TypingDNA Privacy Policy

TypingDNA SRL¹ and TypingDNA Inc.² (referred to collectively and individually as “TypingDNA”, “we” or “us”) realize that our platform, https://www.typingdna.com/ (the “Website”) and any related services (the “Services”) we offer, including mobile applications, can only work if we build a relationship of trust with our users.

We control the purpose for which, and the manner in which, Personal Information (as defined below) about individuals accessing the Website, trying or using our Services and/or respectively being targeted by us for marketing purposes in relation to our provision of the Services is processed. We are therefore the data controller under applicable data privacy laws.

Pursuant to Art. 26 of the General Data Protection Regulation³ (“GDPR”), TypingDNA SRL and TypingDNA Inc. are joint controllers with respect to Personal Information collected via the Website or otherwise processed by us in relation to the Website and/or our Services. Our contact details are set out at the end of this privacy policy (“Privacy Policy”).

This Privacy Policy outlines the categories of Personal Information the Website collects from you, that you provide to us, or that you authorize to be provided to us or that we collect from third party resources for marketing or other legitimate purposes in relation to our Services, the purposes for which your Personal Information might be used and the safeguards we put in place in the course of our relationship with you to protect your Personal Information.

By continuing to use our Website and/or our Services, you expressly consent to our processing of your Personal Information (as defined below) as described in this Privacy Policy, and to being bound by the provisions hereof.

Who we are and the Services we provide

We are a technology company developing passive authentication and typing biometrics API (Application Programming Interfaces). Our mission is to improve security without compromising user experience. Our technology is the most available online biometric technology – it works with any keyboard, on any device and does not need more than one previous sample to start working. We provide typing biometrics authentication as a service, an API that anyone can use for 2 Factor Authentication (2FA) and fraud prevention purposes.

TypingDNA provides a number of products and Services, as follows:

1. Typing biometrics authentication API based on keystroke dynamics - our typing biometrics authentication API (also known as keystroke dynamics) is suitable for securing login, enforcing reset passwords, and online biometric authentication. This solution assists in:
   • identifying fraudsters – it recognizes the user’s true identity on the spot;
   • seamless authentication - typing biometrics enables frictionless keystroke authentication in the background of any typed text;
   • text characteristics - TypingDNA supports repetitive text (e.g. login authentication credentials) and any text (e.g. writing an email) recognition, so it can be used in any typing scenario.
2. Multi-factor authentication: a frictionless authentication solution with typing biometrics, SMS or email-based OTP;
3. TypingDNA Authenticator: we use verification codes in your browser, secured by the way you type.

Personal Information

So we are clear about the terminology we are using, “personal data" means any information describing or relating to an identified or identifiable individual (where an identifiable individual is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual).

When we use the phrase “Personal Information” in this Privacy Policy, we mean collectively the following categories of personal data that may be requested by us and provided by you; in various forms on our Website (such as demo forms, registration forms, etc.), you may be asked to enter Personal Information such as: first/last name, password, email address, phone number, Skype ID, Internet Protocol (IP) address, location data, country, gender, date of birth, nationality, state or province, age, company name, company website, typing biometrics, device type, device fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others), payment details (e.g. bank account number, credit card number, bank).

We may process your Personal Information under this Privacy Policy:

• if you apply for a Demo version of our Services on the Website;
• if you register an account on the Website;
• if you enter into any contract or other arrangement (whether via the Website or otherwise) for the use (including testing and/or development) of our Services;
• if you are targeted by us for communication of marketing materials about us, the Website and/or our Services (also referred to hereinafter as a “Prospect”): we collect and process such limited Personal Information about you from public resources (such as LinkedIn, ZoomInfo, Hunter) including your name/surname, email address, telephone number, company-, title/position, profession, the way you may potentially use our solution, information about other IAM solutions that you may use, professional interests, to allow us to assess a potential interest in our Services and to contact you for marketing purposes.

