WSO2 API Manager - Privacy Policy

About WSO2 API Manager

WSO2 API Manager (referred hereafter as “API-M ”) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting, and analytics in one cleanly integrated system.

Privacy Policy

This section explains how API-M captures your personal information, purpose of capturing, and the retention of your personal information.

Please note that this policy is for reference only, and is applicable for the software as a product. WSO2 Inc., or its developers have no access to the information held within API-M. Please refer “Disclaimer” for more information.

Entities, organisations or individuals controlling the use and administration of API-M should create their own privacy policies setting out the manner in which data is controlled or processed by the respective entity, organisation or individual.

What are the personal information ?

API-M considers anything related to you as your personal information. This includes, but is not limited to,

  • Your user name (except in the case where your user name is created by your employer under contract)
  • The IP address you use to login
  • Your device ID, if you choose to login with a device (Phone, Tablet)

However API-M does not consider the following as your personal information, and uses this only for analytical purposes, since this information cannot be used to track you.

  • City/Country from which your TCP/IP connection originates
  • Time of the day you login.(Year, Month, Week, Hour or Minute)
  • Type of the device you use to login (Phone, Tablet, etc.)
  • Operating system and Generic browser information

Collection of your information

API-M collects your information to only serve your access requirements.

For example,

  • API-M uses your IP address to detect any suspicious login attempt to your account.
  • API-M uses your First Name, Last Name, etc to provide rich and personalized information.

Tracking Technologies

API-M collects your information through the following,

  • The user sign up page where you enter your personal data
  • Tracking your IP address with HTTP request, HTTP headers, and TCP/IP
  • Tracking your geographic information with the IP address
  • Your login history with browser cookies. Please refer our cookie policy for more information

API-M will also provide recommendation if the user wishes to enable that option in the feature which by default will be switched off. WSO2 shall use a randomised identifier to track the behaviour and will not have access to any personal information of the user.

Use of your personal information

API-M will use your personal information only for the purposes for which it was collected (or for a use identified as consistent with that purpose).

API-M uses your personal information only for the following purposes.

  • To provide you with a personalized user experience. API-M uses attributes such as your name for this purpose
  • To protect your account from unauthorized access or a potential hacking attempt. API-M use HTTP or TCP/IP Headers for this purpose
    • This includes,
      • IP address,
      • Browser fingerprinting,
      • Cookies
  • To derive statistical data for analytical purposes on system performance improvements. API-M will not keep any personal information after statistical calculations. Thus a statistical report has no means to identify an individual person
    • API-M may use
      • The IP Address to derive geographic information
      • Browser fingerprinting to determine the browser technology and version

Disclosure of your personal information

API-M will disclose personal information only for the purposes for which it was collected (or for a use identified as consistent with that purpose), unless you have consented otherwise or where it is required by law.

API-M may disclose your personal information with or without your consent where it is required by law following the due and lawful process.

How API-M keeps your personal information

Where your personal information is stored

API-M stores your personal information in secured databases. API-M exercises proper industry accepted security measures to protect the database where your personal information is held.

API-M may use encryption to keep your personal data with added level of security.

How long does API-M keep your personal information ?

API-M keep your personal data as long as you are an active user of our system. You can update your personal data at any time with the given self-care user portals.

How can you request a removal of your personal information ?

You can request the administrator to delete your account The administrator will be the administrator of the tenant you are registered or the super-administrator if you do not use the tenant feature.

You can additionally request to anonymize all traces of your activities that may have been retained by API-M in Logs, Databases or Analytical storage.

About

Changes to this policy

Upgraded versions of API-M may contain changes to this policy and revisions to this policy will be packaged within such upgrades. Such changes would only apply to users who choose to use upgraded versions.

The organization running API-M may revise the Privacy Policy from time to time. You can find the most recent governing policy with the respective link provided by the organization running API-M. The organization will notify any changes to the privacy policy over our official public channels.

Your choices

If you already have an account with API Manager; you have the right to deactivate your account if you find that this privacy policy is unacceptable for you.

If you do not have an account, you can choose not to subscribe if you do not agree with our privacy policy.

Contact us

Please contact us if you have any question or concerns of this privacy policy.

https://wso2.com/contact/

Disclaimer

  1. This privacy policy statement serves as a template for the organization running WSO2 API-M. The organizational policies will govern the real privacy policy applicable for its business purposes.
  2. WSO2 or its employees, partners, affiliates do not have access to any data, including privacy-related data held at the organization running API-M.
  3. This policy should be modified according to the organizational requirements.