IndyKite Privacy Policy

Effective date: 21st Jan, 2025

Our role in your privacy

Welcome to IndyKite Inc.

IndyKite Inc. (“us”, “we”, or “our”) operates and provides a data platform that allows its Subscribers to mobilize their data by providing its Subscribers with access to Indykite’s identity platform, tools, documentation and services, and if applicable, other support services. 

This policy describes the information we collect when you use IndyKite’s websites, free or paid services, mobile applications, products, and content as well as any other interactions with us such as customer support conversations, user surveys, interviews, etc. (Collectively, “Services”). It also provides information about how we store, transfer, use, and delete your personal information, and what choices you have with respect to the information.

Depending on the context, “you” means End customer, End User, Representative or Visitor:

  • when you directly use our Services for your personal use (such as when you sign up via our business customers in your personal capacity), we refer to you as an End User
  • when you do business with, or otherwise transact with us in your capacity as a commercial entity, we refer to you as an End Customer
  • when we have a commercial relationship with you where you act as a technology partner, reseller, etc, we refer to you as a “Representative”
  • when you visit one of our websites without being logged into IndyKite account or otherwise communicating with us, we refer to you as “Visitor”

Our responsibilities 

Please note that this policy applies where we are acting as a data Controller with respect to the personal data of our users; in other words, where we determine the purposes and means of the processing of that personal data. When are service providers to our business customers and act on behalf and at the director of our business customers, we are considered processors. 

We may use your data to provide and improve Service. By using Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Subscription Agreement found here. 

Your responsibilities

You are responsible for the following: 

  • Read and understand this Privacy Policy
  • If you are a customer with us, please also check other agreements between us (such as Subscription Agreement, Order form, etc)
  • If you provide us with personal information about other people, or others give us your information, we will only use that information for specific reasons for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process on your behalf in accordance with this Privacy Policy

How we collect and use your data

At IndyKite, we are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users and does not rely on the widespread collection of personal data from our users. We will only collect and process information that we need to deliver the service to you and to continue to maintain and develop the service. We also collect public information about your company for our commercial purposes.

IndyKite may collect, store and process various kinds of data, with different legal grounds, as listed below. For the categories of data that require your consent, we will actively ask you for consent before collecting any data and also provide a mechanism to revoke consent.The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item. 

User Account Information: 

We may collect information including but not limited to, business contact information (company name, e-mail, business address), personal contact information of the admin (first and last name and e-mail) from our End Customers. If the user chooses to sign up with an external authentication service, e.g. Google Sign-In, we may fetch and store the email address and name  from this service.

Legal basis: We may use this information to operate our website, provide services as per our agreement with you, ensure security, maintain backups, and communicate with you in accordance with GDPR art. 6 (1) item b.

Usage Data

We may also collect information that your browser sends whenever you use our Service or when you access the Service including through a mobile device (“Usage data”).This Usage data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Legal basis: We process this information based on our legitimate interests, under GDPR art. 6 (1) item f, to ensure proper administration, analyze website usage, improve user experience, prevent abuse, and assist users with support inquiries. When necessary to assist you with your support inquiries, we may also process the data on the basis that it is necessary to perform the contract we entered into with you, at your request cf. GDPR art. 6 (1) item b. For security purposes, we process data based on our legal obligations under GDPR art. 6(1) item c. 

Product & Marketing communication.

We may use contact details such as name, email, phone number,  company information, etc to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You will always find a link to unsubscribe from our product and marketing e-mails at the bottom of each e-mail.

Legal basis: We process your personal information based on our legitimate interest to help you utilize your subscription plan, provide useful content, inform you about product features, and offer promotions in accordance with GDPR art. 6 (1) item f.  If we are required by law to collect your consent for such processing, we will obtain it beforehand.

Business and Product Development

We may use your data for purposes, such as performing data analysis, conducting audits, creating new products and services, identifying patterns in usage, evaluating the success of our promotional campaigns, and managing and growing our business operations. The data we may process for this purpose include your contact information such as name, email, title, phone number, the company you work for, incl. their domain, address and country, how you are using our products and services and purchase history, 

Legal basis: We process your information based on our legitimate interest to improve our products and services in accordance with GDPR art. 6 (1) item f, your consent in accordance with GDPR art.  6 (1) item a and to perform our contract with you in accordance with GDPR art. 6 (1) item b. 

Public professional information 

We may also collect public information about your company. This may include information you make available through a public LinkedIn profile. We use this information to assess if we should contact your company. If you are an appropriate point of contact for your company we may seek additional public contact information through LinkedIn or other publicly available sources. Similar information may also be used for learning more about our job applicants where this is necessary to make decisions about their candidancy. 

Legal basis: Our legal basis for processing professional information is our legitimate interest to initiate, maintain, or build a contractual relationship in accordance with Art 6(1) item f of GDPR. 

(e)Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes. 
  • Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

 

Retention of data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal Agreements and policies.

We will also retain Usage data for internal analysis purposes. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

 

International Transfer of data

Our current hosting facilities are located in the EU and US. Please note that in certain circumstances, your information, including personal data, may be transferred to countries outside the European Union (EU) or European Economic Area (EEA) where the data protection laws may differ. We are subject to the provisions of GDPR and IndyKite Inc. will take all the steps reasonably necessary to ensure that any transfer of your data to third countries occur only when appropriate safeguards are in place, providing a level of protection for your data that is equivalent to the standards required by the GDPR. We may transfer personal data to countries that the European Commission have approved as providing an adequate level of protection by using Standard Contractual Clauses (SCC) or certification mechanisms approved by the European Commission which afford personal data the same level of protection as is has in Europe. If none of these safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

Disclosure of information to others 

We may disclose personal information that we collect, or you provide, to third parties in certain circumstances, including (1) with your consent; (2) to a service provider, third party or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymisation; (4) when it is required by law, such as pursuant to a subpoena or other legal proceedings; (5) to protect the vital interest of others, when we have strong reasons to believe that doing so will prevent harm to someone or illegal activities. 

