, or processed in connection with our services, unless specified otherwise in writing by us. If You have any issues with regard to Your data security on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country. Within the UK, this is the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Please do email our data protection officer at [email protected] if You have any issues, concerns or questions regarding Your personal data and we are happy to help.

For California residents:

California residents may view WSO2's California-specific privacy policy at https://wso2.com/california-privacy.

Effective October 7, 2021