Privacy Policy
Effective: July 2, 2025
1. OVERVIEW
Cirrus Identity, Inc. (“Cirrus Identity”, “We”, “Us”, “Our”) values the privacy of individuals. This Privacy Policy describes the data We collect, why We collect it, and how We use it on Our website, Our products, Our solutions, and any other services which display a link to this Privacy Policy (collectively Our “Services”). By using our website or providing information to Cirrus Identity via Our Services, you agree that you have read this Privacy Policy and accept the practices it describes. Please also visit our Terms of Use section establishing the use, disclaimers, and limitations of liability governing the use of our website at https://www.cirrusidentity.com/terms-of-service.
Customers (“Customer”, “They”, “Them”, or “Their”) evaluating Our Services for future purchase, or contracting with Cirrus Identity to run Services on Their behalf are consenting to Our privacy and data management policies as described in this Privacy Policy unless otherwise stipulated by contract.
We recognize the importance of protecting the privacy of Personal Data or personally identifiable information, being information which relates to an identifiable individual (“Personal Data”). We respect the rights of such individuals whose Personal Data we process (and in some cases as employer ourselves control) and the obligations imposed by applicable law and are committed to protecting your privacy. The following Privacy Policy discloses what information we gather, how we use it, and how to correct or change it.
2. DEFINITIONS
“Authorized Administrative User” or “Sponsor” - Any individual authorized by the Customer to configure, support, utilize, or otherwise use Cirrus Identity Services to provide access to Customer applications.
“Cirrus Identity”, “We”, “Us”, “Our” – Cirrus Identity Inc., a Delaware corporation registered at 4031 Brighton Avenue, Oakland, CA 94602
“Data Controller” – Our Customers which each alone or jointly with others determines the purposes and means of the processing of Your Personal Data.
“Data Processor” – Cirrus Identity which engages in Personal Data processing on behalf of the Data Controller. Data Processing involves any operation (or set) performed on Personal Data (such as, but not limited to, collection, structuring, storage, use or disclosure and the processing more particularly described in this Privacy Policy).
“End User”, “You” or “Your” - Any individual with personal data shared with Cirrus Identity.
“Personal Data” - Personally identifiable information (PII) being information which relates to an identifiable individual provided by You to Cirrus Identity or to a Customer and processed by Cirrus Identity under a contract.
3. CHANGES TO THIS POLICY
We reserve the right, in our sole discretion, to modify, alter or update our Privacy Policy at any time. Such modifications, alterations, and updates shall be effective immediately upon posting and We will update the "Last Updated" date at the top of this Privacy Policy accordingly. We will provide additional notification, such as a notice on the Cirrus Identity home page prior to the change becoming effective, in the case of material changes to this Policy. We encourage You to review our Privacy Policy whenever You access Cirrus Identity Services to stay informed about Our privacy practices and the ways You can help protect Your privacy. Your continued use of this website or of any of the Cirrus Identity Services after the posting of a modified, altered, or updated Privacy Policy shall constitute Your consent to such modifications, alterations or updates.
4. PERSONAL INFORMATION COLLECTED
Cirrus Identity aims to collect and store the least amount of Your Personal Data necessary to deliver Services. The reasons for Cirrus Identity processing Your Personal Data are both to fulfill the legal requirements to deliver the Services as defined by Cirrus Identity’s Terms of Service, and to meet Cirrus Identity’s legitimate interests as defined in the “Use of Personal Data” section. We may also process Your Personal Data when delivering Services once you have provided Your consent, should that be appropriate.
Non-Personal Data:
We may collect information about Your visit to and use of the website, including sales data, traffic data and related website information. We may also collect anonymized information during the course of Our Services which We provide. This information helps us to evaluate and improve Our website and Services and may also be used for investment analysis purposes. As Non-Personal Data does not personally identify You, We may use it for any purpose.