When you register on our Website to use our Services, or even a Demo version thereof, you will need to provide personal information about yourself during the account creation/demo session – this Personal Information includes: name/surname, your organization/company details (name and website), age, job title/position, email address, phone number, line of work/industry and your typing biometric. We can also collect and further process: your typing pattern (typing biometrics), Internet Protocol (IP) address, location data, device type, device fingerprint, cursor movements, pointing devices movements (e.g. mouse, touchpad, touchscreen, trackpad, others).

We collect such Personal Information from you when you register on our Website, subscribe to a newsletter, try a demo, respond to a survey, fill out a form or enter information on our Website, or when you provide us with feedback on our products or Services. If you are a Prospect, we collect and process such further Personal Information about you (as stated above) from public sources as mentioned above.

To help keep our databases current and to provide you the most relevant content and experiences, we may combine information provided by you with information from other sources, in accordance with applicable law. For example, from these sources, we may learn about the size, industry, and other information about the company you work for.

Also, we use automated systems to analyse your content using techniques such as machine learning in order to improve our Services and the Websites. This analysis may occur as the content is sent or received using an online feature of the Website or any of our Services or apps, or when the content is stored on our servers.

Please note that registered clients can use our Services to collect typing biometrics from their own users. It is up to the client to decide where and how to store the typing biometrics of its users (and to apply adequate data privacy and security measures to ensure that such data is maintained confidential and secure from unauthorized disclosure or modification). If the client stores the typing biometrics of its own users, it is entirely that client’s responsibility to handle such sensitive information with care and comply with the applicable data privacy laws, in particular regarding the end user’s consent to the collection, processing and usage of such information by the client and (in certain cases) by TypingDNA. If we are required to store the typing biometrics of our clients’ end users, such data is anonymized at our level. We do not associate any biometric data with any Personal Information from any end-user.

When we refer to “you” in this Privacy Policy, such reference is limited strictly to individuals who have provided Personal Information directly to us via our Website and/or otherwise through the use of the Services, or to Prospects whom we identify and target for marketing-related communications.

Anonymous and Aggregate Information

When we use the phrase “Anonymous Information” in this Privacy Policy, we mean information rendered anonymous in such a way that it cannot or can no longer be used to personally identify an individual.

Like many companies, we monitor the use of the Website by collecting aggregate information. No personally identifiable data is collected in this process. Typically, we collect information about the number of visitors to the Website and the originating domain name of the visitor's Internet Service Provider. Also, we may collect non-personal information about your use of the Website and/or the Services such as, IP address, log files, user activity, time stamps, etc. Finally, we may also collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preferences, access time and the domain name of the website from which you linked to Website etc.). This information is typically used to improve the usability, performance and effectiveness of the platform.

Important note: For the avoidance of doubt, any aggregate, non-personal or technical information collected, which is or may be connected or linked to the identities of the relevant users, shall be deemed as ‘personal data’ (as such term is defined in the applicable data privacy laws) as long as such connection or linkage exists or may be made using all the means reasonably likely to be used. In such situations, the provisions in this Privacy Policy regarding personal data shall apply mutatis mutandis to the aggregate, non-personal or technical data mentioned herein. For clarity purposes, as an example, if we have sufficient information to link an IP address to a particular individual user (e.g., through login details, cookies, or any other information or technology) then that IP address is personal data, and is subject to the full protections of data protection law and this Privacy Policy.

Websites and apps covered by this Privacy Policy

Domains and subdomains that contain typingdna.com are our websites and the TypingDNA Authenticator is one of our applications that is also subject to this Privacy Policy, except for the domains and subdomains that have their own privacy policy.

Source of Collection

TypingDNA requires that you submit certain Personal Information about yourself, including your email address and other Personal Information as stated above, when you apply for a Demo version of our Services and/or register an account on the Website. This information is required for you to be able to use the Website and therefore if you do not provide this information you will not be able to use the Website.

In the course of registering for or using the Website and/or the Services, we may prompt you to provide additional Personal Information about yourself including your name, alternate email addresses, year of birth, and your city, state or country of residence, and you will also be asked to answer a few questions to help make the Website and/or the Services more useful to you. When you communicate with us through our platform, we may collect and store any information that is contained in your communications with us. We do not automatically include or display Personal Information in your shared profile data.

