By using TypingDNA Verify 2FA (the “Service”, as further
described in the
End User Agreement), You consent to Us collecting and further processing certain
Personal Information (as defined below) You provide to Us or to
other vendors which have implemented TypingDNA Verify 2FA within their
websites/platforms, or which We are otherwise able to extract or receive
from such Personal Information.
TypingDNA Inc1. (referred to as “TypingDNA”, “We” or “Us”)
controls the purpose for which, and the manner in which,
Personal Information (as defined below) about individuals using the
Service are processed. We are therefore the data controller with
respect to Personal Information about You processed by Us in
relation to the Service. Our contact details are set out at the end
collect and further process about You, the purposes for which Your
Personal Information might be used and the safeguards We put in
place in the course of our relationship with You to protect Your
By using the Service, You expressly consent to our processing of
Your Personal Information (as defined below) as described in this
Who We are
We are a technology company developing passive authentication and typing
biometrics technologies. TypingDNA Inc. is a US Delaware corporation,
headquartered in 77 Sands Street, Brooklyn, New York, 11201.
We have developed a user identity verification (authentication)
software/application that uses an individual's typing biometrics to verify
such user's authenticity (the "Service"). The
Service analyses the way people type in order to determine an
individual's particular typing patterns defined as behavioural patterns
and data that can be related to typing, touch and pointer input
(including, but not limited to, speed of typing, pressure applied, intervals between keystrokes, telemetry information, typing rhythms, touch and swipe pattern etc.).
Such individual typing patterns are then used to verify that it is indeed
You (and not someone else using your device(s), with or without your
permission) that is accessing a service, logging into an account,
performing a transaction etc. This minimizes the risk that Your devices
are used fraudulently or without Your permission and ensures that user
log-in, authentication/ verification is performed smoothly.
Enrollment in the Service is purely voluntary. Upon Your first
enrollment in the Service (or anytime subsequently when Your typing
pattern(s) cannot be verified by the Service, or You request that
your account details be reset), We will send You a verification code via
SMS, email, WhatsApp or another channel.
The only information We request in the Service enrollment process
is limited to phone number and/or email address. We do not request Your
name or any other particular or unique identifier about You. For this
reason, (in the absence of other data or information about You) We do not
know who You are specifically. We rely on Your representation that You are
the rightful owner or holder of the phone number/email address You used
during Your enrollment into the Service.
We associate Your typing pattern(s) only with Your telephone number and/or
email address (but not with Your name specifically). We do not rely on
other identification details (such as Your name) to provide the
Service. We do not request Your name or other unique identifier
about You for the purposes of providing the Service, and do not
collect or process such individual information about You. In the absence
of further information/data about You, We are unable to link Your
telephone number and/or email address with You as an individual
We bear no responsibility or liability whatsoever if Your phone or other
device is stolen or hacked, and there is an unauthorised use or access by
a third party of Your phone number and/or email address.
So we are clear about the terminology we are using, "Personal Information" means any information describing or relating to an identified or
identifiable individual (where an identifiable individual is an individual
who can be identified, directly or indirectly, in particular by reference
to an identifier such as a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of
When we use the phrase "Personal Information" in this
data that may be collected by Us from You and/or provided by You while
using the Service, and/or further extracted or derived by Us on the
basis of such information. As mentioned above, despite collecting Your
phone number and/or email address, We are typically unable to link such
information with You specifically as an individual without additional
details about You. To afford You the best protection, We will consider
such information which You provide to Us as
Personal Information within the meaning of data privacy laws. We
may however request that You make unequivocal proof of Your identity
should You wish to exercise certain data subject rights, in order to
ensure that We protect Your confidentiality and the security of Your data.
refer to behavioural patterns and data that can be related to typing,
touch and pointer input (including, but not limited to, speed of typing,
pressure applied, intervals between keystrokes, telemetry information,
typing rhythms, device movement and positioning data, mouse, touch and
swipe data, etc).
We seek to collect and process limited categories of
Personal Information about You - for this purpose, we will collect
Your telephone number and/or email address for the purposes of opening a
TypingDNA Verify 2FA account for You, providing the Service and
creating a secure database of Your typing patterns resulting solely from
Your use of the Service.
