TypingDNA SRL1 and TypingDNA Inc.2 (referred to collectively and individually as “TypingDNA”,
“we” or “us”) realize that our platform, https://www.typingdna.com/ (the “Website”) and any
related services (the “Services”) we offer, including mobile applications, can only work if we build a
relationship of trust with our users.
We control the purpose for which, and the manner in which, Personal Information (as defined below) about individuals accessing the Website, trying or using our Services and/or respectively being targeted by us for marketing purposes in relation to our provision of the Services is processed. We are therefore the data controller under applicable data privacy laws.
We are a technology company developing passive authentication and typing biometrics API (Application Programming Interfaces). Our mission is to improve security without compromising user experience. Our technology is the most available online biometric technology – it works with any keyboard, on any device and does not need more than one previous sample to start working. We provide typing biometrics authentication as a service, an API that anyone can use for 2 Factor Authentication (2FA) and fraud prevention purposes
TypingDNA provides a number of products and Services, as follows:
So we are clear about the terminology we are using, “personal data" means any information
describing or relating to an identified or identifiable individual (where an identifiable individual is
an individual who can be identified, directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of
When you register on our Website to use our Services, or even a Demo version thereof, you will
need to provide personal information about yourself during the account creation/demo session –
this Personal Information includes: name/surname, your organization/company details (name and
website), age, job title/position, email address, phone number, line of work/industry and your
typing biometric. We can also collect and further process: your typing pattern (typing biometrics),
Internet Protocol (IP) address, location data, device type, device fingerprint, cursor movements,
pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others).
We collect such Personal Information from you when you register on our Website, subscribe to a newsletter, try a demo, respond to a survey, fill out a form or enter information on our Website, or when you provide us with feedback on our products or Services. If you are a Prospect, we collect and process such further Personal Information about you (as stated above) from public sources as mentioned above.
To help keep our databases current and to provide you the most relevant content and experiences, we may combine information provided by you with information from other sources, in accordance with applicable law. For example, from these sources, we may learn about the size, industry, and other information about the company you work for.
Also, we use automated systems to analyse your content using techniques such as machine learning in order to improve our Services and the Websites. This analysis may occur as the content is sent or received using an online feature of the Website or any of our Services or apps, or when the content is stored on our servers.
Please note that registered clients can use our Services to collect typing biometrics from their own users. We do not collect and/or further process any Personal Information regarding our client’s users and their typing biometrics.
It is up to the client to decide where and how to store the typing biometrics of its users (and to apply adequate data privacy and security measures to ensure that such data is maintained confidential and secure from unauthorized disclosure or modification). If the client stores the typing biometrics of its own users, it is entirely that client’s responsibility to handle such sensitive information with care and comply with the applicable data privacy laws, in particular regarding the end user’s consent to the collection, processing and usage of such information by the client and (in certain cases) by TypingDNA. If we are required to store the typing biometrics of our clients’ end users, such data is anonymized at our level. We do not associate any biometric data with any Personal Information from any end-user.
rendered anonymous in such a way that it cannot or can no longer be used to personally identify an
Like many companies, we monitor the use of the Website by collecting aggregate information. No personally identifiable data are collected in this process. Typically, we collect information about the number of visitors to the Website and the originating domain name of the visitor's Internet Service Provider. Also, we may collect non-personal information about your use of the Website and/or the Services such as, IP address, log files, user activity, time stamps, etc. Finally, we may also collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preferences, access time and the domain name of the website from which you linked to Website etc.). This information is typically used to improve the usability, performance and effectiveness of the Platform.
TypingDNA requires that you submit certain Personal Information about yourself, including your
email address and other Personal Information as stated above, when you apply for a Demo version
of our Services and/or register an account on the Website. This information is required for you to
be able to use the Website and therefore if you do not provide this information you will not be able
to use the Website.
In the course of registering for or using the Website and/or the Services, we may prompt you to provide additional Personal Information about yourself including your name, alternate email addresses, year of birth, and your city, state or country of residence, and you will also be asked to answer a few questions to help make the Website and/or the Services more useful to you. When you communicate with us through our Platform, we may collect and store any information that is contained in your communications with us. We do not automatically include or display Personal Information in your shared profile data.
