Lookout firmly believes that your privacy is as important as your security, so we want to be completely transparent about the data we collect to help safeguard your device and the security of your employer. Lookout, Inc. (“Lookout,” “we,” or “us” or “our”) provides you with this Privacy Statement to describe our information practices with respect to our Mobile Endpoint Security Products (the “Endpoint Security Product”). This Privacy Statement governs the data collected from or about you through your installation and activation of our Endpoint Security Product on your mobile device. By downloading and activating the Endpoint Security Product, you consent to the data collection, use, disclosure, and storage practices described in this Privacy Statement.
You may have been directed to download and install the Endpoint Security Product as a result of your employment by an organization that either (1) requires all or some of its workforce to install the Endpoint Security Product or (2) requires all or some of its workforce to install a mobile device management suite that includes the Endpoint Security Product. Please be advised that this Privacy Statement governs only our information practices with respect to our Endpoint Security Product. To the extent you have questions regarding the data collection, use, disclosure, and security practices of your employer (“Employer”) or a mobile device management provider (“MDM Provider”), you should direct those questions to those parties.
Lookout reserves the right to change this Privacy Statement at any time to reflect changes in the law, our data collection and use practices, the features of the Endpoint Security Product, or advances in technology. Please check this page periodically for changes. Your continued use of the Endpoint Security Product following the posting of changes to this Privacy Statement will mean you accept those changes.
We have endeavored to structure this Privacy Statement to answer your questions about our Endpoint Security Product. The Privacy Statement contains answers to the following questions:
Lookout Mobile Endpoint Security is a mobile security solution that mitigates the risks of unprotected data accessed via mobile devices, provides visibility into mobile threats across apps, devices and the network, seamlessly integrates with and enhances existing mobile investments while minimizing help desk tickets and being embraced by employees because of a mobile-optimized design.
Leveraging a global sensor network of over 100M sensors, our platform delivers on predictive security by letting machine intelligence identify complex patterns that indicate risk, patterns that would otherwise escape human analysts. When a threat has been detected, we provide employees and administrators with remediation options (e.g., uninstall app, invoke conditional access) through our integration with leading MDM Providers.
To protect your mobile device and your Employer from threats, Lookout collects certain categories of data from your device. Such data may include:
If you use the Privacy Controls feature in our Endpoint Security Product in conjunction with an MDM Provider, we will not collect any personally identifiable information such as username or email address.
No. Lookout collects only metadata about applications on your device, or the application itself. Lookout does not collect user data you enter into those applications. Because Lookout does not collect any user data you enter into the applications on your mobile device, Lookout will not collect, read, review, or scan your emails, text messages, photos, or videos.
Our Endpoint Security Product requires that all employee mobile devices be associated with a particular email address if it is installed without integration with an MDM Provider. Accordingly, your Employer may provide Lookout with your email address. If our Endpoint Security Product is integrated with an MDM solution and Privacy Controls are turned on, Lookout will not collect your email address.
If you installed the Endpoint Security Product as part of a MDM Provider’s product, we may also collect information about you from that MDM Provider. Please contact the applicable MDM Provider regarding that provider’s privacy practices.
We may also collect other information about you if you provide such information to us directly, such as by contacting us and voluntarily disclosing such information, or to third parties such as our partners and marketers. We may use this information to provide you with updates about Lookout and our products and services and invite you to conferences and other events that Lookout may participate in or host.
As described above, Lookout collects your email address from your Employer if the Endpoint Security Product is installed without an MDM. If the Endpoint Security Product is installed in conjunction with an MDM solution and Privacy Controls are turned on, Lookout does not collect your email address. After you download, install, and activate the Endpoint Security Product, Lookout will immediately begin collecting data from your device. As you install or access applications on your mobile device, we will scan those applications for potential security threats.
The data we collect from your mobile device enables us to detect threats to you and/or your Employer, to improve our Endpoint Security Product, and to improve our other product offerings. In analyzing the applications on your mobile device, if we encounter an application we have not previously analyzed, we may download a copy of part or all of the application to analyze and determine if it poses a risk. We present you with the option of uninstalling the application with a security risk, or ignoring the risk. We will also collect your remediation choice for malicious files and applications (e.g., uninstall or ignore). We may also use the data collected to categorize the risk threat of your device (e.g. Low, Medium, High).