We will also collect and further process any typing patterns You provide
while using the Service (i.e. we will collect Your typing
pattern(s) every time you use the Service (e.g. for account
log-in/authentication, transaction confirmation etc). We use such typing
patterns to provide and continuously improve the Service and to
further advance development of behavioral biometrics authentication
applications and technologies.
When You use the Service, We can also collect and further process:
Your Internet Protocol (IP) address, location data, device type, device
fingerprint, cursor movements, pointing devices movements (e.g. mouse,
touchpad, touchscreen, trackpad, others).
We use automated systems to analyse Your data, using techniques such as
machine learning in order to meet the purposes of the Service.
limited strictly to individuals who have agreed to the End User Agreement
and use the Service in accordance with the purposes thereof.
Anonymous and Aggregate Information
When we use the phrase "Anonymous Information" in this
way that it cannot or can no longer be used to personally identify an
Like many companies, we monitor the use of the Service by
collecting aggregate information. No personally identifiable data
are collected in this process. Typically, we collect information about the
number of users of the Service and the originating domain name of
the visitor's Internet Service Provider. Also, We may collect
non-personal information about Your use of the Service such as, IP
address, log files, user activity, time stamps, etc. Finally, We may also
collect technical information transmitted by Your device, including
certain software and hardware information (e.g. the type of browser and
operating system Your device uses, language preferences, access time and
the domain name of the website from which You linked to the
Service etc). This information is typically used to improve the
usability, performance and effectiveness of the Service.
Important note: For the avoidance of doubt, any aggregate, non-personal
or technical information collected, which is or may be connected or
linked to the identities of the relevant users, shall be deemed as
'personal data' (as such term is defined in the applicable data privacy
laws) as long as such connection or linkage exists or may be made using
all the means reasonably likely to be used. In such situations, the
Personal Information shall apply mutatis mutandis to the
aggregate, non-personal or technical data mentioned herein. For clarity
purposes, as an example, if we have sufficient information to link an IP
address to a particular individual user (e.g., through login details,
cookies, or any other information or technology) then that IP address is
Personal Information, and is subject to the full protections of
Source of Personal Information Collection
We require that You, or the service that verifies You with TypingDNA
Verify 2FA, submit certain Personal Information about yourself, such as
your telephone number and/or email address, as well as Your typing
patterns (and other Personal Information as stated above), when You
enroll into and on each subsequent use of the Service.
Purposes and legal basis of processing of Personal Information
We collect and use the Personal Information We collect from You
when you register to first use the Service and on each subsequent
use of the Service. We process such
Personal Information exclusively for the purposes of providing the
Service and further advancing the development of Our
We may use Your e-mail address also to respond to any correspondence or to
respond to Your requests to provide support or information You have
We use Your Personal Information:
to provide the Service and better understand how our
Service is being used so We can improve the functionality and
reliability of the Service;
to research, further develop and improve our authentication algorithms
- to diagnose problems in our Service;
to reduce fraud, software piracy, and protect You as well as ourselves
from the same.
We will limit Personal Information that We collect and further
process about You only to what is limited for the purposes of processing
mentioned above (or other limited purposes which are consistent with the
primary purposes mentioned above). We will not use Your
Personal Information in a manner which is incompatible with the
purposes for which it has been initially collected and/or authorized by
You, unless We obtain Your prior consent.
We collect, process, use and, as applicable, disclose
Personal Information related to you on the basis of the following
legal grounds under the General Data Protection Regulation ("GDPR2 "):
Your consent (Art. 6(1) letter (a) GDPR): by choosing to use the
Service, You consent to Your Personal Information (more
specifically phone number, email address, typing patterns etc) being
collected and processed by Us for the purposes and as regulated in this
time, by sending an email to
or using the appropriate account reset/delete system. Withdrawal of
consent will have an effect only for the future and does not affect the
legitimacy of our processing of Your Personal Information until
that date. Please note that You may be unable to use the
Service if You do not provide consent to the processing of Your
Personal Information. We further note that We may continue to use
any part of Your Personal Information for which We may have other
legal grounds for processing in accordance with the applicable law.
