Last update: January 2, 2015
Safe Harbor Certification
In light of the international nature of our business, Auth0 complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. Auth0 has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/.
Information We Collect
We do not collect any personal information from you unless you voluntarily provide it to us.
When you sign up to use the Services, either as an individual or on behalf of a company, you may be asked to provide us with the following personal information: your first name, last name, email address, company name (if applicable), credit card, billing address, and other payment related information.
Information Collected Using Cookies
Like most web sites, we use automatic data collection technology when you visit the Site to collect information that identifies your computer. This comprises information about your operating system, your IP addresses, browser type and language, referring pages and URLs, keywords, date and time, and what sections of the Site you visit (the "Usage Information").
We collect this Usage Information by using cookies. Cookies are small packets of data that a web site stores on your computer's hard drive so that your computer will "remember" information about your visit. You can reject cookies by following the directions provided by your browser vendor or by your Internet provider's "help" file. If you reject cookies, you may still visit the Site, but may not be able to use some areas of the Site.
We also use certain cookies which are strictly necessary for the provision of the Services to customers' end users who have requested those Services (for example, so that we can identify customers' end users). Use of these cookies is essential to enable us to provide the Services requested by customers' end users.
Information Collected and Stored on Behalf of Our Customers Using the Services.
Auth0 collects and stores End User Authentication Data on behalf of its customers. Auth0 does not have any contractual relationship with its customer’s end users whose data it processes.
To the extent that such End User Authentication Data contains Personal Information which constitutes "personal data" as defined in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the "Data Protection Directive"), we (you and Auth0) hereby agree that:
- You are the controller of such personal data
- We are a processor of the customer in respect of such personal data
- We will process such personal data only in accordance with your reasonable instructions in order to provide the Services
- We shall take appropriate technical and organizational measures against unauthorized or unlawful processing of or accidental loss or destruction of, or damage to, such personal data
- You acknowledge we are reliant on you for direction as to the extent to which we are entitled to use and process such personal data, including, without limitation, to transfer such data outside the European Economic Area. Consequently, we will not be liable for any claim brought by a data subject arising from any action or omission by us, to the extent that such action or omission resulted from your instructions.
- We may authorize a third party (sub-contractor) to process such personal data provided that the sub-contractor's contract includes terms which are substantially the same as those set out in this section "Information Collected and Stored on Behalf of Our Customers Using the Services"
The customer (and not Auth0) will be responsible for providing notice to its end users about the purpose for which the End User Authentication Data is collected and stored. If you are an end user who would like to correct or delete your End User Authentication Data, please contact your application, API or service provider.
How We Use Your Information
We will use your Personal Information and Usage Information (together, “Information”) for the following purposes:
- To respond to your requests and to provide you with the Services;
- To respond to your inquiries and contact you about changes to the Site, and/or the Services;
- To send you notices (for example, in the form of e-mails, mailings, and the like) regarding products or services you are receiving, and for billing and collection purposes;
- To improve the Site and/or the Services;
- For any other purposes disclosed at the time the information is collected or to which you consent.
We may analyze your Personal Information in aggregate form which does not identify you personally. We may share this aggregate data with our parent, affiliates, agents, advertisers, manufacturers and business partners.
We, like many businesses, sometimes hire other companies to perform certain business-related functions. Examples include mailing information, maintaining databases, hosting services, and processing payments. When we employ another company to perform a function of this nature, we provide them with the information that they need to perform their specific function, which may include Personal Information.
If we or all or substantially all of our assets are acquired, we expect that the information that we have collected, including Personal Information, would be transferred along with our other business assets.
We may disclose your information to government authorities, and to other third parties when compelled to do so by government authorities, at our discretion, or otherwise as required by law, including but not limited to in response to court orders and subpoenas. We also may disclose your information when we have reason to believe that someone is or may be causing injury to or interference with our rights or property, other users of the Services, or anyone else that could be harmed by such activities.
How We Protect Your Information
Auth0 is SOC-2 compliant and will continue to be SOC 2 compliant. Auth0 conducts vulnerability scans and audits of its servers and networks at least annually.
Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Accessing and Modifying Account Information
You may update the information that is stored in your user account by logging into at auth0.com or by e-mailing us at firstname.lastname@example.org.
If you wish to stop receiving e-mails from us, please send us a message via email@example.com. You may also choose to unsubscribe from our emails by following the instructions in the bottom of the email.
Important Notice to Non-U.S. Residents
If you are located outside the United States, please be aware that the servers that store information provided to us are operated in the United States or at one of our other data centers located outside the United States, and therefore that information you provide to us may be transferred to these servers.
If you are a resident of the European Union or Switzerland, your use of the Site and/or the Services and your provision of personal data to us in any manner will be construed as consent to such transfers.
Auth0 does not transfer personal data from the European Union member countries and Switzerland to countries or territories outside the European Economic Area without ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of that personal data (for example, without confirming that the country is on the EU Commission's list of countries or territories providing such adequate protection).
Auth0 abides by the principles set forth in the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union member countries and Switzerland.
How to Contact Us