Products
Use cases
Resources & Case studies
- Products
- Use cases
- Resources & Case studies
By using TypingDNA Verify 2FA (the โServiceโ, as further described in the End User Agreement), You consent to Us collecting and further processing certain Personal Information (as defined below) You provide to Us or to other vendors which have implemented TypingDNA Verify 2FA within their websites/platforms, or which We are otherwise able to extract or receive from such Personal Information.
TypingDNA Inc1. (referred to as โTypingDNAโ, โWeโ or โUsโ) controls the purpose for which, and the manner in which, Personal Information (as defined below) about individuals using the Service are processed. We are therefore the data controller with respect to Personal Information about You processed by Us in relation to the Service. Our contact details are set out at the end of this privacy policy (โPrivacy Policyโ).
This Privacy Policy outlines what Personal Information We collect and further process about You, the purposes for which Your Personal Information might be used and the safeguards We put in place in the course of our relationship with You to protect Your Personal Information.
By using the Service, You expressly consent to our processing of Your Personal Information (as defined below) as described in this Privacy Policy, and to being bound by the provisions hereof.
Who We are
We are a technology company developing passive authentication and typing biometrics technologies. TypingDNA Inc. is a US Delaware corporation, headquartered in 77 Sands Street, Brooklyn, New York, 11201.
The Service
We have developed a user identity verification (authentication) software/application that uses an individual's typing biometrics to verify such user's authenticity (the "Service"). The Service analyses the way people type in order to determine an individual's particular typing patterns defined as behavioural patterns and data that can be related to typing, touch and pointer input (including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, touch and swipe pattern etc.).
Such individual typing patterns are then used to verify that it is indeed You (and not someone else using your device(s), with or without your permission) that is accessing a service, logging into an account, performing a transaction etc. This minimizes the risk that Your devices are used fraudulently or without Your permission and ensures that user log-in, authentication/ verification is performed smoothly.
Enrollment in the Service is purely voluntary. Upon Your first enrollment in the Service (or anytime subsequently when Your typing pattern(s) cannot be verified by the Service, or You request that your account details be reset), We will send You a verification code via SMS, email, WhatsApp or another channel.
The only information We request in the Service enrollment process is limited to phone number and/or email address. We do not request Your name or any other particular or unique identifier about You. For this reason, (in the absence of other data or information about You) We do not know who You are specifically. We rely on Your representation that You are the rightful owner or holder of the phone number/email address You used during Your enrollment into the Service.
We associate Your typing pattern(s) only with Your telephone number and/or email address (but not with Your name specifically). We do not rely on other identification details (such as Your name) to provide the Service. We do not request Your name or other unique identifier about You for the purposes of providing the Service, and do not collect or process such individual information about You. In the absence of further information/data about You, We are unable to link Your telephone number and/or email address with You as an individual specifically.
We bear no responsibility or liability whatsoever if Your phone or other device is stolen or hacked, and there is an unauthorised use or access by a third party of Your phone number and/or email address.
Personal Information
So we are clear about the terminology we are using, "Personal Information" means any information describing or relating to an identified or identifiable individual (where an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual).
When we use the phrase "Personal Information" in this Privacy Policy, We refer collectively to the categories of personal data that may be collected by Us from You and/or provided by You while using the Service, and/or further extracted or derived by Us on the basis of such information. As mentioned above, despite collecting Your phone number and/or email address, We are typically unable to link such information with You specifically as an individual without additional details about You. To afford You the best protection, We will consider such information which You provide to Us as Personal Information within the meaning of data privacy laws. We may however request that You make unequivocal proof of Your identity should You wish to exercise certain data subject rights, in order to ensure that We protect Your confidentiality and the security of Your data.
When We use the term "typing patterns" in this Privacy Policy, We refer to behavioural patterns and data that can be related to typing, touch and pointer input (including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, device movement and positioning data, mouse, touch and swipe data, etc).
We seek to collect and process limited categories of Personal Information about You - for this purpose, we will collect Your telephone number and/or email address for the purposes of opening a TypingDNA Verify 2FA account for You, providing the Service and creating a secure database of Your typing patterns resulting solely from Your use of the Service.
We will also collect and further process any typing patterns You provide while using the Service (i.e. we will collect Your typing pattern(s) every time you use the Service (e.g. for account log-in/authentication, transaction confirmation etc). We use such typing patterns to provide and continuously improve the Service and to further advance development of behavioral biometrics authentication applications and technologies.
When You use the Service, We can also collect and further process: Your Internet Protocol (IP) address, location data, device type, device fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others).
We use automated systems to analyse Your data, using techniques such as machine learning in order to meet the purposes of the Service.
