[go: up one dir, main page]
WSO2
CONTACT

Privacy Policy

At WSO2, we recognize the importance of protecting Your privacy. This privacy policy applies to WSO2 sites, online services offered by WSO2, and terms that reference this Policy.

This policy explains how we collect, use, share, and safeguard personal information You provide to us. These aspects will be discussed in the context of: (i) WSO2 website and services made available on that website (which shall include wso2.com, wso2.ai and any other domains or subdomains owned by WSO2), referred to as “WSO2”, (ii) WSO2 Developer Platform which will include but not be limited https://console.choreo.dev (“WSO2 Developer Plaform US”) or https://console.eu.choreo.dev (“WSO2 Developer Plaform EU”), referred together as “WSO2 Developer Plaform” (iii) Asgardeo which will include but not be limited to https://console.asgardeo.io, https://accounts.asgardeo.io, https://api.asgardeo.io, https://console.eu.asgardeo.io, https://accounts.eu.asgardeo.io, https://api.eu.asgardeo.io, https://asgardeo.io/signup and https://wso2.com/asgardeo, referred together as “Asgardeo” (iv) Devant which will include but not be limited https://console.devant.dev, and https://console.eu.devant.dev referred to as “Devant” (v) Bijira which will include but not be limited https://console.bijira.dev/login and https://console.eu.bijira.dev/login referred to as “Bijira”.

“You” or “Your” means the person visiting any of the WSO2 sites including but not limited to those mentioned above (referred to as “WSO2 sites”). “We” “us” and “our” means WSO2 LLC or any affiliate that You contract with.

California residents may view WSO2's California-specific privacy policy https://wso2.com/california-privacy. Certain U.S. states—including Colorado, Connecticut, Virginia, and Utah—have enacted comprehensive privacy laws that provide residents of those states with rights regarding their personal information and section 10 of this Policy addresses these rights. 

A. General Principles

The general principles discussed in this section will apply to all WSO2 sites.

1. What Information Do We Collect?

  1. When You register on WSO2 sites, try to contact through Contact US form, sign up for an event or service, download a product, or access an online services offered by WSO2 or submit an application to our careers page we ask that You submit some or all of the following information:
    1. Your name
    2. Email address
    3. Phone number
    4. Job title (optional or mandatory depending on the form)
    5. Company (optional or mandatory depending on the form)
    6. Industry (optional)
    7. Speaker headshot and LinkedIn URL of any speakers taking part in WSO2 conferences
  2. You may choose to visit the WSO2 sites anonymously, without providing any of the above information. However certain services on our sites - such as registrations for events and conferences may require that these details be entered on a mandatory basis. The WSO2 sites may also ask for Your credit card details in order to process a payment for the event or service You’re signing up for. This is because those details are essential for us to be able to provide You with such services. You’re completely free to opt out of this, but that means that You may not be able to fully access those services.
  3. If You visit WSO2 sites in order to apply for a particular career vacancy or to get notifications of any future career updates, then You may also be asked to upload Your resume or curriculum vitae.

2. Information collected automatically

  1. General information. We collect certain standard information that Your browser sends to every WSO2 site You visit. This information includes derived country/ state, IP address, browser type and language, device info, the time and frequency You access WSO2 sites and the URL You came from. This type of generic information won’t reveal Your identity as a visitor but is still useful to us to analyse and improve the way WSO2 sites are being used.
  2. Cookies. WSO2 sites may also place certain cookies to help You access the sites and to track and analyze Your actions on our sites such as navigation, number of visits and search items to gain a better understanding of our visitors and their movements through the WSO2 site. The types of cookies placed will depend on which WSO2 service is being accessed by You as detailed here:
    Service
    Cookie policy
    WSO2 Cookie Policy
    WSO2 Developer Platform Cookies placed when accessing WSO2 Developer Platform US can be viewed on https://console.choreo.dev and the cookies placed when accessing the WSO2 Developer Platform EU region are https://console.eu.choreo.dev/cookie-policy
    Asgardeo https://asgardeo.io/cookie-policy
    Devant Cookies placed when accessing Devant US can be viewed on https://console.devant.dev/cookie-policy and the cookies placed when accessing the Devant EU region are https://console.eu.devant.dev/cookie-policy
    Bijira https://console.bijira.dev/cookie-policy