By using the Service, You agree to the terms of this
agreement between You and Us.
We may use Your
Personal Information based on Your explicit consent for the
following purposes: (i) to provide you with the
Service (including any related apps, services and functionalities
thereof); (ii) to improve the quality of the Service and user
experience; (iii) to fulfil any request You make in relation to the
Service; (iv) to communicate with You; (v) or as otherwise
directed by You.
Additionally, we may use Your
Personal Information to create Anonymous Information for use in
scientific research, product development and market research. Once
anonymised, Your data (and, in particular, Your typing patterns) will no
longer constitute 'personal data' within the meaning of the applicable
data privacy laws.
our legitimate interests (Art. 6 (1) letter (f) GDPR): To the extent
necessary, We may also process Your Personal Information to
protect legitimate interests of our own and/or of third parties (such as
to resolve disputes and/or troubleshoot problems). When We process Your
Personal Data to meet Our legitimate interests, We balance our
legitimate interests against Your fundamental rights and freedoms and We
implement appropriate safeguards to ensure that Your interests, rights
and freedoms do not override Our legitimate interests. For more
information about this, please contact us at
Recipients of Personal Information
WE may disclose Your Personal Information: (a) to third party
vendors/suppliers who help us provide the Service; (b) as required
by law, such as to comply with a subpoena or otherwise in response to a
lawful request by public authorities (including to meet national security
or law enforcement requirements), or similar legal process when We believe
in good faith that disclosure is necessary to protect our rights, protect
Your safety or the safety of others, investigate fraud, or respond to a
government request; (c) to a parent company, investor, subsidiary, joint
venture, or other companies under common control with us (collectively,
"Affiliates"), in the event we have such Affiliates now or in the future,
in which case We will require our Affiliates to honour this
us, or purchases our assets, or a successor in interest in bankruptcy, in
which case such company may continue to process Your
may also disclose Your Personal Information to our partners
assisting us in the processing of such data for the purposes of the
Service (to the extent feasible for the purposes of the
Service, We may anonymise such data before disclosing it to Our
business partners). We will implement appropriate data processing
agreements to ensure that such recipients of Your
Personal Information process such data in accordance with the
relevant data protection laws.
We will share Your Personal Information with third parties only in
extent necessary as per the applicable purpose of the disclosure and in
strict compliance with applicable data privacy laws (including by
observing the requirement to conclude compliant data processing agreements
with any third party processor carrying out their tasks on Our behalf and
upon Our instructions). We do not otherwise share or sell Your
Personal Information with or to third parties. We may use and
disclose Anonymous Information without restriction.
We do not and will not share, disclose, sell, rent, or otherwise provide
Your Personal Information to other companies for the marketing of
their own products or services.
If You do not want us to disclose your Personal Information to a
third party, please write to us at
in this sense. We will take all measures which may be feasible to give
effect to such request, but may continue to disclose Your
Personal Information to a third party acting as an agent/data
processor performing tasks on our behalf and under our instructions, only
to the extent strictly required for such operations.
Transfer of Personal Information
Third parties to which We may disclose Your
Personal Information may be located within the European Union and
elsewhere in the world (including the United States). As a result, Your
Personal Information may be transferred to countries whose data
protection laws may be less stringent than the laws in Your country.
We will ensure that suitable safeguards are in place to protect Your
Personal Information and that the transfer of Your
Personal Information complies with applicable data protection laws.
Where required by applicable data protection laws, We will ensure that
service providers (including other associated companies) sign standard
contractual clauses as approved by the European Commission or other
supervisory authority with jurisdiction over the relevant data exporter.
You can obtain a copy of any standard contractual clauses in place, which
relate to transfers of Your Personal Information by contacting
email@example.com, although some details may be redacted for confidentiality reasons.
