Mobile Endpoint Security Privacy Statement

Lookout firmly believes that your privacy is as important as your security, so we want to be completely transparent about the data we collect to help safeguard your device and the security of your employer. Lookout, Inc. (“Lookout,” “we,” or “us” or “our”) provides you with this Privacy Statement to describe our information practices with respect to our Mobile Endpoint Security Products (the “Endpoint Security Product”). This Privacy Statement governs the data collected from or about you through your installation and activation of our Endpoint Security Product on your mobile device. By downloading and activating the Endpoint Security Product, you consent to the data collection, use, disclosure, and storage practices described in this Privacy Statement.

You may have been directed to download and install the Endpoint Security Product as a result of your employment by an organization that either (1) requires all or some of its workforce to install the Endpoint Security Product or (2) requires all or some of its workforce to install a mobile device management suite that includes the Endpoint Security Product. Please be advised that this Privacy Statement governs only our information practices with respect to our Endpoint Security Product. To the extent you have questions regarding the data collection, use, disclosure, and security practices of your employer (“Employer”) or a mobile device management provider (“MDM Provider”), you should direct those questions to those parties.

Lookout reserves the right to change this Privacy Statement at any time to reflect changes in the law, our data collection and use practices, the features of the Endpoint Security Product, or advances in technology. Please check this page periodically for changes. Your continued use of the Endpoint Security Product following the posting of changes to this Privacy Statement will mean you accept those changes.

We have endeavored to structure this Privacy Statement to answer your questions about our Endpoint Security Product. The Privacy Statement contains answers to the following questions:

    1. What is the Lookout Endpoint Security Product?
    2. What data does Lookout collect from your mobile device?
    3. If Lookout is collecting information about applications installed on my device, does that mean Lookout will read or review my emails or see my photos?
    4. Does Lookout collect any other data about me outside of my mobile device?
    5. When does Lookout collect data from my mobile device?
    6. How does Lookout use the data collected from my mobile device?
    7. Does Lookout share my data with anyone else?
    8. What information can my Employer NOT see?
    9. Do you use my data for marketing purposes?
    10. How does Lookout protect my data?
    11. Where does Lookout store my data?
    12. How can I contact you with more questions?

1. What is the Lookout Endpoint Security Product?

Lookout Mobile Endpoint Security is a mobile security solution that mitigates the risks of unprotected data accessed via mobile devices, provides visibility into mobile threats across apps, devices and the network, seamlessly integrates with and enhances existing mobile investments while minimizing help desk tickets and being embraced by employees because of a mobile-optimized design.

Leveraging a global sensor network of over 100M sensors, our platform delivers on predictive security by letting machine intelligence identify complex patterns that indicate risk, patterns that would otherwise escape human analysts. When a threat has been detected, we provide employees and administrators with remediation options (e.g., uninstall app, invoke conditional access) through our integration with leading MDM Providers.

2. What data does Lookout collect from your mobile device?

To protect your mobile device and your Employer from threats, Lookout collects certain categories of data from your device. Such data may include:

      • The manufacturer and model of your mobile device;
      • Certain technical settings of your mobile device, including the display size of your mobile device and firmware version;
      • Your IP address (which can indicate your country and geolocation);
      • The type and version of operating system on your mobile device;
      • The unique device identifier of your mobile device;
      • Configuration data of your device, such as whether your device is configured to allow root access or whether hardware restrictions of the device have been removed;
      • Metadata of all applications installed on your mobile device (including, but not limited to, the name of the app, the version of the app);
      • Metadata about networks your mobile device connects to (including, but not limited to, the SSID of the network, the MAC address of the network);
      • In certain circumstances, we may also collect a copy of the application;
      • Data from tracking tools used to analyze product performance on your device; and
      • How you respond to alerts from Lookout that certain applications may pose a security threat.

If you use the Privacy Controls feature in our Endpoint Security Product in conjunction with an MDM Provider, we will not collect any personally identifiable information such as username or email address.

3. If Lookout is collecting information about applications installed on my device, does that mean Lookout will read or review my emails or see my photos?

No. Lookout collects only metadata about applications on your device, or the application itself. Lookout does not collect user data you enter into those applications. Because Lookout does not collect any user data you enter into the applications on your mobile device, Lookout will not collect, read, review, or scan your emails, text messages, photos, or videos.

4. Does Lookout collect any other data about me outside of my mobile device?

Our Endpoint Security Product requires that all employee mobile devices be associated with a particular email address if it is installed without integration with an MDM Provider. Accordingly, your Employer may provide Lookout with your email address. If our Endpoint Security Product is integrated with an MDM solution and Privacy Controls are turned on, Lookout will not collect your email address.

If you installed the Endpoint Security Product as part of a MDM Provider’s product, we may also collect information about you from that MDM Provider. Please contact the applicable MDM Provider regarding that provider’s privacy practices.

We may also collect other information about you if you provide such information to us directly, such as by contacting us and voluntarily disclosing such information, or to third parties such as our partners and marketers. We may use this information to provide you with updates about Lookout and our products and services and invite you to conferences and other events that Lookout may participate in or host.

5. When does Lookout collect data from my mobile device?

As described above, Lookout collects your email address from your Employer if the Endpoint Security Product is installed without an MDM. If the Endpoint Security Product is installed in conjunction with an MDM solution and Privacy Controls are turned on, Lookout does not collect your email address. After you download, install, and activate the Endpoint Security Product, Lookout will immediately begin collecting data from your device. As you install or access applications on your mobile device, we will scan those applications for potential security threats.