3. Information we get from third parties about You

  1. We may obtain information from other sources and combine that with information we collect through our services. For example, if You create or log into Your account through one of our integration partners (such as Google, Github or Microsoft), we will have access to basic information from that sign-on service, such as Your email and account information. 
  2. We may collect publicly available information about You, such as what are Your interests, blogs published by You, contact information etc… to enable us in our business operations. 
  3. We may also obtain information from third party sales intelligence platforms, who are specified in section 5a. 
  4. We may collect Your personal data from event organizers of events that we sponsor, sponsored consent providers, and our partners, who pass on prospective customers to us. 
  5. We may collect some information at the server level. 
  6. We may collect information from content distributors.

4. Why Do We Collect Your Information?

  1. To personalize Your experience. For example- Your information helps us to better respond to Your individual needs by sending You targeted information which may be more relevant to You. Our solutions may use analytics to take design decisions, find bugs in the systems, and recommend actions and features to users. 
  2. To conduct analysis on how effective our marketing campaigns are, how our products and services are used or downloaded and to track lead generation for our sales process.
  3. To perform the service you ask for. For instance, as an existing customer if You need support through https://support.wso2.com, we use Your contact details to get in touch with You. If You want to pay for a service, we use Your payment details to process that payment. Non-customers may raise questions via our community channels on https://wso2.com/community/slack.
  4. To send marketing material, event invitations and updates - If You indicate that You are interested in certain areas or subjects when You give us Your contact details, we will send You marketing material and/or event and workshop invitations related to those areas. The email address You provide may also be used to send You important updates related to the WSO2 sites or the services You use. You can unsubscribe from our marketing emails at any time by either clicking on the unsubscribe link at the bottom of the email or by contacting us. However, You may still receive important information about Your service, security or payments as part of service mails irrespective of your unsubscribe status for marketing mails. If the registration is done using a third party, we retrieve the same mandatory details from them and store them on our server. Any other optional parameters provided by You will also be stored and used as per the use case configuration of the applications, in compliance with the provided consent. 
  5. To administer a contest, survey or other site feature.
  6. To improve WSO2 sites (we continually strive to improve our website offerings based on the type of content our users click on or download).
  7. To improve and enhance the business operations such as sales, marketing, improve WSO2 product and lead generation which may use artificial intelligence and other tools listed under section 5 a. to enable this purpose. 
  8. To contract/ agreement signing purposes

5. Who Is Your Information Shared with?

We do not sell, trade or otherwise share Your information with unrelated outside parties.

However, we may share Your information with:

  1. our service providers who help us run WSO2 sites and services. Such service providers will have access to the data we have in order for them to perform those services. These service providers are only authorised to use information that is strictly relevant for them to perform their tasks and we ensure that they are under obligations of confidentiality to us so that Your data is secure. For a full list of third-party service providers used by the WSO2 sites, please visit the sub-processor list. Where payments are required to be made on WSO2 sites, we use a third-party service provider to manage credit card processing. This provider is not permitted to store, retain or use billing information other than for the limited purpose of credit card processing on behalf of WSO2.
  2. our subsidiaries or affiliates within our corporate group. WSO2’s parent company is WSO2 LLC and is located in the United States of America. Our affiliates are WSO2 UK Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), WSO2 Brasil Tecnologia E Software Eireli (located in Brazil), WSO2 Germany GmbH ( located in Germany), WSO2 Australia Pty Limited ( located in Australia), WSO2 India Private Limited (located in India), WSO2 SG Pte Ltd (located in Singapore), WSO2 Spain S.L. (located in Spain) and WSO2 Middle East FZ LLC (located in Dubai), and other entities as stated in the sub-processor list in section 5a. We share information within this group because these entities also carry out support, marketing, account management, business and technical operations for WSO2 that are relevant to the provision of WSO2 sites and services.
  3. We may also disclose Your personal information to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  4. We may also disclose Your personal information to enforce or apply our terms of use; or
  5. We may also disclose Your personal information if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of WSO2, our customers, or others including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

6. Cross Border Data Transfers

WSO2 operates globally, with businesses both inside and outside of the European Economic Area ("EEA") and the UK. We may transfer Your Personal Data to countries other than the one in which You live, including transfers to the United States and other countries where we or our affiliates, subsidiaries or service providers (among others) maintain facilities. We maintain regional data centres in the USA. Additionally, third-party service providers who handle data on our behalf may be based in locations around the world. For these reasons, Your personal information may be transferred to other countries both inside and outside of the UK and the EEA. As privacy laws in other countries may not be equivalent to those in Your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws, we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in your home country.

