1. Information We Collect
When you use Corduo Security, we collect the following types of information:
- Account Information: Email address, name, and organization details provided during registration.
- Authentication Data: Cryptographic keys, TOTP seeds, and device identifiers required for two-factor authentication. These are stored encrypted at rest.
- Usage Data: Login timestamps, verification method used, IP addresses, and device information for security monitoring.
- Payment Information: Billing details are processed by our payment provider (Stripe) and are not stored on our servers.
2. How We Use Your Information
- Providing and maintaining two-factor authentication services
- Detecting and preventing unauthorized access and fraud
- Sending service-related communications (security alerts, account notifications)
- Improving our platform and developing new features
- Complying with legal obligations
3. Data Security
We implement industry-standard security measures including:
- AES-256 encryption for all authentication secrets at rest
- TLS 1.3 for all data in transit
- Regular third-party security audits and penetration testing
- SOC 2 Type II certified infrastructure
- Geographic data residency options for enterprise customers
4. Data Sharing
We do not sell your personal information. We may share data with:
- Service Providers: Infrastructure and payment processing partners, bound by data processing agreements.
- Legal Requirements: When required by law, regulation, or valid legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
5. Data Retention
We retain your data for as long as your account is active. Authentication logs are retained for 90 days. Upon account deletion, all personal data is permanently removed within 30 days.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal data
- Export your data in a portable format
- Opt out of non-essential communications
- Lodge a complaint with your local data protection authority
7. Contact
For privacy-related inquiries, contact our Data Protection Officer at privacy@corduosecurity.com.