Last update: September 14, 2016

We at Auth0®, Inc. ("Auth0®," "we," "us," or "our") created this Privacy Policy ("Privacy Policy") because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection and use practices of Auth0® in connection with our online services ("Services"), which are made available to you through our website located at auth0.com (the "Site").

This Privacy Policy applies to visitors to the Site, who view only publicly-available content (the “Visitors”) and subscribers who have signed up to access and use our Services (“Subscribers”).

By visiting our Site, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service. By signing up, accessing and/or using our Services or by clicking “I Accept”, each Subscriber is agreeing to the terms of this Privacy Policy and the accompanying Terms of Service.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service

Information We Collect

When you sign up to use the Services, either as an individual or on behalf of a company, you may be asked to provide us with the following information: your first name, last name, email address, and company name (if applicable).

You may choose to sign-in using your GitHub, Google, Microsoft or any other third party identity provider account (“Third Party IdP”). By signing-in using your Third Party IdP, you are authorizing Auth0® to collect, store, and use, in accordance with this Privacy Policy, any and all information that you have authorized the Third Party IdP to provide to Auth0®. Such information may include your first and last name, unique identifier, e-mail address and picture.

We will collect billing and payment information which may include your credit card number, billing address, and other payment related information (“Billing Information”). Billing Information is collected and processed by our third-party payment processor operating as our agent (See, Onward Transfers to Third Parties). Auth0 does not directly obtain or process any Billing Information.

Information Collected Using Cookies

Like most websites, we use automatic data collection technology when you visit the Site to collect information that identifies your computer. This comprises information about your operating system, your IP addresses, browser type and language, referring pages and URLs, keywords, date and time, and what sections of the Site you visit (the "Usage Information").

We collect this Usage Information by using cookies. Cookies are small packets of data that a website stores on your computer's hard drive so that your computer will "remember" information about your visit. You can reject cookies by following the directions provided by your browser vendor or by your Internet provider's "help" file. If you reject cookies, you may still visit the Site, but may not be able to use some areas of the Site.

We use cookies on our Site (and the Usage Information collected) to help us identify you and analyze how you use our Site.

We also work with trusted third party partners which use cookies to collect Usage Information about how visitors use our Site, for example, which pages our visitors go to most often, and if they get error messages on those pages. Until you become an Auth0® subscriber, these performance cookies don't collect information that identifies you as an individual. The Usage Information gathered is only used to improve how our Site works. The trusted third parties we currently work with include the following (click on the links to view these organizations' privacy policies and find out more about what data they hold about you, what they do with it, and how to opt-out from certain data collection):

We also use one or more third-party remarketing services (including Twitter and Google AdWords) to advertise to our Visitors and Subscribers on third party websites. It could mean that we advertise to previous Visitors who haven’t completed a task on our Site, for example using the contact form to make an enquiry. These third-party remarketing service providers use cookies to serve ads based on a past visit to the Site. Any data collected by such third party remarketing service providers will be used in accordance with this Privacy Policy and the privacy policy of such third party remarketing services provider. For more information on such third party remarketing service providers, including how to opt out from certain data collection, please visit the following links:.

For Google AdWords, you can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.

For Twitter, please visit: https://support.twitter.com/articles/20171365

We also use certain cookies which are strictly necessary for the provision of the Services to customers' end users who have requested those Services (for example, so that we can identify customers' end users). Use of these cookies is essential to enable us to provide the Services requested by customers' end users.

Information Collected through the Site That IS NOT Covered by this Privacy Policy.

Registered Users may voluntarily post information using blogs and other similar features available through the Site. NONE of the information you provide using these features is protected by this Privacy Policy. THIS PRIVACY POLICY DOES NOT APPLY TO ANY INFORMATION (INCLUDING PERSONAL INFORMATION) THAT YOU PROVIDE USING BLOGS, OR OTHER SIMILAR FEATURES AVAILABLE THROUGH THE SITE. ALL SUCH INFORMATION IS PUBLIC INFORMATION AND MAY BE SEEN, COLLECTED OR USED BY ANY USER OF THE SITE. By posting such information, you consent to the transfer of such information (including any personal information) from your country of origin to the US, and you acknowledge that the EU-US Privacy Shield Framework does not apply to such information (including any personal information).

Information Collected and Stored on Behalf of Our Customers Using the Services.

As part of the Services, Auth0® collects authentication data from your end users as per your instructions (“End User Authentication Data”), and may also receive End User Authentication Data from you. End User Authentication Data may, as determined solely by Auth0® customers, include personal information regarding your end users. Auth0® processes and stores End User Authentication Data for purposes of providing the Services. Auth0® does not have any relationship, contractual or otherwise, with your end users. You, as the customer (and specifically not Auth0®) are solely responsible for providing notice to, and obtaining all consents and other assurances required under applicable law from, your end users regarding the collection, transfer, processing and storage of End User Authentication Data by Auth0® including, for any end users that are residents of the European Economic Area.

If you are an end user who would like to correct or delete your End User Authentication Data, please contact the customer, your application, API or service provider or contact us directly as set forth in the Section titled “Access to Personal Information” below.