Where we transfer Your personal information to countries and territories outside of Europe and the UK which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” and “adequacy regulations” from the European Commission and UK authorities. Where the transfer is not subject to an adequacy decision, we take appropriate safeguards to ensure that Your personal information will remain protected in accordance with applicable laws. These safeguards include implementing the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 under Article 46(2) GDPR for transfers originating in the EU and the UK Addendum under Article 46(2) of the UK GDPR for the transfer of data originating in the UK.

WSO2 complies with the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. WSO2 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. WSO2 has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov

WSO2's accountability for personal information it receives under the EU-U.S DPF and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party is described in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Principles. In particular, WSO2 remains responsible and liable under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF Principles of third-party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the Principles, unless WSO2 proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, WSO2 commits to resolve DPF Principles-related complaints about our collection and use of Your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact us as specified in the Dispute Resolution Mechanism section.

Pursuant to the DPF Program, EU and UK individuals have the right to exercise their rights under the GDPR and the UK GDPR in accordance with the section “Your Rights to Your Data and How to Manage Your Preferences”. 

We may also release Your information when we believe release is necessary to comply with the law subject to our Governmental and law enforcement Data Access Policy, enforce our privacy policy or protect our or others’ rights, property, or safety.

Further, WSO2 will be processing personal data from data subjects in Brazil in the circumstances stated in this policy. Such Personal data is processed in accordance with Brazilian Data Protection Law (LGPD) (As amended by Law No. 13,853/2019). International Data Transfer of Personal Data from Brazil to other jurisdictions will be governed by the Standard Contractual Clauses (SCCs) introduced in an annex to the International Data Transfer Regulation (Resolution CD/ANPD No. 19/2024). Data subjects in Brazil may exercise their rights under the LGPD in line with the section ‘Your Rights to Your Data and How to Manage Your Preferences.

7. Choice

If we intend to use Your personal data for a purpose different from what it was originally collected or authorized for, or if we plan to disclose it to an unaffiliated third party in a way not covered by this Privacy Policy, we will provide You with the option to opt-out of such use or disclosure.

We do not require You to provide us with any sensitive personal data for the purposes detailed in “Why Do We Collect Your Information?”. However, if You voluntarily provide us with any sensitive personal data such as where ethnicity has been included by You in Your job application or resume then we will only use or disclose this data for its original purpose or as authorized by You. Any other use or disclosure will require Your explicit and affirmative consent.

8. How Do We Process Your Data?

We will only collect and process personal data about You where we have lawful bases. Lawful bases include consent (where You have given consent), contract (where processing is necessary for the performance of a contract with You), and legitimate interests (such as to protect You, us, or others from security threats, comply with laws that apply to us and to enable or administer our business through consolidated reporting, customer service, enhance business etc.)

Where we rely on Your consent to process personal data, You have the right to withdraw or decline Your consent at any time and where we rely on legitimate interests, You have the right to object. See the “Your Rights to Your Data and How to Manage Your Preferences” section below if You wish to withdraw Your consent or object to any processing of Your personal data.

9. Security of Your Data

We implement industry standard security safeguards designed to protect Your data, such as HTTPS, access controls, firewalls, intrusion detection, regular security testing, and staff training on data protection practices. We encrypt all data at rest (including credentials/tokens to external systems). All our data transfers are done securely through encrypted channels using Transport Layer Security (TLS) technology. We regularly monitor our systems for possible vulnerabilities and attacks and conduct testing. However, we cannot warrant the security of any information that You send us. There is no complete guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative safeguards, but we are committed to continuously monitoring, improving, and updating our safeguards to meet applicable legal and industry standards.

10. Your Rights to Your Data and How to Manage Your Preferences

We may retain Your information for a period of time consistent with the original purpose of collection. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using industry-standard methodology.

