By using TypingDNA Verify 2FA (the “Service”, as further described in the End User Agreement), You consent to Us collecting and further processing certain Personal Information (as defined below) You provide to Us or to other vendors which have implemented TypingDNA Verify 2FA within their websites/platforms, or which We are otherwise able to extract or receive from such Personal Information.
Who We are
We are a technology company developing passive authentication and typing biometrics technologies. TypingDNA Inc. is a US Delaware corporation, headquartered in 77 Sands Street, Brooklyn, New York, 11201.
We have developed a user identity verification (authentication) software/application that uses an individual's typing biometrics to verify such user's authenticity (the "Service"). The Service analyses the way people type in order to determine an individual's particular typing patterns defined as behavioural patterns and data that can be related to typing, touch and pointer input (including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, touch and swipe pattern etc.).
Such individual typing patterns are then used to verify that it is indeed You (and not someone else using your device(s), with or without your permission) that is accessing a service, logging into an account, performing a transaction etc. This minimizes the risk that Your devices are used fraudulently or without Your permission and ensures that user log-in, authentication/ verification is performed smoothly.
Enrollment in the Service is purely voluntary. Upon Your first enrollment in the Service (or anytime subsequently when Your typing pattern(s) cannot be verified by the Service, or You request that your account details be reset), We will send You a verification code via SMS, email, WhatsApp or another channel.
The only information We request in the Service enrollment process is limited to phone number and/or email address. We do not request Your name or any other particular or unique identifier about You. For this reason, (in the absence of other data or information about You) We do not know who You are specifically. We rely on Your representation that You are the rightful owner or holder of the phone number/email address You used during Your enrollment into the Service.
We associate Your typing pattern(s) only with Your telephone number and/or email address (but not with Your name specifically). We do not rely on other identification details (such as Your name) to provide the Service. We do not request Your name or other unique identifier about You for the purposes of providing the Service, and do not collect or process such individual information about You. In the absence of further information/data about You, We are unable to link Your telephone number and/or email address with You as an individual specifically.
We bear no responsibility or liability whatsoever if Your phone or other device is stolen or hacked, and there is an unauthorised use or access by a third party of Your phone number and/or email address.
So we are clear about the terminology we are using, "Personal Information" means any information describing or relating to an identified or identifiable individual (where an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual).
We seek to collect and process limited categories of Personal Information about You - for this purpose, we will collect Your telephone number and/or email address for the purposes of opening a TypingDNA Verify 2FA account for You, providing the Service and creating a secure database of Your typing patterns resulting solely from Your use of the Service.
We will also collect and further process any typing patterns You provide while using the Service (i.e. we will collect Your typing pattern(s) every time you use the Service (e.g. for account log-in/authentication, transaction confirmation etc). We use such typing patterns to provide and continuously improve the Service and to further advance development of behavioral biometrics authentication applications and technologies.
When You use the Service, We can also collect and further process: Your Internet Protocol (IP) address, location data, device type, device fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others).
We use automated systems to analyse Your data, using techniques such as machine learning in order to meet the purposes of the Service.
Anonymous and Aggregate Information
Like many companies, we monitor the use of the Service by collecting aggregate information. No personally identifiable data are collected in this process. Typically, we collect information about the number of users of the Service and the originating domain name of the visitor's Internet Service Provider. Also, We may collect non-personal information about Your use of the Service such as, IP address, log files, user activity, time stamps, etc. Finally, We may also collect technical information transmitted by Your device, including certain software and hardware information (e.g. the type of browser and operating system Your device uses, language preferences, access time and the domain name of the website from which You linked to the Service etc). This information is typically used to improve the usability, performance and effectiveness of the Service.
Source of Personal Information Collection
We require that You, or the service that verifies You with TypingDNA Verify 2FA, submit certain Personal Information about yourself, such as your telephone number and/or email address, as well as Your typing patterns (and other Personal Information as stated above), when You enroll into and on each subsequent use of the Service.
Purposes and legal basis of processing of Personal Information
We collect and use the Personal Information We collect from You when you register to first use the Service and on each subsequent use of the Service. We process such Personal Information exclusively for the purposes of providing the Service and further advancing the development of Our verification/authentication applications.
We may use Your e-mail address also to respond to any correspondence or to respond to Your requests to provide support or information You have requested.