6. How does Lookout use the data collected from my mobile device?

The data we collect from your mobile device enables us to detect threats to you and/or your Employer, to improve our Endpoint Security Product, and to improve our other product offerings. In analyzing the applications on your mobile device, if we encounter an application we have not previously analyzed, we may download a copy of part or all of the application to analyze and determine if it poses a risk. We present you with the option of uninstalling the application with a security risk, or ignoring the risk. We will also collect your remediation choice for malicious files and applications (e.g., uninstall or ignore). We may also use the data collected to categorize the risk threat of your device (e.g. Low, Medium, High).

As an enterprise product, Lookout collects the data to protect not just your mobile device, but also the security of your Employer.

We may also combine data collected from your mobile device with data collected from third parties to improve our products, including our Endpoint Security Product.

Lookout may also aggregate and/or de-identify information collected by the Endpoint Security Product or via other means so that the information is not intended to identify you. Our use and disclosure of aggregated and/or de-identified information is not subject to any restrictions, and we may disclose it to others without limitation for any purpose.

7. Does Lookout share my data with anyone else?

Yes. As an enterprise product, certain data is shared with your Employer, or anyone authorized by your Employer to view such data. Through the Endpoint Security Product dashboard, Employers or their authorized persons are granted access to certain information related to the security of your mobile device. Your Employer may be able to see your unique device attributes such as device model and carrier. Your Employer will have visibility into applications that we have identified as malicious, as well as those that are in violations of any applicable company policy of your Employer.

If you installed and activated our Endpoint Security Product as part of a product by an MDM Provider, we may share data collected from your mobile device with that MDM Provider.

We may share any data related to you with third parties, including service providers or partners that we have engaged to perform business-related functions on our behalf. This may include service providers that: (a) provide customer, technical, or operational support; (b) fulfill orders and user requests; (c) handle payments; (d) host our online services; (e) maintain databases; (f) analyze data for product improvement and enhancement purposes; and (g) otherwise support or market our Endpoint Security Product or any other Lookout products and services. We may disclose any data related to you in response to any subpoenas, court orders, or other legal process we receive, or to establish or exercise our legal rights or to defend against legal claims. If we receive a request for information from a local, state, federal, or foreign law enforcement agency, we will endeavor to transmit those requests to your Employer for processing by the Employer, but we reserve the right to respond directly and provide the information requested. We may disclose any data related to you when we believe in good faith that such disclosure is appropriate in order to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of this Privacy Policy, License Agreement or the End User Agreement for the Endpoint Security Product, and/or to protect the rights and property of Lookout, our employees, users and the public. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations.

We may share any data related to you in connection with any merger, reorganization, a sale of some or all Lookout assets, or a financing or acquisition of all or a portion of our business by another company.

8. What information can my Employer NOT see?

Lookout does not enable your Employer to see the content of your personal email, browsing history, contacts, calendar, or your personal text messages. Your Employer may have certain rights to access this information on their own, where, for example, this information is transmitted using an Employer-provided device or network. Lookout, however, will not afford your Employer visibility into applications on your device unless they contain threats or violate company policy.

9. Do you use my data for marketing purposes?

We do not use data collected from your mobile device to sell products to you, nor do we share it with third parties for their marketing purposes. We may aggregate and/or de-identify information collected from your device to conduct research and provide insight into mobile device security and threats. In these instances, the aggregated and de-identified information included in the research is not intended to be identifiable to you.

We may, however, use the information you provide to us directly or to third parties such as our partners and marketers to provide you with information about Lookout and our products and services, including conferences and other events that Lookout may participate in or host.

10. How does Lookout protect my data?

We have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorized access, destruction or alteration of your information. These safeguards are tailored to address the sensitivity of the information that we collect, process and store and the current state of technology.

Although we take appropriate measures to safeguard against unauthorized disclosures of information, because no method of transmission over the Internet or method of electronic storage is 100% secure, we cannot assure you that information that we collect will never be disclosed in a manner that is inconsistent with this Privacy Statement.

11. Where does Lookout store my data?

Lookout is a San Francisco-based company with servers housed in the United States. The Endpoint Security Product is hosted in the United States and is governed by United States law. If you are using the Endpoint Security Product from outside the United States, please be aware that your information may be transferred to, stored and processed in the United States where our servers are located and our databases are operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. By using the Endpoint Security Product, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share it as described in our Privacy Policy.

Lookout has certified with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Lookout may process some personal data from individuals or companies in Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the U.S.-Swiss Safe Harbor program, and to view Lookout's certification, please visit http://export.gov/safeharbor.

Lookout has further certified with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) from applicable European Union member countries. Lookout has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data. To learn more about the Privacy Shield, view a list of entities who have current certifications under Privacy Shield, or view Lookout’s certification, please visit http://www.privacyshield.gov. As required under the principles, when Lookout receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Lookout’s behalf, Lookout has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Lookout is responsible for the event giving rise to the damage.

If you have any questions or complaints about Lookout’s privacy practices, including questions related to the Privacy Shield, you may contact us at the email address or mailing address set forth under “How can I contact you with more questions.” We will work with you to resolve your issue.

If you are a resident of the European Union and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from our designated Privacy Shield independent recourse mechanism, which you can learn more about by visiting https://www.jamsadr.com/eu-us-privacy-shield

Residents of the European Union may elect to arbitrate unresolved complaints but prior to initiating such arbitration, you must: (1) contact Lookout and afford us the opportunity to resolve the issue; (2) seek assistance from Lookout’s designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual. Lookout is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Additionally, some international users (including those whose information we collect under the Privacy Shield) have certain legal rights to access certain information we hold about them and to obtain its deletion. To exercise those rights, these users may contact us at privacy@lookout.com with their request.

12. How can I contact you with more questions?

If you have additional questions, we encourage you to contact your Employer (or MDM Provider as applicable). You may also direct questions to us at privacy@lookout.com.

Effective Date: October 24, 2016


    Close