Data Collection & Security Policy

Last Updated: 22/12/2025

Enrollment and Data Collection: Enrollment begins only after your organization’s administrator deploys the required MDM configuration. Until the MDM profile is installed and activated, no enrollment occurs and no data is collected.

1. Intended Use

This extension is not intended for public download. It is deployed and managed exclusively by enterprise IT administrators using solutions such as Apple Business Manager (ABM), Intune, JumpCloud, or other MDM systems. Only authorized administrators access and distribute the extension as part of their organizational controls.

2. What Data We Collect

We collect non-sensitive metadata strictly for operational and security purposes. Here’s a summary:

What data is collectedHow data is used
User identification (email, device ID)Device enrollment and user correlation
Device context (IP, hostname, browser & OS details)Compatibility and identification
Domain stats (domain names only)Security monitoring
Authentication event metadataPolicy enforcement (SaaS, MFA, Shadow IT)
Interaction summaries and data exchange metrics (general activity)Policy enforcement (SaaS, MFA, Shadow IT)
Security-related events when threat detected (screenshots and redirect chains only when threats are detected and configured to be collected by Admin)Threat detection and response

We explicitly DO NOT collect:

Page Contents, passwords, user inputs, clipboard or keystroke content, tokens, or secrets.

3. Data Retention

  • We keep Personal Data only as long as needed to operate, secure, and support the Service, or as required by law or contract.
  • When data is no longer needed, we delete it or irreversibly anonymize it.
  • Security incident artifacts (e.g., logs, screenshots) are retained only for investigation and remediation, then removed under strict access controls.
  • We may preserve specific records under legal hold, to meet regulatory obligations, or to resolve disputes; upon contract end, we delete or return customer data within a commercially reasonable period.

4. Who Can Access the Data

Only your organization’s authorized IT administrators have access to the data collected. No individual employee’s data is accessed or monitored outside the scope of organizational control.

identra does not sell, monetize, or share any collected data with third parties. Data is processed only on organization-managed infrastructure under a business agreement.

5. Security Measures

We use strong, industry-standard encryption for all data in transit and at rest. Role-based access control and logging ensure that only authorized systems and personnel within the organization can view or act upon this data.

No sensitive personal content is logged, and we do not collect any user credentials, passwords, or session tokens.

6. In-App Disclosure

A short privacy notice is shown to the user at the time of installation or first use on managed devices, summarizing:

  • What data is collected
  • Why it is required
  • Assurance that no content or secrets are stored

This satisfies Apple’s requirement for in-app disclosure prior to data collection.

7. Consent and Control

As this extension is managed by your organization and deployed through MDM, end-user consent is provided under the organization’s internal IT policy and agreement with identra.

We comply fully with Apple’s App Store guidelines, including:

  • Transparent data collection
  • Clear user disclosures
  • No tracking or unauthorized use

8. Children

The Service is for enterprise users only and is not directed to children.

9. Disclosure of Personal Data

What we mean by “Personal Data.” Identity and security-related information our extension processes—such as user/account identifiers, authentication events, and audit metadata (See section 2).

Compliance and government requests. We may disclose Personal Data when the law requires it or in response to lawful demands from courts, regulators, or other public authorities.

10. Legal, security, and safety purposes

We may also share Personal Data, when reasonably necessary, to:

  • Satisfy legal obligations;
  • Safeguard our company’s rights or property;
  • Detect, prevent, or investigate suspected fraud, abuse, or security incidents related to the Service;
  • Help protect the safety of users or the public; or
  • Manage or reduce legal exposure.

11. Links to Third-Party Sites & Services

  • Our extension and admin console may reference or route you to external sites or services we don’t operate (e.g., identity providers, SSO dashboards, vendor apps, help centers).
  • When you follow those links, you interact directly with that third party, and their privacy notices and terms—not ours—apply. We recommend reviewing them before proceeding.
  • We don’t control and aren’t responsible for the content, security posture, or data-handling practices of those third parties.

12. Updates to this Privacy Notice

  • We may revise this Notice periodically to reflect product, regulatory, or operational changes.
  • When we make updates, we’ll publish the current version here and refresh the “Last updated” date at the top.
  • We encourage you to review this Notice from time to time so you understand how we protect and use Personal Data.
  • Unless we say otherwise, changes become effective once the revised Notice is posted here.

13. Contact Us

For questions or requests related to data protection and privacy, please contact:

security@identra.ai

Thanks for your time. You can close this page and continue browsing.