When we refer to "You" in this Privacy Policy, such reference is limited strictly to individuals who have agreed to the End User Agreement and use the Service in accordance with the purposes thereof.
Anonymous and Aggregate Information
When we use the phrase "Anonymous Information" in this Privacy Policy, we mean information rendered anonymous in such a way that it cannot or can no longer be used to personally identify an individual.
Like many companies, we monitor the use of the Service by collecting aggregate information. No personally identifiable data are collected in this process. Typically, we collect information about the number of users of the Service and the originating domain name of the visitor's Internet Service Provider. Also, We may collect non-personal information about Your use of the Service such as, IP address, log files, user activity, time stamps, etc. Finally, We may also collect technical information transmitted by Your device, including certain software and hardware information (e.g. the type of browser and operating system Your device uses, language preferences, access time and the domain name of the website from which You linked to the Service etc). This information is typically used to improve the usability, performance and effectiveness of the Service.
Important note: For the avoidance of doubt, any aggregate, non-personal or technical information collected, which is or may be connected or linked to the identities of the relevant users, shall be deemed as 'personal data' (as such term is defined in the applicable data privacy laws) as long as such connection or linkage exists or may be made using all the means reasonably likely to be used. In such situations, the provisions in this Privacy Policy regarding Personal Information shall apply mutatis mutandis to the aggregate, non-personal or technical data mentioned herein. For clarity purposes, as an example, if we have sufficient information to link an IP address to a particular individual user (e.g., through login details, cookies, or any other information or technology) then that IP address is Personal Information, and is subject to the full protections of data protection law and this Privacy Policy.
Source of Personal Information Collection
We require that You, or the service that verifies You with TypingDNA Verify 2FA, submit certain Personal Information about yourself, such as your telephone number and/or email address, as well as Your typing patterns (and other Personal Information as stated above), when You enroll into and on each subsequent use of the Service.
Purposes and legal basis of processing of Personal Information
We collect and use the Personal Information We collect from You when you register to first use the Service and on each subsequent use of the Service. We process such Personal Information exclusively for the purposes of providing the Service and further advancing the development of Our verification/authentication applications.
We may use Your e-mail address also to respond to any correspondence or to respond to Your requests to provide support or information You have requested.
We use Your Personal Information:
We will limit Personal Information that We collect and further process about You only to what is limited for the purposes of processing mentioned above (or other limited purposes which are consistent with the primary purposes mentioned above). We will not use Your Personal Information in a manner which is incompatible with the purposes for which it has been initially collected and/or authorized by You, unless We obtain Your prior consent.
We collect, process, use and, as applicable, disclose Personal Information related to you on the basis of the following legal grounds under the General Data Protection Regulation ("GDPR2 "):
Recipients of Personal Information
WE may disclose Your Personal Information: (a) to third party vendors/suppliers who help us provide the Service; (b) as required by law, such as to comply with a subpoena or otherwise in response to a lawful request by public authorities (including to meet national security or law enforcement requirements), or similar legal process when We believe in good faith that disclosure is necessary to protect our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request; (c) to a parent company, investor, subsidiary, joint venture, or other companies under common control with us (collectively, "Affiliates"), in the event we have such Affiliates now or in the future, in which case We will require our Affiliates to honour this Privacy Policy, or (d) to a company that merges with us, acquires us, or purchases our assets, or a successor in interest in bankruptcy, in which case such company may continue to process Your Personal Information as set forth in this Privacy Policy. We may also disclose Your Personal Information to our partners assisting us in the processing of such data for the purposes of the Service (to the extent feasible for the purposes of the Service, We may anonymise such data before disclosing it to Our business partners). We will implement appropriate data processing agreements to ensure that such recipients of Your Personal Information process such data in accordance with the relevant data protection laws.
We will share Your Personal Information with third parties only in the ways that are described in this Privacy Policy, only to the extent necessary as per the applicable purpose of the disclosure and in strict compliance with applicable data privacy laws (including by observing the requirement to conclude compliant data processing agreements with any third party processor carrying out their tasks on Our behalf and upon Our instructions). We do not otherwise share or sell Your Personal Information with or to third parties. We may use and disclose Anonymous Information without restriction.
We do not and will not share, disclose, sell, rent, or otherwise provide Your Personal Information to other companies for the marketing of their own products or services.
If You do not want us to disclose your Personal Information to a third party, please write to us at dataprivacy@typingdna.com in this sense. We will take all measures which may be feasible to give effect to such request, but may continue to disclose Your Personal Information to a third party acting as an agent/data processor performing tasks on our behalf and under our instructions, only to the extent strictly required for such operations.
Transfer of Personal Information
Third parties to which We may disclose Your Personal Information may be located within the European Union and elsewhere in the world (including the United States). As a result, Your Personal Information may be transferred to countries whose data protection laws may be less stringent than the laws in Your country.
