At WSO2, we recognize that privacy is important. This privacy policy applies to the site, online services offered by WSO2, and services offered by WSO2 at https://wso2.com and any other site to which a link to these terms may appear. We’ve set out below the details of how we collect, use, share, and secure the personal information you provide. “You” or “Your” means the person visiting the WSO2 site or using any services on it. “We” “us” and “our” means WSO2 LLC.
California residents may view WSO2's California-specific privacy policy https://wso2.com/california-privacy.
We collect information from our customers, partners and other visitors to our site that use our services. The information we collect from You may be used in one of the following ways:
We do not sell, trade or otherwise share your information with unrelated outside parties.
However, we may share your information with:
We may also disclose your personal information:
WSO2 operates globally, with businesses both inside and outside of the European Economic Area ("EEA") and the UK. We may transfer Your Personal Data to countries other than the one in which You live, including transfers to the United States and other countries where we or our affiliates, subsidiaries or service providers (among others) maintain facilities. We maintain regional data centres in the USA. Additionally, third-party service providers who handle data on our behalf may be based in locations around the world. For these reasons, Your personal information may be transferred to other countries both inside and outside of the UK and the EEA. As privacy laws in other countries may not be equivalent to those in Your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws, we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in Your home country.
Where we transfer Your personal information to countries and territories outside of Europe and the UK which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” and “adequacy regulations” from the European Commission and UK authorities. Where the transfer is not subject to an adequacy decision, we take appropriate safeguards to ensure that Your personal information will remain protected in accordance with applicable laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) GDPR for transfers originating in the EU and the UK Addendum under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.
WSO2 complies with the EU-U.S. Data Privacy Framework (“DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. WSO2 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and the United Kingdom in reliance on the the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
WO2’s accountability for personal information it receives under the EU-U.S DPF and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party is described in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Principles. In particular, WSO2 remains responsible and liable under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Principles if third-party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the Principles, unless WSO2 proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, WSO2 commits to resolve DPF Principles-related complaints about our collection and use of Your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact us as specified in the Dispute Resolution Mechanism section.
Pursuant to the DPF Program, EU and UK individuals have the right to exercise their rights under the GDPR and the UK GDPR in accordance with the section “Your Rights to Your Data and How to Manage Your Preferences”.
We may also release Your information when we believe release is necessary to comply with the law subject to our (Governmental and law enforcement Data Access Policy), enforce our privacy policy or protect our or others’ rights, property, or safety.
If we intend to use your personal data for a purpose different from what it was originally collected or authorized for, or if we plan to disclose it to an unaffiliated third party in a way not covered by this Privacy Policy, we will provide you with the option to opt-out of such use or disclosure.
We do not require You to provide us with any sensitive personal data for the purposes detailed in “Why Do We Collect Your Information?”. However, if You voluntarily provide us with any sensitive personal data such as where ethnicity has been included by You in Your job application or resume then we will only use or disclose this data for its original purpose or as authorized by You. Any other use or disclosure will require your explicit and affirmative consent.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and legitimate interests (such as to protect you, us, or others from security threats, comply with laws that apply to us and to enable or administer our business through consolidated reporting, customer service, etc.)
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. See the “Your Rights to Your Data and How to Manage Your Preferences ” section below if You wish to withdraw Your consent or object to any processing of Your personal data.
We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
We may retain Your information for a period of time consistent with the original purpose of collection. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using industry-standard methodology.
WSO2 acknowledges Your right to:
We may retain Your personal data even after You have ceased using our services, requested to unsubscribe or delete Your data only if it is reasonably necessary to comply with our legal obligations as explained in the section “Cross Border Data Transfers” maintain security, prevent fraud and abuse, or fulfil Your request to "unsubscribe" from further messages from us.
At our discretion, we may include or offer third-party products or services on our site. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. We encourage You to review the privacy statements of those websites to understand how Your data is secured by them. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
This privacy policy applies only to information collected through our website and not to information collected offline. Please also visit our Terms of Use section relating to use, disclaimers, indemnities, and limitations of liability governing the use of our site and services at https://www.wso2.com/terms-of-use.
We reserve the right to amend this privacy policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.
By using our site, You consent to our privacy policy and any revisions thereto. If You do not agree with our privacy policy or any changes we make to it, You may delete Your profile.
In compliance with the DPF Principles, we commit to resolving complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our DPF policy should first reach out to us using the information in the “Information About Data Controllers, Processors and How to Contact Us” section below.
WSO2 has committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain conditions, more fully described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Within the USA, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In relation to this website, the Controller of Your data is WSO2 LLC, USA. However, where we provide products or services that we have indicated are subject to their own terms, we may only be a Processor of Your data with regard to such products or services.
If You are located within the European Union or the European Economic Area, WSO2 Germany GmbH, based in Germany, is the EU representative of WSO2 LLC. You may contact our Data Protection Officer by submitting the form “ Send Request” or by post at: WSO2 Germany GmbH, Maximiliansplatz 22, c/o Bird & Bird LLP, 80333 Munich. If You are located in the United Kingdom, WSO2 (UK) Limited based in the UK will be the representation of WSO2 LLC. You may contact our Data Protection Officer by submitting the form “ Send Request” or by post at: WSO2 (UK) Limited, Appledram barns, Birdham Road, Chichester, West Sussex, UK, PO20 7EQ.
If You have any issues with regard to Your data on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country.
Updated, January 9, 2025
Send Request
Submit a data privacy protection request