Privacy Policy

Last Updated: November 15, 2019

Fortr3ss, Inc. d/b/a Fortress Identity™ (“Fortress Identity”) cares about your privacy, and the security of your personal information is part of our essential mission. We appreciate your decision to trust us with helping to safeguard your digital information from theft, disruption, and unauthorized access. This Privacy Policy is designed to inform you about how your personal information is collected, used, shared, stored, managed, and otherwise processed by Fortress Identity.

This Privacy Policy applies to information we obtain from individuals accessing and using Fortress Identity’s websites and services. An overview of our privacy practices is set forth below. Please feel free to contact us if you have any questions.

Your Agreement to Our Privacy Policy

You expressly consent to Fortress Identity collecting, using, sharing, storing, managing and otherwise processing information as described in this Privacy Policy when you visit, purchase, license, register to use, access, use, and/or provide information through any of our websites or services.

Information We Collect

Fortress Identity collects certain personal information (i.e., information that identifies an individual either alone or in combination with other data). We also collect information that has been de-identified and aggregated, meaning it does not identify an individual, and other non-personal information which does not, on its own, identify an individual person.

Fortress Identity obtains information when you or someone acting on your behalf provides such information to us. We also collect information automatically when you access or use Fortress Identity’s websites or services or when you use a device on which a Fortress Identity service is installed.

The following are examples of the type of personal information that may be collected directly from you (or someone acting on your behalf):

  • Contact information (including name, email address, mailing address, and telephone number);
  • Information about transactions with us and use of our services;
  • Information provided by you through Fortress Identity-related communication channels such as forums, technical support, and customer service;
  • Username, password, and other information for accounts for Fortress Identity services; and
  • Photographs, images, biometrics, and related hash values.

The following are examples of the type of information that may be collected from your web browser or from interactions with our websites and/or services:

  • Details about your computers, devices, applications, and networks (including IP address, browser characteristics, device ID and characteristics, operating system, system language, and preferences);
  • Activities on our websites and usage patterns of services (including referring URLs, dates and times of website visits, and clickstream data such as information commonly recorded in web server logs);
  • Details about Internet or network usage (including URLs or domain names of websites you visit, information about applications that attempt to access your network, or traffic data);
  • Data about files and communications, such as potential malware or spam (which may include computer files, emails and attachments, email addresses, metadata, and traffic data, or portions or hashes of any of this information);
  • Other information used in the operation of our services (including information regarding the number of checked, suspicious, infected, or unwanted files or emails; number of actual infections); and
  • Information that may be included in a virus or malware sample or a file submitted by you to Fortress Identity for review.

Biometric Information

When you register for a Fortress Identity user account or a user account with your administrator, you will be asked to provide one or more of the following Biometric Identifiers: (i) fingerprint; (ii) voiceprint; (iii) scan of face geometry; and (iv) passive behavior factors. The term Biometric Identifiers as used in this Privacy Policy includes “biometric identifier” as defined in the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq. (BIPA) and the Texas Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code Ann. § 503.001 (CUBA).

Biometric Identifiers will be captured and processed at account registration and throughout your enrollment in Fortress Identity services to generate Biometric Information used to identify you. The term Biometric Information as used in this Privacy Policy includes “biometric information” as defined in Illinois’ BIPA, “biometric identifier” as defined in Washington State’s law regarding biometric indemnifiers, RCW 19.375.010, et seq., and “biometric data” as defined in the Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)).

We only capture the Biometric Identifiers requested to be captured by either you or your administrator, as applicable. If your use of Fortress Identity services is administered by a third party administrator, you may also be subject to that third party’s own privacy policy and terms of use, which you should review in addition to this Privacy Policy before providing any personal information, including Biometric Identifiers, through any Fortress Identity websites or services.

Your Biometric Information will be encrypted and stored on either one of our authorized service provider’s servers, an applicable administrator’s servers, or your designated device(s). In order to better serve you and detect and prevent fraud, Fortress Identity may, but is not obligated to, continue to process your Biometric Information until the earlier of (i) one year from the date that you deactivate your applicable user account or your account is otherwise closed, (ii) the time at which the purpose of the initial collection of your Biometric Information has been satisfied, or (iii) three years from your last interaction with us or Fortress Identity services, whereupon your Biometric Information will be permanently destroyed. If you re-open your account or open a new account after we have permanently destroyed your Biometric Information, you will need to re-provide the requested Biometric Information and may be required to re-provide other personal information. We may continue, but are not obligated, to process all personal information other than Biometric Information for as long as we deem necessary for the provision of your account and the applicable Fortress Identity services.

