Securify Terms of Service
Last modified: March 27, 2020
Securify (“Securify,” “we,” “our,” or “us”), provides multi-factor authentication and other services to users (“User,” “Users,” “you,” or “your”) and corporate users (“corporate user”, “corporate users”) around the world. Your use of our website (the “Site”), the mobile application (the “Application”) and the services made available on the Site (“Services”) is subject to these Terms & Conditions (these “Terms”). These Terms apply between you as the user of the Site, Application or Services and Securify Ltd..
These Terms do not apply to Enterprise Edition Subscriptions for “Corporate User”, “Corporate Users” which are governed by written agreements between Securify and the customer.
Please read these Terms carefully, as they affect your legal rights. Your agreement to comply with and be bound by these Terms is deemed to occur upon your first use of the Site and/or Services. If you do not agree to be bound by these Terms, you should stop using the Site and Services immediately.
1. Intellectual property and acceptable use
1.1 All Content included on this Site, Application and related Services, unless uploaded by Users, is the property of Securify, our affiliates or other relevant third parties. In these Terms, Content means any text, graphics, images, audio, video, software, data compilations, process flows, algorithms, page layout, underlying code and software and any other form of information capable of being stored in a computer that appears on or forms part of this Site, including any such content uploaded by Users.
1.2 By continuing to use the Site and/or the Application you acknowledge that such Content is protected by copyright, trademarks, database rights and other intellectual property rights. Nothing on this site shall be construed as granting, by implication, estoppel, or otherwise, any license or right to use any trademark, logo or service mark displayed on the site without the owner’s prior written permission.
1.3 You may temporarily download one copy of the materials (information or software) on this Site and Application for personal, non-commercial transitory viewing only. You must not otherwise reproduce, modify, copy, distribute or use for commercial purposes any Content without the written permission of Securify.
2. Prohibited use
You may not use the Site, Application and Services for any of the following purposes:
2.1 in any way which causes, or may cause, damage to the Site and Services or interferes with any other person’s use or enjoyment of the Site and Services;
2.2 in any way which is harmful, unlawful, illegal, abusive, harassing, threatening or otherwise objectionable or in breach of any applicable law, regulation, governmental order;
2.3 making, transmitting or storing electronic copies of Content protected by copyright without the permission of the owner.
2.4 in any way may result with infringement of EU’s GDPR and Turkish PPDA (KVKK) laws and decisions of related data protection authorities of relevant countries that was established and enacted to protect personal data of individuals
3.1 You must ensure that the details provided by you on registration belongs to you and at any time are correct and complete. You must inform us immediately of any changes to the information that you provide when registering by updating your personal details to ensure we can communicate with you effectively.
3.2 We may suspend or cancel your registration with immediate effect for any reasonable purposes or if you breach these Terms.
3.3 You may cancel your registration at any time by contacting us. If you do so, you must immediately stop using the Site, Application and Services. Cancellation or suspension of your registration does not affect any statutory rights.
4. Links to other websites
4.1 This Site and the Application may contain links to other websites. Unless expressly stated, these sites are not under the control of Securify or that of our affiliates.
4.2 We assume no responsibility for the content of such websites and disclaim liability for any and all forms of loss or damage arising out of the use of them.
4.3 The inclusion of a link to another website on this Site does not imply any endorsement of the websites themselves or of those in control of them.
To the extent that Securify processes any personal data that is subject to the EU General Data Protection Regulation (GDPR) and Turkish Personal Data Protection Law (KVKK), on Corporate User’s behalf, in the provision of the Service, the terms of the Securify Data Processing Agreement which are hereby incorporated by reference, shall apply.
6. Availability of the Site, Application and disclaimers
6.1 Any online facilities, tools, services or information that Securify makes available through the Site and Application is provided “as is” and on an “as available” basis. We give no warranty that the Site, Application and Services will be free of defects and/or faults. To the maximum extent permitted by the law, we provide no warranties (express or implied) of fitness for a particular purpose, accuracy of information, compatibility and satisfactory quality. Securify is under no obligation to update information on the Site and Application.