Purposes and legal basis of processing of Personal Information

We may collect and use the Personal Information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the Website and otherwise use our Services and/or apps, or use certain other site features in the following ways:

• to personalize your experience and to allow us to deliver the type of content, products and services in which you are most interested;
• to follow up after correspondence (live chat, email or phone inquiries) and respond to or provide any services, support, or information you have requested;
• to better understanding how our Website, Services and apps are being used so we can improve them and engage and retain users;
• to research and improve our algorithms and our Services generally;
• to diagnose problems in our Website and/or our apps or Services;
• to tailor the Website, an app or Service to your likely interests;
• to send you business messages such as those related to payments or expiration of your subscription;
• to send you information about TypingDNA, our new app/Services releases, special offers, and similar information;
• to conduct market research about our customers, their interests, and the effectiveness of our marketing campaigns
• to reduce fraud, software piracy, and protect you as well as ourselves from the same.

We will limit Personal Information that we collect and further process about you only to what is limited for the purposes of processing mentioned above (or other limited purposes which are consistent with the primary purposes mentioned above). We will not use your Personal Information in a manner which is incompatible with the purposes for which it has been initially collected and/or authorized by you, unless we obtain your prior consent. Examples of compatible processing purposes may include those that reasonably serve customer relations, compliance and legal considerations, auditing, security and fraud prevention and preserving or defending our legal rights etc.

We collect, process, use and, as applicable, disclose Personal Information related to you on the basis of the following legal grounds under the GDPR:

• consent of the data subject (Art. 6(1) letter (a) GDPR): by choosing to use the Website and/or any of our Services, you consent to your Personal Information being collected and processed by us for the purposes and as regulated in this Privacy Policy. You may vary or fully revoke your consent at any time, by sending an email to dataprivacy@typingdna.com. Withdrawal of consent will have an effect only for the future and does not affect the legitimacy of data processed until that date. Please note that you may be unable to use all or part of the Website and/or the Services if you do not provide consent to the processing of your Personal Information. We further note that we may continue to use any part of your Personal Information for which we may have other legal grounds for processing in accordance with the applicable law.

By using the Website and/or signing up for any of the products or Services offered by TypingDNA, you agree to the terms of this Privacy Policy. This Privacy Policy is a legally binding agreement between you (and your client, employer or another entity if you are acting on their behalf) as the user of the Services and TypingDNA and its Affiliates. If we add any new features or tools to our Services, they will also be subject to this Privacy Policy.

We may use your Personal Information based on your explicit consent for the following purposes: (i) to provide you with the Website (including any related apps, Services and functionalities thereof); (ii) to improve the quality of the Website and user experience; (iii) to fulfill any request you make; (iv) to communicate with you; (v) to contact you regarding other products and Services we offer if you have requested such information; (vi) or as otherwise directed by you.

• for the purposes of performing a contract to which you are party or in order to take steps at your request prior to entering into a contract (Art. 6(1) letter (b) GDPR): if you have signed up to a contract for the Services we provide or have otherwise requested that we make the Services available to you, we will process your Personal Information for the purposes of giving full effects to such contract, performing our obligations under said contract and/or ensuring that you perform your obligations under the same.
• our legitimate interests (Art. 6 (1) letter (f) GDPR): if we have identified you as a suitable Prospect for the purposes of communicating with you about our (current or future) Services, we process (limited) Personal Information (as stated above) about you on the basis of our legitimate interest to market the Website and/our Services. You may object to our processing of your Personal Information for direct marketing purposes at any time. If a Prospect becomes a user of the Website and/or the Services at any time, your Personal Data will then be processed by us under ‘consent’ as the grounds of processing, mentioned above.

To the extent necessary, we may also process your Personal Information to protect legitimate interests of our own and of third parties such as (i) to resolve disputes and/or troubleshoot problems; and (ii) to verify your compliance with your obligations in our Terms of Use or other TypingDNA policies. When we process your Personal Data to meet our legitimate interests, we balance our legitimate interests against your fundamental rights and freedoms and we implement appropriate safeguards to ensure that your interests, rights and freedoms do not override our legitimate interests. For more information about the balancing tests that we have carried out, please contact us at dataprivacy@typingdna.com.