WSO2 acknowledges Your right to:

  1. access Your data. If information pertaining to You as an individual has been submitted to us then You have the right to access, correct, or edit Your data. If You wish, we can provide all the personal information on our records to You or to someone You nominate in a portable format as well. 
  2. stop using all or some of Your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if Your personal data is inaccurate or unlawfully held).
  3. delete Your data from our website or service at any time You choose, and unsubscribe from any WSO2 mailing lists You are on. You can unsubscribe from our emails by clicking on the unsubscribe link which is at the bottom of every marketing email we send. or by requesting us to delete Your data or unsubscribe You via the “Submit a Request form”. Please note that deleting Your data may affect the provision of some services.
  4. We only ever retain Your personal data after You have ceased using our services, or sent us a request to unsubscribe or delete Your data if it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill Your request to “unsubscribe” from further messages from us.

These rights can be exercised by submitting a request through the“Submit a Request form”. In addition You can exercise Your rights through the wso2.com account or the respective service portal.

11. Third-Party Offerings and Services

At our discretion, we may include or offer third-party products or services on WSO2 sites. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. We encourage You to review the privacy statements of those websites to understand how Your data is secured by them. Nonetheless, we seek to protect the integrity of WSO2 sites and welcome any feedback about these sites.

12. Information About Our Website

This privacy policy applies only to information collected through our website and not to information collected offline. Please also visit our Terms of Use section relating to use, disclaimers, indemnities, and limitations of liability governing the use of WSO2 sites at https://www.wso2.com/terms-of-use. The use of WSO2 services will be governed by the following terms of use:

Service
Terms of use link
WSO2 Developer Platform https://wso2.com/engineering-platform/developer-platform/terms-of-use
Asgardeo https://wso2.com/asgardeo/terms-of-use
Devant https://wso2.com/devant/terms-of-use
Bijira https://wso2.com/bijira/terms-of-use
Training and certifications https://wso2.com/training/training-certification-terms-conditions

13. Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.

By using our website and services, You consent to our privacy policy and any revisions thereto. If You do not agree with our privacy policy or any changes we make to it, You may delete Your profile.

14. Dispute Resolution Mechanisms

In compliance with the DPF Principles, we commit to resolving complaints about our collection or use of Your personal information. EU and UK individuals with inquiries or complaints regarding our DPF policy should first reach out to us using the information in the “Information About Data Controllers, Processors and How to Contact Us” section below.

WSO2 has committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If You do not receive timely acknowledgement of Your complaint from us, or if we have not addressed Your complaint to Your satisfaction, please contact or visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to You. Under certain conditions, more fully described on the DPF website, You may invoke binding arbitration as set forth in Annex I of the DPF Principles when other dispute resolution procedures have been exhausted.

Within the USA, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

15. Information About Data Controllers, Processors and How to Contact Us

In relation to WSO2 sites, the Controller of Your data is WSO2 LLC, USA. However, where we provide products or services that we have indicated are subject to their own terms, we may only be a Processor of Your data with regard to such products or services.

If You are located within the European Union or the European Economic Area, WSO2 Germany GmbH, based in Germany, is the EU representative of WSO2 LLC. You may contact our Data Protection Officer by submitting the form “Send Request” or by post at: WSO2 Germany GmbH, Maximiliansplatz 22, c/o Bird & Bird LLP, 80333 Munich. If You are located in the United Kingdom, WSO2 (UK) Limited based in the UK will be the representation of WSO2 LLC. You may contact our Data Protection Officer by submitting the form “ Send Request” or by post at: WSO2 (UK) Limited, Appledram barns, Birdham Road, Chichester, West Sussex, UK, PO20 7EQ.

If You have any issues with regard to Your data on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country.

16. Contact Us

For further information about our privacy policy or any concerns or complaints, please contact our Data Protection Officer at [email protected] or for any specific services [email protected]

17. Children’s Data

WSO2 sites, products, and services are designed for and targeted to enterprise users and adults acting in a professional capacity. Given the specialized nature of our business-to-business (B2B) offerings, WSO2 sites and services are not directed to or intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under the age of 13, and we reasonably expect that children will not access or use WSO2 sites and services.

In the unlikely event that we discover we have collected personal information from a child under the age of 13 without verification of parental consent, we will promptly delete that information from our servers. If you believe we might have inadvertently collected information from a child under 13, please contact us immediately .

B. Product specific terms

In addition to the General principles in Part A, if any of the WSO2 services or products requires any additional information, such additional information, how it is collected and the purposes for which it is collected will be stated in this section.

