How We Handle Your Data
Visit the Trust Center to download a PDF version of this page, including your company information.
The following communications take place:
- The client software communicates with the cloud service
- Administrators and help desk personnel access the portal through single sign-on
- OPTIONAL: Files and checksums are sent to OPSWAT MetaDefender for multi-engine malware scan (enabled by default)
- OPTIONAL: Customer API can be used to consume data from your own systems (disabled by default)
The data communication between the client software and our servers uses SSL encryption. The load balancer IP depends on your region:
- 18.104.22.168 (if your data is located in the USA)
- 22.214.171.124 (if your data is located in Europe)
Furthermore, the raw data is also encrypted using a 256-bit encryption to protect against Man-in-the-middle attacks by a person who has physical access to a client.
The inventory collects:
- Basic hardware inventory data, such as computer model, cpu, ram and operating system
- IP address
- User and computer domain and OU names
- User’s phone number and email address (see note below)
- List of local administrator account names
- List of computer and user groups (AD Domain or Azure AD)
- List of installed software
NOTE: In case of GDPR concerns, you have the ability to disable the collection of user name, account name, email address and phone number in the Settings menu after login. You can also disable the entire inventory if you prefer.
The client software collects this information from a domain controller for domain computers:
- User and computer OU names
- User’s phone number and email address
- List of computer and user groups
The traffic is marginal and only refreshed every 4 hours. You can monitor the traffic on an endpoint by running the ADInsight SysInternals tool.
When a user has completed an App Elevation or an Admin Session, the client collects:
- Computer name
- Installed and uninstalled software
- UAC elevated programs
- Reason for administrator need (if configured)
- User’s account name and full name (if configured)
If the Reason screen is used, email address and phone number are also collected, as entered by the user in the pop-up window. You can disable collection of user name, email address and phone number in the Privacy menu in Settings in the portal.
In a support situation, one of our support engineers might ask the end user to invoke the About screen, click the Connectivity tab and ask the end user to click the “Submit diagnostics data” link. This will send trivial system data to us to understand the history of the endpoint software. If the end user clicks the link and confirms, the client submits:
- Current configuration state (downloaded settings)
- Data in queue to be uploaded
- When the endpoint software was installed or upgraded
- When the services of the endpoint software were started or stopped
- Events from the local event log related to Admin By Request
This data cannot be extracted by us without the user clicking the link and is kept for up to a week. Note that an end user cannot create a support ticket, only portal administrators can.