IP Addresses

All Internet-enabled devices have an Internet protocol address or IP address. Fortress Identity services use IP addresses to help keep security measures current and relevant.

Cookies

Fortress Identity uses “cookies” to remember user preferences and to maximize the performance of our website and services. Cookies also help us to identify returning users so, for example, we don’t need to ask them to enter their email and password on every visit. Please note the information gathered by cookies is necessary to provide some Fortress Identity services, including certain subscriptions. We cannot provide such services to users who do not give their consent to the data processing carried out through cookies or whose browsers are set to reject all cookies. For example, when you purchase a subscription to an online technology, a cookie is set that identifies the software, version, and when it expires. We use this information to alert you that a newer version is available or if your subscription is going to expire.

Cookies may also be used to control the type and frequency of ads, promotions, or other marketing messages the customer views. These ads may be placed by Fortress Identity or third party advertising companies which are our vendors. Fortress Identity also uses “web beacons” (small transparent image files) to count visitors to our sites and analyze how visitors use our sites. The information collected is generally anonymized and is not used to identify any particular user.

Fortress Identity also maintains log files of the traffic on our sites. For example, our servers may automatically record the information you or your browser send when you visit a website. These log files may include information such as your requests, IP address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your system.

De-Identified and Aggregated Information

By visiting, registering to use, accessing, using, interacting with, and/or providing information through our websites or services, you expressly agree that Fortress Identity owns, without restriction, all de-identified and aggregated information and other non-personal information collected and/or created by or on behalf of Fortress Identity.

How We Use Information

Fortress Identity and the providers and partners that help provide Fortress Identity’s services use the personal information we collect to:

  • Provide our websites or services;
  • Authenticate your inputted biometrics;
  • Provide security advisories, information, and updates;
  • Help safeguard your devices and your data;
  • Process payments and complete transactions through our third party payment processor;
  • Conduct research and analysis;
  • Analyze user behavior when using Fortress Identity services to customize preferences and to establish “aliveness” and usage patterns for biometric user identification;
  • Establish and manage Fortress Identity user accounts;
  • Provide customer support, manage subscriptions, and respond to requests, questions and comments;
  • Personalize and manage our relationship with you;
  • Communicate about, and administer participation in, special events, programs, surveys, contests, sweepstakes, and other offers and promotions;
  • Enable posting on our blogs and other communications;
  • Customize, measure, and improve our websites, services, and advertising;
  • Analyze and develop new websites and services;
  • Perform accounting, auditing, billing, reconciliation, and collection activities;
  • Investigate, respond to, and manage security related incidents and events;
  • Predict future security threats and vulnerabilities;
  • Prevent, detect, identify, investigate, and respond to potential or actual claims, liabilities, prohibited behavior, and criminal activity;
  • Comply with and enforce applicable legal requirements, agreements, and policies; and
  • Perform other activities consistent with this Privacy Policy.

Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may use such information for any lawful purpose.

How We Share Information

We may share personal information with:

  • Authorized service providers and partners who perform services for us (including data and biometric authentication, data storage, sales, marketing, fraud investigations, bill collection, and payment processing) based on our instructions. These third parties may only use or disclose personal information obtained from Fortress Identity to perform services on our behalf or comply with legal obligations;
  • Your administrator, if applicable, with your consent;
  • Third parties with your consent; and
  • Other business entities legally related to Fortress Identity, such as any third party that may take over all or part of Fortress Identity’s functions in the future (provided that such party agrees to use such personal information in a manner that is consistent with this Privacy Policy).

We may also disclose personal information: (i) if we are required to do so by law or legal process; (ii) in response to requests by government agencies, such as law enforcement authorities or other authorized third parties; (iii) as may be required for purposes of national security; (iv) when we believe disclosure is necessary and appropriate to prevent physical, mental, financial, or other harm, injury, or loss; or (v) in connection with an investigation of suspected or actual illegal or inappropriate activity or exposure to liability.

When we share personal information with a third party, they must contractually agree to comply with privacy and security standards at least as stringent as Fortress Identity’s when we are handling similar data. When you provide personal information directly to a third party, the processing is based on their standards (which may not be the same as Fortress Identity’s) and your own independent relationship with that provider.

Because de-identified and aggregated information and other non-personal information cannot be used to personally identify you, we may share such information for any lawful purpose.

How You Can Manage and Control Your Personal Information

Many Fortress Identity services allow users to make choices about the personal information collected. For instance:

  • You may choose not to receive marketing communications from us by clicking on the unsubscribe link or other instructions in our marketing emails, or contacting us as specified in the “How to Contact Us” section below.
  • Many Fortress Identity services contain settings that allow users or administrators to control how the service collects information. Please refer to the relevant service manual or contact us through the appropriate technical support channel for assistance.
  • To remove your personal information from a Fortress Identity website testimonial, please contact support@fortress-identity.com.