We may collect and use the Personal Information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the Website and otherwise use our Services and/or apps, or use certain other site features in the following ways:
We will limit Personal Information that we collect and further process about you only to what is
limited for the purposes of processing mentioned above (or other limited purposes which are
consistent with the primary purposes mentioned above). We will not use your Personal
Information in a manner which is incompatible with the purposes for which it has been initially
collected and/or authorized by you, unless we obtain your prior consent. Examples of compatible
processing purposes may include those that reasonably serve customer relations, compliance and
legal considerations, auditing, security and fraud prevention and preserving or defending our legal
We collect, process, use and, as applicable, disclose Personal Information related to you on the basis of the following legal grounds under the GDPR:
By using the Website and/or signing up for any of the products or Services offered by TypingDNA,
between you (and your client, employer or another entity if you are acting on their behalf) as the
user of the Services and TypingDNA and its Affiliates. If we add any new features or tools to our
We may use your Personal Information based on your explicit consent for the following purposes: (i) to provide you with the Website (including any related apps, Services and functionalities thereof); (ii) to improve the quality of the Website and user experience; (iii) to fulfill any request you make; (iv) to communicate with you; (v) to contact you regarding other products and Services we offer if you have requested such information; (vi) or as otherwise directed by you.
To the extent necessary, we may also process your Personal Information to protect legitimate
interests of our own and of third parties such as (i) to resolve disputes and/or troubleshoot
TypingDNA policies. When we process your Personal Data to meet our legitimate interests, we
balance our legitimate interests against your fundamental rights and freedoms and we implement
appropriate safeguards to ensure that your interests, rights and freedoms do not override our
legitimate interests. For more information about the balancing tests that we have carried out,
please contact us at email@example.com.
From time to time, you may be offered the opportunity to respond to requests for additional information from TypingDNA, including but not limited to surveys, polls, questionnaires, and feedback.
When we communicate with you regarding the products and Services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. Please note that emails we send you may include a technology (called a web beacon) that tells us whether you have received or opened the email or clicked a link in the email.
If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at firstname.lastname@example.org requesting the same. We will cease using your Personal Information for direct marketing purposes once you have requested us to do so. Additionally, we may use your Personal Information to create Anonymous Information including for use in future scientific research, product development and market research, if you agree to let us do so.
Note: for the avoidance of doubt, TypingDNA does not use your Personal Data (including, in particular, your typing pattern) for the purposes of an automated decision-making process or for profiling.
TypingDNA uses the Website to facilitate your engagement in and use of the Website and/or the
Services we provide.
We do not and will not share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.
If you do not want us to disclose your Personal Information to a third party, please write to us at email@example.com in this sense. We will take all measures which may be feasible to give effect to such request, but may continue to disclose your Personal Information to a third party acting as an agent/data processor performing tasks on our behalf and under our instructions, only to the extent strictly required for such operations.
Third parties to which we may disclose your Personal Information may be located within the
European Union and elsewhere in the world (including the United States). As a result, your
Personal Information may be transferred to countries outside of the country where the Personal
Information was collected to countries whose data protection laws may be less stringent than the
laws in your country.
TypingDNA will ensure that suitable safeguards are in place to protect your Personal Information and that the transfer of your Personal Information complies with applicable data protection laws.
For the avoidance of doubt, please note that TypingDNA Inc. is a Delaware corporation that is enrolled in the EU-US Privacy Shield mechanism (for more details please see here: https://www.privacyshield.gov/welcome).
Where required by applicable data protection laws, we will ensure that service providers (including other associated companies) sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter. You can obtain a copy of any standard contractual clauses in place, which relate to transfers of your Personal Information by contacting firstname.lastname@example.org, although some details may be redacted for confidentiality reasons.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g.
the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) or
rights and freedoms of others, as provided by the GDPR and the EU-US Privacy Shield principles
(please see our dedicated Section on this below).
While we will make good faith efforts to provide you with access to your Personal Information, we may deny or limited access to such Personal Information where: this would interfere with the execution or enforcement of the law or with private causes of action (including the prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights and interest of others would be violated through such disclosure; this would prejudice the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving us. We will of course endeavour to offer you an adequate explanation of the necessity, and reason for, restricting access in the circumstances mentioned above.
If you exercise any of these rights, we will check your entitlement and respond without undue delay, but not later than within a month. In complex cases or at times of receiving numerous requests, this period may be extended by two further months of which we will inform you.