As an enterprise product, Lookout collects the data to protect not just your mobile device, but also the security of your Employer.
We may also combine data collected from your mobile device with data collected from third parties to improve our products, including our Endpoint Security Product.
Lookout may also aggregate and/or de-identify information collected by the Endpoint Security Product or via other means so that the information is not intended to identify you. Our use and disclosure of aggregated and/or de-identified information is not subject to any restrictions, and we may disclose it to others without limitation for any purpose.
Yes. As an enterprise product, certain data is shared with your Employer, or anyone authorized by your Employer to view such data. Through the Endpoint Security Product dashboard, Employers or their authorized persons are granted access to certain information related to the security of your mobile device. Your Employer may be able to see your unique device attributes such as device model and carrier. Your Employer will have visibility into applications that we have identified as malicious, as well as those that are in violations of any applicable company policy of your Employer.
If you installed and activated our Endpoint Security Product as part of a product by an MDM Provider, we may share data collected from your mobile device with that MDM Provider.
We may share any data related to you in connection with any merger, reorganization, a sale of some or all Lookout assets, or a financing or acquisition of all or a portion of our business by another company.
Lookout does not enable your Employer to see the content of your personal email, browsing history, contacts, calendar, or your personal text messages. Your Employer may have certain rights to access this information on their own, where, for example, this information is transmitted using an Employer-provided device or network. Lookout, however, will not afford your Employer visibility into applications on your device unless they contain threats or violate company policy.
We do not use data collected from your mobile device to sell products to you, nor do we share it with third parties for their marketing purposes. We may aggregate and/or de-identify information collected from your device to conduct research and provide insight into mobile device security and threats. In these instances, the aggregated and de-identified information included in the research is not intended to be identifiable to you.
We may, however, use the information you provide to us directly or to third parties such as our partners and marketers to provide you with information about Lookout and our products and services, including conferences and other events that Lookout may participate in or host.
We have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorized access, destruction or alteration of your information. These safeguards are tailored to address the sensitivity of the information that we collect, process and store and the current state of technology.
Although we take appropriate measures to safeguard against unauthorized disclosures of information, because no method of transmission over the Internet or method of electronic storage is 100% secure, we cannot assure you that information that we collect will never be disclosed in a manner that is inconsistent with this Privacy Statement.
Lookout has certified with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Lookout may process some personal data from individuals or companies in Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the U.S.-Swiss Safe Harbor program, and to view Lookout's certification, please visit http://export.gov/safeharbor.
Lookout has further certified with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) from applicable European Union member countries. Lookout has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data. To learn more about the Privacy Shield, view a list of entities who have current certifications under Privacy Shield, or view Lookout’s certification, please visit http://www.privacyshield.gov. As required under the principles, when Lookout receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Lookout’s behalf, Lookout has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Lookout is responsible for the event giving rise to the damage.
If you have any questions or complaints about Lookout’s privacy practices, including questions related to the Privacy Shield, you may contact us at the email address or mailing address set forth under “How can I contact you with more questions.” We will work with you to resolve your issue.
If you are a resident of the European Union and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from our designated Privacy Shield independent recourse mechanism, which you can learn more about by visiting https://www.jamsadr.com/eu-us-privacy-shield
Residents of the European Union may elect to arbitrate unresolved complaints but prior to initiating such arbitration, you must: (1) contact Lookout and afford us the opportunity to resolve the issue; (2) seek assistance from Lookout’s designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual. Lookout is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Additionally, some international users (including those whose information we collect under the Privacy Shield) have certain legal rights to access certain information we hold about them and to obtain its deletion. To exercise those rights, these users may contact us at firstname.lastname@example.org with their request.
If you have additional questions, we encourage you to contact your Employer (or MDM Provider as applicable). You may also direct questions to us at email@example.com.
Effective Date: October 24, 2016