From time to time, you may be offered the opportunity to respond to requests for additional information from TypingDNA, including but not limited to surveys, polls, questionnaires, and feedback.

When we communicate with you regarding the products and Services we offer or develop, you will be given the opportunity in each communication to unsubscribe and prevent future communications of that sort. Please note that emails we send you may include a technology (called a web beacon) that tells us whether you have received or opened the email or clicked a link in the email.

If you do not want us to collect this information from our marketing emails, or if you wish to unsubscribe from direct marketing communications from us, you may write to us at dataprivacy@typingdna.com requesting the same. We will cease using your Personal Information for direct marketing purposes once you have requested us to do so. Additionally, we may use your Personal Information to create Anonymous Information including for use in future scientific research, product development and market research, if you agree to let us do so.

Note: for the avoidance of doubt, TypingDNA does not use your Personal Data (including, in particular, your typing pattern) for the purposes of an automated decision-making process or for profiling.

Our organization acknowledges and adheres to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As part of our commitment to protecting your privacy and upholding the highest standards of information security, we are subject to the oversight and regulatory authority of the FTC. This means that our practices regarding the collection, use, and protection of personal information are designed to be in compliance with applicable FTC guidelines and regulations.

In the event of any inquiries or complaints about our privacy practices, the FTC is empowered to conduct investigations into our compliance with privacy standards. We pledge to cooperate fully with any such investigations and to take appropriate actions to rectify any issues that may arise. Our commitment to your privacy is a top priority, and we strive to maintain the highest levels of transparency and accountability in all our operations.

Recipients of Personal Information

TypingDNA uses the Website to facilitate your engagement in and use of the Website and/or the Services we provide.

We may disclose your Personal Information: (a) to third party vendors/suppliers who help us provide the Website and/or the Services; (b) to third parties to whom you ask us to send Personal Information, including other users to whom you authorize us to provide certain details of your Personal Information; (c) as required by law, such as to comply with a subpoena or otherwise in response to a lawful request by public authorities (including to meet national security or law enforcement requirements), or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; (d) to a parent company, any subsidiaries, joint ventures, or other companies under common control with us (collectively, “Affiliates”), in the event we have such Affiliates now or in the future, in which case we will require our Affiliates to honor this Privacy Policy, or (e) to a company that merges with us, acquires us, or purchases our assets, or a successor in interest in bankruptcy, in which case such company may continue to process your Personal Information as set forth in this Privacy Policy.

We will share your Personal Information with third parties only in the ways that are described in this Privacy Policy, only to the extent necessary as per the applicable purpose of the disclosure and in strict compliance with applicable data privacy laws (including by observing the requirement to conclude compliant data processing agreements with any third party processor carrying out their tasks on our behalf and upon our instructions). We do not otherwise share or sell your Personal Information with or to third parties. We may use and disclose Anonymous Information without restriction.

We do not and will not share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.

If you do not want us to disclose your Personal Information to a third party, please write to us at dataprivacy@typingdna.com in this sense. We will take all measures which may be feasible to give effect to such request, but may continue to disclose your Personal Information to a third party acting as an agent/data processor performing tasks on our behalf and under our instructions, only to the extent strictly required for such operations.

International Transfers of Personal Information

We may need to disclose your Personal Information to TypingDNA, Inc. or to third parties located outside the European Economic Area (EEA). This kind of data disclosure may happen due to:

1. our intragroup data sharing practices (e.g., access by TypingDNA Inc. to our customer lists for reporting purposes) or
2. if our servers (i.e. where we store data) or our suppliers and service providers are based outside the EEA, or
3. if you use our services and products while visiting countries outside this area.

TypingDNA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. TypingDNA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We will always ensure that suitable safeguards (such as standard contractual clauses as approved by the European Commission) are in place to protect your Personal Information and that the transfer of your Personal Information complies with applicable data protection laws.

