Privacy Policy


Last updated September 5, 2019

1. Introduction

Keyfactor, Inc. (“Keyfactor”) provides a digital certificate issuance and management system in a Software as a Service (“SaaS”) model. At Keyfactor, the privacy and security of our customers and visitors are of paramount importance. Keyfactor is committed to protecting the data you share with us. This privacy policy explains how Keyfactor processes information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through use of its platforms and website.
For the purposes of this policy, Keyfactor defines the term “User” as an entity with which Keyfactor has an established relationship and the term “Visitor” as an individual that visits our front-end website (for example
Any information stored on Keyfactor’s platforms is treated as confidential. All information is stored securely and is accessed by authorized personnel only. Keyfactor implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

2. Collection and Use
2.1 General

The following sections cover the specifics of each of the two groups from which data is collected: website Visitors and Users.

2.2 website visitors

If you are a Visitor to our website only, and not a User of our platform, then this section is relevant for you.

  • By visiting this website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website is not permitted.
  • Keyfactor may collect, record and analyze information of Visitors to its website. We may record your IP address and use cookies. Keyfactor may add information collected by way of page view activity. Furthermore, Keyfactor may collect and process any Personal Data that you volunteer to us in our website’s forms, such as when you register for events or sign up for information and newsletters. If you provide Keyfactor with your social media details, Keyfactor may retrieve publicly available information about you from social media.
  • Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in Keyfactor products, and certain information about the company you are working for (company name and address), as well as information as to the type of relationship that exists between Keyfactor and yourself.
  • Keyfactor gathers data about visits to the website, including numbers of Visitors and visits, geo-location data, length of time spent on the site, and pages clicked on.
2.2.1 Purpose of Processing Personal Data

Keyfactor uses the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve its website by analyzing how Visitors navigate its website.

2.2.2 Sharing Personal Data

Keyfactor may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the Visitor behavior on its website, provided where Personal Information is included Keyfactor adheres to GDPR notice and consent policies and practices with respect to onward transfer of Personal Information. In the context of an onward transfer, Keyfactor has responsibility for the processing of personal information it receives under the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and subsequently transfers to a third party acting as an agent on its behalf. Keyfactor will remain liable under the Privacy Shield principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield principles, unless Keyfactor is not responsible for the event giving rise to the damage.

2.2.3 Cookies

Cookies are small pieces of information sent by a website to a Visitor’s computer. Cookies cannot be used to run programs or deliver viruses to your computer. By continuing to visit the website, you agree to the placement of cookies on your device. If you choose not to accept our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. The use of cookies is widespread and benefits the user.

2.2.4 Links to Other Sites

Please be aware that while visiting our site, Visitors can follow links to other sites that are beyond our sphere of influence. Keyfactor is not responsible for the content or privacy policies of these other sites.

2.3 Users
2.3.1 General

In order to provide services to its Users, Keyfactor collects certain types of data from them. This section will describe how this data is collected and used by Keyfactor as well as geographical differences that affect this policy. Data entered or transferred into Keyfactor by Users such as texts, questions, contacts, media files, etc., remains the property of the User and may not be shared with a third party by Keyfactor without express consent from the User.

2.3.2 Collection of User Data

During a User’s registration and later on Keyfactor’s platform, they may provide information such as name, company name, email, address, telephone, and other relevant data. This information is used by Keyfactor to identify the User and provide them with support, services, mailings, sales and marketing actions, billing and to meet contractual obligations.

Keyfactor Users can at any time access and edit, update or delete their contact details by contacting the Keyfactor Data Protection Officer as specified in section 6. Keyfactor will not retain User data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.


For Users with accounts located in a European Data Region, or users that provide any use of Personal Data pertaining to EEA Data Subjects Personal, or processing of natural persons Personal Data where that processing, storage or use occurs within the EEA, Keyfactor will ensure that all such processing, use, storage or transmission of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and Keyfactor’s processing will take place in accordance with the GDPR.