To review or update your Personal Information including user information to ensure it is accurate, please write to us at email@example.com informing us of any changes that may need to be made in respect of your Personal Information and we will update such information on your behalf and in our systems.
If you wish to delete your TypingDNA Authentication API Account, please write to us at firstname.lastname@example.org requesting that your account be deleted and we will proceed with this deletion on your behalf and in our systems.
Please note that once you delete your account you will no longer be able to enjoy the full functionality of the Website and/or (part or all) of the Services we provide. Certain information is necessary in order for us to provide the Website; therefore, if you delete such necessary information you will not be able to use the Website and/or the Services.
Please remember, however, if we have already disclosed some of this information to third parties, we cannot access that information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. We will of course comply with any legal obligation we may have to notify them of your request.
Please note that even though you may request the deletion of your Personal Information by us, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to keep this information and not delete it, or to keep this information for a certain time, in which case we will comply with your account deletion only after we have fulfilled such requirements. When you delete your account, Personal Information will be deleted from the active database, but (limited) Personal Information may remain in our archives where legally permitted.
If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as the performance of a contract, for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of a legitimate interest of us). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record so as to be able to ensure for the future that such marketing communications are no longer sent to you.
Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.
You can exercise any of your rights as stated above, by sending us a request to email@example.com. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.
The security of your personal information is important to us. We use appropriate technical and
organizational methods to protect the Personal Information submitted to, or otherwise processed
by, us, both during transmission and once we receive it from loss, misuse or unauthorized access,
disclosure, alteration and destruction, taking into account the risks involved in the processing and
the nature of the Personal Information.
We take great care in implementing and maintaining the security of the Website, the Services we provide and of your Personal Information. We have put in place appropriate technical and organizational measures to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing, in accordance with the law. In addition, we employ industry standard procedures and controls to ensure the safety of your personal data, such as: secure network typology which includes Firewall systems; encrypted communication, authentication and access control, external and internal audit tests, etc.
Your Personal Information (including typing biometrics) is stored on virtual servers hosted by different cloud services and third party SaaS (Software as a Service) providers, in a secured database behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply, and which is being transferred between the browser and the server is encrypted via Secure Socket Layer (SSL) technology. We store sensible data encrypted via AES256 (Advanced Encryption Standard 256).
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. We do not use vulnerability scanning and/or scanning to PCI standards.
Your typing pattern/biometrics is an array of numbers and statistics about the keys that are used most frequently. We do not record the actual typed text, but rather statistics about the keys you press when you type on your device. It is impossible to reverse a pattern and recreate the original text and only the typing pattern is transferred to our servers (never the actual typed text). The process is completely safe and there are no risks during transfer.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorised access or abuse the Website and we make no warranty, express, implied or otherwise, that we will prevent such access.
The Platform may contain links to websites hosted and operated by companies other than us
(“Third-Party Websites”) to which you can export (part of) your Personal Information on the
material changes, we will notify you by email (sent to the email address specified in your account)
or by means of a notice on this Website prior to the change becoming effective. We encourage you
to periodically review this page for the latest information on our privacy practices. Continued use of
our Platform following notice of such changes will indicate your acknowledgement of such changes
and agreement to be bound by the terms and conditions of such changes.
We endeavour to ensure that Personal Information are kept as current as possible and that
irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable. We
retain Personal Information about you only for as long as it serves a purpose of processing
Information for longer periods of time, to the extent such processing reasonably serves other
purposes, including for statistical analysis.
However, some Personal Information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. We will generally retain your Personal Information only so long as it is required for purposes for which it was collected. Where your Personal Information is no longer required, we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
Subject to the principles set out in the above paragraph, we will delete your account 5 years after your last accessing of the Website and/or of any of our (current or future) Services, if you do not wish an earlier deletion of Personal Information. Note: we may continue to use Your typing pattern if we have used such typing pattern to build the algorithm, to further develop and improve the algorithm. If we do so, we undertake to anonymise/de-personalise Your typing pattern in such a way that it can no longer be linked to You and therefore no longer constitute Personal Information about You.
The Website and our Services are not directed to children and children are not eligible to use our
Website and/or any of our Services.