If you chose to no longer receive marketing information, Fortress Identity may still communicate with you regarding such things as security updates, functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.

Storage and Data Retention

The information we collect may be stored and processed in servers in the United States and wherever Fortress Identity and our service providers have facilities around the globe.

Fortress Identity does not collect or store any payment information. All payment information you provide is collected and processed by our third party payment processor in accordance with such payment processor’s own terms and conditions and privacy policies.

The time periods for which we retain your personal information depend on the purposes for which we use it: Fortress Identity will keep your personal information for as long as you are a registered subscriber or user of our services and, thereafter, for no longer than is required by law, or Fortress Identity’s Records Retention Policy, reasonably necessary for internal reporting and reconciliation purposes, or to provide you with feedback or information you might request. In certain circumstances, we may be required to retain data we have about you (such as for tax, litigation (threatened, anticipated, or actual), other business purposes, or if required by law enforcement).

Security

We implement appropriate organizational, physical, and technical security practices and procedures for storing and transmitting the personal information we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Periodically, we test our website, services, data centers, systems, and other assets for security vulnerabilities.

Data Transfer

We may transfer the personal information we obtain to countries other than the country in which the information originally was collected. Those countries may not have as comprehensive data protection laws as the country from which Fortress Identity initially obtained the information. When we transfer the information to other countries, we use a reasonable standard of care and appropriate organizational, physical, and technical security practices and procedures.

Links to Other Websites

Our websites may contain links to other websites for your convenience and information. These websites may be operated by companies not affiliated with Fortress Identity. Linked websites may have their own privacy policies or notices, which we strongly suggest you review if you visit any linked websites. We are not responsible for the content of any websites that are not affiliated with Fortress Identity, any use of those websites, or the privacy practices of those websites.

In certain circumstances, where the information of third parties is collected by us by virtue of the third party’s interaction with you (such as the information of those individuals who send communications to your computer), we rely on you to provide the relevant third parties with appropriate notice and to obtain any requisite consent.

Notice to California Residents – Your California Privacy Rights

Individuals who are residents of California and have provided their personal information to us may request information regarding our disclosures, if any, of their personal information to third parties for direct marketing purposes. Such requests must be submitted in writing to the contact information provided at the bottom of this Privacy Policy.

Such requests must include the reference Request for California Privacy Information in the subject line and in the body of the message and must include the email address or mailing address, as applicable, for us to send our response. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted to us if not submitted pursuant to the terms set forth above.

CAN-SPAM ACT

We are committed to being compliant with the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”). All emails you receive from Fortress Identity are intended to fully comply with the CAN-SPAM Act. If at any time you would like to unsubscribe from receiving future emails, you can email us at support@fortress-identity.com, and we will promptly remove you from ALL correspondence.

Children’s Privacy

Fortress Identity complies with the U.S. Children’s Online Privacy Protection Act and similar laws around the world where applicable. Fortress Identity does not knowingly collect personal information from children under the age of 13 without proper parental consent.

DMCA

The Digital Millennium Copyright Act of 1998 (DMCA) provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that any content made available in connection with Fortress Identity websites or services infringes your copyright, you (or your agent) may send us a notice requesting that the content be removed, or access to it blocked. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA (see http://www.loc.gov/copyright for details). Notices and counter-notices with respect to Fortress Identity websites or services should be sent to:

Fortress Identity
Attn: DMCA Notice

2500 S Miami Ave
Miami, FL 33129 USA

support@fortress-identity.com

We have adopted and currently implement a policy of terminating, in appropriate circumstances, the Fortress Identity user accounts of users who are deemed repeat infringers or who are repeatedly charged with infringement.

Updating the Privacy Policy

We may update this Privacy Policy at any time and from time to time by posting such updates on this web page and either providing notice to the last email address you provided to us or providing you with notice by other similar means. If an update changes how we use your personal information or applicable law otherwise requires your consent, we will also seek your consent prior to such update applying to you. Upon providing notice as noted above, updates which do not require your consent will be effective regardless of whether your consent is obtained.

Contact Us

If you have questions or concerns regarding this Privacy Policy, or would like to update information we have about you or your preferences, please contact us by:

  • Emailing the Privacy Program Office of Fortress Identity at support@fortress-identity.com
  • Writing us at:
    Fortress Identity
    2500 S Miami Ave
    Miami, FL 33129 USA