We will ensure that suitable safeguards are in place to protect Your Personal Information and that the transfer of Your Personal Information complies with applicable data protection laws.
Where required by applicable data protection laws, We will ensure that service providers (including other associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter. You can obtain a copy of any standard contractual clauses in place, which relate to transfers of Your Personal Information by contacting dataprivacy@typingdna.com, although some details may be redacted for confidentiality reasons.
Rights with regard to Personal Information
You have a number of rights under the GDPR in relation to Your Personal Information, as stated below. Please note that the exercise of such rights may be restricted, especially where We cannot reasonably (taking into consideration all information we hold about You) identify and confirm that the person making a data subject request is indeed You. Unless We receive sufficient information to be reasonably certain that the person making a data subject request is indeed You, We will not provide Your Personal Information to people claiming to be You simply because they have access to Your phone number and/or email address. This measure is intended to protect You against fraud and identity theft.
Subject to the above, You have the following rights with respect to Your Personal Information:
TypingDNA SRL has been appointed as TypingDNA Inc's representative in the European Union. If You are located in the European Union, you may refer any complaints/disputes related to the processing of Your Personal Information hereunder to the competent data protection supervisory authority in Romania (see above). We encourage You to resolve any concerns/complaints with respect to the processing of Your Personal Information for the purposes, or in the context, of the Service, directly with Us first.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), Our interests (e.g. the maintenance of legal privilege) or rights and freedoms of others, as provided by the GDPR.
While We will make good faith efforts to provide You with access to Your Personal Information, We may deny or limited access to such Personal Information where: this would interfere with the execution or enforcement of the law or with private causes of action (including the prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights and interest of others would be violated through such disclosure; this would prejudice the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving Us. We will of course endeavour to offer You an adequate explanation of the necessity, and reason for, restricting access in the circumstances mentioned above.
If You exercise any of these rights, We will check Your entitlement and respond without undue delay, but not later than within a month. In complex cases or at times of receiving numerous requests, this period may be extended by two further months of which we Will inform You.
To review or update Your Personal Information to ensure it is accurate, please write to us at dataprivacy@typingdna.com informing us of any changes that may need to be made in respect of Your Personal Information and We will update such information on Your behalf and in Our systems.
If You want Us to delete Your TypingDNA Verify 2FA account, You will no longer be able to use the Service. Certain information is necessary in order for Us to provide the Service; therefore, if You delete such necessary information you will no longer be able to use the Service, unless You choose to re-enroll.
Please remember, however, if We have already disclosed some of this information to third parties, We may not be able to access that information any longer or force the deletion or modification of any such information by the parties to whom We have made those disclosures. We will of course comply with any legal obligation We may have to notify them of Your request.
Please note that even though You may request the deletion of Your Personal Information by Us, We may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to keep this information and not delete it, or to keep this information for a certain time, in which case We will comply with Your account deletion request only after We have fulfilled such requirements. When You request deletion of Your account information, Personal Information will be deleted from the active database, but (limited) Personal Information may remain in Our archives where legally permitted.
Please note that any processing of Your Personal Information prior to the deletion of Your account will remain valid under the legal grounds then prevailing.
You can exercise any of your rights as stated above, by sending us a request to dataprivacy@typingdna.com. We will endeavour to respond to any such request as soon as possible, and in any event within the legal deadline.
Information Security
The security of Your Personal Information is important to Us. We use appropriate technical and organizational methods to protect the Personal Information submitted to, or otherwise processed by, Us, both during transmission and once we receive it from loss, misuse or unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
We take great care in implementing and maintaining the security of the Service, your account data and of Your Personal Information. We have put in place appropriate technical and organizational measures to protect Your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing, in accordance with the law. In addition, We employ industry standard procedures and controls to ensure the safety of your personal data, such as: secure network typology which includes Firewall systems; encrypted communication, authentication and access control, external and internal audit tests, etc.
Your Personal Information (including typing biometrics) is stored on virtual servers hosted by different cloud services and third party SaaS (Software as a Service) providers, in a secured database behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply, and which is being transferred between the browser and the server/connection is encrypted via Secure Socket Layer (SSL) technology. We store sensible data encrypted via AES256 (Advanced Encryption Standard 256).
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of Your Personal Information.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, although We take reasonable steps to safeguard information, We cannot be responsible for the acts of those who gain unauthorised access or abuse the Service and We make no warranty, express, implied or otherwise, that we will prevent such access.
Cookies & Other Anonymous Information
As you use the Service, certain Anonymous Information may be collected and stored via cookies and similar technologies, such as Your Internet protocol address, domain names, browser type, click-stream data, and access times.