Our categories of service providers, third parties and partners are

  1. Disclosure for Law Enforcement
    Under certain circumstances, we may be required to disclose your personal data if required by law or in response to valid requests by public authorities
  1. Hosting, infrastructure or storage providers
    We may transfer personal information to hosting, infrastructure, and storage providers for storage and processing purposes. These providers are carefully selected and bound to maintain the confidentiality and security of your personal information. We ensure that they comply with applicable privacy and security regulations and have appropriate safeguards in place. 
  1. Payment processors, including debt collecting agencies
    We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors) and debt collectors for recovering any unpaid invoices
  1. CI/CD tools
    We may use third-party Service Providers to automate the development process of our Service.
  1. Analysis tool providers
    We may use third parties to monitor and analyse how our service is used.
  1. Customer support tool providers
    We may use customer support tools to streamline complaints, queries, and requests, and respond to them in a timely manner.
  1. Recruiting tool providers
    For potential recruits, we may share your personal information to Applicant tracking systems and recruiting software providers, recruiting agencies, background check companies, talent acquisition and administration providers and other organization that process data on our behalf to help manage our recruitment process.
  1. Internal communication tool providers
    While our internal communication providers are primarily used to facilitate collaboration among our team members, we recognize that personal data may be shared in the course of this collaboration. They are prohibited from using or disclosing this information and we have measures in place to monitor the use of our communication systems to prevent any unauthorized access to personal information
  1. Business Transaction
    We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. If we or our subsidiaries are involved in a merger, acquisition, reorganization or asset sale, your personal data may be transferred or become subject to a different privacy policy. 
    If a corporate transaction occurs, we will notify you of any changes to control of your personal information and choices you may have.
  1. Other cases.
    We may disclose your information also:

    - to contractors, professional advisors, investors, service providers, and other third parties we use to support our business;

    - for any other purpose disclosed by us when you provide the information;

    - with your consent in any other cases;

Security of data

As a provider specialising in Identity and Access Management, we recognise the importance of safeguarding the security of our systems and the information we collect. We have physical, electronic and organisational procedures in place to maintain our security posture. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. is guaranteed to be 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

If you believe your security has been breached please contact us immediately on security@indykite.com. In the event you become aware of any vulnerabilities in our systems, familiarise yourself with our Vulnerability Disclosure Policy and write to us on responsible-disclosure@indykite.com without delay. 

 

Your data Protection Rights Under General data Protection Regulation (GDPR)

If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj 

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.

If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please email us at legal@indykite.com

In certain circumstances, you have the following data protection rights:

  • the right to access, update or to delete the information we have on you;
  • the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
  • the right to object. You have the right to object to our processing of your personal data;
  • the right of restriction. You have the right to request that we restrict the processing of your personal information;
  • the right to data portability. You have the right to be provided with a copy of your personal data in a structured, machine-readable and commonly used format;
  • the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information; 

Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.

You have the right to complain to a data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Your data Protection Rights under the California Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/ 

According to CalOPPA we agree to the following:

  1. users can visit our site anonymously; 
  1. our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
  1. users will be notified of any privacy policy changes on our Privacy Policy Page; 
  1. users are able to change their personal information by emailing us at legal@indykite.com

Our Policy on “Do Not Track” Signals:

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. 

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

 

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

 

  1. What personal information we have about you. If you make this request, we will return to you:

    - The categories of personal information we have collected about you.

    - The categories of sources from which we collect your personal information.

    - The business or commercial purpose for collecting or selling your personal information.

    - The categories of third parties with whom we share personal information.

    - The specific pieces of personal information we have collected about you.

    - A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.

    - A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.

    Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.

 

  1. To delete your personal information.
    If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate. 

 

  1. To stop selling your personal information.
    We do not sell your personal information for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a “sale” under California law.

    Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.

    To exercise your California data protection rights described above, please send your request(s) by one of the following means:

    By email: legal@indykite.com

 

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020. 

  

Children's Privacy

Our Services are not intended for use by children under the age of 13 (“Children”). 

We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.

Data Privacy Framework

IndyKite complies with the EU-US. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S Department of Commerce. IndyKite has certified to the U.S Department of Commerce that it adheres to the EU.US. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website at https://www.dataprivacyframework.gov/

The Federal Trade Commission has jurisdiction over IndyKite’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In compliance with the EU-U.S DPF, IndyKite commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.

EU individuals also have the possibility, under certain conditions, to invoke binding arbitration for complaints regardingIndyKite’s compliance with the Data Privacy Framework Principles, which have not been resolved by any of the other Data Privacy Framework mechanisms. You can find additional information here: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

As explained above IndyKite sometimes provides personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy. 

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

 

Contact Us

If you have any questions about this Privacy Policy,you can get in touch with our privacy team via legal@indykite.com.

Close Cookie Popup
Cookie Settings
This site uses cookies to offer you a better browsing experience. Find out more on how we use cookies.
Accept all
Decline all
Customize
Made by Flinch 77
Cookies Preferences
Close Cookie Preference Manager
Cookie Settings
This site uses cookies to offer you a better browsing experience. Find out more on how we use cookies.
Functional cookies (always active)
Functional cookies enable basic website functionality and are essential to browse the Site and use its features.
Accept all cookies
Accept selected cookies
Made by Flinch 77
Oops! Something went wrong while submitting the form.