Protecting the privacy of children is very important to us. We do not collect or maintain Personal Information from people we actually know are under 18 years of age, and no part of our Website is designed to attract people under 18 years of age or persons under the age of legal consent in any jurisdiction (“Legally of Age”).
Do not attempt to access the Website and/or create an account and/or apply for a demo version of our Services if you are not Legally of Age. If we later learn that a user is not Legally of Age, we will take steps to remove that user’s information from our databases and to prevent the user from utilizing the Website and/or any of our Services.
TypingDNA Inc. is a US-based corporation and a self-certified participant under the EU-US Privacy Shield mechanism for compliance with data protection requirements when transferring Personal Information from the European Union to the United States. Its certification can be checked in the Privacy Shield List, available here: https://www.privacyshield.gov/list.
As a participant in the EU-US Privacy Shield mechanism, TypingDNA Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Commitment to comply with Privacy Shield principles
Onward transfers to third parties
Where TypingDNA Inc. transfers your Personal Information to third parties acting as data controllers, it will only do so on the basis of a contract with such third party controller which provides that your Personal Information may be processed only for limited and specified purposes consistent with the consent you have provided to us, and that the recipient will provide at least the same level of protection of your Personal Information as regulated under the EU-US Privacy Shield framework. Such contract will further provide that the third-party controller shall be required to notify us if it makes a determination that it can no longer meet its obligations under the EU-US Privacy Shield framework, and it shall cease processing your Personal Information or take other reasonable and appropriate steps to remediate.
In the context of an onward transfer, TypingDNA Inc. shall have responsibility for the processing of Personal Information which it subsequently transfers to a third party acting as an agent/data processor on its behalf. TypingDNA Inc. shall remain liable if such agent/data processor processes such Personal Information in a manner that inconsistent with the Privacy Shield principles (unless we are able to prove that we are not responsible for the event giving rise to the damage).
Complaints and Disputes
If you reside in the United States and have a complaint about the manner in which we collect or process your Personal Information, we encourage you to bring complaints directly to us at TypingDNA Inc., at the following contact details dataprivacy@typingDNA.com. We undertake to respond to you not later than 45 days after filing your complaint.
As required under the EU-US Privacy Shield Framework, TypingDNA Inc. must offer a readily available independent recourse mechanisms, so that any potential complaints and disputes related to our processing of your Personal Information can be investigated and expeditiously resolved at no cost to you.
To meet this requirement, TypingDNA Inc. has chosen the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAASM) to Resolution, the international division of the American Arbitration Association (ICDR-AAASM) to resolve this type of disputes. Please go to https://go.adr.org/privacyshield.html for further details on how such independent recourse mechanism works and how to file a complaint.
You also have an option to arbitrate any residual claims, in accordance with Privacy Shield Annex I (available here: https://www.privacyshield.gov/article?id=A-Scope). Please note that your option for arbitration may be enforced only if we have failed to resolve your claims/ complaints to your satisfaction, and this remains the case after availing yourself to the independent recourse mechanism referred to above.
For the purposes of Art. 27 GDPR, TypingDNA SRL is hereby appointed as the representative of TypingDNA Inc. in the territory of the European Union and may be addressed, in addition to or instead of, TypingDNA Inc. by, in particular, supervisory authorities and data subjects, on all issues related to personal data processing performed by TypingDNA Inc., for the purposes of ensuring compliance with the GDPR.
subject rights under the GDPR, or otherwise make any request as specified further in this Privacy
Policy, please contact us at:
If you are dissatisfied with our use of your Personal Information or our response to any exercise of your rights under the GDPR, you have the right to complain to the data protection authority: http://www.dataprotection.ro/ or avail yourself of the independent recourse mechanism under the EU-US Privacy Shield Framework, as referred to above. In order to ensure timely resolution, we encourage you to reach out to us first with respect to any queries, questions or complaints you may have in relation our processing of your Personal Information. We will endeavour to respond as soon as practicable.
Last Updated: April 2020
1 TypingDNA SRL, a Romanian limited liability company headquartered in Romania, Oradea, Str. Vasile Conta no. 32, 1 floor, office no. 22, registered with the Trade Registry under no. J5/1153/2016, unique registration code 36172414;
2 TypingDNA Inc., a US, Delaware company headquartered in 81 Prospect Street, Brooklyn, NY, 11201;
3 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;