We use Your Personal Information:
We will limit Personal Information that We collect and further process about You only to what is limited for the purposes of processing mentioned above (or other limited purposes which are consistent with the primary purposes mentioned above). We will not use Your Personal Information in a manner which is incompatible with the purposes for which it has been initially collected and/or authorized by You, unless We obtain Your prior consent.
We collect, process, use and, as applicable, disclose Personal Information related to you on the basis of the following legal grounds under the General Data Protection Regulation ("GDPR2 "):
Recipients of Personal Information
We do not and will not share, disclose, sell, rent, or otherwise provide Your Personal Information to other companies for the marketing of their own products or services.
If You do not want us to disclose your Personal Information to a third party, please write to us at email@example.com in this sense. We will take all measures which may be feasible to give effect to such request, but may continue to disclose Your Personal Information to a third party acting as an agent/data processor performing tasks on our behalf and under our instructions, only to the extent strictly required for such operations.
Transfer of Personal Information
Third parties to which We may disclose Your Personal Information may be located within the European Union and elsewhere in the world (including the United States). As a result, Your Personal Information may be transferred to countries whose data protection laws may be less stringent than the laws in Your country.
We will ensure that suitable safeguards are in place to protect Your Personal Information and that the transfer of Your Personal Information complies with applicable data protection laws.
Where required by applicable data protection laws, We will ensure that service providers (including other associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter. You can obtain a copy of any standard contractual clauses in place, which relate to transfers of Your Personal Information by contacting firstname.lastname@example.org, although some details may be redacted for confidentiality reasons.
Rights with regard to Personal Information
You have a number of rights under the GDPR in relation to Your Personal Information, as stated below. Please note that the exercise of such rights may be restricted, especially where We cannot reasonably (taking into consideration all information we hold about You) identify and confirm that the person making a data subject request is indeed You. Unless We receive sufficient information to be reasonably certain that the person making a data subject request is indeed You, We will not provide Your Personal Information to people claiming to be You simply because they have access to Your phone number and/or email address. This measure is intended to protect You against fraud and identity theft.
Subject to the above, You have the following rights with respect to Your Personal Information:
TypingDNA SRL has been appointed as TypingDNA Inc's representative in the European Union. If You are located in the European Union, you may refer any complaints/disputes related to the processing of Your Personal Information hereunder to the competent data protection supervisory authority in Romania (see above). We encourage You to resolve any concerns/complaints with respect to the processing of Your Personal Information for the purposes, or in the context, of the Service, directly with Us first.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), Our interests (e.g. the maintenance of legal privilege) or rights and freedoms of others, as provided by the GDPR.
While We will make good faith efforts to provide You with access to Your Personal Information, We may deny or limited access to such Personal Information where: this would interfere with the execution or enforcement of the law or with private causes of action (including the prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights and interest of others would be violated through such disclosure; this would prejudice the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving Us. We will of course endeavour to offer You an adequate explanation of the necessity, and reason for, restricting access in the circumstances mentioned above.
If You exercise any of these rights, We will check Your entitlement and respond without undue delay, but not later than within a month. In complex cases or at times of receiving numerous requests, this period may be extended by two further months of which we Will inform You.
To review or update Your Personal Information to ensure it is accurate, please write to us at email@example.com informing us of any changes that may need to be made in respect of Your Personal Information and We will update such information on Your behalf and in Our systems.
If You want Us to delete Your TypingDNA Verify 2FA account, You will no longer be able to use the Service. Certain information is necessary in order for Us to provide the Service; therefore, if You delete such necessary information you will no longer be able to use the Service, unless You choose to re-enroll.
Please remember, however, if We have already disclosed some of this information to third parties, We may not be able to access that information any longer or force the deletion or modification of any such information by the parties to whom We have made those disclosures. We will of course comply with any legal obligation We may have to notify them of Your request.
Please note that even though You may request the deletion of Your Personal Information by Us, We may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to keep this information and not delete it, or to keep this information for a certain time, in which case We will comply with Your account deletion request only after We have fulfilled such requirements. When You request deletion of Your account information, Personal Information will be deleted from the active database, but (limited) Personal Information may remain in Our archives where legally permitted.
Please note that any processing of Your Personal Information prior to the deletion of Your account will remain valid under the legal grounds then prevailing.
You can exercise any of your rights as stated above, by sending us a request to firstname.lastname@example.org. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.
