Privacy

Frontegg privacy policy

Frontegg Ltd. (“Frontegg”, “we”, “us”, “our” or the “Company”) provides a cloud-based user management platform for B2B SaaS (the “Platform”). The Platform provides companies with services which include fundamental authentication flows, complex organizational structures (multi-tenancy), fine-grained authorization, API-token management, self-service admin portal for end-users, subscription enforcement, single-sign-on (SSO), and more (the “Services”).

Frontegg Ltd. respects the privacy of its customers, customers’ end-users, partners, vendors, service providers, websites visitors and employment candidates, and is committed to protecting the personal information that is shared with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “you” or “Data Subjects”).

This policy and notice (the “Privacy Policy”) explains the types of information we collect from you, that we receive about you or that you may provide in the course of your interest in or use of our Services, business transactions, conferences or when you visit our website. We are transparent about our practices regarding the information we collect, use, maintain and process and describe our practices in this policy and notice. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purposes of EU General Data Protection Regulation (the “GDPR”) and other applicable privacy laws, Frontegg is a data controller (“Controller”) in relation to the personal data of the representatives of our customers and prospective customers, employees, partners, vendors and website visitors. Please note that we maintain a separate privacy policy regarding our employees.

For the purposes of the GDPR and other applicable privacy laws, Frontegg is a data processor (“Processor”) in relation to the processing of the personal data of our customers as part of the Services. Therefore, when processing our customers’ Platform users and their end-user data on the Platform we are doing so on behalf of our customers who are Controllers of such data, and such processing is governed by data processing agreements with our customers. If you are a Platform user or an end-user of our customer, please contact our relevant customer in order to receive additional information regarding the processing of your personal data on the Platform as part of our Services.

1. Which Information May We Collect?

Summary: we collect various categories of personal data in order to meet our contractual obligations, and also to meet various legitimate interests, such as fraud prevention and marketing.

One type of data collected is non-identifiable and anonymous information (“Non-Personal Data”). We also collect several categories of personal data (“Personal Data”), as described below.

(a) Business-relationship data:

We collect Personal Data when you or your organization send it to us, or when a vendor, distributor or other business partner, sends it to us; we also collect Personal Data through our website and through our interactions with you.

We collect Personal Data required to provide Services when you register interest, or when you provide us such information in meetings, conferences, or in the course of preparing a contract, or when contacting us or submitting requests for information or support, including through your use of our website, by submitting a request for the Services’ demo, by email, or other ways in which you communicate and interact with us. This personal data generally includes your name (first and last), email address, phone number, job title, company name, the content of your inquiry, and other information you may choose to provide to Frontegg.

You do not have any legal obligation to provide any information to Frontegg. However, we require certain information in order to establish a business relationship with you, fulfill our contract with you, to take steps prior to entering into a contract with you, or to process and respond to your inquiry. If you choose not to provide us with certain information, then we may not be able to establish a business relationship with you, respond to your inquiry or provide you or your organization with some or all of the Services.

We also collect role-based Personal Data regarding potential customers, business partners, contractors and service providers from third-parties such as business affiliates or publicly available sources (e.g. LinkedIn). This data may include your full name, email address, job title, company, phone number and other public business-related information.

(b) Platform data:

The following data is collected as part of our Services:

  • Account Information: When you register to our Platform on behalf of our customer directly through our portal, or when you register to our customers’ third-party services, we collect mandatory basic account information, including: full name, company name, email address and login credentials. Additional account data you may provide at your discretion include: phone number, job title and profile picture. At all times, we abide by the terms, conditions and restrictions of the third- party services provided by our customers.
  • Technical data: When our Platform users use our Services, and when our customers’ end users log in to our customers’ services, we automatically collect the following technical data: Information related to user authentication attempts, including timestamps of login events and details of any errors encountered during the authentication process; device identifiers; internet or electronic network activity; and, server log data (IP addresses, HTTP status codes and other information logged by servers).
  • Usage data: We also collect data regarding the configuration and usage of our Platform by our customers’ authorized users.
  • Voluntary Information: We may collect information which you provide us voluntarily through your use of the Services, such as support communications, feedback, suggestions, complaints, bugs and reports which you send to us.

