Device Management
Endpoint Detection & Response
macOS Device Management
iOS Device Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Customer Login
Kandji Status
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Effective Date: January 1, 2023
Last Modified: February 16, 2024
This Privacy Policy describes how Kandji Companies (“we”, “us”, Kandji, Inc., Kandji UK Limited, Kandji Singapore Pty Ltd., Kandji Australia Pty Ltd. and its Affiliates) collects, uses, protects, and discloses personal information about you, and how you can exercise your privacy rights.
Our Privacy Policy applies to visitors of our website, customers and users. If you have any questions, please contact us as provided below.
Contents
- Categories of Personal Information We Collect
- Categories of Sources From Which We Collect Personal Information
- Purposes for Collecting Personal Information
- How We Share Information With Others
- How Long We Keep Personal Information
- Cookies, Analytics, and Other Tracking Technology
- Security
- This Website is Not Intended for Children
- Marketing Communications
- How We Transfer Information Across Borders
- Data Privacy Framework
- Lawful Basis for Collection of Personal Information
- Your Privacy Rights
- Other Region-Specific Disclosures
- Contact Us
- Updates to Our Privacy Policy
Categories of Personal Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). We collect the following categories and types of personal information:
- Contact Information. We collect full name, email address, postal address, and telephone number.
- Identifiers. We collect unique identifier for authorized devices, device name, device model and operating system, enrollment dates, serial number of device, username, asset tag, file paths, file names, photographic headshots, Internet Protocol address, email address, real name, postal address, and other similar identifiers.
- Commercial Information. We collect records of products or services purchased, obtained, or considered.
- Internet or Electronic Usage Data. We collect data related to network and website interaction history, IP address, website cookie information, interaction with advertisements and browsing time. In relation to our services, we collected information such as time since last device boot, app store download activity for each device, activity history of each device such as when our services initiated a change on the device (i.e., installing an application, logging if the device is missing), applications installed on device including the date such application was last modified.
- Professional or Employment Information. We collect job title and employer name.
In addition to the categories listed above, the customer, rather than Kandji , determines which additional categories of personal information exist and will be disclosed to and processed by Kandji Companies in the provisioning of our services because (i) customer’s infrastructure (e.g., endpoint, virtual machine and cloud environments) is unique in configurations and naming conventions, (ii) Kandji enables the customer to configure settings in the services, and (iii) customer controls (such as via deployment, configuration, and submission) which customer content is uploaded, or is collected by, the services or products.
Categories of Sources From Which We Collect Personal Information
We collect information in a variety of ways:
- Directly from you. We collect contact information, identifiers, financial information, commercial information, professional or employment information, that you provide directly to us.
- When you visit our offices. When you visit our offices or facilities, we also collect contact information.
- When you utilize our services. When you utilize our services, your employer may provide personal information to use to support the configuration of our products and services.
- Automatically. When you access our websites and services, we collect identifiers, and internet or electronic usage data using tools like browser cookies.
- From third parties, vendors and service providers: We may collect identifiers and commercial information.
Purposes for Collecting Personal Information
We use your personal information for the following purposes:
- Transactional Purposes: We use contact information, identifiers, financial information, and commercial information to (i) process any orders made by representatives of our corporate clients and to fulfill or (ii) meet the reason you provided the information. For example, if you share your name and contact information to ask a question, we will use that personal information to respond to your inquiry.
- Marketing and Promotional Purposes: We use contact information, identifiers, financial information and internet or electronic usage data to (i) improve our marketing efforts, (ii) to personalize experience and to deliver content and product and service offerings relevant to the interests of potential corporate clients, including targeted offers and ads through third-party sites and via email and (iii) to communicate individuals who are representatives of potential corporate clients and to market to said companies.
- Record Keeping: We use commercial information to maintain a record of which corporate customers have purchased our service and facilitate future purchases in the form of renewals.
- Maintenance and Improvement of our Website and Services: We use internet or electronic usage data to improve our website and services and to gain a better understanding of how representatives of potential and actual corporate clients interact with our online properties to improve our offerings and market to said clients. We use identifiers to associate your name with a device in a corporate account so we and the corporate customer know who is using which devices.