5. TYPES OF DATA COLLECTED
PERSONAL DATA
Many of the Cirrus Identity Services require basic Personal Data such as name or email address. This Personal Data may include additional pieces of data called identifiers which are generally not visible to You but can be used to uniquely identify You. An everyday example of an identifier that is visible to You would be a mobile phone number. Each Cirrus Identity Service has different data requirements and those will be outlined in the “How Data is Collected” section.
LOGGING PERSONAL DATA
All Cirrus Identity Services have a transaction logging component. The logs may record Personal Data collected for the Cirrus Identity Service along with Your IP address, the time of the transaction, and which Customer application You were attempting to use. Logs are retained as outlined in the “Data Retention” section.
The following are samples of the Personal Data collected in the logs for Cirrus Identity Services:
i. Cirrus Identity Bridge
- ip address
- date/time
- user - first value found when checking eduPersonPrincipalName, mail, or uid
- eduPersonPrincipalName - all values
- mail - all values
- givenname - all values
- sn - all values
- uid - all values
- cas:user - any value configured for the CAS protocol
ii. Cirrus Identity Gateway
- ip address
- date/time
- mail registered with provider
- givenname registered with provider
- sn registered with provider
- uid issued by provider
iii. Cirrus Identity Proxy
- ip address
- date/time
- user - first value found when checking eduPersonPrincipalName, mail, or uid
- eduPersonPrincipalName - all values
- mail - all values
- givenname - all values
- sn - all values
- uid - all values
iv. Cirrus Identity OrgBrandedID
- ip address
- date/time
- mail - used to register
- givenname - used to register
- sn - used to register
- uid - created by Cirrus Identity
6. COOKIES
To deliver Cirrus Identity Services, We make use of both persistent cookies (which are retained for a predefined period) and session cookies (which disappear when you log out). The individual cookies are unique to the web browser You are using. This uniqueness is important to the operation of Cirrus Identity Services and is the reason why we use them.
The session and persistent cookies associated with Cirrus Identity Services will either be stored as “cirrusidentity.com”, “apps.cirrusidentity.com”, “www.cirrusidentity.com”, or “blog.cirrusidentity.com”, another subdomain under “cirrusidentity.com” that is associated with one of Our Customers, or another subdomain under “cirrusidentity.com”
Cirrus Identity also makes use of third-party cookies for some monitoring and marketing processes. Third-party cookies are stored by a domain that is different from the one associated with the site You are visiting. This can happen when a file, such as JavaScript, is located outside the webpage’s domain.
Please see our Cookie Policy.
7. HOW DATA IS COLLECTED
Cirrus Identity provides authentication and user registration solutions that assist Our Customers in providing You access to applications they operate. Each Customer is a Data Controller primarily responsible for your Personal Data and We only process Your Personal Data pursuant to their instructions. Each Customer may use one or more of our Services in combination to accomplish this. Cirrus Identity collects the minimum Personal Data required to allow You to use our Customer’s applications. The type and amount of Personal Data that is collected depends on Your specific relationship with one of Our Customers. We encourage You to ask the Customer that is administering the application You are trying to access for the specifics on how Your Personal Data is being used. It is the Customer which is the Data Controller of Personal Data which we process on Your behalf and the Customer instructs Us as to how Your Personal Data may be processed. If You still have questions, please in the first instance contact the applicable Cirrus Identity Customer with us in copy. Nonetheless, if You or if Customers have questions, they may contact Us as outlined in the “Contacting Us” section.
The following is a list of each Cirrus Identity Services and the Personal Data collected:
i. Cirrus Identity Gateway
Via an integration controlled and managed by individual Cirrus Identity Customers, Cirrus Identity processes Personal Data provided by one or more of the following login methods for Them. The login methods are as follows:
- Amazon
- Apple
- Microsoft
- ORCID
The Personal Data provided by the login methods varies but does not exceed the following information:
- Name (given name, family name, and/or display name)
- Email address
- A unique ID issued by the login method provider
This information may be included in the transaction log (see Logging) for the Cirrus Gateway but is not stored unless needed for other Cirrus Identity Services. To enable access, the Gateway will utilize session cookies while You are logged in (see Cookies) and a persistent cookie to support load balancing.
ii. Cirrus Identity Invitation Service
The Cirrus Invitation Service establishes a relationship between You and a Sponsor. This relationship is used by the Customer to deliver services to You.
