Effective Date: November 15, 2016
A lot of companies say they care about your privacy — we say it and mean it!
a. Registration Information
To create an account, you must provide your email address and a password. You may also enter your mobile phone number on our website to initiate a text message with directions on how to download the app and register.
b. Credit Card Information
If you purchase a Lookout Service subscription directly from us, we collect your credit card number, expiration date, security code and other applicable billing information. We use this information to bill you for services. Lookout uses third-party payment processors and therefore has only limited information about your payment transactions.
c. Device Information
When you use Lookout Services, our servers automatically record certain information about your mobile device. This information may include an equipment identifier (e.g., IMEI, UDID), subscriber identifier (e.g., IMSI), device name, mobile phone number, device type and manufacturer, operating system type and version, wireless carrier/operator, network type, country of origin, Internet Protocol (“IP”) address, and the dates and times of your requests. We use this information to provide our services, and support if needed, and to create de-identified or aggregate information about our users. For example, collecting your device’s phone number allows the service to contact your phone via SMS when you locate your phone from the Lookout web application.
d. Employment Application Information
If you wish to fill out our employment application form, we will ask for information, including your name, email address, phone number, and allow you to upload your resume and cover letter. We use this information to determine if you are an eligible candidate for an available position, to contact you to set up an interview if appropriate and to follow up with you about your application experience.
e. Social Media Features
f. Information About Your Use of Lookout Services on Your Phone
We use analytics software so that we can improve the features and usability of our products. This software may analyze information such as how often you use the application, the events that occur within the application, and where the application was downloaded. We may also use such information to show you relevant content and suggest new features, products and services that can enhance your use of the Lookout Service. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile app.
g. Information About Your Use of Lookout’s Websites (including Mobile Websites) and Emails
We use analytics services to measure how people use our website and emails so that we can improve our products and services and provide more relevant content to you. Analytics services may work by embedding invisible images that are associated with unique identifiers on our site, by using cookies or other local device storage or by using web beacons, web bugs, clear gifs, and similar tracking technologies.
h. Premium Content & Promotions
We may ask for your email address and other contact information in order to access various Lookout content, such as whitepapers, videos, or other research materials, to participate in surveys, contests, promotions, or sweepstakes, or to obtain additional information about Lookout services and products. This information will be used to provide you with additional information on products and services from Lookout or our business partners, which might be of interest to you. You can choose not to receive such marketing communications by clicking on the unsubscribe link in our emails, as further described below.
i. Location Information
Some features we offer work better if we know what area you are in. Lookout may collect location information in two ways. We may receive it directly from your mobile device, or, in some situations, we may receive location data from cell tower or Wi-Fi hotspot information. We may use third-party service providers to translate that information into usable location information.
j. Other Information You Provide to Us
This section provides additional information about specific services and features that are part of the Lookout Services. The information is used as described in this section and in the section entitled “How We Use the Information We Collect” below.
a. Security and Anti-Virus
Lookouts Security features, which are available on different platforms, help protect your device from malware and spyware. They scan files and applications after you install Lookout Security and as new applications are installed or accessed to detect any threats to you and your mobile device. They also automatically scan your entire device periodically, and regularly update your threat definitions. In order to perform these functions, we need to collect information about the applications and files present on your device, the results of any scans performed by our services, and actions you take as a result of scanning.
What types of information does Lookout Security collect:
How the information collected by Lookout Security is used:
Our purpose in collecting application data and security scan data is to provide you with protections to help keep you and your data safe and to optimize and improve our Lookout Services.
We may aggregate your data with other customers’ data in non-personally identifiable, aggregated, and de-identified form to better understand current malware and spyware threats and to improve the Lookout Security features and service. We may also share this de-identified aggregated data publicly, in order to help others understand mobile threats and gain insights into particular mobile applications.
Lookout Backup stores copies of data that you choose to back up from your phone.
What types of information Backup collects:
How the information that Backup collects is used:
If you use Lookout Backup, we will use the data you provide to deliver the Lookout Backup service. In order to notify you in the case of malicious behavior on your phone, Lookout may also scan both the data that is stored on your phone and backed up to our servers.
c. Missing Device
Lookout’s Missing Device service helps you find and secure your lost or stolen phone or tablet. You can locate your phone on a map using location information provided by your phone, activate a loud siren even if your volume is muted so that you can find a phone lost nearby, wipe your phone, or lock your phone. Features and settings are controlled through our website at Lookout.com.
What types of information Missing Device collects:
We collect location data from your device in order to provide this service to you.