(c) Technical and behavioral information we collect through your use of our website:

When you are using our website, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This includes technical information and behavioral information such as the user’s Internet protocol (IP) address used to connect your device to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, ‘clickstream’, the period of time the user visited the website and methods used to browse away from a page. Additionally, we may obtain location data related to the general geographic location of your laptop, mobile device or other digital device on which the Frontegg website is used.

We likewise may place cookies on your browsing devices (see ‘Cookies’ section below).

(d) Employment candidate data:

When you apply to a position at our company, you provide us with personal data such your name, contact information, any personal data contained in your resume (c.v.), your responses to any assessment, background check results (in accordance with applicable law), and any other Personal Data that you decide to provide us with. Please note that, in most cases, we receive the information directly from you, or record data in interview records, but we may also receive information from recruitment companies, references or background check companies. This information is necessary for our recruitment and hiring purposes. If you do not provide us with this data, we will not be able to assess you as a candidate and advance your recruitment process.

2. What Are The Purposes Of Personal Data We Collect?

Summary: we process Personal Data to operate our Platform and website, meet our obligations, protect our rights and manage our business.

We will use Personal Data to provide and improve our Services and Platform for our customers, operate our website, and meet our contractual, ethical and legal obligations. All Personal Data will remain accurate, complete and relevant for the stated purposes for which it was processed, including for example:

Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract:

  • carrying out our obligations arising from any contracts entered into between you and Frontegg and/or any contracts entered into with Frontegg and to provide you with the information, support and Services that you request from Frontegg;
  • sending you contract-related communications;
  • verifying and carrying out financial transactions in relation to payments you make in connection with the Services;
  • sending you announcements in relation to security, privacy or administrative related communications (these communications are not marketing orientated, and we do not rely on consent, so you may not opt out).

Processing which is necessary for the purposes of the legitimate interests pursued by Frontegg or by a third party of providing an efficient and wide-ranging service to customers:

  • notifying you about changes to our website, Platform and Services;
  • establishing a business relationship with you;
  • answering queries sent by you and contacting you upon your request;
  • contacting you to give you commercial and marketing information which may be of interest to you (subject to your consent for such communications when required under applicable laws) – you may opt out of such communications at any point;
  • soliciting feedback in connection with the Services;
  • tracking use of our website to enable us to optimize it;
  • assessing employment candidates.

Processing which is based on your explicit consent (when required under applicable laws):

  • Processing which involves the use of cookies and other tracking technologies, for purposes which are not purely operational, such as for marketing and analytics purposes (for more information, see ‘Cookies’ section below);
  • Certain types of direct marketing of our Services, such as via e-mail.

Processing which is necessary for compliance with a legal obligation to which Frontegg is subject:

  • compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, anti money laundering, tax related obligations, and for crime prevention and prosecution in so far as it relates to our staff, customers, service providers, facilities etc;
  • if necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding.

Please note that Personal Data processed on the Platform on behalf of customers is processed by Frontegg as a Processor. As such, Frontegg’s customers, the Controllers, determine the legal basis of the processing of such data.

3. Sharing Data With Third Parties

Summary: we share Personal Data with our service providers, partners, and group companies, and authorities where required.

We transfer Personal Data to:

Members of our Group: If in the future we have affiliates – which means affiliate companies – whether wholly or partially owned by Frontegg, and co-owned companies – we will transfer Personal Data to them.

Third Parties. We transfer Personal Data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties also include analytics and search engine providers that assist us in the improvement and optimization of our Platform and website, and our marketing.

We periodically add and remove third party providers. At present services provided by third-party providers to whom we transfer Personal Data include also the following:

  • Website and Platform analytics;
  • Document management and sharing services;
  • Customer ticketing and support;
  • cloud-based database services;
  • CRM software;
  • Data security, data backup, and data access control systems;
  • Our lawyers, accountants, and other standard business software and partners.