- Develop and Improve Our Products and Services: We use contact information, identifiers, commercial information, and professional or employment information to create, maintain, customize, and secure accounts with our service, provide, support, personalize, and develop our offerings, facilitate user interaction with our service such as accessing the service and predetermined programs in the accounts of users. To improve our Services, we may use generative artificial intelligence applications to process information such as customer feedback which may includecontact information, identifiers and employment information.
- Security and Fraud Prevention: We use contact information, identifiers, financial information, commercial information, internet or electronic usage data, professional or employment information to: (i) to help maintain the safety, security, and integrity of our website, mobile app, service, databases and other technology assets, and business; (ii) protect our websites, products and services; (iii) conduct vendor due diligence; and (iv)prevent fraud, theft and misconduct.
- Legal: We use contact information, identifiers, financial information, commercial information, internet or electronic usage data, professional or employment information to comply with our legal obligations, including reporting requirements, and defend ourselves in legal proceedings, and protect our company and our property, employees, and others through legal proceedings.
How We Share Information With Others
We will share personal information in the following circumstances or as otherwise described in this Privacy Policy:
- Service Providers: We may share personal information with vendors and service providers who support the operation of our services, website, and our business and who need access to such information to carry out their work for us (including, for example, cloud hosting providers, analytics, payment processing, financial institutions, email delivery, marketing, internet service providers, operating systems and platforms and customer support services).
- Affiliates: We may share personal information with and among our subsidiaries, affiliates, or their successors or assigns.
- Marketing/Analytics/Advertising Partners: We may share personal information with third party marketing, analytics or advertising partners, including social media platforms and networks, for commercial purposes such as sending you marketing emails.
- Professional Advisors: We may share information with professional advisors, such as lawyers, bankers, tax consultants, auditors, and insurers, where necessary in the course of the professional services that they render to us.
- Government Entities: We share information with regulatory and government entities to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- Corporate Transaction Recipients: We may share information with potential investors, purchasers, merger partners, and their advisors to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
- With Your Consent or At Your Direction: We may share information with third parties whenever you consent to or direct such sharing.
How Long We Keep Personal Information
We will retain and use your information for as long as we need it to provide you services or products, or as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to request that we no longer use your information to provide you services or products, please contact us at privacy@kandji.io.
Cookies, Analytics, and Other Tracking Technology
Cookies and Tracking Technology
We want you to be aware that certain online tools exist to help us serve and recognize you when you visit our website. We receive and store certain types of information when you visit our website. When you access the website, we (including companies we work with) may place small data files on your computer or other device. These data files may be web beacons, cookies, clear gifs, pixel tags, e-tags, flash cookies, log files, or other local storage provided by your browser or associated applications. These tracking technologies, which are often referred to collectively as cookies, allow us to understand how users navigate to and around our website, view different pages, access content and request Services. We may use them, for example, to keep track of your preferences and profile information and collect general usage and volume statistical information. If you want to remove or block cookies, you may be able to update your browser settings. You can also find instructions on how to manage cookies on different types of web browsers at www.allaboutcookies.org. Please click here to change your preferences regarding cookies.
Do Not Track Signals
Some browsers have a “do not track” feature. It lets you tell websites you visit that you do not want them to track your online activity. These features are not yet uniform across browsers. Our sites are thus not currently set up to respond to these signals. For more information on Do Not Track signals, please visit https://allaboutdnt.com/.
Security
We follow generally accepted industry standards to protect the personal information submitted to us and have implemented reasonable technical, organization, administrative and physical measures to protect personal information. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security and encourage you to use websites and share information with caution.
This Website is Not Intended for Children
We do not knowingly collect or store any personal information from anyone under the age of 13. If we become aware that we have collected or stored personal information from an individual under age 13, we will remove his or her personal information from our files. If you are a parent or guardian and believe we may have inadvertently collected personal information from your child, please notify us immediately by sending an email to privacy@kandji.io.