How the information that Missing Device collects is used:
Our purpose in collecting this information is to provide you with the location of your device when you request it. If you activate the locate feature in Missing Device, your browser will send location information to third-party map providers (e.g. Google Maps) in order to display a map of the location within your Lookout account webpage. When activating this feature, we track the device’s location for several minutes in order to provide an accurate location for you. This information is retained in your account history so you can use it to help find your device.
d. Signal Flare
Signal Flare collects and stores information in the same way as Missing Device (see above). If you have enabled Signal Flare, it collects location information and sends it back to Lookout when your battery is running low. After which, we save the phone's location at the time we received the low battery alert to Lookout.com. This feature will help you locate your phone near its last known location if you lose it and its battery dies.
e. Safe Browsing
Safe Browsing is a feature available when using the Android default browser, the Chrome browser and other supported browsers. Safe Browsing is designed to identify and warn you of unsafe websites so that you can choose to avoid visiting them. It scans URLs that you visit on supported browsers and may also scan URLs you receive on your phone (e.g. via SMS).
What types of information Safe Browsing collects:
How the information that Safe Browsing collects is used:
We use the record of unsafe URLs you visit (1) to provide you with notice that you attempted to reach an unsafe site (e.g., when you log in to the Lookout website or via email) and (2) to improve our product and conduct analysis. If you do not want us to record the unsafe URLs you visit, you may turn Safe Browsing off; all other Lookout features will continue to function.
f. Theft Alerts
Lookout's Theft Alerts feature uses your device’s camera and location features to help you figure out where your device might be (and who might have it) in the event that your device is lost or stolen. If Theft Alerts is activated, the application monitors certain device behaviors to trigger user alerts, which may include:
Theft Alerts starts Backup and activates your device’s camera remotely, without sound or other notification, and sends the resulting picture and its GPS coordinates to the email address associated with your account. For example, if someone steals your phone and fails to enter your correct password within three attempts, removes your SIM card, or powers off your device, Theft Alerts could allow you to see what they look like and figure out where they are without alerting them.
What types of information does Theft Alerts collect, if activated:
How the information that Theft Alerts collects is used:
When Theft Alerts is activated and a photo is taken, the picture and location data are stored briefly on our servers so we can send you an email with the picture and a map of your device’s location. The picture is then deleted from our server. We send the email to the address associated with your account (or for Group Plans, to the address associated with the device that took the photo), so remember to keep your email address up to date in your account settings. We use technical information about Theft Alert’s activities on your device to study, optimize, and troubleshoot our products.
g. Group Plans
Group Plans link multiple devices to one master account that controls the Group Plan owner’s device as well as certain features of devices associated with the Group Plan. Users of the additional devices on the plan retain their own unique accounts, but Group Plan owners have control over some functions of Group Plan members’ devices, as described below.
What types of information Group Plans collect:
How the information that Group Plans collects is used:
In a Group Plan, such as a Family Plan, one master user has authority to perform certain functions on devices belonging to other members of the group. For example, in a Family Plan, a parent device may be able to lock, wipe, or locate a child’s device. The latter feature would allow a parent to access data about the child’s device in the section on “Missing Device.” A parent device having authority over other Group Plan users, generally does not have access to the data on a child’s device unless, for example, the data on the device is downloaded and transferred to another device to which the parent phone has access.
Users must agree to give the “parent” this functionality. You can determine if your device is part of a Group Plan by checking the settings on your device.
h. Customer Care Web Application
If your mobile operator participates in our Customer Care Web Application program, you can call your mobile operator to find and secure your phone or tablet if it is lost or stolen.
What types of user information does the Customer Care Web Application collect:
How the information is used:
Customer Care Web Application enables mobile operators and their customer service representatives to perform remote functions on your device at your request, including:
Customer service representatives may perform such functions only at your request and with your consent. To protect users’ privacy, whenever a customer service representative executes any of the above functions, Lookout immediately notifies the user via email. Customer service representatives do not have access to nor control over any user data backed up via Lookout’s mobile application.
i. Identity Protection Services
Our optional Identity Protection Services offer certain services to help reduce the risk and damage associated with identity theft. These optional services may include: (a) a breach report service that may alert you when a company or service you use has experienced a data breach; (b) an identity monitoring service, where we will monitor the Internet for certain information about you and alert you when we discover that information exposed online; (c) a social media monitoring service designed to monitor your social media accounts and alert you if it discovers your personal information being publicly shared or the use of offensive language on your account; (d) a social security trace service designed to obtain and provide you with reports on names, addresses and aliases associated with your social security number and alert you of changes; and (e) identity restoration services that allow you to contact customer service specialists to help you if your identity is stolen.
