Our role in your privacy
Welcome to IndyKite Inc.
IndyKite Inc. (“us”, “we”, or “our”) operates and provides authentication and authorization solutions, by providing its Subscribers with access to Indykite’s identity platform, tools, documentation and services, and if applicable, other support services.
This policy describes the information we collect when you use IndyKite’s websites, free or paid services, mobile applications, products, and content as well as any other interactions with us such as customer support conversations, user surveys, interviews, etc. (Collectively, “Services”). It also provides information about how we store, transfer, use, and delete your personal information, and what choices you have with respect to the information.
Depending on the context, “you” means End customer, End User, Representative or Visitor:
Please note that this policy applies where we are acting as a data Controller with respect to the personal data of our users; in other words, where we determine the purposes and means of the processing of that personal data. When are service providers to our business customers and act on behalf and at the director of our business customers, we are considered processors.
You are responsible for the following:
How we collect and use your data
At IndyKite, we are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users and does not rely on the widespread collection of personal data from our users. We will only collect and process information that we need to deliver the service to you and to continue to maintain and develop the service. We also collect public information about your company for our commercial purposes.
IndyKite may collect, store and process various kinds of data, with different legal grounds, as listed below. For the categories of data that require your consent, we will actively ask you for consent before collecting any data and also provide a mechanism to revoke consent.The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item.
We may collect information including but not limited to, business contact information (company name, e-mail, phone, business address), personal contact information of the admin (first and last name, e-mail, phone) from our End Customers. If the user chooses to sign up with an external authentication service, e.g. Google Sign-In, we will fetch and store the email address, name and profile image URL from this service.
Legal basis: We may use this information to operate our website, provide services as per our agreement with you, ensure security, maintain backups, and communicate with you in accordance with GDPR art. 6 (1) item b.
We may also collect information that your browser sends whenever you use our Service or when you access the Service including through a mobile device (“Usage data”).This Usage data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Legal basis: We process this information based on our legitimate interests, under GDPR art. 6 (1) item f, to ensure proper administration, analyze website usage, improve user experience, prevent abuse, and assist users with support inquiries. When necessary to assist you with your support inquiries, we may also process the data on the basis that it is necessary to perform the contract we entered into with you, at your request cf. GDPR art. 6 (1) item b. For security purposes, we process data based on our legal obligations under GDPR art. 6(1) item c.
We may use contact details such as name, email, phone number, company information, etc to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You will always find a link to unsubscribe from our product and marketing e-mails at the bottom of each e-mail.
Legal basis: We process your personal information based on our legitimate interest to help you utilize your subscription plan, provide useful content, inform you about product features, and offer promotions in accordance with GDPR art. 6 (1) item f. If we are required by law to collect your consent for such processing, we will obtain it beforehand.
We may use your data for purposes, such as performing data analysis, conducting audits, creating new products and services, identifying patterns in usage, evaluating the success of our promotional campaigns, and managing and growing our business operations. The data we may process for this purpose include your contact information such as name, email, title, phone number, the company you work for, incl. their domain, address and country, how you are using our products and services and purchase history,
Legal basis: We process your information based on our legitimate interest to improve our products and services in accordance with GDPR art. 6 (1) item f, your consent in accordance with GDPR art. 6 (1) item a and to perform our contract with you in accordance with GDPR art. 6 (1) item b.
We may also collect public information about your company. This may include information you make available through a public LinkedIn profile. We use this information to assess if we should contact your company. If you are an appropriate point of contact for your company we may seek additional public contact information through LinkedIn or other publicly available sources. Similar information may also be used for learning more about our job applicants where this is necessary to make decisions about their candidancy.
Legal basis: Our legal basis for processing professional information is our legitimate interest to initiate, maintain, or build a contractual relationship in accordance with Art 6(1) item f of GDPR.
(e)Tracking & Cookies Data
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Retention of data
We will also retain Usage data for internal analysis purposes. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
International Transfer of data
Disclosure of information to others
We may disclose personal information that we collect, or you provide, to third parties in certain circumstances, including (1) with your consent; (2) to a service provider, third party or partner who meets our data protection standards; (3) with academic or non-profit researchers, with aggregation, anonymisation; (4) when it is required by law, such as pursuant to a subpoena or other legal proceedings; (5) to protect the vital interest of others, when we have strong reasons to believe that doing so will prevent harm to someone or illegal activities.
Our categories of service providers, third parties and partners are
Under certain circumstances, we may be required to disclose your personal data if required by law or in response to valid requests by public authorities
We may transfer personal information to hosting, infrastructure, and storage providers for storage and processing purposes. These providers are carefully selected and bound to maintain the confidentiality and security of your personal information. We ensure that they comply with applicable privacy and security regulations and have appropriate safeguards in place.
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors) and debt collectors for recovering any unpaid invoices
We may use third-party Service Providers to automate the development process of our Service.
We may use third parties to monitor and analyse how our service is used.
We may use customer support tools to streamline complaints, queries, and requests, and respond to them in a timely manner.
For potential recruits, we may share your personal information to Applicant tracking systems and recruiting software providers, recruiting agencies, background check companies, talent acquisition and administration providers and other organization that process data on our behalf to help manage our recruitment process.
While our internal communication providers are primarily used to facilitate collaboration among our team members, we recognize that personal data may be shared in the course of this collaboration. They are prohibited from using or disclosing this information and we have measures in place to monitor the use of our communication systems to prevent any unauthorized access to personal information
If a corporate transaction occurs, we will notify you of any changes to control of your personal information and choices you may have.
We may disclose your information also:
Security of data
As a provider specialising in Identity and Access Management, we recognise the importance of safeguarding the security of our systems and the information we collect. We have physical, electronic and organisational procedures in place to maintain our security posture. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. is guaranteed to be 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
If you believe your security has been breached please contact us immediately on firstname.lastname@example.org. In the event you become aware of any vulnerabilities in our systems, familiarise yourself with our Vulnerability Disclosure Policy and write to us on email@example.com without delay.
Your data Protection Rights Under General data Protection Regulation (GDPR)
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please email us at firstname.lastname@example.org
In certain circumstances, you have the following data protection rights:
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Your data Protection Rights under the California Privacy Protection Act (CalOPPA)
According to CalOPPA we agree to the following:
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Your Data Protection Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: email@example.com
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
Our Services are not intended for use by children under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.