A cookie is a small text file that is stored on a user's computer/device for record-keeping purposes. We use cookies. We do not link the information We store in cookies to any Personal Information You submit while using the Service, without Your express consent.
We use cookies to:
We may also use trusted third-party services that track this information on Our behalf.
We may use both session ID cookies and persistent cookies. We use session cookies to make it easier for You to use the Service. A session ID cookie expires when You close Your browser. A persistent cookie remains on Your hard drive for an extended period of time.
You can choose to have Your computer warn you each time a cookie is being sent, or You can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify Your cookies preferences. If You disable cookies in your browser, some features will be disabled. Some of the features that make Your experience more efficient may not function properly.
We may use the Anonymous Information we collect from you to customize content and layout for You and improve Our internal operations and the content of Our Service. With Your opt-in consent, We may combine this Anonymous Information with Your Personal Information such that the information is no longer anonymous.
Changes to the Privacy Policy
We may update this Privacy Policy to reflect changes to Our information practices. If We make material changes to this Privacy Policy, We will seek to notify you by email (if provided during the Service enrollment process) prior to the change becoming effective. We encourage You to review the latest information on Our privacy practices available here: https://www.typingdna.com/legal/verify-privacy-policy. Continued use of the Service will indicate Your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
Any changes to this Privacy Policy may affect Our use or disclosure of Personal Information collected prior to the changes. If You do not agree to any of the changes, You should notify Us prior to the effective date of the changes that you wish to terminate Your account with Us.
Retention Period
We endeavour to ensure that Personal Information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We retain Personal Information about You only for as long as it serves a purpose of processing mentioned in this Privacy Policy. This does not prevent us from processing your Personal Information for longer periods of time, to the extent such processing reasonably serves other purposes, including for statistical analysis.
Once We anonymise Your Personal Data, such data will no longer constitute 'personal data' within the meaning of personal data protection laws. We may retain such anonymised data and use it for further analysis and research and development purposes, without restrictions.
Some Personal Information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. We will generally retain Your Personal Information only so long as it is required for purposes for which it was collected. Where Your Personal Information is no longer required, We will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Subject to the principles set out in the above paragraph, We will delete Your account data the earlier of (i) your express request to dataprotection@typingdna.com; or (b) 10 years after your last use of the Service.
Note: We may continue to use Your typing pattern(s) if We have used such typing pattern(s) to build an algorithm or to further develop and improve an algorithm. If We do so, we undertake to anonymise/ de-personalise Your typing pattern(s) in such a way that it can no longer be linked to You and therefore no longer constitute Personal Information about You.
Children
The Service is not directed to children and children are not eligible to use our Service.
Protecting the privacy of children is very important to Us. We do not collect or maintain Personal Information from people We actually know are under 16 years of age or persons under the age of legal consent in any jurisdiction ("Legally of Age").
If we learn that a Service user is not Legally of Age, We will take steps to remove that user's information from our databases and to prevent the user from utilizing the Service.
If You are the parent or a legal guardian of a person that is not Legally of Age who uses Our Service, or who you believe has otherwise provided Personal Information to Us, please contact Us using the details set out at the end of this Privacy Policy to have the information deleted. We encourage parents and legal guardians to inform children about how to use the Internet in a safe and responsible manner.
Representation of TypingDNA Inc. for the purposes of data privacy regulations
For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the representative of TypingDNA Inc. in the territory of the European Union and may be addressed, in addition to or instead of, TypingDNA Inc. by, in particular, supervisory authorities and data subjects located in the European Union, on all issues related to personal data processing performed by Us, for the purposes of ensuring compliance with the GDPR.
TypingDNA SRL is a Romanian limited liability company, headquartered in Romania, Oradea, Str. Vasile Conta no. 32, 1st floor, office no. 22, registered with the Trade Registry under no. J5/1153/2016, unique registration code 36172414.
Questions about this Privacy Policy & Exercising your rights as a Data subject
If you have questions or comments about this Privacy Policy, or wish to exercise any of Your data subject rights under the GDPR, or otherwise make any request as specified further in this Privacy Policy, please contact Us at: dataprivacy@typingdna.com.
If You are dissatisfied with Our use of your Personal Information or Our response to any exercise of Your rights under the GDPR, You have the right to complain to the data protection authority: http://www.dataprotection.ro/.
In order to ensure timely resolution, We encourage You to reach out to us first with respect to any queries, questions or complaints You may have in relation to Our processing of Your Personal Information. We will endeavour to respond as soon as practicable.
Date: March 2021
โ1 TypingDNA Inc. a US Delaware corporation, headquartered in 77 Sands Street Brooklyn, NY, 11201.
2 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data;