The Customer will provide an email address for You. Cirrus Identity will send You a request at the email address on behalf of the Customer to claim the invitation using a method of login. Regardless of the method of login, the following Personal Data may be processed and stored by Cirrus Identity on behalf of the Customer depending on settings They configure:
- Name (given name, family name, and/or display name)
- Email address
- A unique ID based on the method of login
- Personal Data provided by the Customer
To enable the claim process, session cookies are used for the duration of the claim process and a persistent cookie is used to support load balancing (see Cookies). Transactions using the Cirrus Invitation Service are also logged (see Logging).
iii. Cirrus Identity Account Linking
Cirrus Account Linking establishes a relationship between You and Personal Data provided by a Customer. This relationship is used by the Customer to deliver service to You.
Data provided by a login method (such as the Cirrus Identity Gateway, the Cirrus Identity OrgBrandedID, or another login method) when You log in is processed and stored by Cirrus Identity on behalf of the Customer as a record of this relationship.
Data provided by the Customer about You is also processed and stored as a record of this relationship. This data typically consists of one or more identifiers The Customer maintains about You and is provided in accordance with the contract Cirrus Identity has with the Customer.
To enable account linking, session cookies are used until the relationship is established and a persistent cookie is used to support load balancing (see Cookies). Transactions using Cirrus Account Linking are also logged (see Logging).
iv. Cirrus Identity OrgBrandedID
The Cirrus OrgBrandedID allows the Customer to offer You the option to create an account if You do not have, or want to use one of the login options provided. To use this service, You must provide the following Personal Data:
- Name (given name and family name)
- Email address
- A password
- Other data required by the Customer
Depending on the requirements of the Customer, You may also be required to provide answers to selected security questions. When complete, Your account will also have a machine generated identifier for use with other Cirrus Identity Services and/or by the Customer.
To enable account creation, session cookies are used until the process is complete and a persistent cookie is used to support load balancing (see Cookies). Transactions using the Cirrus OrgBrandedID are also logged (see Logging).
v. Cirrus Identity Discovery Service
The Cirrus Discovery Service, if configured by the Customer, is used by You to select login methods. The service does not ask for Personal Data but will remember login method choice for thirty (30) days using a persistent cookie. A persistent cookie is also used to support load balancing (see Cookies).
vi. Cirrus Identity Proxy and Cirrus Identity Bridge
Cirrus Proxy and Cirrus Bridge are technology solutions the Customer may use to allow You to access Their services. Both the Proxy and the Bridge process Your Personal Data to enable access, but do not collect or store Your Personal Data. To enable access, the solutions will utilize session cookies while You are logged in, and a persistent cookie is used to support load balancing (see Cookies).
Transactions processed by the Cirrus Proxy and the Cirrus Bridge are logged. This can include any Personal Data needed to enable access (see Logging).
vii. Cirrus Identity Console
The Cirrus Console is a solution used by Authorized Administrative Users and Sponsors. Both must be designated by the Customer. Authorized Administrative Users use the Console to configure other Cirrus Identity services and conduct support operations. Sponsors use the Console to send invitations to You, to monitor the status of sent invitations, to renew invitations, and to revoke invitations.
The Cirrus Console requires the Customer to assert Personal Data about Authorized Administrative Users or Sponsors to control access. One or more of the following Personal Data will be sent by the Customer to the Cirrus Console:
- Organizational email address
- Organizational identifier called eduPersonPrincipalName
Instead of sending Personal Data, the Customer may choose to send a membership designation called eduPersonScopedAffiliation, or an entitlement designation called eduPersonEntitlement to enable access.