1. What Information Do We Collect when You visit WSO2 Developer Platform, Devant and Bijira?

In addition to Part A, Section 1 a. The following information will be collected:

  1. Authentication tokens: When You wish to integrate WSO2 Developer Platform, Devant, and Bijira with any third party services easily, You can use authentication tokens instead of storing Your credentials. OAuth is the most commonly used protocol for this purpose.
  2. API keys and API credentials: Third-party services that do not use the OAuth protocol use either API keys or login credentials. If You wish to integrate WSO2 Developer Platform, Devant and Bijira with such services, the respective WSO2 service will ask for the relevant API Key to authenticate/authorize the communication with that third party service's API.
  3. When You build applications using WSO2 Developer Platform, Devant and Bijira the source code of Your application will be visible to us. However, You will always own and control Your code. Check the Terms of Use of the relevant service to see how You retain Your rights to the code You write.

2. What Information Do We Collect when You visit Asgardeo?

In addition to Part A, Section 1 a. The following information will be collected:

  1. You will provide Your email when registering into Asgardeo.
  2. When privileged actions like user addition, unlocking a user, assigning a role to a user are performed these actions are logged for audit purposes.
  3. To make sure Asgardeo complies with security, compliance, auditing and legal obligations, Asgardeo will log HTTP requests which include the HTTP Request Lines[1].

3. Information collected automatically

In addition to Part A, Section 2 the following information will be collected:

4. Additional information collected for WSO2 Developer Platform, Asgardeo, Devant and Bijira.

When You use WSO2 Developer Platform, Asgardeo, Devant or Bijira to create and run applications, we store data such as application logs. We also aggregate non-personally identifiable information about how You use these Services. This information is important to us to analyse the ways in which the respective service is being used to develop applications, to understand what users’ needs are and to make our service better suited to those needs. Such usage data never identifies You personally.

5. Information we get from third parties about You

In addition to Part A section 3, the following information will be collected:

5.1 Additional information we obtain when You use WSO2 Developer Platform, Asgardeo, Devant and Bijira.

When You create applications using any one of these services, You may choose to integrate with various third party services (like messaging services, email or calendar services). In those scenarios, access by the service of the third party service will be limited to performing the functions that You specify. These services do not store any data that resides on these third party services nor does it access that data in any way outside of Your instructions. The respective WSO2 service will ensure that the use of information received from Google APIs will be in adherence with the Google API Services User Data Policy.

6. Why do we collect Your information?

In addition to Part A section 4, the following information will be collected:

a. In the context of WSO2.

  1. To perform the services requested on the ‘contact us’ page (for instance, if You’ve filled in a contact us form asking to speak to an account manager, we use Your information to get in touch with You, if You’ve filled out a problem with one of our products, You’ll get a response based on that).
  2. To create Your online profile which we create for every user who registers on WSO2 sites or for a service, and to let You log in to Your WSO2 account thereafter.
  3. To enable sign up and access to our partner portal or certifications portal.
  4. To enable users of our open source products to access public JIRAs to report bugs or discuss security issues.

b. In relation to WSO2 Developer Platform, Devant and Bijira.

We check on what You have clicked on and what kind of activities or scenarios You run on WSO2 Developer Platform, Devant, and/or Bijira, to find out what is most commonly used, and in what ways people use our services. We use this feedback to make our service better.

c. In relation to Asgardeo.

  1. To confirm there is a unique identity behind the requests. Email address is used to confirm there is a contactable identity related to the actions You perform and uniquely identify those.
  2. Asgardeo maintains regional data centers in the US and EU to store and process Your personal data. You may choose the regional data center You prefer. Details on data residency and sharing of personal data can be found here.
  3. Legal Protection and compliance: Access logs may serve as evidence in legal disputes such as to establish when specific actions were taken and to provide a record of interactions between users and Asgardeo. Further we will be recording Your country to help us identify the jurisdiction You belong to so that we can handle Your data, and provide services adhering to applicable laws
  4. Security and Intrusion Detection: Access logs can help identify suspicious or unauthorized activities conducted on Asgardeo and assist with forensic analysis, such as help detect patterns of behavior that might indicate and provide insights into hacking attempts, brute-force attacks, or other malicious activity.

References

[1] https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html

Date - April 7, 2026

Send Request

Submit a data privacy protection request

Fill the form