6.2 Whilst Securify uses reasonable endeavours to ensure that the Site, Application and Services are secure and free of errors, viruses and other malware, we give no warranty or guaranty in that regard and all Users take responsibility for their own security, that of their personal details and their computers. Securify accepts no liability for any disruption or non-availability of the Site, Application or Services.
6.3 Securify reserves the right to alter, suspend or discontinue any part (or the whole of) the Site and Application including, but not limited to, any products and/or services available. These Terms shall continue to apply to any modified version of the Site and Application unless it is expressly stated otherwise.
7. Limitation of liability
7.1 Nothing in these Terms will: (a) limit or exclude our or your liability for death or personal injury resulting from our or your negligence, as applicable; (b) limit or exclude our or your liability for fraud or fraudulent misrepresentation; or (c) limit or exclude any of our or your liabilities in any way that is not permitted under applicable law.
7.2 We will not be liable to you in respect of any losses arising out of events beyond our reasonable control.
7.3 To the maximum extent permitted by law, Securify accepts no liability for any of the following: (a) any business losses, such as loss of profits, income, revenue, anticipated savings, business, contracts, goodwill or commercial opportunities; (b) loss or corruption of any data, database or software; (c) any special, indirect or consequential loss or damage.
7.4 You agree that Securify and any parents, subsidiaries, officers, employees, or third party contractors cannot be held responsible for any third party claim, demand, or damages, including reasonable attorneys’ fees, arising out of your use of this Service.
8.1 You may not transfer any of your rights under these Terms to any other person. We may transfer our rights under these Terms where we reasonably believe your rights will not be affected.
8.2 These Terms may be varied by us from time to time. Such revised terms will apply to the Site and Services from the date of publication. Users should check the Terms regularly to ensure familiarity with the then current version.
8.4 If any court or competent authority finds that any provision of these Terms(or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of these Terms will not be affected.
8.5 Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
8.6 This Agreement shall be governed by and interpreted according to the law of Turkey and all disputes arising under the Agreement (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the Turkish courts.
9. Securify Ltd details
9.1 Securify Ltd is a company incorporated in Turkey whose registered address is İ.O.S.B Ankara Teknopark TGB Yerleşkesi 2224. Cad. No:1 C Blok C-917 Yenimahalle Ankara Turkey and it operates the website securifyid.com. The registered VAT number of Securify Ltd is 7570462897.
9.2 You can contact Securify Ltd by email on firstname.lastname@example.org.
Last modified: March 27, 2020
Securify (“Securify,” “we,” “our,” or “us”), recognizes that your privacy is very important and we take it seriously. Securify provides multi-factor authentication and other services to users (“User,” “Users,” “you,” or “your”) and Enterprise Users (“Enterprise User”, “Enterprise Users”) around the world. Your use of our website (the “Site”), the mobile application (the “Application”) and the services made available on the Site (“Services”) is subject to these Privacy Rules, “Terms & Conditions” (these “Terms”) for individual users (http://securifyid.com/legal/terms-conditions/) and Securify Data Processing Agreement for corporate users.
1. Information we collect
We collect and receive information from you and your devices in the following cases:
• When you make a job application (via sending your CV in Hardcopy or Digital format, apply for a vacant position from our web sites)Through your visit to our web sites and using our Applications,Giving your contact details physically (mostly in an event, bilateral meetings or other similar physical organizations)Using our services (mobile apps, management console, API, plugins)
1.1 Information you provide when you apply for a job
You provide several personal data to us mostly in your resume and sensitive information l in connection with your job application. Some of the personal data your provide us are listed below:
• Name Surname
• Identity number / Passport number
• Certificate of Identity Register Copy
• Email address
• Phone/mobile number
• Date of Birth
• Marital Status,
• Education Background
• Professional Experience (Your previous employments, name of companies, your positions etc.)
• Project Experience (The project information you were involved, date of the projects, your position etc.)
• Your Publications
• Your areas of interest
• Your hobbies and social life
• Your references (with a commitment that you have taken their consent beforehand)
1.2 Information collected when you visit our web sites
We may also collect contact and/or professional data about you in person, through means like online forms and/or communications, and through our websites. For example, you may provide your name, surname and contact information, as well as professional information to us when you sign up to learn more about Securify’s products and services, download content, register for an event, and visit our offices.