Transactions conducted in the Cirrus Identity Console are logged (see Logging) and may be reviewed to maintain security. Configuration and other data entered into the Cirrus Console is covered by the contract with the Customer.
To enable access, the solutions will utilize session cookies while Authorized Administrative Users or Sponsors are logged in, and a persistent cookie is used to support load balancing (see Cookies).
viii. Cirrus Identity Support Center
The Cirrus Identity Support Center is a solution used by Authorized Administrative Users of the Customer to obtain customer service from Cirrus Identity. The solution is based on a third party solution (FreshDesk – https://freshdesk.com/) in conjunction with the Cirrus Identity Proxy. The Cirrus Identity Support Center requires the Customer to assert the Authorized Administrative User’s organizational email address and identifier called eduPersonPrincipalName to the console.
Transactions conducted in the Cirrus Identity Support Center are logged (see Logging) and may be reviewed to maintain security. Both the Cirrus Proxy and FreshDesk set cookies to support the operation of the application (see Cookies). Support information and other data entered into the Cirrus Identity Support Center would be covered by the contract with the Customer.
ix. Cirrus Identity Website, Social Media, and Marketing
For Cirrus Identity to serve its Customers, it must participate in the marketplace. To accomplish this, Cirrus Identity maintains a website, presence on multiple social media platforms, and tools to deliver content to individuals interested in our solutions. Cirrus Identity may request Your email address to receive updates and information from Us. Cirrus Identity may include in Its communication people who have subscribed to mailing lists, and people who have been identified as having a legitimate interest in Our solutions. In all cases Cirrus Identity will provide an option to opt-out of communications (see “Your Choices” section).
The website (“www.cirrusidentity.com” and “blog.cirrusidentity.com”), LinkedIn social media platform, and content delivery tools (Hubspot) make use of cookies or tools such as Google Analytics as part of their operation. These cookies are set and maintained by Google, Hubspot, and DoubleClick with life spans from one (1) day to two (2) years. Most browsers allow these third-party cookies to be disabled by adjusting the browser settings (see Cookie Policy).
8. USE OF PERSONAL DATA
Cirrus Identity uses Personal Data to deliver Services to Customers and ultimately to You. To accomplish this, We process requests, complete transactions, deliver notices, fulfill requests, monitor access, aggregate metrics, report on activity, or perform other information processing in any other way appropriate to ensure You are able to use Cirrus Identity Services to access Customer applications and to meet the contractual agreements with Our Customers.
Cirrus Identity may use or aggregate any of the data we collect through Cirrus Identity Services to understand usage. We do this to improve the Services we provide to You and Our Customers, as well as to develop new solutions for future release. Any Personal Data used in this way will be summarized using methods that protect privacy in accordance with Customer contractual agreements and applicable laws.
9. DISCLOSURE OF DATA
i. CIRRUS IDENTITY AS A DATA PROCESSOR
Some Cirrus Identity Services (Cirrus Gateway, Cirrus Proxy, Cirrus Bridge) act as a Data Processor between identity providers (for example Google, Microsoft, enterprise providers, and others) and Customers. You log in with one of those identity providers and Personal Data is shared with Customers using Cirrus Identity Services. Customers configure the connections to the identity providers in Cirrus Identity Services and are responsible for maintaining developer accounts or other integration agreements with each identity provider. Cirrus Identity has access to Personal Data provided by identity providers, but processes it on behalf of the Customer according to an established contract, on the Customer’s instructions and under the Customer’s control. You are referred to the Customer’s privacy policy and contract with You which facilitates in turn the Customer’s instructions to Us.