We acknowledge and accept our liability for any onward transfer of your personal data to third-party recipients, and will take all reasonable measures to ensure that these recipients uphold the same level of protection and compliance with data privacy obligations as we do.

In the event that a third-party recipient fails to process your data in compliance with applicable data protection laws or the terms of our agreements, we will take prompt action to address the situation and may be required to remedy the breach.

Please note that our liability for onward transfers may be limited or excluded in specific circumstances, such as when a third party fails to meet its obligations, and we have exercised reasonable efforts to ensure compliance. We will not be liable for damages resulting from unauthorized processing or misuse of personal data by third parties that are beyond our control or scope.

By using our services, you consent to the onward transfer of your personal data and acknowledge our responsibility to uphold your privacy rights in accordance with this Privacy Policy.

Rights with regard to Personal Information

You have a number of rights under the GDPR in relation to your Personal Information, as follows:

1. the right of access pursuant to Art. 15 GDPR: you have the right to obtain from us confirmation as to whether or not Personal Information concerning you is being processed, and, where that is the case, access to (including by obtaining a copy of) such Personal Information and the manner in which, and the purposes for which we process your Personal Information so that you can verify its accuracy and the lawfulness of the processing;
2. the right to rectification pursuant to Art. 16 GDPR: you have the right to obtain from us the rectification of inaccurate Personal Information concerning you, and the right to have incomplete personal data completed, including by means of providing a supplementary statement
3. the right to erasure pursuant to Art. 17 GDPR: the right to obtain from us the erasure of your Personal Information delay where (a) your Personal Information is no longer necessary for the purpose for which it was collected/processed; (b) you wish to withdraw your consent to processing (except where we have another legal ground for the processing that we may rely on); (c) where processing is based on our legitimate interests and there are no overriding legitimate grounds for processing; (d) where your Personal Information has been unlawfully processed;
4. the right to restriction of processing pursuant to Art. 18 GDPR: you have the right to obtain from us the restriction of processing of your Personal Information where (a) the accuracy of such Personal Information is contested by you (for such period as will enable us to verify the accuracy of your Personal Information); (b) the processing of your Personal Information is unlawful, but you do object to the deletion of such data and request restriction of its use instead; (c) you consider that we no longer need your Personal Information for the purposes of the processing, but require such Personal Information for the establishment, exercise or defense of legal claims; (d) you have objected to the processing of your Personal Data on grounds of ‘legitimate interest’ as per (iii) above, pending verification by us on whether our legitimate grounds override your own.
5. the right to objection pursuant to Art. 21 GDPR: you have the right to object, on grounds relating to your particular situation, at any time to processing of your Personal Information, which is based on point our legitimate interests, including profiling based on those provisions. We shall no longer process the personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You may object to the processing of your Personal Information for direct marketing purposes at any time, without giving reason.
6. the right to data portability pursuant to Art. 20 GDPR: you have the right to receive Personal Information concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another data controller (please note this applies only where our processing of your Personal Information is based on your consent or on a contract, and the processing is carried out by automated means)
7. the right to appeal to a competent data protection supervisory authority (Art. 77 GDPR): you have the right to appeal to the competent data protection supervisory authority - in Romania, such authority is the Romanian National Authority for the Supervision of Personal Data Processing (www.dataprotection.ro). In compliance with the EU-U.S. DPF, TypingDNA commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to ICR AAA DPF IRM SERVICE, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICR AAA DPF IRM SERVICE are provided at no cost to you.
   
   

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) or rights and freedoms of others, as provided by the GDPR.

While we will make good faith efforts to provide you with access to your Personal Information, we may deny or limited access to such Personal Information where: this would interfere with the execution or enforcement of the law or with private causes of action (including the prevention, investigation or detection of offences or the right to a fair trial); the legitimate rights and interest of others would be violated through such disclosure; this would prejudice the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving us. We will of course endeavour to offer you an adequate explanation of the necessity, and reason for, restricting access in the circumstances mentioned above.

