Our role in your privacy
Welcome to IndyKite Inc.
IndyKite Inc. (“us”, “we”, or “our”) operates and provides authentication and authorization solutions, by providing its Subscribers with access to Indykite’s identity platform, tools, documentation and services, and if applicable, other support services.
This policy describes the information we collect when you use IndyKite’s websites, free or paid services, mobile applications, products, and content as well as any other interactions with us such as customer support conversations, user surveys, interviews, etc. (Collectively, “Services”). It also provides information about how we store, transfer, use, and delete your personal information, and what choices you have with respect to the information.
Depending on the context, “you” means End customer, End User, Representative or Visitor:
- when you directly use our Services for your personal use (such as when you sign up via our business customers in your personal capacity), we refer to you as an End User
- when you do business with, or otherwise transact with us in your capacity as a commercial entity, we refer to you as an End Customer
- when we have a commercial relationship with you where you act as a technology partner, reseller, etc, we refer to you as a “Representative”
- when you visit one of our websites without being logged into IndyKite account or otherwise communicating with us, we refer to you as “Visitor”
Please note that this policy applies where we are acting as a data Controller with respect to the personal data of our users; in other words, where we determine the purposes and means of the processing of that personal data. When are service providers to our business customers and act on behalf and at the director of our business customers, we are considered processors.
You are responsible for the following:
- If you are a customer with us, please also check other agreements between us (such as Subscription Agreement, Order form, etc)
How we collect and use your data
At IndyKite, we are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users and does not rely on the widespread collection of personal data from our users. We will only collect and process information that we need to deliver the service to you and to continue to maintain and develop the service. We also collect public information about your company for our commercial purposes.
IndyKite may collect, store and process various kinds of data, with different legal grounds, as listed below. For the categories of data that require your consent, we will actively ask you for consent before collecting any data and also provide a mechanism to revoke consent.The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item.
User Account Information:
We may collect information including but not limited to, business contact information (company name, e-mail, phone, business address), personal contact information of the admin (first and last name, e-mail, phone) from our End Customers. If the user chooses to sign up with an external authentication service, e.g. Google Sign-In, we will fetch and store the email address, name and profile image URL from this service.
Legal basis: We may use this information to operate our website, provide services as per our agreement with you, ensure security, maintain backups, and communicate with you in accordance with GDPR art. 6 (1) item b.
We may also collect information that your browser sends whenever you use our Service or when you access the Service including through a mobile device (“Usage data”).This Usage data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Legal basis: We process this information based on our legitimate interests, under GDPR art. 6 (1) item f, to ensure proper administration, analyze website usage, improve user experience, prevent abuse, and assist users with support inquiries. When necessary to assist you with your support inquiries, we may also process the data on the basis that it is necessary to perform the contract we entered into with you, at your request cf. GDPR art. 6 (1) item b. For security purposes, we process data based on our legal obligations under GDPR art. 6(1) item c.
Product & Marketing communication.
We may use contact details such as name, email, phone number, company information, etc to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You will always find a link to unsubscribe from our product and marketing e-mails at the bottom of each e-mail.
Legal basis: We process your personal information based on our legitimate interest to help you utilize your subscription plan, provide useful content, inform you about product features, and offer promotions in accordance with GDPR art. 6 (1) item f. If we are required by law to collect your consent for such processing, we will obtain it beforehand.
Business and Product Development
We may use your data for purposes, such as performing data analysis, conducting audits, creating new products and services, identifying patterns in usage, evaluating the success of our promotional campaigns, and managing and growing our business operations. The data we may process for this purpose include your contact information such as name, email, title, phone number, the company you work for, incl. their domain, address and country, how you are using our products and services and purchase history,
Legal basis: We process your information based on our legitimate interest to improve our products and services in accordance with GDPR art. 6 (1) item f, your consent in accordance with GDPR art. 6 (1) item a and to perform our contract with you in accordance with GDPR art. 6 (1) item b.
Public professional information
We may also collect public information about your company. This may include information you make available through a public LinkedIn profile. We use this information to assess if we should contact your company. If you are an appropriate point of contact for your company we may seek additional public contact information through LinkedIn or other publicly available sources. Similar information may also be used for learning more about our job applicants where this is necessary to make decisions about their candidancy.