In addition, we will disclose your Personal Data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case Personal Data will be one of the transferred assets. Likewise, we transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Frontegg, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

For avoidance of doubt, Frontegg may transfer and disclose Non-Personal Data to third parties at its own discretion.

4. Where Do We Store Your Data?

Summary: we store your Personal Data across multiple locations globally

We store your Personal Data on servers owned or controlled by Frontegg, or processed by third parties on behalf of Frontegg, by reputable cloud-service providers (see the following section regarding international transfers).

5. International Data Transfers (Eu And Uk Data Subjects)

Summary: we transfer Personal Data internationally with appropriate safeguards in place.

Our customer data is stored by default within the EU, unless a customer actively chooses to store its data in the US. Customer data may be accessed by our headquarters in Israel (a jurisdiction deemed adequate by the EU Commission and the UK), as well as by our teams in the EU or other adequate countries for support, development and DevOps purposes. Such customer data may also be accessed, upon customer request and on a case by case basis, by our staff in the US.

Other Personal Data is transferred to, and stored and processed at, destinations located outside the European Economic Area (EEA) and UK. This includes transfer to our headquarters in Israel, and to the USA. Where your Personal Data is transferred outside of the EEA or UK, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU or UK law and other applicable laws, and that it is treated securely and in accordance with this Privacy Policy. Transfers from the EEA to Israel are made based on an adequacy ruling by the EU Commission. Transfers from the EEA to the USA are made based on the Standard Contractual Clauses published by the EU Commission. Transfers from the UK to the EEA and to Israel and made based on the UK’s Adequacy Regulations. Transfers from the UK to the USA are made based on the UK’s International Data Transfer Addendum to the EU Commission Standard Contractual Clauses. For more information about these safeguards, please contact us as set forth below.

We transfer Personal Data to locations outside of the EEA and UK, including in particular USA and Israel, in order to:

  • store or backup the information;
  • enable us to provide you with the Services and fulfill our contract with you;
  • fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
  • facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
  • to serve our customers across multiple jurisdictions; and
  • to operate our affiliates in an efficient and optimal manner.

6. Data Retention

Summary: we retain Personal Data according to our data retention policy, as required to meet our obligations, protect our rights, and manage our business.

Frontegg will retain Personal Data it processes only for as long as required in our view, to provide the Services, and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.

Data that is no longer retained will be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our website and Services are not subject to the deletion procedures in this policy and will be retained by Frontegg. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy, and in our backups until overwritten.

7. Platform And Websites Data Collection And Cookies

Summary: We place cookies on your device. You control our use of cookies through a cookie management tool on our websites, or through your device and browser.

Frontegg uses cookies, pixel tags and other forms of identification and local storage (together referred to as “cookies” hereunder) to distinguish you from other users of the website and Platform. This helps us to provide you with a good user-experience and also allows us to provide and improve our website and our Services.

In many cases, these cookies lead to the use of your device’s processing or storage capabilities. Some of these cookies are set by Frontegg itself, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time.

These cookies can fall into several categories: (i) those that are necessary for functionality or Services that you request or for the transmission of communications (functionality cookies); (ii) those that we use to carry out website performance and audience metrics (analytics cookies) and (iii) the rest (tracking across a network of other websites, advertising, etc.) (other cookies).

Please note that our Platform only uses functionality cookies, which are necessary for login operation of the Platform. Such cookies are used on http-only mode, and begin with the “fe” prefix.

Our Website uses a variety of cookies, including functional, analytics and targeting cookies. To consult the list of cookies which we use, please check your browser’s settings. Instructions: https://www.wikihow.com/View-Cookies.

Internet browsers allow you to change your cookie settings, for example to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website and services, due to the fact that some may be functionality cookies. For further information about deleting or blocking cookies, please visit: https://www.aboutcookies.org/how-to-delete-cookies/

Functionality cookies do not require your consent. For other cookies, however, depending on your location and applicable laws, we request your consent through our cookie banner before placing them on your device. To remove your consent to cookies you can use our website’s cookie management tool.

