WSO2 Identity Server (referred to as “WSO2 IS” within this policy) is an open source Identity Management and Entitlement Server that is based on open standards and specifications.
This policy describes how WSO2 IS captures your personal information, the purposes of collection, and information about the retention of your personal information.
Please note that this policy is for reference only, and is applicable for the software as a product. WSO2 Inc. and its developers have no access to the information held within WSO2 IS. Please see the Disclaimer section for more information
Entities, organisations or individuals controlling the use and administration of WSO2 IS should create their own privacy policies setting out the manner in which data is controlled or processed by the respective entity, organisation or individual.
WSO2 IS considers anything related to you, and by which you may be identified, as your personal information. This includes, but is not limited to:
However, WSO2 IS also collects the following information that is not considered personal information, but is used only for statistical purposes. The reason for this is that this information can not be used to track you.
WSO2 IS collects your information only to serve your access requirements. For example:
WSO2 IS collects your information by:
WSO2 IS will only use your personal information for the purposes for which it was collected (or for a use identified as consistent with that purpose).
WSO2 IS uses your personal information only for the following purposes.
WSO2 IS only discloses personal information to the relevant applications (also known as âService Providersâ) that are registered with WSO2 IS. These applications are registered by the identity administrator of your entity or organization. Personal information is disclosed only for the purposes for which it was collected (or for a use identified as consistent with that purpose), as controlled by such Service Providers, unless you have consented otherwise or where it is required by law.
Please note that the organisation, entity or individual running WSO2 IS may be compelled to disclose your personal information with or without your consent when it is required by law following due and lawful process.
WSO2 IS stores your personal information in secured databases. WSO2 IS exercises proper industry accepted security measures to protect the database where your personal information is held. WSO2 IS as a product does not transfer or share your data with any third parties or locations.
WSO2 IS may use encryption to keep your personal data with an added level of security.
WSO2 IS retains your personal data as long as you are an active user of our system. You can update your personal data at any time using the given self-care user portals.
WSO2 IS may keep hashed secrets to provide you with an added level of security. This includes:
You can request the administrator to delete your account. The administrator is the administrator of the tenant you are registered under, or the super-administrator if you do not use the tenant feature.
Additionally, you can request to anonymize all traces of your activities that WSO2 IS may have retained in logs, databases or analytical storage.
Upgraded versions of WSO2 IS may contain changes to this policy and revisions to this policy will be packaged within such upgrades. Such changes would only apply to users who choose to use upgraded versions.