1.3 Information collected physically
During our physical marketing efforts and business activities, you may provide us your contact and professional details especially in business card format or orally. If you attend an event, we may also receive contact and professional details about you by filling in a form or by providing us a business card or other method where you share Personal Data with us, as well as pictures and videos taken that can be shared on social media to express Enterprise activities. Typically, contact data includes your name and contact methods, such as telephone number, email address, and mailing address, and professional data includes details such as the organization you are affiliated with, your job title, and industry.
1.4 Information collected when you use our services
Information collected by our systems will be detailed in the following sub-sections:
1.4.1 Mobile Applications
We have Android and IOS Mobile Applications. So, when you download our apps from online stores and start using, we collect information in the following phases:
During First Registration: In order to be able to use our mobile services, you should sign-up by entering your name, surname, email address, phone number. After you entered your information, we sent a registration code to your e-mail address and wants you enter this code in our app in order to finalize your registration. During your registration we generate symmetric and asymmetric key pairs in order to use them in digital signing and encryption of transactions as well. According to our usage, we can store these keys in mobile app, in backend server or in both.
When You Add a New Service: You may add either a Enterprise or individual service. Individual services can only be used in TOTP (Time-Based One-Time Password) Authentication (RFC-6238). In this authentication mechanism, a third-party service (i.e. Twitter, Facebook, LinkedIn) can be added by scanning a QR code or enter a secret key manually in order to perform second factor authentication. If you scan the QR code we obtain your secret key and the name of your third-party service and if you add manually, we store the name you gave to the service and the secret key. We store your secret key both in your mobile app and in our backend servers in order to regenerate OTP and recover it when you move your app to another phone or reinstall the app as a backup for your own convenience. We also highlight that in order to let you scan QR code, we need your camera permissions.
In Enterprise services, you enter a code provided from your service provider and we just keep service provider’s id and the user-id provided for the service. User id is only a number produced by your corporation/service provider to pseudonmyse your identity , that is later shared by your corporation/service provider with us in order to uniquely identity your transaction. User id can be just a pseudonmysed number and we do not require it to be a personally identifying number. But if your service provider provides such as personal data as user id, it is the responsibility of your service provider which is also included in our contract with your service provider.
During Authentication: During authentication we use several information about you and your device, app and transaction in order to improve your security during authentication and store them for publc and third party audit purposes, as well as improvements to our services. This information may include your email address, your user-id, your Internet Protocol (IP) address, OS platform, your browser type and version, browser timezone, browser time offset, browser agent, screen resolution, the date and time of your transaction, keystroke timings, geolocation, time spent on each page, your clicks, your scrolls.
1.4.2 Management Console
For Enterprise Users that has contract with us, we provide a web-based management console for identity and access management of their employees and/or customers. In this console, employes or customer data is provided to the system by the Enterprise . In such cases, data controller is the Enterprise and we are in data processor role. So, the responsibility to meet the data privacy and other related legal requirements with the endnuser or employee is primarily on the Enterprise .
As a Enterprise User of our Site, Application and services your data controller may keep and process your personal data under the following sections of management console:
Directory Section: In directory section, information about users, groups, identities and zones can be stored in the system. Personal data can be kept within users or identities module. However, neither our system nor the processes require users’ personal data to operatecorrectly. Our system just needs a user ids and/or email addresses which might be anonymous records that cannot be directly linked with the users’ identities. We recommend our Enterprise Users as data controllers to utilise pseudonmysied user-ids for a better EU’s GDPR and Turkish PPDA (KVKK) compliance. According to the Enterprise User configuration, the users’ data can also be retrieved from an already existing third-party system such as Active Directory, Office 365, Radius etc.
Applications Section: In the applications section, Enterprise User can define its services and html forms in order to manage access to them. Applications section processes ordinary data, such as service name, form html id, field html. The only personal data processed under this section isthe logs that are kept about the services used by individual userid’s. .
Policies Section: In this section, Enterprise User can define rules to allow or deny the user groups to use the defined services or forms according to time period or IP addresses.