Marketing Communications
You can opt out of marketing or advertising emails and newsletters by using the mechanism noted in communications you receive from us. You may also request to opt out of marketing or advertising emails by contacting us through one of the methods specified in the Contact Us section of this Privacy Policy. Once we process your request, we will cease using the information for such purposes at no charge to you. If you opt out of getting marketing messages, you will continue to receive messages from us about your relationship with us where permitted by law.
How We Transfer Information Across Borders
Kandji is located in the United States and we will import data into the country if you or users of authorized users in your corporate account are located in another country. When we move such data, we do so pursuant to standard contract clauses approved by the European Commission and employ those security measures required by the country in question to secure the data. We work with third-party vendors from time-to-time and require those parties to meet these same standards. We do not currently participate in the Data Privacy Framework.
Data Privacy Framework
Kandji, Inc. complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom and Switzerland to the United States.
Kandji has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework (“DPF”) Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit the Data Privacy Framework website.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Kandji commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Kandji at: privacy@kandji.io. You can also call us at 855-877-1866 or write us at:
Attn: Legal DepartmentKandji, Inc.
100 1st Street, 4th Floor
San Francisco, CA 94105
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Kandji commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to the BBB National Programs Data Privacy Framework Services, an alternative dispute resolution provider based in United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit BBB National Programs Data Privacy Framework Services – For Consumers for more information or to file a complaint. The services of BBB National Programs Data Privacy Framework are provided at no cost to you.
If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Please refer to the Data Privacy Framework Annex 1 for more information.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, the Federal Trade Commission has jurisdiction over Kandji’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Kandji’s accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequent onward transfers to a third party is described in the Data Privacy Framework Principles. In particular, Kandji remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Kandji proves that it is not responsible for the event giving rise to the damage.
Lawful Basis for Collection of Personal Information
When you voluntarily provide us with personal information such as when you contact us for a demonstration of our service, we have a legitimate interest in using the information to respond to your request and provide the demonstration. If you are based in the region outside of the United States, Personal Information that we collect automatically is done with your consent, which is obtained when you first visit us through a pop-up banner asking for consent. You may block tracking via your browser or by revoking your consent. The legal basis for the collection of your payment information is to facilitate the entering of a contract via the providing of consideration by you to us.
Your Privacy Rights
Kandji provides its customers, users, employees, and business to business contacts with privacy rights as described below. For residents of jurisdictions without privacy rights, we will consider requests but will apply our discretion in how we process such requests.
If you are using the Kandji service through a corporate account, please contact the company in question with any request associated with the following rights. Any submission to us will be forwarded to the company associated with your account.
Subject to certain exceptions, the common privacy laws afford individuals the following rights:
- You have the right to request that we tell you (i) what personal information we have collected about you, (ii) the sources of that information, (iii) the business or commercial purposes for collecting, selling or sharing the personal information; and (iv) the categories of third-parties to whom we have disclosed personal information.
- You have the right to request that we provide you with a copy of your personal information.
- You have the right to request that we delete personal information that we have collected from you. We may not delete all of your personal information if one of the allowed legal exceptions applies.
- You have the right to opt-out of the sale or sharing of your personal information.
- You have the right to direct us to limit the use or disclosure of your sensitive personal information to only the purposes specified in the relevant privacy law.
- You have the right to correct inaccurate personal information that we hold about you.
- You have the right to opt out of automated decision-making, including profiling, that we use to evaluate certain qualifications as part of the recruitment process.
- For all marketing materials, you can opt-out anytime, and free of charge. The right to object for other processing activities will be balanced to ensure that these are not incompatible with local laws and regulations. When we have collected your personal data with your consent, then you can withdraw it at any time.
- Based on your specific situation, we provide you with the right to obtain and reuse your data across different services, including the transfer of your data to you or to another third-party.
- You have the right to not be discriminated against for exercising any of your rights. We will not discriminate against you, deny you services, charge you a different price, or provide you with a lesser quality of services if you exercise any of your privacy rights.