Other Cirrus Identity Services (Invitation, Account Linking, OrgBrandedID, and MFA) may be configured by Customers to collect limited Personal Data directly from You. For example, the Customer may configure Cirrus Account Linking to prompt You to supply Your email address when linking a login method to an identifier provided by the Customer. During this process, the Customer can configure the service to request You to accept some terms and conditions as part of using the service. In cases like this example, Cirrus Identity has both a data processing function and a data controlling function jointly with the Customer.
ii. YOU AS END USER
In those cases where Cirrus Identity acts as a Data Processor for the Customer, We have no direct relationship with You when You use Our Services to access a Customer’s application. When You register with a login method (for example Google, Microsoft, or others), You agree to terms and conditions for those providers, including release to a third party. In this case, the third party is the Customer that is operating the application you are accessing. Its privacy policy and terms and conditions agreed with you shall apply.
In those cases where Cirrus Identity is directly collecting Personal Data from You for the Customer, the Customer is a Data Controller; We may jointly control Your Personal Data with the Customer. We rely on the Customer to be Your point-of-contact for providing consent and addressing Your questions about privacy. Again, this is because Our Services are used to enable You to access a Customer’s application.
In all cases, Customers are Data Controllers of Your Personal Data. Cirrus Identity Customers are responsible for agreeing to a contract with you which entails the processing of your Personal Data by Us and/or obtaining consent from You to use Your Personal Data with Cirrus Identity Services to which the Customer subscribes. Cirrus Identity Customers are also responsible for addressing any questions you might have about how Your Personal Data is used, and fulfilling any legal obligations to You to provide, correct, or delete Your Personal Data. Cirrus Identity will assist the Customer as appropriate, but the Customer will be your primary point-of-contact for any requests. Please direct any queries to them but keep us in copy please.
iii. INTEGRATION BETWEEN CUSTOMER AND LOGIN METHOD
In the course of using the Cirrus Gateway to configure the use of personal identities, an Authorized Administrative User for the Customer will be required to register directly with one or more personal identity providers; and create an API key-secret pair for each integration between the Cirrus Gateway and the personal identity provider. In so doing, the Customer must accept and agree to the terms and conditions set by each personal identity provider regarding management of Your Personal Data that may be supplied by a given social identity provider and which, in turn, is exposed via the integration.
When You authenticate via a login method to third-party services (such as applications managed by the Customer) many personal identity providers present an "attribute release consent screen" where You agree to release Personal Data to the Customer. Personal Data passed to the Customer from personal identity providers using the Cirrus Gateway is not Customer data but has been released to the Customer as a third-party.
At all times, the Customer controls the processing of Your Personal Data by Us (see Cirrus Gateway section). The Customer as Data Controller is primarily responsible for handling your Personal Data in compliance with all applicable laws.
iv. INTEGRATION BETWEEN CUSTOMER AND FEDERATED IDENTITY PROVIDER
Cirrus Identity helps Customers to enable federated identity. In the most basic form, federation allows You to leverage a login at one organization (University A) to access an application at another organization (University B). To enable this method of login, legal entities called federations are established to manage agreements between organizations. Federations exist across the world (https://refeds.org/federations/federations-map) and Cirrus Identity belongs to the InCommon Federation (https://www.incommon.org/) based in the United States (US).
When You authenticate via a federated identity provider to applications managed by the Customer, the federated identity provider may release Your Personal Data to the Customer’s application. Cirrus Identity Services may be used to enable this access to the Customer’s application. The control of this data passing through Cirrus Identity Services depends on the relationship between the federated identity provider and the Customer.
