miniOrange Two Factor Authentication GDPR Policy



miniOrange("Us," "We," "Our," "miniOrange," or the "Company") is committed to protecting the privacy of your information while you use our WordPress miniOrange Two Factor Plugin. We’ve crafted the policy below to help you understand how our plugin collects and uses personally identifiable information.

Definitions:

  • miniOrange Two Factor Plugin: This refers to Google Authenticator – Two Factor Authentication (2FA) WordPress plugin.
  • Customer Support Services: It involves screen sharing sessions, meetings and support by mail.
  • miniOrange Servers: This refers to miniOrange service which is stored on secure cloud service AWS. miniOrange Users data is also stored with AWS.
  • Third Party: This refers to customer using miniOrange services i.e. plugin to provide Two Factor verification to its users.
  • Personal data: This refers to information provided by you such as name, company name, address, phone number, email address, and any other information necessary.

Introduction:

We protect your personal information using industry ­standard safeguards. We may share your information only with your consent or as required by law as detailed in this policy, and we will always let you know when we make significant changes to this Privacy Policy. Maintaining your trust is our top priority, so we adhere to the following principles to protect your privacy:

We protect your personal information and will only provide it to third parties: (1) with your consent; (2) where it is necessary to carry out your instructions; (3) as reasonably necessary in order to provide our features and functionality to you; (4) when we reasonably believe it is required by law, subpoena or other legal process; or (5) as necessary to enforce our User Agreement or protect the rights, property, or safety of miniOrange, its Customers and Users, and the public.

What Personal Data do we collect?

miniOrange collects data provided by you while registering with miniOrange or through any other service while contacting miniOrange. We also collect data needed to provide miniOrange services. This data may contain different information as listed below:

  • When you register in the plugin, you provide us with information (including your name(optional), email address, phone number(optional), company name/website and password) that we use to offer you a personalized, relevant experience on miniOrange.
  • When User contacts our Customer Support, User’s personal data is shared which is necessary for us to provide support where we can assist you with the plugin configurations, setup or any other issues while using miniorange Two Factor Plugin. The Personal Data you provided is used for purposes like answering questions, improving the content of the website, customizing the content, and communicating with the customers about miniOrange’s Services, including specials and new features.
  • While using miniOrange Risk Based Authentication (RBA) services, device information is collected. The information collected for RBA is mentioned below under data used by the plugin.
  • When you contact us using our support form, we collect information that helps us categorize your question, respond to it, and, if applicable, investigate any breach of our User Agreement or this Privacy Policy. We also use this information to track potential problems and trends and customize our support responses to better serve you.
  • We do not collect email address from miniOrange production service for marketing use.

In the miniOrange Two Factor plugin, we collect the following information from users :

  • Customer Details: First name, last name, username, email, Questions and Answers of Security Questions, Phone Number, Company Name.
  • Device Information: Location, Browser details, IP Address, Device Type, Time, Language, Useragent details, Device fingerprint.

miniOrange only uses your data in order to provide you with the service and keeps this data available only to the user that has provided the information or the third parties that the user has agreed to grant access to.The data is also provided to respective Authenticator Application owner which is required for verification during login.

How we use personal information?

miniOrange Two factor Plugin has various authentication methods and different methods require different information. Your Phone number and Email are used to send One Time Passcode. Your email is also used as a primary medium of contact only in case you need any help from us. Risk based Authentication uses information like device type, location, Ip address, time and other to identify the user and grant access based on the risk.

All data provided are stored with miniOrange which can be accessed through our site https://auth.miniorange.com where the user's account is created while using the miniOrange Two Factor Plugin.

Personal Data Processing Duration:

Personal data will only be processed until we have a legitimate business. When we have no legitimate business, your data is stored securely until deletion. During this period, if you request for data stored with miniOrange, you would have to give sufficient evidence of identity before we can provide you with this information. You can request this by contacting us at info@miniorange.com. Same would apply if you request for deletion of the personal data.

  • User consent: End Users will be asked for consent if they agree to the terms and conditions of your website. If they deny consent, they will not be logged in and no data will be fetched.
  • Encryption: All data that is in transit because of miniOrange is encrypted in the miniOrange Two Factor plugin.

What are your rights:

  • Right to be forgotten: Information collected in stored in two places - Wordpress Database and miniOrange Servers. Customer can delete end-user’s information if end-user requests.
  • Right to object: In certain situations, end user has the right to object to the data being processed in so far as such data have been collected for direct marketing purposes.
  • Right to rectification: You have a right for clarification of inaccurate personal data. And change the data by providing complete information.
  • Right of access: You have the right to obtain from us information concerning i.e. you have the right to request and get access to that personal data.

Note: Adding the policy will only make plugin features GDPR Compliant and not your complete site.

If you have any query regarding the policy, Please drop us a mail at info@miniorange.com.