How We Use Your Information

We will use your Personal Data and Usage Information (together, “Information”) for the following purposes:

  • To respond to your requests and to provide you with the Services;
  • To respond to your inquiries and contact you about changes to the Site, and/or the Services;
  • To send you notices (for example, in the form of e-mails, mailings, and the like) regarding products or services you are receiving, and for billing and collection purposes;
  • To improve the Site and/or the Services;
  • For any other purposes disclosed at the time the information is collected or to which you consent.

We may also use your information to improve our Site, and/or the Services, and may use cookies and other information to enable us to customize your user experience.

We may analyze your Personal Data in aggregate form which does not identify you personally. We may share this aggregate data with our parent, affiliates, agents, advertisers, manufacturers and business partners.

Onward Transfer to Third Parties

Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: mail services (hard copy and email); hosting services; database management/back-up services; monitoring services; customer support and customer relationship management services; accounting services; and payment processors. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by Auth0. You may opt out of having your personal information transferred to any or all of our categories of agents by contacting us at privacy@auth0.com. Please allow us a reasonable time to process your request.

Opt-In to Certain Onward Transfers:

We will not transfer your personal information to a third party controller without first providing you with information regarding the identity of such controller or the nature of such controller’s business, and obtaining your opt-in consent.

We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may grant such consent by contacting us at privacy@auth0.com. In each instance, please allow us a reasonable time to process your response.

Business Transfers

In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.

Disclosures to Public Authorities, Other Third Parties

We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Opt-Out for Direct Marketing

You may opt out at any time from the use of your personal information for direct marketing purposes by contacting us at privacy@auth0.com. Please allow us a reasonable time to process your request.

How We Protect Your Information

Auth0 implements reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. Auth0® is SOC-2 compliant and will continue to be SOC 2 compliant. Auth0® conducts vulnerability scans and audits of its servers and networks at least annually.

Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Access to Personal Information

Upon request to privacy@auth0.com, we will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable time. You have the right to access, correct, amend or delete your personal information where it is inaccurate or has been processed in violation of this Privacy Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.

Retention of Personal Information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

Your Choices

If you wish to stop receiving e-mails from us, please send us a message via privacy@auth0.com. You may also choose to unsubscribe from our emails by following the instructions in the bottom of the email.

Links

The Site and the Services may contain content, services, advertising and other materials that link to External Sites. Auth0® does not endorse and is not responsible for the content of any such External Sites. Please refer to the terms of use and privacy policies of the External Sites for more information

California Residents

Under California Civil Code Section 1798.83, California residents who have an established business relationship with Auth0® may choose to opt out of our sharing your personal information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your Personal Information to third parties for the direct marketing purposes, please send an e-mail to privacy@auth0.com with “Privacy Policy” in the subject line.

In addition, Auth0® does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

Important Notice to All Non-US Residents

Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Except in the case of data transfers under the EU-US Privacy Shield and the U.S.-Swiss Safe Harbor Framework, your decision to provide such data to us, or allow us to collect such data it through our Website or the Services, constitutes your consent to this data transfer.

Important Notice for Residents of the European Economic Area

Auth0® complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the EU. Auth0® has certified that it adheres to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability, and the Supplemental Principles (the “Privacy Shield Principles”). If there is a conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. We are committed to applying the Privacy Shield Principles to all personal information received from the EU, Iceland, Liechtenstein and Norway (referred to herein as the “EU”) in reliance upon the Privacy Shield. With regard to the Principle of Accountability for Onward Transfer, for example, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/

Auth0® is subject to the investigatory and enforcement powers of the Federal Trade Commission. We are committed to resolving complaints from EU data subjects pursuant to the Recourse, Enforcement and Liability Principle.

In compliance with the EU-US Privacy Shield Principles, Auth0® commits to resolve complaints about your privacy and our collection or use of your personal information.  EU individuals with inquiries or complaints regarding this Privacy Policy should first contact Auth0® at privacy@auth0.com.

Auth0® has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Auth0®, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. If these processes do not result in a resolution, you may also contact your local data protection authority, the US Department of Commerce, and/or the Federal Trade Commission for assistance. If your complaint still remains unresolved, then you have the right to invoke binding arbitration by the Privacy Shield Panel upon written notice to Auth0® at privacy@auth0.com.

US-Swiss Safe Harbor Framework

Auth0® complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Auth0® has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. If there is any conflict between the policies in this Privacy Policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit: http://www.export.gov/safeharbor

Auth0® has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Questions

If you have any questions regarding this Privacy Policy, please contact us as set forth in the "How to Contact Us" section below. We will investigate your question, respond to your inquiry, and attempt to resolve any concerns regarding your privacy question.

Children

We do not knowingly collect Personal Data from children under the age of 13 through the Site and/or the Services. If you are under 13, please do not give us any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through the Site without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to us, please contact us, and we will endeavor to delete that information from our databases.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will notify you of any changes during your next log-in to your account. This notification will include a link to the updated Privacy Policy. Your continued use of our Services after this notification will be deemed acceptance of the new Privacy Policy.

How to Contact Us

If you have questions about this Privacy Policy, please send us a message via privacy@auth0.com.