If you exercise any of these rights, we will check your entitlement and respond without undue delay, but not later than within a month. In complex cases or at times of receiving numerous requests, this period may be extended by two further months of which we will inform you.

To review or update your Personal Information including user information to ensure it is accurate, please write to us at dataprivacy@typingdna.com informing us of any changes that may need to be made in respect of your Personal Information and we will update such information on your behalf and in our systems.

If you wish to delete your TypingDNA account, please write to us at dataprivacy@typingdna.com requesting that your account be deleted and we will proceed with this deletion on your behalf and in our systems.

Please note that once you delete your account you will no longer be able to enjoy the full functionality of the Website and/or (part or all) of the Services we provide. Certain information is necessary in order for us to provide the Website; therefore, if you delete such necessary information you will not be able to use the Website and/or the Services.

Please remember, however, if we have already disclosed some of this information to third parties, we cannot access that information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. We will of course comply with any legal obligation we may have to notify them of your request.

Please note that even though you may request the deletion of your Personal Information by us, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to keep this information and not delete it, or to keep this information for a certain time, in which case we will comply with your account deletion only after we have fulfilled such requirements. When you delete your account, Personal Information will be deleted from the active database, but (limited) Personal Information may remain in our archives where legally permitted.

If you have unsubscribed from receiving marketing information from us, we will continue to maintain your Personal Data for any other purpose for which we still have legal grounds for processing such Personal Data (such as the performance of a contract, for the purposes of complying with a legal obligation or when the processing is necessary for the purpose of a legitimate interest of us). In certain cases, if no other legal grounds exist, we will maintain limited Personal Data (such as your email address) about you on record so as to be able to ensure for the future that such marketing communications are no longer sent to you.

Please note that any processing of your Personal Data prior to the deletion of your account with us, or your request that we no longer contact you for direct marketing purposes will remain valid under the legal grounds then prevailing.

You can exercise any of your rights as stated above, by sending us a request to dataprivacy@typingdna.com. We will endeavor to respond to any such request as soon as possible, and in any event within the legal deadline.

In accordance with our adherence to the Data Protection Framework (DPF) Principles, and specifically as outlined in Annex I of these Principles, our organization recognizes the right of individuals to invoke binding arbitration as a means of resolving certain disputes. By engaging with our services and providing your personal information, you acknowledge and agree to this binding arbitration provision as a means of dispute resolution, where applicable and in accordance with the terms set forth in Annex I of the DPF Principles.

TypingDNA commits to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked biding arbitration by delivering notice to our organization and following the procedures and subject to conditions set forth in Annex I of the DPF Principles.

Information Security

The security of your personal information is important to us. We use appropriate technical and organizational methods to protect the Personal Information submitted to, or otherwise processed by, us, both during transmission and once we receive it from loss, misuse or unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

We take great care in implementing and maintaining the security of the Website, the Services we provide and of your Personal Information. We have put in place appropriate technical and organizational measures to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing, in accordance with the law. In addition, we employ industry standard procedures and controls to ensure the safety of your personal data, such as: secure network typology which includes Firewall systems; encrypted communication, authentication and access control, external and internal audit tests, etc.

Your Personal Information (including typing biometrics) is stored on virtual servers hosted by different cloud services and third party SaaS (Software as a Service) providers, in a secured database behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply, and which is being transferred between the browser and the server is encrypted via Secure Socket Layer (SSL) technology. We store sensible data encrypted via AES256 (Advanced Encryption Standard 256).

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. We do not use vulnerability scanning and/or scanning to PCI standards.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorised access or abuse the Website and we make no warranty, express, implied or otherwise, that we will prevent such access.

Cookies & Other Anonymous Information

As you use the Website and/or the Services, certain Anonymous Information may be collected and stored via cookies and similar technologies, such as your Internet protocol address, domain names, browser type, click-stream data, and access times.

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this Website. We do not link the information we store in cookies to any Personal Information you submit while on our site without your express consent.