If you choose to use the Global Privacy Control (“GPC”) browser signal, you will only be opted out of online sales or sharing of Personal Information, and will need to turn it on for each browser you use. To submit a request to opt out of offline sales and sharing which would not otherwise be controlled by GPC, please use our webform or telephone number.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our service providers, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@kandji.io.
Exercising Your Privacy Rights
To exercise any of your privacy rights, please submit your request to our Privacy Rights Request Form email us at privacy@kandji.io or call us at 855-877-1866. For all requests, you must provide us with your name, email address, phone number, and mailing address. Failure to provide all of the foregoing information may prevent us from processing your request. For an online request to delete, we will also send you a second verification to confirm that you want your information to be deleted.
In order to designate an authorized agent to act on your behalf, you must send a signed, written authorization to us at privacy@kandji.io.
Other Region-Specific Disclosures
Certain jurisdictions provide their residents with additional rights regarding our use and disclosure of their personal information. To learn more about the particular additional rights applicable to your jurisdiction, please see the additional provisions below.
California Consumer Privacy Act. This section applies to our privacy practices as required under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA“).
Categories and sources of personal information we collect
In the preceding 12 months, we have collected the following categories of personal information: contact information, identifiers, financial information, commercial information, internet or electronic usage data and professional or employment information. For details about precise data points we collect and the categories of sources of such collection, please see the sections above titled Categories of Personal Information We Collect and Categories of Sources From Which We Collect Personal Information.
Sale of Personal Information
In the preceding 12 months, we have not “sold” (as that term is defined in the CCPA) personal information. We do not knowingly sell the personal information of minors under the age of 16.
Sharing of Personal Information
We have not “shared” and do not “share” (as those terms are defined in the CCPA) personal information. We do not knowingly share the personal information of minors under the age of 16.
Use or Disclosure of Sensitive Personal Information
In the preceding 12 months, we have not used or disclosed sensitive personal information for purposes to which the right to limit use and disclosure applies under the CCPA.
Purposes for which we use personal information: We collect personal information for the business and commercial purposes described in the section above titled Purposes for Collecting Personal Information.
Disclosure for a business purpose: In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of third party recipients:
| Category of Personal Information | Categories of Third Parties |
|---|---|
| Contact Information |
|
| Identifiers |
|
| Financial information |
|
| Internet or Electronic Usage Data |
|
| Professional or Employment Information |
|
A list of service providers (sub-processors) currently authorized by Kandji to process Personal Information and assist Kandji in providing the relevant is located here.
For a more expansive description of the categories of recipients and business purposes for which we share personal information, please see the How We Share Personal Information section above.
Shine The Light. If you are a California resident, this section applies to you. The California Shine the Light law (Cal. Civ. Code § 1798.83) permits residents of California to request certain details about how their information is shared with third parties for the third-parties’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy@kandji.io, and include “CA Shine the Light” in the subject line of your email. Unless otherwise expressly stated, this Site is provided without charge.
You also may contact the Complaint Assistance Unit of the Division of Consumer Services of California’s Department of Consumer Affairs in writing at 400 R Street, Suite 1080, Sacramento, California 95814 or by telephone at (916) 445-1254 or (800) 952-5210.
Other Privacy Rights Information. Under the EU and UK General Data Protection Regulation, we are required to provide residents of the European Economic Area with the following information:
- You also have the right to lodge a complaint with a supervisory authority: A list of the European data protection authorities is available here, the contact of the UK Information Commissioner's Office (ICO) is available here, and the contact of the Federal Data Protection and Information Commissioner of Switzerland is available here.
Contact Us
If you have any questions about this Policy, our data practices or would like to contact Kandji’s Data Protection Officer, please email us at privacy@kandji.io. You can also call us at 855-877-1866 or write us at:
Attn: Legal DepartmentKandji, Inc.
100 1st Street, 4th Floor
San Francisco, CA 94105
Updates to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the website as well as update the policy's effective date. Your continued use of our website or services following the posting of changes constitutes your acceptance of such changes.