Rights with regard to Personal Information
You have a number of rights under the GDPR in relation to Your
Personal Information, as stated below. Please note that the
exercise of such rights may be restricted, especially where We cannot
reasonably (taking into consideration all information we hold about You)
identify and confirm that the person making a data subject request is
indeed You. Unless We receive sufficient information to be reasonably
certain that the person making a data subject request is indeed You, We
will not provide Your Personal Information to people claiming to be
You simply because they have access to Your phone number and/or email
address. This measure is intended to protect You against fraud and
Subject to the above, You have the following rights with respect to Your
the right of access pursuant to Art. 15 GDPR: You have the right to obtain from Us confirmation as to whether or
not Personal Information concerning You is being processed, and,
where that is the case, access to (including by obtaining a copy of)
such Personal Information and the manner in which, and the
purposes for which We process Your Personal Information so that
You can verify its accuracy and the lawfulness of the processing; Please
note that once We convert Your Personal Information into
Anonymous Information, We will no longer be able to provide You
with a copy of any such data which was initially provided by You as
the right to rectification pursuant to Art. 16 GDPR: You have the right to obtain from Us the rectification of inaccurate
Personal Information concerning You, and the right to have
incomplete personal data completed, including by means of providing a
the right to erasure pursuant to Art. 17 GDPR: You have the right to obtain from Us the erasure of Your
Personal Information where (a) Your
Personal Information is no longer necessary for the purpose for
which it was collected/processed; (b) You wish to withdraw Your consent
to the processing of such data by Us (except where We have another legal
ground for the processing that We may rely on); (c) where processing is
based on Our legitimate interests and there are no overriding legitimate
grounds for processing; (d) where Your Personal Information has
been unlawfully processed;
the right to restriction of processing pursuant to Art. 18 GDPR: You have the right to obtain from Us the restriction of processing of
Your Personal Information where (a) the accuracy of such
Personal Information is contested by You (for such period as will
enable Us to verify the accuracy of Your Personal Information);
(b) the processing of Your Personal Information is unlawful, but
You object to the deletion of such data and request restriction of its
use instead; (c) You consider that We no longer need Your
Personal Information for the purposes of the processing, but
require such Personal Information for the establishment, exercise
or defence of legal claims; (d) You have objected to the processing of
Your Personal Data on grounds of 'legitimate interest' as per (iii)
above, pending verification by Us on whether Our legitimate grounds
override Your own.
the right to objection pursuant to Art. 21 GDPR: You have the right to object, on grounds relating to Your particular
situation, at any time to processing of Your
Personal Information, which is based on Our legitimate interests.
We shall no longer process the personal data unless We have compelling
legitimate grounds for the processing which override Your interests,
rights and freedoms or for the establishment, exercise or defence of
legal claims. You may object to the processing of Your
Personal Information for direct marketing purposes at any time,
without giving reason.
the right to data portability pursuant to Art. 20 GDPR: You have the right to receive Personal Information concerning
You, and which You have provided to Us, in a structured, commonly used
and machine-readable format, and to transmit such data to another data
controller (please note this applies only where Our processing of Your
Personal Information is based on Your consent or on a contract,
and the processing is carried out by automated means).
the right to appeal to a competent data protection supervisory
authority (Art. 77 GDPR): you have the right to appeal to the competent data protection
supervisory authority - in Romania, where our representative (for the
purposes of the GDPR) within the territory of the European Union is
located, such data privacy supervisory authority is the Romanian
National Authority for the Supervision of Personal Data Processing (www.dataprotection.ro).
TypingDNA SRL has been appointed as TypingDNA Inc's representative in the
European Union. If You are located in the European Union, you may refer
any complaints/disputes related to the processing of Your
Personal Information hereunder to the competent data protection
supervisory authority in Romania (see above). We encourage You to resolve
any concerns/complaints with respect to the processing of Your
Personal Information for the purposes, or in the context, of the
Service, directly with Us first.
Your exercise of these rights is subject to certain exemptions to
safeguard the public interest (e.g. the prevention or detection of crime),
Our interests (e.g. the maintenance of legal privilege) or rights and
freedoms of others, as provided by the GDPR.
While We will make good faith efforts to provide You with access to Your
Personal Information, We may deny or limited access to such
Personal Information where: this would interfere with the execution
or enforcement of the law or with private causes of action (including the
prevention, investigation or detection of offences or the right to a fair
trial); the legitimate rights and interest of others would be violated
through such disclosure; this would prejudice the confidentiality
necessary in monitoring, inspection or regulatory functions connected with
sound management, or in future or ongoing negotiations involving Us. We
will of course endeavour to offer You an adequate explanation of the
necessity, and reason for, restricting access in the circumstances
If You exercise any of these rights, We will check Your entitlement and
respond without undue delay, but not later than within a month. In complex
cases or at times of receiving numerous requests, this period may be
extended by two further months of which we Will inform You.