We use cookies to:

• understand and save user's preferences for future visits;
• compile aggregate data about site traffic and site interactions in order to offer better Website experiences and tools in the future;
• improve and provide security in our applications;
• improve and provide the Service.

We may also use trusted third-party services that track this information on our behalf.

• keep track of advertisements;
• help remember and process the items in the shopping cart.

We may use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. We may also set persistent cookies to store your passwords, so you do not have to enter it more than once. Persistent cookies will enable us to track and target the interests of our users to enhance the experience on our site.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies preferences. If you disable cookies in your browser, some features will be disabled. Some of the features that make your Website experience more efficient may not function properly.

We may use the Anonymous Information we collect from you to customize the content and layout of the Website and/or the Services for you and improve our internal operations of the Service and the content of our Website. With your opt-in consent, we may combine this Anonymous Information with your Personal Information such that the information is no longer anonymous.

Google Analytics, Google Ads

These are services of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the Website by you. The information generated by the cookie about your use of the Website and/or the Services (including your IP address) is transmitted to a Google server in the USA and stored there anonymously. Google will use this information to evaluate your use of the Website, to compile reports on website activity for website operators and to provide other services related to website activity and Internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Third parties, including Google, place ads on websites on the Internet. Third-party providers, including Google, use stored cookies to serve ads based on previous visits by a user to this website. You can prevent the installation of cookies by setting your browser software accordingly; however, please note that in this case you may not be able to use all features of this Website to the fullest extent. You can also visit the page to disable Google advertising. By using this Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Twitter Ads

The Website uses cookies and other similar technologies, such as Twitter pixels to measure performance of our Twitter Ads campaigns.

Hotjar

Hotjar is an analytics and feedback tool that we use to understand how our Website is used and improve usability. Hotjar sets cookies to help us track behaviour across pages and to control visitor polls. The cookies carry no personally identifiable information.

Hubspot

HubSpot offers a full platform of marketing, sales, customer service, and CRM software – plus the methodology, resources, and support – for inbound marketing. When you visit our Website, HubSpot's tracking code sets a number of tracking cookies to track Website visitors and contacts. It leaves behind a cookie on your computers that helps HubSpot identify them on future visits.

Linkedin Insight Tag

The LinkedIn Insight Tag allows the collection of data on website visits, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or hashed (if used to reach members across devices). The tool permits the tracking of the behaviour of users after they click on a LinkedIn ad and are redirected to the website of the advertising or promoted company. Conversion measurement allows the measurement, evaluation, and optimisation of the effectiveness of LinkedIn ads for reasons of statistics and market research.

The personal data collected is transmitted to LinkedIn by the LinkedIn Insight Tag and processed by LinkedIn for the purpose of conversion measurement. LinkedIn may provide Us with anonymised reports on conversion measurement. It cannot be ruled out that LinkedIn may link the transmitted personal data with other personal data, e.g., from an existing LinkedIn account. LinkedIn also uses data that does not identify you to improve the relevance of ads and to reach members across devices. It is not excluded that LinkedIn uses corresponding data for further purposes of its own.

The integration of the LinkedIn Insight Tag allows us to place target group-oriented ads on LinkedIn and to obtain real-time information about the professional goals and preferred content of the website visitors.

It cannot be ruled out that the data is transmitted to insecure third countries such as the U.S.

The LinkedIn Insight Tag is also used to display LinkedIn ads to people with whom we have already been in contact (“retargeting”).

If you click on a LinkedIn ad, a cookie for conversion tracking will be stored on your computer.

If you access our website and the cookie has not yet expired, we will be able to recognise that you have clicked on the ad and were thus redirected to our website. LinkedIn as the service provider will receive this information as well.

The lawful basis for the use of the LinkedIn Insight Tag is your consent in accordance with Article 6 (1) (a) GDPR.

Further information how your data is processed at or by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy.

Third Party Websites and Services

The platform may contain links to websites hosted and operated by companies other than us (“Third-Party Websites”) to which you can export (part of) your Personal Information on the Website.

We do not disclose your Personal Information to these Third-Party Websites without your explicit consent. Note that any information you disclose to Third Party Websites is no longer under our control and no longer subject to this Privacy Policy.