8. Security And Storage Of Information

Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.

We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Frontegg implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data in transit and at rest. We use industry standard SSL (secure socket layer technology) encryption to transfer Personal Data. Likewise, we take industry standard steps to ensure our website and Services are safe and to prevent unauthorized access to our data bases. Other security safeguards include, but are not limited to, firewalls, anti-virus, access logs, breach detection systems and physical access controls to buildings, systems and files.

Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

Within Frontegg, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Frontegg to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.

Frontegg shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Frontegg is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Frontegg shall promptly take reasonable remedial measures.

9. Data Subject Rights

Summary: depending on the law that applies to your Personal Data, you may have various data subject rights, such as rights to access, erase, and correct Personal Data, and information rights. We will respect any lawful request to exercise those rights.

Data subjects in certain jurisdictions, such as in the EU and UK, have rights under local laws in certain circumstances and with certain exceptions, including:

  • Access: the right to access Personal Data we hold about you, know how we use it, and who we share it with.
  • Portability: the right to receive a copy of the Personal Data we hold about you and to request that we transfer it to a third party.
  • Correction: the right to correct any of your Personal Data we hold that is inaccurate.
  • Erasure: the right to delete the Personal Data we hold about you.
  • Restriction of processing to storage only: the right to require us to stop processing the Personal Data we hold about you.
  • Objection: the right to object to our processing of your Personal Data.
  • Objection to direct marketing: You can object to marketing at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications to you.
  • Withdrawal of consent: Where we rely on consent to process your Personal Data, you have the right to withdraw this consent at any time.

Please note that these rights only apply in certain circumstances, and may be limited by law and subject to exceptions. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your Personal Data. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Frontegg employees and staff or third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply.

It is clarified for the removal of doubt, that where Personal Data is processed by Frontegg as a Processor on behalf of its customers, the Controllers, such data subject rights will have to be effected through the relevant customer.

To exercise any of your rights, you can contact our data protection officer at privacy@frontegg.com. We will respond to requests to exercise these rights without undue delay as required by applicable laws. Note that Frontegg may have to undertake a process to identify a data subject exercising their rights. Frontegg may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Frontegg.

Data subjects in the EU, UK and other jurisdictions have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.

10. California Privacy Law

Frontegg does not meet the threshold of the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”) and therefore its data processing activities as a Business (such as regarding Website visitor data) are not governed by the CCPA. Frontegg acts as a Service Provider (as defined in the CCPA) on behalf of its customers and, where the CCPA is applicable to its customers, Frontegg is committed to processing Personal Data (Personal Information) on their behalf in accordance with the CCPA.

11. Minors

We do not knowingly collect or solicit information or data from or about children under the age of 16 without parental consent, or knowingly allow children under the age of 16 to register for Frontegg Services. If you are under 16, do not register or attempt to register for any of the Frontegg Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16 without appropriate permissions, we will delete that Personal Data as soon as reasonably practicable without any liability to Frontegg. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: privacy@frontegg.com, as soon as possible.

12. Third Party Links

We may include third party links on our website, and allow registration and login to our Platform through third party accounts. Please note that this privacy policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third parties have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to them. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

13. Changes To This Privacy Policy

The terms of this Privacy Policy will govern the use of the website, Platform and any information collected in connection with Frontegg’s contractual obligations. Frontegg may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: https://www.Frontegg.com/privacy-policy. Changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of our Services will constitute your active acceptance of the changes to and terms of the Privacy Policy.

14. Contact Us

Frontegg aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfill the purpose for which the data is gathered. Frontegg only collects data in connection with a specific lawful purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving, and we invite any suggestions for improvements, questions, complaints or comments concerning this Privacy Policy, you are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.

Frontegg’s data protection officer (DPO) and appointed EU representative, MyEDPO Ltd. may be contacted at: privacy@frontegg.com.

The details of Frontegg are as follows: Frontegg Ltd., Jabotinsky St. 7, Ramat Gan, Israel.

* * * * *