To review or update Your Personal Information to ensure it is
accurate, please write to us at
informing us of any changes that may need to be made in respect of Your
Personal Information and We will update such information on Your
behalf and in Our systems.
If You want Us to delete Your TypingDNA Verify 2FA account, You will no longer
be able to use the Service. Certain information is necessary in
order for Us to provide the Service; therefore, if You delete such
necessary information you will no longer be able to use the
Service, unless You choose to re-enroll.
Please remember, however, if We have already disclosed some of this
information to third parties, We may not be able to access that
information any longer or force the deletion or modification of any such
information by the parties to whom We have made those disclosures. We will
of course comply with any legal obligation We may have to notify them of
Please note that even though You may request the deletion of Your
Personal Information by Us, We may be required (by law or
otherwise, such as to prevent fraud, resolve disputes, or troubleshoot
problems) to keep this information and not delete it, or to keep this
information for a certain time, in which case We will comply with Your
account deletion request only after We have fulfilled such requirements.
When You request deletion of Your account information,
Personal Information will be deleted from the active database, but
(limited) Personal Information may remain in Our archives where
Please note that any processing of Your Personal Information prior
to the deletion of Your account will remain valid under the legal grounds
You can exercise any of your rights as stated above, by sending us a
firstname.lastname@example.org. We will endeavour to respond to any such request as soon as possible,
and in any event within the legal deadline.
The security of Your Personal Information is important to Us. We
use appropriate technical and organizational methods to protect the
Personal Information submitted to, or otherwise processed by, Us,
both during transmission and once we receive it from loss, misuse or
unauthorized access, disclosure, alteration and destruction, taking into
account the risks involved in the processing and the nature of the
We take great care in implementing and maintaining the security of the
Service, your account data and of Your Personal Information.
We have put in place appropriate technical and organizational measures to
protect Your Personal Information against accidental or unlawful
destruction, loss, alteration, unauthorized disclosure or access and
against all other unlawful forms of processing, in accordance with the
law. In addition, We employ industry standard procedures and controls to
ensure the safety of your personal data, such as: secure network typology
which includes Firewall systems; encrypted communication, authentication
and access control, external and internal audit tests, etc.
Your Personal Information (including typing biometrics) is stored
on virtual servers hosted by different cloud services and third party SaaS
(Software as a Service) providers, in a secured database behind
secured networks and is only accessible by a limited number of persons who
have special access rights to such systems and are required to keep the
information confidential. In addition, all sensitive information you
supply, and which is being transferred between the browser and the
server/connection is encrypted via Secure Socket Layer (SSL) technology.
We store sensible data encrypted via AES256 (Advanced Encryption Standard
We implement a variety of security measures when a user enters, submits,
or accesses their information to maintain the safety of Your
No method of transmission over the Internet, or method of electronic
storage, is 100% secure, however. Therefore, although We take reasonable
steps to safeguard information, We cannot be responsible for the acts of
those who gain unauthorised access or abuse the Service and We make
no warranty, express, implied or otherwise, that we will prevent such
Cookies & Other Anonymous Information
As you use the Service, certain Anonymous Information may be
collected and stored via cookies and similar technologies, such as Your
Internet protocol address, domain names, browser type, click-stream data,
and access times.
A cookie is a small text file that is stored on a user's computer/device
information We store in cookies to any Personal Information You
submit while using the Service, without Your express consent.
- improve and provide security in our applications;
- improve and provide the Service;
- understand and save user's preferences for future visits;
compile aggregate data about the use of the Service in order to
offer better user experiences and tools in the future.
We may also use trusted third-party services that track this information
on Our behalf.
We may use both session ID cookies and persistent cookies. We use session
cookies to make it easier for You to use the Service. A session ID
cookie expires when You close Your browser. A persistent cookie remains on
Your hard drive for an extended period of time.
