CommonKey Privacy Notice
Effective Date May 25, 2018
Welcome to CommonKey! As a courtesy, below is a quick summary of our privacy practices when you use the CommonKey application or browser extensions. The full version can be found by scrolling down. The full version is the one that is legally controlling.
When you use our application we collect:
- Your name, email address, and device information.
- We keep a record of your log-ins to accounts for which you use CommonKey for authentication.
- We also share your information with our third party service providers as necessary for them to provide their services to us. We may also have to share your information with third parties if required to do so by law.
- Your information will be transferred to the U.S.
- If you have questions about our data practices or information we store about you, you can email us at firstname.lastname@example.org.
CommonKey offers a web application for storing, controlling, and sharing "secrets" (username/passwords) for both company and personal use. CommonKey stores secrets fully encrypted through user-specific and generated encryption keys that are used within a user's local browser environment.
Below is a summary of our practices when it comes to your personal information collected when you use CommonKey.
For purposes of this notice, the words “our,” “us,” “we,” and "CommonKey” refer to CommonKey Inc. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
Before you submit any information on or through Authy, please carefully review this notice.
What personal information we collect, how we collect it and why
Device Information. When you use our web application or browse extension, we automatically collect information about the type of device you are using and your device identifier. We collect this to ensure we deliver the right version of the app for your device and so that we can provide appropriate follow up support as necessary.
Name and Email Address. When registering for a CommonKey acocunt, we ask you to provide us with a name and email address to create your CommonKey account. We send a verification code to that email address to be sure that the person creating the CommonKey account also has control over the email address entered. After the email address is verified, the email address you use will be the identifier for your CommonKey account that allows you to add and associate additional secrets to your same CommonKey account.
Login History and CommonKey Account History. When you use an CommonKey to log into an account we collect and keep information associated with your login activity including information like your IP address, what application or program you logged in to, that you logged in, and when. If you change your email associated with your CommonKey account, we will also keep a log of that. We collect this information to monitor for suspicious activity and also as another piece of information that could be used to verify your identity if your account is compromised or may be compromised.
Identity Confirmation Information. If you need to change your email address associated with your account but are not able to access the CommonKey application to change your email address under Settings, you can submit a request to change your email number here. If we cannot easily confirm that you are the rightful account holder of the CommonKey account associated with your old number, we will ask you for additional verifiable personal information and a copy of physical identification such as a drivers’ license, national ID, or passport, which we then use to confirm your claim to the account. From time to time, if there are other situations where we need to verify that you are the rightful account holder of your CommonKey account, our support team may require you to provide identity information like a drivers’ license, national ID or passport.
What we use your personal information for
We use your email address as an identifier for your CommonKey account. We also use logs of any changes to your email address to monitor for suspicious or unusual activity and as another piece of information that could be used, if necessary, to verify your identity if your account is or may be compromised. In addition, we may use your email address to send you information about other CommonKey products, services, or events that you might be interested in. You can choose not to receive marketing emails from us. If you wish to stop receiving our marketing emails you may click on the unsubscribe link that will appear at the bottom of any of our marketing emails or you can contact customer support.
We use information associated with your login activity, device information, and changes to your account to monitor for unusual or suspicious activity on your account and as any other piece of information that could be used to help us verify your identity if your account is compromised or may be compromised.
In addition to using device information as described above, we also use your device information ensure proper delivery of our service and to provide and deliver support and maintenance of the CommonKey app.
Who we may share your personal information with
International operations and transfers out of the EEA and Switzerland
- Third-party service providers or consultants. We may share your personal information with third-party service providers or consultants who need access to the personal information to perform their work on our behalf, like sharing personal information with our storage provider for the purposes of storing your personal information on our behalf. These third-party service providers are limited to only accessing or using this personal information to provide services to us and must provide reasonable assurances that they will appropriately safeguard the personal information.
- Compliance with Laws. We may disclose your personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose personal information to assist in preventing a death or serious bodily injury. If we are required by law to disclose your personal information, we will notify you of that disclosure requirement, unless prohibited by law. Further, we object to requests that we do not believe were issued properly.
- Affiliates. We may share your personal information with our affiliates. We all will only use the personal information as described in this notice.
- Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, personal information we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor may continue to use the personal information as described in this notice.
- Aggregated or de-identified information. We might also share information with third parties if that information has been de-identified or aggregated in a way that does not identify you.
Information from children
We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a CommonKey account. If we discover that someone who is underage has signed up for a CommonKey account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe that a person who is underage has signed up for an Authy account, please contact us at email@example.com
How we secure your personal information
We use appropriate measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your personal information, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
There are also things you can do to add extra protection to your CommoNKey account. First, you should password protect or activate biometrics (like Touch ID) for all devices on which you use CommonKey. This will prevent unauthorized users from accessing your CommonKey app. Further, you have the option of setting 2FA for your CommonKey app. You can do this by going into your app and clicking on settings. Depending on your device’s capabilities, you may also be able to add biometric protection. We do NOT recommend that if you have use CommonKey on a shared device.
How we tell you about changes to our privacy practices
We may change our Privacy Notice from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this notice, and we may provide additional notice such as on the CommonKey website homepage, in the app, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice, and seek your consent to any material changes if this is required by applicable law.
How to make choices about your personal information
You can make updates to your information associated with your account by going into the settings in the CommonKey app
In some jurisdictions, such as the EEA, you may certain rights to make choices regarding your personal information, including accessing it, deleting it, correcting it, restricting its use, porting it, or withdrawing consent. To make a request for deletion of your CommonKey account, to make a request to access additional information associated with your account, or to express any other choice regarding your personal information, contact firstname.lastname@example.org.
Promotional communications. In addition, you can choose not to receive promotional emails from us by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.
How to resolve disputes relating to our privacy practices
Except for residents of the European Union, if you have a dispute with us relating to our privacy practices, please contact our customer support or email us at email@example.com or contact our Customer Support. Most disputes can be resolved that way. If we can’t resolve our dispute that way, and you live in the U.S. or Canada, please see Section 17 (Agreement to Arbitrate) of our Terms of Service , which describes how disputes will be resolved between us. As described in that section, the American Arbitration Association (http://www.adr.org) will conduct the dispute resolution proceedings. Please be sure to review our Terms of Service before you use any of our products and services. European residents with disputes regarding our privacy practices should refer to our Privacy Shield Statement for information on resolving such disputes.
How you contact us
You may contact via email at firstname.lastname@example.org
Legal basis for processing personal information (EEA only)
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us by using the contact details provide in the “How you contact us” section above.