Licences Section: In licences section we keep Enterprise or individual licencing information that includes the product name, licence name, start date, expritation date, users’ email address (for individual users), Enterprise information, Enterprise email address, phone number etc.
Audit Section: In audit section, system stores several information about the authentication transactions for security and controls, including Enterprise name, service name, user-ids, Internet Protocol (IP) address, OS platform, browser type and version, browser time zone, browser time offset, browser agent, screen resolution, the date and time of the transaction, users’ keystroke timings, geolocation, time spent on each page, clicks, scrolls.
Threat Management Section: In threat management section, the system checks the collected data regarding the users’ authentication transactions and perform static and automatic analysis. Automatic analysis includes analysing users’ historical and behavioural data using machine learning or statistical techniques and detect anomalies. In this section, Enterprise should define risk-based authentication parameters and actions when an anomaly is detected in users’ authentication transaction. Actions includes to trigger a third-party system or send notification emails or SMS. Therefore, the information such as IP address and service name of the third-party application or the e-mail and SMS information of the persons to be notified should be entered to the system.
1.4.3 API Services
Since our backend services runs through API services, the data mentioned in the previous systems should be transferred using these API’s.
We sometimes provide some plugins in order to interact with third party systems. In the settings page of these plugins, the system may store users’ email addresses, API Keys, some other relevant configuration data.
How we collect information
We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
Use of information
We use your data in order to increase the security of your authentication processes and prevent any malicious cyber attack against your identities.
We may use a combination of identifying and non-identifying information to understand who our visitors are, how they use our services, and how we may improve their experience of our Services in the future. We do not disclose the specifics of this information publicly, but may share aggregated and anonymised versions of this information, for example, in website and customer usage trend reports.
We may use your personal details to contact you with updates about our Services, along with promotional content that we believe may be of interest to you. If you wish to opt out of receiving promotional content, you can follow the “unsubscribe” instructions provided alongside any promotional correspondence from us.
Data processing and storage
We only transfer data within jurisdictions subject to data protection laws that reflect our commitment to protecting the privacy of our users.
We only retain personal information for as long as necessary to provide a service, or to improve our services in future. While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.
If you request your personal information be deleted, or where your personal information becomes no longer relevant to our operations, we will erase it from our system within a reasonable timeframe.
Third-party access to information
We use third-party services for:
• Analytics tracking
• Advertising and promotion
• Content marketing
• Email marketing
• Payment processing
These services may access our data solely for the purpose of performing specific tasks on our behalf. We do not share any personally identifying information with them without your explicit consent. We do not give them permission to disclose or use any of our data for any other purpose.
We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to this policy
Your rights and responsibilities
As our user, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend or remove your account information at any time, using the links in our web sites.
You are entitled to restrict or object to our use of your data, while retaining the right to use your personal information for your own purposes. You have the right to opt out of data about you being used in decisions based solely on automated processing.
Securify Ltd. is the data controller of your personal information in individual services but data processor in the Enterprise services.
Securify Cookies Policy
Last modified: March 27, 2020
WHAT IS A COOKIE?
A cookie is a small piece of data that a website stores on your device when you visit, typically containing information about the website itself, a unique identifier that allows the site to recognise your web browser when you return, additional data that serves the purpose of the cookie, and the lifespan of the cookie itself.
Cookies are used to enable certain features (eg. logging in), to track site usage (eg. analytics), to store your user settings (eg. timezone, notification preferences), and to personalise your content (eg. advertising, language).
Cookies set by the website you are visiting are normally referred to as “first-party cookies”, and typically only track your activity on that particular site. Cookies set by other sites and companies (ie. third parties) are called “third-party cookies”, and can be used to track you on other websites that use the same third-party service.
TYPES OF COOKIES AND HOW WE USE THEM
Essential cookies are crucial to your experience of a website, enabling core features like user logins, account management, shopping carts and payment processing. We use essential cookies to enable certain functions on our website.
Performance cookies are used in the tracking of how you use a website during your visit, without collecting personal information about you. Typically, this information is anonymous and aggregated with information tracked across all site users, to help companies understand visitor usage patterns, identify and diagnose problems or errors their users may encounter, and make better strategic decisions in improving their audience’s overall website experience. These cookies may be set by the website you’re visiting (first-party) or by third-party services. We use performance cookies on our site.