You can choose to have Your computer warn you each time a cookie is being
sent, or You can choose to turn off all cookies. You do this through your
browser settings. Since each browser is a little different, look at your
browser's Help Menu to learn the correct way to modify Your cookies
preferences. If You disable cookies in your browser, some features will be
disabled. Some of the features that make Your experience more efficient
may not function properly.
We may use the Anonymous Information we collect from you to
customize content and layout for You and improve Our internal operations
and the content of Our Service. With Your opt-in consent, We may
combine this Anonymous Information with Your
Personal Information such that the information is no longer
information practices. If We make material changes to this
during the Service enrollment process) prior to the change becoming
effective. We encourage You to review the latest information on Our
privacy practices available here:
https://www.typingdna.com/legal/verify-privacy-policy. Continued use of the Service will indicate Your acknowledgement
of such changes and agreement to be bound by the terms and conditions of
of Personal Information collected prior to the changes. If You do
not agree to any of the changes, You should notify Us prior to the
effective date of the changes that you wish to terminate Your account with
We endeavour to ensure that Personal Information is kept as current
as possible and that irrelevant or excessive data is deleted or made
anonymous as soon as reasonably practicable. We retain
Personal Information about You only for as long as it serves a
not prevent us from processing your Personal Information for longer
periods of time, to the extent such processing reasonably serves other
purposes, including for statistical analysis.
Once We anonymise Your Personal Data, such data will no longer constitute
'personal data' within the meaning of personal data protection laws. We
may retain such anonymised data and use it for further analysis and
research and development purposes, without restrictions.
Some Personal Information may be retained for varying time periods
in order to comply with legal and regulatory obligations and for other
legitimate business reasons. We will generally retain Your
Personal Information only so long as it is required for purposes
for which it was collected. Where Your Personal Information is no
longer required, We will ensure it is either securely deleted or stored in
a way which means it will no longer be used by the business.
Subject to the principles set out in the above paragraph, We will delete
Your account data the earlier of (i) your express request to
email@example.com; or (b) 10 years after your last use of the
Note: We may continue to use Your typing pattern(s) if We have used such
typing pattern(s) to build an algorithm or to further develop and improve
an algorithm. If We do so, we undertake to anonymise/ de-personalise Your
typing pattern(s) in such a way that it can no longer be linked to You and
therefore no longer constitute Personal Information about You.
The Service is not directed to children and children are not
eligible to use our Service.
Protecting the privacy of children is very important to Us. We do not
collect or maintain Personal Information from people We actually
know are under 16 years of age or persons under the age of legal consent
in any jurisdiction ("Legally of Age").
If we learn that a Service user is not Legally of Age, We
will take steps to remove that user's information from our databases and
to prevent the user from utilizing the Service.
If You are the parent or a legal guardian of a person that is not
Legally of Age who uses Our Service, or who you believe has
otherwise provided Personal Information to Us, please contact Us
the information deleted. We encourage parents and legal guardians to
inform children about how to use the Internet in a safe and responsible
Representation of TypingDNA Inc. for the purposes of data privacy
For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the
representative of TypingDNA Inc. in the territory of the European Union
and may be addressed, in addition to or instead of, TypingDNA Inc. by, in
particular, supervisory authorities and data subjects located in the
European Union, on all issues related to personal data processing
performed by Us, for the purposes of ensuring compliance with the GDPR.
TypingDNA SRL is a Romanian limited liability company, headquartered in
Romania, Oradea, Str. Santului 2E, 1st floor, registered with the Trade Registry under no. J5/1153/2016, unique
registration code 36172414.
wish to exercise any of Your data subject rights under the GDPR, or
otherwise make any request as specified further in this
If You are dissatisfied with Our use of your
Personal Information or Our response to any exercise of Your rights
under the GDPR, You have the right to complain to the data protection
In order to ensure timely resolution, We encourage You to reach out to us
first with respect to any queries, questions or complaints You may have in
relation to Our processing of Your Personal Information. We will
endeavour to respond as soon as practicable.
Date: October 2022
1 TypingDNA Inc. a US Delaware corporation, headquartered in 77 Sands Street Brooklyn, NY, 11201.
2 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data;