Originally Posted: March, 2010 | Last Reviewed: April, 2010

Janrain, Inc. ("Janrain") is a recognized leader providing OpenID solutions for both consumers and businesses. Protecting consumer privacy is important to Janrain. Janrain and its affiliated United States subsidiaries (hereinafter collectively referred to as the "Janrain," "we," "us" or "our") adhere to the Safe Harbor Agreement concerning the transfer of personal data from the European Union ("EU") to the United States of America. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the "Principles") with respect to all such data. If there is any conflict between our privacy policy and the Principles, the Principles shall govern.

This Safe Harbor Information page sets forth the privacy principles that Janrain follows with respect to transfers of personal information, whether it is in electronic, paper or verbal format, between the United States and member states of the European Union, Switzerland, Iceland, Liechtenstein and Norway (the European Economic Area, herein referred to as "EEA").

Safe Harbor

The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the "Safe Harbor Principles") to enable U.S. companies to satisfy European Union law requirements for adequate protection of personal information transferred from the EU to the United States. The EEA also has recognized the U.S. Safe Harbor as providing adequate data protection. Consistent with its commitment to protect personal privacy, Janrain adheres to the Safe Harbor Principles.

Definitions

"Personal Information" or "Information" means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

"Sensitive Personal Information" means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual's health.

Privacy Principles

The following privacy principles are based on the Safe Harbor Principles.

1. NOTICE: Janrain's customers are organizations that allow their customers and members to register and login to the organization's website using existing accounts from other organizations who service as Identity Providers (IDP). The major IDPs today are Google, Yahoo, AOL, Facebook, MySpace, Twitter, Linked, and Microsoft. Janrain provides a "software as a service" (SaaS) offering to connect our clients' web services to the IDP services and to provide end user management of that interaction. During the registration process, our clients may ask the end user to share certain personal information that is maintained by the IDP with our client. The transfer of this information is always explicitly approved by the end user prior to transfer. Information collected may include personal information about an individual such as name, nickname, email address, gender, age, language, zip code, time zone, etc. In addition, a cryptographically secure token is generated to manage the interaction between these three parties. Janrain only stores a copy of the cryptographic token and the email address (if provided) for billing and account management. All other data is passed from the IDP to our client's web services and is not retained by Janrain. Janrain maintains a working copy and backup copy of the secure token and email address (if provided).

   Janrain is not responsible for the creation, management, or accuracy of the information it transfers from the IDP to the client organization, which may include personally identifying information, nor is Janrain responsible for the way its customers treat personally identifying information that is transferred.

   If and when Janrain collects personal information directly from individuals, it will inform them about the purposes for which it collects and uses personal information about them and the choices and means, if any, Janrain offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Janrain, or as soon as practicable thereafter, and in any event before Janrain uses the information in any way other than as described in the privacy policy and terms of service of the company.

2. CHOICE: Where Janrain collects personal information directly from individuals in the EEA, Janrain will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, Janrain will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Janrain will provide individuals with reasonable mechanisms to exercise their choices.

3. ONWARD TRANSFERS TO AGENTS: Janrain will obtain assurances from its agents that they will safeguard personal information consistent with our policies. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), Safe Harbor certification by the agent, or being subject to another European Commission adequacy finding. Where Janrain has knowledge that an agent is using or disclosing personal information in a manner contrary to our policy, Janrain will take reasonable steps to prevent or stop the use or disclosure.

4. SECURITY: Janrain will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5. DATA INTEGRITY: Janrain will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Janrain will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

6. ACCESS: Upon request, Janrain will grant individuals reasonable access to personal information that it holds about them. In addition, Janrain will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

7. ENFORCEMENT: Janrain will conduct compliance audits of its relevant privacy practices to verify adherence to our policies. Any employee that Janrain determines is in violation of its policies will be subject to disciplinary action up to and including termination of employment.

Contact Information

Questions or comments regarding this Policy should be submitted to Janrain by mail or e-mail as follows:

Janrain, Inc.
Compliance Officer
519 SW 3rd Ave Ste 600
Portland, OR 97204 USA
privacy@Janrain.com

If your inquiry is not satisfactorily addressed, contact BBB EU Safe Harbor (www.bbb.org) Dispute Resolution Process. BBB EU Safe Harbor will serve as a liaison with Janrain to resolve your concerns.

To learn more about our privacy practices, see our Privacy Policy detail.