Privacy Notice


Your privacy is very important to us. This Services Privacy Notice (the “Notice”) explains the privacy practices that Duo employs when its customers and their end-users use any Duo products, applications and services (together, the "Services").

When we talk about “Duo,” “we,” “our,” or “us,” in this notice, we are referring to Duo Security, Inc. and its group companies, including Duo Security UK Limited. When we say “you” or “End-User” in this notice, we mean any individual using and accessing our Services. When we talk about an “Organization” or “Customer” in this Notice, we are generally referring to the entity of which you are an employee, contractor, member, or other participant, that has engaged us to provide the services under the terms of a contract. The “Organization Administrators” we talk about in this notice are the individuals authorized by our Customers to help administer our services internally.

By sharing your personal information with us, and by continuing to use our Services, you confirm that you have read and understood the terms of this Notice.

For personal information that we collect:

  • through our websitesor product feedback and surveys, and in connection with our events, sales and marketing activities.

If you have any questions, comments or concerns about any aspect of this Notice or how we handle your information, please reach out to our team using the details provided under the “Contact Us” section of this Notice.

Our Privacy Principles

Trust and transparency are foundational to what we do at Duo. We are committed to being open about how we approach privacy at Duo, and aim to communicate with you about privacy in a way that is easy for you to understand. To support these goals, we developed these Privacy Principles to highlight our commitment to responsibly protecting and handling your personal information. Our Privacy Principles help guide decisions we make at every level of our organization, every day, so that we can fulfill our mission to democratize security in a way that is consistent with our core values as well as our legal obligations.

Our core Privacy Principles are:

  1. We respect individuals’ privacy by promoting informed choice.
  2. We collect only the personal information we need, and “pseudonymize” or get rid of what we don’t.
  3. We are transparent about how we use personal information and accountable for how we and our partners use it.
  4. We factor security into everything we do.
  5. We engineer privacy into our ideas and products.

Notice to End Users

In general, our Services are intended for use by Organizations, administered to you by your Organization, and subject to your Organization’s policies, if any. This means that in most cases we are collecting and processing your personal information on behalf of your Organization. In these cases, we are generally acting as a processor of your personal information, processing the information according to your Organization’s instructions, because your Organization is the controller. It is primarily your Organization, as the controller, that controls what personal information about you we collect and how we use it. If you have privacy related questions or concerns about your Organization’s privacy practices or the choices your Organization has made to share your information with us or any other third party, you should reach out to your Organization’s Administrator or see your Organization’s privacy policies. Duo is not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Notice.