For organizations that participate in a common federation, this exchange of data may be governed by federation agreements. In other cases, there may be bilateral agreements. At all times, the Customer controls the processing of Your Personal Data (see “How Data is Collected” section). The Customer is responsible for handling your Personal Data in compliance with all applicable laws.
v. DISCLOSURE
We may disclose your Personal Data within the Cirrus Identity group, to the Customer whom you are contracted (where applicable, as described above), professional advisers, and to such other third parties as may reasonably be required in connection with the purposes referred to in this Privacy Policy, such as operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. The providers of any Customer contracted with you shall have direct access to your Personal Data and the service shall be provided to you by us on their behalf, under their control and at their instruction. Where we are a Data Processor processing Personal Data at the instruction of a Customer, we are nonetheless responsible to you for processing your Personal Data responsibly and safely; we take responsibility for our third-party suppliers who process your Personal Data on our behalf and require them to have in place appropriate technical and organizational measures to protect your Personal Data. We reserve the right to disclose any and all pertinent information to law enforcement or other governmental officials as We, in our sole discretion acting in good faith, believe necessary or appropriate.
10. DATA CONTROLLER AND DATA PROCESSOR
As stated in the “You as End User” section, Cirrus Identity’s Customers are always considered Data Controllers for Your Personal Data. Cirrus Identity will not disclose or release Your Personal Data or the data of Our Customers to another third party unless directed to do so by the Customer or in situations where release of data is required by law. This includes, but is not limited to (i) outside service providers who are bound by confidentiality in connection with the provision of the Services, (ii) when Cirrus Identity has a good faith belief in the need to protect its rights or the rights of others, (iii) to protect the integrity of the Services, (iv) to protect the safety of others, (v) in connection with violations of the Service terms of use or applicable law, or (vi) to detect, prevent or respond to fraud or intellectual property infringement.
As outlined in the “Use of Personal Data” section, Cirrus Identity aggregates data for the purposes of monitoring and measuring how Our Services are being used. Cirrus Identity reserves the right to share aggregate data about the use of Our Services as long as the aggregate data cannot be used to identify an individual or a Customer. This can include but is not limited to the number of users, social identity providers it registers, number of sales, website traffic, and utilization.
11. CHANGE OF OWNERSHIP
We may disclose or transfer Your Personal Data and the data of Our Customers in connection with an acquisition, merger, or sale of all or a substantial portion of Our business, with or to another company. In such an event, Customers will receive notice if Personal Data is transferred and becomes subject to a substantially different privacy policy.
12. SECURITY
Cirrus Identity follows generally accepted industry standards to protect Your Personal Data and the data of Our Customers. We will deploy the Services in an environment that implements commercially reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality, integrity, and privacy of Personal Data.
Those safeguards will include commercially reasonable measures to prevent unauthorized use, access, processing, destruction, loss, alteration, or disclosure of both Your Personal Data and any Customer data. Examples but not a full list of those safeguards include virtual private networks, encryption of data, and multiple layers of access control.
While we take security very seriously, we recognize any technology or process will contain flaws. We practice a defense in depth strategy in an effort to manage this reality. However, if You believe Your Personal Data has been compromised, or you have questions about Our security practices, please contact Us as indicated in the “Contacting Us” section.
13. DATA TRANSFER
Cirrus Identity Services are currently hosted in the United States (US). This means Cirrus Identity processes and stores Your Personal Data using service providers in the US. The US may not have the same data protections as the jurisdiction in which You are currently using Cirrus Identity Services. If You choose to use Cirrus Identity Services from other regions of the world where data protection laws differ from current US law, understand that, unless explicit exceptions are granted via contract, You may be transferring Personal Data outside of those regions to the US for storage and processing according to the Cirrus Identity Terms of Service and this Privacy Policy.
Transfers of Personal Data from the EEA, Switzerland, or UK to the US.
Where appropriate, Cirrus Identity may add a Data Protection Addendum (“DPA”) to the Cirrus Identity Customer’s agreement to define the terms of any transfer of Personal Data outside of the European Economic Area ("EEA"), Switzerland, or the United Kingdom ("UK"). Please contact Us as indicated in the “Contacting Us” section if You need more information about the legal mechanisms We rely on to transfer Personal Data outside the EEA, Switzerland, and UK. We may direct Your inquiry to the appropriate Cirrus Identity Customer for further assistance.
