The data we collect

inWebo provides organizations such as corporations, banks and e-health platform hosts with a solution they can use to more securely authenticate their users – such as employees, contractors, customers – accessing their online applications. To understand how these organizations manage your data, you should refer to their privacy policies.

If one of our customers (an organization) provides you with a means of inWebo authentication to log into their applications, we will have a record in our systems that may contain data such as your username with that organization, your first and last name, and your email address. The actual data we have depends on how this organization uses our solution, as we do not need any of this data to operate our service.

When you use our solutions, you are sometimes given the opportunity to name your trusted profiles or equipment, for the sole purpose of recognizing and distinguishing them. Unlike authentication data, which we protect with the highest security measures, these names are not considered sensitive information in our systems and do not benefit from the additional security measures taken for sensitive data. It is therefore your responsibility to ensure that the names you use are not sensitive data whose loss or accidental disclosure to an unauthorized third party could cause you harm. Simply put, never use sensitive information such as a social security number, tax ID, driver’s license number, payment card number, or password to name your trusted profiles and equipment. Instead, use nicknames such as « John’s Work », « Julie’s House », « Mary’s Personal », etc.

We make a commitment to our customers that we will not access or modify their user authentication information. We do not process it or share it with third parties. We have a strict internal policy in place not to access user data without a specific request from the organization that created the data and for the sole purpose of analyzing or resolving an issue impacting the authentication service provided to that organization.

We record information about how the authentication solution is used to access our customers’ applications. We therefore store in our systems data such as the day and time of the access attempt, sometimes the IP address, the authentication method used and the result of the authentication. We do not process or share this information with anyone except the organization that uses our solution to authenticate its users.

Since the data on our systems is primarily created by our customers using their own repository of user identifiers (such as usernames or anonymous aliases), we generally cannot know whether we have any data about you, as a user of our customers’ services. All requests for access, correction or deletion of personal data, as well as any questions or complaints about the use of such data, should be addressed exclusively to the organization that created an authentication profile for you in our systems. If you have made such a request to delete your profile from our systems, but you are not sure if the organization has executed it, you can go to this web page and enter your email address (the one you use with this organization) in the « already a user » section. If this address still exists in our systems, you will receive an automatically generated message listing the organizations that still hold data about you in our systems.


We do not track your navigation

There is no tracking of your navigation implemented in our authentication solutions.


Security

If an organization has created an authentication profile for you in our systems, we have put in place appropriate physical, electronic, and procedural safeguards to protect the information contained in that profile. In particular, we host our systems in ISO27001 certified data centers, implement firewalls, use certified encryption and physical security equipment.


What data is sent outside the EU?

Currently, inWebo does not transfer any data collected within the EU to locations outside the EU.


Government requests

Notwithstanding anything to the contrary in this policy, we may disclose personal data if we believe it is reasonably necessary to comply with a law, regulation or legal request or to protect the safety, property or rights of inWebo or others. However, nothing in this policy is intended to limit any defences or objections you may have to a request from a third party or government to disclose your information.


Data retention

Given the retention requirements of certain regulatory bodies and organizations creating user profiles in our systems, we have a policy of deleting data after a period of no more than 6 (six) months following the creation of usage data in our systems. As an exception to this principle, the retention period will be extended if we have a contractual obligation to an organization to archive usage data of its users. Due to the very limited scope of the data we store for marketing and business development purposes, we do not have governance or a policy for deleting this data.


Change of control

If inWebo is involved in a bankruptcy, merger, acquisition, reorganization or asset sale, your information may be sold or transferred as part of that transaction. The promises in this policy will apply to your information transferred to the new entity, including your right to remove your information entirely from our databases.


Changes and contact information

From time to time, we may need to make changes to our privacy policy to accommodate new features or for other reasons. When such changes occur, you can track them on our websites and view the new privacy policy on our websites. By continuing to visit the inWebo websites or use our authentication solutions, you consent to the updated policy. If you have any questions about our policy, please send them to privacy@inwebo.com, and we will do our best to respond promptly.