2.3.4 Controller

Keyfactor processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:

The Keyfactor entity which you as a User entered an agreement with when using Keyfactor’s platform, will be the Controller for User data, as outlined above in the “Collection of User Data” section. Keyfactor adheres to the Directive of 1995 and the GDPR from May 25th, 2018.

Data collected by Keyfactor Users will be stored in vetted hosting facilities. Keyfactor has data processing agreements in place with all of its providers and subcontractors, ensuring compliance with GDPR. All hosting is performed in accordance with applicable security controls. All transfers of data internally in the EEA as well as transfers into and out of the EEA under this Agreement are done in accordance with Policy and the GDPR.

2.3.5 Processing in the United States of America

For Users with accounts in the Keyfactor US Data Region, Keyfactor processes data solely in data centers located in the US. Keyfactor has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the User’s data in Keyfactor’s possession. Keyfactor will promptly notify the User in the event of any known unauthorized access to, or use of, the User’s data.

All data collected by Keyfactor Users will be stored exclusively in secure hosting facilities provided by vetted providers. Keyfactor’s contracts with its hosting providers ensure that all hosting is performed in accordance with the applicable security controls. Keyfactor’s policy is to protect and safeguard any personal information obtained by Keyfactor in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, Keyfactor adheres to practices and policies that aim to safeguard the data.

3. Retention and Deletion

Keyfactor will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For User data, Users will therefore have the responsibility to notify Keyfactor of the requirement to delete their data when needed.


Keyfactor, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Keyfactor, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Keyfactor’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit To view our certification, please visit

You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. Section C of Annex I to the Privacy Shield Principles explains in detail when an individual can invoke binding arbitration. For more information, please see

In compliance with the Privacy Shield Principles, Keyfactor commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Keyfactor at:

Keyfactor, Inc.

Attn: Data Protection Officer

6050 Oak Tree Blvd. Suite #450

Independence, OH 44131

(877) 715-5448

Keyfactor has further committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit for more information or to file a complaint. The services of PrivacyTrust are provided at no cost to you.

For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework, and to view Keyfactor’s certification, please visit



We assume that all Users of Keyfactor’s platforms have carefully read this document and agree to its contents. If someone does not agree with this privacy policy, they should refrain from using our website and platform. We reserve the right to change our privacy policy as necessity dictates. Continued use of the Keyfactor website and platform after having been informed of any such changes to these conditions implies acceptance of the revised privacy policy. This privacy policy is an integral part of Keyfactor’s terms of use.


We will reveal a User’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to Keyfactor or to others who could be harmed by the User’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. Keyfactor is permitted to disclose personal information when necessary to comply with our legal obligations and law enforcement requests.


We limit access to personal information about you to only those employees and consultants who we believe reasonably need to use that information to provide products or services to you, or to do their jobs.

We have physical, electronic, and procedural safeguards that comply with industry standards to protect personal information about you.

As we collect and use information about our customers, we may contract with vendors to assist us in processing that information. These vendors are required to maintain the confidentiality of the information and are restricted from using the information for any purpose other than helping to provide Keyfactor’s services to our customers.


Our services are available for purchase only for those over the age of 18. Our services are not targeted to or intended to be consumed by or designed to entice individuals under the age of 18. If you know of or have reason to believe anyone under the age of 18 has provided us with any personal data, please contact us.


Customers and Visitors may make requests to view, update or delete their personal information by contacting us through one of the ways described in sections 11 or 12 below.

If you make a request to delete your personal information and that information is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements. You may choose to opt out of disclosure of your personal information to third parties and stop the processing of your personal information.


We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.


Keyfactor has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:

Keyfactor, Inc.

Attn: Data Protection Officer

6050 Oak Tree Blvd.

Independence, OH 44131

(877) 715-5448


If you have any further questions regarding the data Keyfactor collects, or how we use it, please contact us in writing at:

Keyfactor, Inc.

6050 Oak Tree Blvd. Suite #450

Independence, OH 44131