You should review the privacy policy practices of any such Third-Party Website to understand how that Third-Party Website collects and uses your Personal Information should you have decided to disclose your Personal Information to them. We are not responsible for the content or performance of these Third-Party Websites. We are in no way responsible or liable for the manner in which a Third-Party Website treats any Personal Information that you choose to provide to such a Third-Party Website and use of Third-Party Websites is strictly at your own risk.

We may use a third-party tracking service such as Google Analytics to track and analyze Anonymous Information from users of the platform. Such third parties may use cookies to help track user behaviour. The use of cookies by third parties is not covered by this Privacy Policy. We do not have access or control over these cookies.

Changes to the Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Continued use of our platform following notice of such changes will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Any changes to this Privacy Policy may affect our use or disclosure of Personal Information collected prior to the changes. If you do not agree to any of the changes, you must notify us prior to the effective date of the changes that you wish to terminate your account with us. Continued use of our platform following such notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Retention Period

We endeavour to ensure that Personal Information is kept as current as possible and that irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable. We retain Personal Information about you only for as long as it serves a purpose of processing mentioned in this Privacy Policy. This does not prevent us from processing your Personal Information for longer periods of time, to the extent such processing reasonably serves other purposes, including for statistical analysis.

However, some Personal Information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. We will generally retain your Personal Information only so long as it is required for purposes for which it was collected. Where your Personal Information is no longer required, we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

Subject to the principles set out in the above paragraph, we may delete your account 5 years after your last accessing of the Website and/or of any of our (current or future) Services, if you do not wish an earlier deletion of Personal Information. Note: we may continue to use Your typing pattern if we have used such typing pattern to build the algorithm, to further develop and improve the algorithm. If we do so, we undertake to anonymise/de-personalise Your typing pattern in such a way that it can no longer be linked to You and therefore no longer constitute Personal Information about You.

Children

The Website and our Services are not directed to children and children are not eligible to use our Website and/or any of our Services.

Protecting the privacy of children is very important to us. We do not collect or maintain Personal Information from people we actually know are under 18 years of age, and no part of our Website is designed to attract people under 18 years of age or persons under the age of legal consent in any jurisdiction (“Legally of Age”).

Do not attempt to access the Website and/or create an account and/or apply for a demo version of our Services if you are not Legally of Age. If we later learn that a user is not Legally of Age, we will take steps to remove that user’s information from our databases and to prevent the user from utilizing the Website and/or any of our Services.

If you are the parent of a legal guardian of a person that is not Legally of Age who has registered on our Website, or who you believe has otherwise provided Personal Information to us, please contact us using the details set out at the end of this Privacy Policy to have the information deleted. Information voluntarily provided by persons not Legally of Age via emails, message boards, chat sessions etc. may be used by other parties to generate unsolicited emails. We encourage parents and legal guardians to inform children about how to use the Internet in a safe and responsible manner.

Questions about this Privacy Policy & Exercising your rights as a Data subject

If you have questions or comments about this Privacy Policy, or wish to exercise any of your data subject rights under the GDPR, or otherwise make any request as specified further in this Privacy Policy, please contact us at:
dataprivacy@typingdna.com

If you are dissatisfied with our use of your Personal Information or our response to any exercise of your rights under the GDPR, you have the right to complain to the data protection authority: https://www.dataprotection.ro/. In order to ensure timely resolution, we encourage you to reach out to us first with respect to any queries, questions or complaints you may have in relation to our processing of your Personal Information. We will endeavour to respond as soon as practicable.

Last Updated: December 2024

​¹ TypingDNA SRL, a Romanian limited liability company headquartered in Romania, Oradea, Str. Santului 2E, 1st floor, registered with the Trade Registry under no. J5/1153/2016, unique registration code 36172414;
² TypingDNA Inc., a US, Delaware company headquartered in 77 Sands Street, Brooklyn, NY, 11201;
³ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
⁴ The EEA consists of countries in the European Union, Switzerland, Iceland, Liechtenstein and Norway