14. DATA RETENTION
Our processing and storage of Your Personal Data is guided by the contracts with Cirrus Identity Customers to use Cirrus Identity Services (See Disclosure of Data). In general, Personal Data is retained as follows:
Services that require the storage of Your Personal Data (Cirrus Account Linking, Cirrus Invitation Service, and Cirrus OrgBrandedID), retain data for the duration of the contract with the Customer. Cirrus Identity will delete Your Personal Data and/or the data of the Customer upon the request of the Customer, or thirty (30) calendar days after the contract with the Customer terminates. The Customer has thirty (30) calendar days from the effective termination date of the Customer’s Service contract with Cirrus Identity to request Cirrus Identity to make data controlled by the Customer (including Your Personal Data) available for download by the Customer as provided in the Service’s documentation. After the 30-day availability period, Cirrus Identity will have no obligation to maintain or provide access to Customer data or Your Personal Data. Thereafter, Cirrus Identity will delete the operational data from Cirrus Identity systems or otherwise in Cirrus Identity’s possession or control as provided in the documentation, unless legally prohibited from doing so. Data contained in transaction logs and system backups will be deleted according to those respective data retention schedules.
Transaction logs and system backups that may contain Your Personal Data or the data of the Customer are retained for 90 calendar days and then deleted.
Data retained by Cirrus Identity will be handled in accordance with this Privacy Policy until it is deleted.
15. MINORS AND CHILDREN’S PRIVACY
Cirrus Identity does not knowingly collect any Personal Data from children under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older. If You become aware that Your child or any child under Your care has provided Us with Personal Data without Your consent, please contact Us as indicated in the “Contacting Us” section. We may direct Your inquiry to the appropriate Cirrus Identity Customer for further assistance.
16. YOUR CHOICES
i. COMMUNICATIONS
You or other parties may supply Cirrus Identity with contact information to receive news and updates on Our Services. In some cases, You have subscribed to mailing lists. In other cases You were identified as having a legitimate interest in Our solutions. You may opt-out of such notices by following unsubscribe instructions included in correspondence, included on Our website, or by contacting privacy@cirrusidentity.com.
ii. SHARING, UPDATING, OR DELETING DATA
You may choose to not share certain Personal Data with Cirrus Identity, in which case We may not be able to provide Services that allow You access to Customer applications.
You and Our Customers may update or correct information provided to Cirrus Identity using Cirrus Identity Services, or by contacting privacy@cirrusidentity.com.
You and Our Customers may delete information provided to Cirrus Identity using Cirrus Identity Services, or by contacting privacy@cirrusidentity.com. If You delete Your information, Our Customers or Cirrus Identity may no longer be able to provide some Services to You.
Data supplied to the Cirrus Gateway by any of the login methods listed in the “Cirrus Gateway” must be corrected by You at each login method (such as Google, Microsoft, or others). After making corrections, You may still have to contact the Customer to also have the change reflected. An example of this would be if You used LinkedIn for the Cirrus Account Linking and the Customer uses the email address You have listed in LinkedIn. If you change this email address in LinkedIn, You may also have to notify The Customer of the change.
17. CONTACTING US
Questions, concerns, or complaints regarding this Privacy Policy, Your Personal Data, Our use and disclosure practices, or Your consent choices should in the first instance be directed to the Data Controller, which is our Cirrus Identity Customer and the Data Controller of your Personal Data. Please see their website and privacy policy for contact details. Please copy any such contact regarding this website or Privacy Policy to us using the Contact details below.
If you would like to contact Us, please email privacy@cirrusidentity.com. Cirrus Identity reserves the right to direct Your inquiry to the appropriate Cirrus Identity Customer for further assistance. Questions or concerns about security issues should be directed to security@cirrusidentity.com.
Please note that the transmission of your Personal Data by email and/or in response to the Contact Us form will be unencrypted.
Want to hear more?