The security of Your Personal Information is important to Us. We use appropriate technical and organizational methods to protect the Personal Information submitted to, or otherwise processed by, Us, both during transmission and once we receive it from loss, misuse or unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
We take great care in implementing and maintaining the security of the Service, your account data and of Your Personal Information. We have put in place appropriate technical and organizational measures to protect Your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing, in accordance with the law. In addition, We employ industry standard procedures and controls to ensure the safety of your personal data, such as: secure network typology which includes Firewall systems; encrypted communication, authentication and access control, external and internal audit tests, etc.
Your Personal Information (including typing biometrics) is stored on virtual servers hosted by different cloud services and third party SaaS (Software as a Service) providers, in a secured database behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply, and which is being transferred between the browser and the server/connection is encrypted via Secure Socket Layer (SSL) technology. We store sensible data encrypted via AES256 (Advanced Encryption Standard 256).
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of Your Personal Information.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, although We take reasonable steps to safeguard information, We cannot be responsible for the acts of those who gain unauthorised access or abuse the Service and We make no warranty, express, implied or otherwise, that we will prevent such access.
Cookies & Other Anonymous Information
As you use the Service, certain Anonymous Information may be collected and stored via cookies and similar technologies, such as Your Internet protocol address, domain names, browser type, click-stream data, and access times.
We may also use trusted third-party services that track this information on Our behalf.
We may use both session ID cookies and persistent cookies. We use session cookies to make it easier for You to use the Service. A session ID cookie expires when You close Your browser. A persistent cookie remains on Your hard drive for an extended period of time.
You can choose to have Your computer warn you each time a cookie is being sent, or You can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify Your cookies preferences. If You disable cookies in your browser, some features will be disabled. Some of the features that make Your experience more efficient may not function properly.
We may use the Anonymous Information we collect from you to customize content and layout for You and improve Our internal operations and the content of Our Service. With Your opt-in consent, We may combine this Anonymous Information with Your Personal Information such that the information is no longer anonymous.
Once We anonymise Your Personal Data, such data will no longer constitute 'personal data' within the meaning of personal data protection laws. We may retain such anonymised data and use it for further analysis and research and development purposes, without restrictions.
Some Personal Information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. We will generally retain Your Personal Information only so long as it is required for purposes for which it was collected. Where Your Personal Information is no longer required, We will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Subject to the principles set out in the above paragraph, We will delete Your account data the earlier of (i) your express request to email@example.com; or (b) 10 years after your last use of the Service.
Note: We may continue to use Your typing pattern(s) if We have used such typing pattern(s) to build an algorithm or to further develop and improve an algorithm. If We do so, we undertake to anonymise/ de-personalise Your typing pattern(s) in such a way that it can no longer be linked to You and therefore no longer constitute Personal Information about You.
The Service is not directed to children and children are not eligible to use our Service.
Protecting the privacy of children is very important to Us. We do not collect or maintain Personal Information from people We actually know are under 16 years of age or persons under the age of legal consent in any jurisdiction ("Legally of Age").
If we learn that a Service user is not Legally of Age, We will take steps to remove that user's information from our databases and to prevent the user from utilizing the Service.
Representation of TypingDNA Inc. for the purposes of data privacy regulations
For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the representative of TypingDNA Inc. in the territory of the European Union and may be addressed, in addition to or instead of, TypingDNA Inc. by, in particular, supervisory authorities and data subjects located in the European Union, on all issues related to personal data processing performed by Us, for the purposes of ensuring compliance with the GDPR.
TypingDNA SRL is a Romanian limited liability company, headquartered in Romania, Oradea, Str. Vasile Conta no. 32, 1st floor, office no. 22, registered with the Trade Registry under no. J5/1153/2016, unique registration code 36172414.
If You are dissatisfied with Our use of your Personal Information or Our response to any exercise of Your rights under the GDPR, You have the right to complain to the data protection authority: http://www.dataprotection.ro/.
In order to ensure timely resolution, We encourage You to reach out to us first with respect to any queries, questions or complaints You may have in relation to Our processing of Your Personal Information. We will endeavour to respond as soon as practicable.
Date: March 2021
1 TypingDNA Inc. a US Delaware corporation, headquartered in 77 Sands Street Brooklyn, NY, 11201.
2 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;