Legal basis: Our legal basis for processing professional information is our legitimate interest to initiate, maintain, or build a contractual relationship in accordance with Art 6(1) item f of GDPR.
(e)Tracking & Cookies Data
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies: We use Session Cookies to operate our Service.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
- Security Cookies: We use Security Cookies for security purposes.
- Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.
Retention of data
We will also retain Usage data for internal analysis purposes. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
International Transfer of data
Disclosure of information to others
We may disclose personal information that we collect, or you provide, to third parties in certain circumstances, including (1) with your consent; (2) to a service provider, third party or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymisation; (4) when it is required by law, such as pursuant to a subpoena or other legal proceedings; (5) to protect the vital interest of others, when we have strong reasons to believe that doing so will prevent harm to someone or illegal activities.
Our categories of service providers, third parties and partners are
- Disclosure for Law Enforcement
Under certain circumstances, we may be required to disclose your personal data if required by law or in response to valid requests by public authorities
- Hosting, infrastructure or storage providers
We may transfer personal information to hosting, infrastructure, and storage providers for storage and processing purposes. These providers are carefully selected and bound to maintain the confidentiality and security of your personal information. We ensure that they comply with applicable privacy and security regulations and have appropriate safeguards in place.
- Payment processors, including debt collecting agencies
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors) and debt collectors for recovering any unpaid invoices
- CI/CD tools
We may use third-party Service Providers to automate the development process of our Service.
- Analysis tool providers
We may use third parties to monitor and analyse how our service is used.
- Customer support tool providers
We may use customer support tools to streamline complaints, queries, and requests, and respond to them in a timely manner.
- Recruiting tool providers
For potential recruits, we may share your personal information to Applicant tracking systems and recruiting software providers, recruiting agencies, background check companies, talent acquisition and administration providers and other organization that process data on our behalf to help manage our recruitment process.
- Internal communication tool providers
While our internal communication providers are primarily used to facilitate collaboration among our team members, we recognize that personal data may be shared in the course of this collaboration. They are prohibited from using or disclosing this information and we have measures in place to monitor the use of our communication systems to prevent any unauthorized access to personal information
- Business Transaction
If a corporate transaction occurs, we will notify you of any changes to control of your personal information and choices you may have.
- Other cases.
We may disclose your information also:
- to contractors, professional advisors, investors, service providers, and other third parties we use to support our business;
- for any other purpose disclosed by us when you provide the information;
- with your consent in any other cases;
Security of data
As a provider specialising in Identity and Access Management, we recognise the importance of safeguarding the security of our systems and the information we collect. We have physical, electronic and organisational procedures in place to maintain our security posture. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. is guaranteed to be 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
If you believe your security has been breached please contact us immediately on firstname.lastname@example.org. In the event you become aware of any vulnerabilities in our systems, familiarise yourself with our Vulnerability Disclosure Policy and write to us on email@example.com without delay.
Your data Protection Rights Under General data Protection Regulation (GDPR)
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please email us at firstname.lastname@example.org
In certain circumstances, you have the following data protection rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your personal data;
- the right of restriction. You have the right to request that we restrict the processing of your personal information;
- the right to data portability. You have the right to be provided with a copy of your personal data in a structured, machine-readable and commonly used format;
- the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Your data Protection Rights under the California Privacy Protection Act (CalOPPA)
According to CalOPPA we agree to the following:
- users can visit our site anonymously;
- users are able to change their personal information by emailing us at email@example.com
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Your Data Protection Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
- What personal information we have about you. If you make this request, we will return to you:
- The categories of personal information we have collected about you.
- The categories of sources from which we collect your personal information.
- The business or commercial purpose for collecting or selling your personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information we have collected about you.
- A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
- A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
- To delete your personal information.
If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
- To stop selling your personal information.
We do not sell your personal information for monetary consideration. However, under some circumstances, a transfer of personal information to a third party, or within our family of companies, without monetary consideration may be considered a “sale” under California law.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: firstname.lastname@example.org
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
Our Services are not intended for use by children under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.