Functionality cookies are used in collecting information about your device and any settings you may configure on the website you’re visiting (like language and timezone settings). With this information, websites can provide you with customised, enhanced or optimised content and services. These cookies may be set by the website you’re visiting (first-party) or by third-party service. We use functionality cookies for selected features on our site.
Targeting/advertising cookies are used in determining what promotional content is more relevant and appropriate to you and your interests. Websites may use them to deliver targeted advertising or to limit the number of times you see an advertisement. This helps companies improve the effectiveness of their campaigns and the quality of content presented to you. These cookies may be set by the website you’re visiting (first-party) or by third-party services. Targeting/advertising cookies set by third-parties may be used to track you on other websites that use the same third-party service. We use targeting/advertising cookies on our site.
THIRD PARTY COOKIES ON OUR SITES
We may employ third-party companies and individuals on our websites—for example, analytics providers and content partners. We grant these third parties access to selected information to perform specific tasks on our behalf. They may also set third-party cookies in order to deliver the services they are providing. Third-party cookies can be used to track you on other websites that use the same third-party service.
OUR THIRD-PARTY PRIVACY PROMISE
We review the privacy policies of all our third-party providers before enlisting their services to ensure their practices align with ours. We will never knowingly include third-party services that compromise or violate the privacy of our users.
HOW YOU CAN CONTROL OR OPT OUT OF COOKIES
If you browse website from multiple devices, you may need to update your settings on each individual device.
Although some cookies can be blocked with little impact on your experience of a website, blocking all cookies may mean you are unable to access certain features and content across the sites you visit.
Third Party Notices
Version (IF 1.1.1 ANY)
Description: Lifecycle-aware components perform actions in response to a change in the lifecycle status of another component, such as activities and fragments. These components help you produce better-organized, and often lighter-weight code, that is easier to maintain. See the reference docs for more information.
License: Apache 2.0 license
Google Android Play Services Vision
Version (IF 11.8.0 ANY)
Description: With Google Play services, your app can take advantage of the latest, Google-powered features such as Maps, Google+, and more, with automatic platform updates distributed as an APK through the Google Play store. This makes it faster for your users to receive updates and easier for you to integrate the newest that Google has to offer.
License: Apache 2.0 license
Google Zxing Core
Version (IF 2.2 ANY)
Description: Core barcode encoding/decoding library
License: Apache 2.0 license
Google Location and Activity Recognition
Version (IF 15.0.1 ANY)
Description: With Google Play location services, your app can take advantage of the latest, Google-powered features in phone location, with automatic platform updates distributed as an APK through the Google Play store.
Lisans: Apache 2.0 License
Android Architecture Components
Version: (IF 1.0.0 ANY)
Description: Android architecture components are a collection of libraries that help you design robust, testable, and maintainable apps. Start with classes for managing your UI component lifecycle and handling data persistence.
Lisans: Apache 2.0 License
Support Library Packages
Description: The Android Support Library contains several library packages that can be included in your application. Each of these libraries supports a specific range of Android platform versions and set of features.
Lisans: Apache 2.0 License
Apache Commons Codecs
Version: (IF 1.11 ANY)
Description: The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Lisans: Apache 2.0 License
Version: (IF 2.8.5 ANY)
Description: Gson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object. Gson can work with arbitrary Java objects including pre-existing objects that you do not have source-code of.
Lisans: Apache 2.0 License
Version: (IF 1.1.1 ANY)
Description: Volley is an HTTP library that makes networking for Android apps easier and, most importantly, faster.
Lisans: Apache 2.0 License
Firebase Cloud Messaging
Version: (IF 18.0.0 ANY)
Description: Firebase Cloud Messaging (FCM) is a cross-platform messaging solution that lets you reliably send messages at no cost.
Lisans: Apache 2.0 License
Version: (IF 1.0.3 ANY)
Description: QR Generator Library and Saves the QR Code as Image
Lisans: MIT License
Version: (IF 1.9.13 ANY)
Description: Android library projects that provides easy to use and extensible Barcode Scanner views based on ZXing
Lisans: Apache 2.0 License