What types of information do the Identity Protection Services collect:
How the information above is used:
The information we collect will depend on the types of identity protection products you enroll in. This information is required in order to verify your identity, charge you the agreed upon fees, and provide you with the Identity Protection Services, including by communicating with third parties (such as identification verification companies, consumer reporting agencies, credit bureaus, payment validation companies, law enforcement agencies, and others) in order to provide those services to you. We may provide this information to our third-party service providers who assist us in providing you with identity protection services, or allow these service providers to collect certain information directly from you. These service providers may in turn provide your data to third parties for purposes of providing you with the services requested. We and/or our service providers may also provide you with monitoring and alerts and obtain information and reports about you (or about others that you have enrolled) in order to provide the Identity Protection Services, including address history, name, alias and other reports. We require that our service providers use data collected from you only for purposes of providing services to Lookout. If you upgrade to a Premium Subscription that includes identity theft insurance, we will use your information to provide you with assistance and applicable insurance coverage if your identity is compromised.
Types of Cookies
We use “session” cookies to keep you logged in while you use our services, to better understand how you interact with our services, and to monitor aggregate usage and web traffic information on our services. Session cookies disappear when you log out and close your browser. We also use “persistent” cookies to recognize you when you return to our services. Persistent cookies can stay on your computer for a longer period of time than session cookies do. We also use “analytical” cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our services and how they’re using them. This helps us to improve the way our website works, for example by making sure users are finding what they need easily. Finally, we may use other standard technologies, such as web beacons, web bugs, clear gifs, and local storage, to analyze, collect and aggregate data about your use of our products and services.
Cookies From Third-Parties
We believe it is important for you to know exactly what third-party cookies we use on our website and services. Here is a list of the third-party cookies that we currently use. As we develop and improve our services, we may use other third parties that are not listed below.
In addition to the specific uses described above, we also use your information in the following manner:
a. We Use Your Information to Provide, Improve, and Promote our Services.
We use your information to provide you with a better service, to improve our products and services, to promote our services and to develop new services. For example:
b. We May Disclose Your Information in Accordance with the Law.
c. We Share Your Information to Provide or Improve Our Services
We share your information with third parties to provide or improve our services. For example:
d. We Share Your Information to Avoid Unnecessary Marketing
In order to prevent you from receiving duplicate or unnecessary marketing about Lookout products or service, we may share your information or your status as a current Lookout customer with our partners or service providers.
e. We Share Data That is Aggregated and De-Identified
We share de-identified or aggregated data publicly and with our partners and other third-parties. For example, we may share the number of devices that have ever encountered a particular piece of malware in our security reports.
f. We May Disclose Your Information With Your Consent
We may also share your personal information with third parties when we have your consent to do so.
a. You Can Access and Update Your Settings
Your Lookout Account on our website and/or the Lookout ‘Settings’ page on our mobile application allow you to update or modify certain settings that affect what data is shared with us (for example, by disabling backups of certain types of data). To protect your privacy and security, we require your username and password in order to verify your identity before granting you account access or making changes. If you wish to correct or delete inaccuracies within your personal information, or to request access to any personal information we obtain about you, please contact us at email@example.com. We will respond to your request to access within 30 days. In certain situations, however, Lookout may not be able to provide access to or delete all of the personal information that it holds about you.
b. Email Opt-Outs
You may opt out of receiving promotional communications from Lookout by using the unsubscribe link within each email. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional and product-related messages from us regarding Lookout Services. You can opt-out of some of these notification messages in your account settings.
c. Personalized Advertisements
You may be able to opt out of receiving certain personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. Please visit the Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Opt-Out Page to opt out directly from providers who participate in those programs. Lookout does not control or operate these tools or the choices that advertisers and others provide through these tools.
When you delete location data through your account dashboard on Lookout.com, it is no longer linked to your account and is de-identified on our application production systems.
Our policy is to retain personally identifiable information only as long as reasonably necessary to provide our products and services to you and others or as otherwise required for legal compliance purposes. We may delete your data if your account is inactive and as otherwise provided in our Terms of Service. Currently for Lookout Backup, our policy is to delete: (i) all Backup Data if you have not accessed our services for 90 consecutive days, or (ii) pictures and call history from your Backup Data if you have not upgraded to a Premium Subscription within 90-days after your Premium trial or if you have discontinued your Premium Subscription for 90 consecutive days. We will generally notify you via the email address associated with your account before deleting your Backup Data. We may change that policy from time to time.
If you comment on our blog or other public forums, you should be aware that any information you submit there can be read, collected, or used by other users of those blogs, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs or for any content you receive as a result of sharing such information.
To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. If we are not able to remove your personal information, we will let you know why.
Lookout is a security company, and securing your data is important to us. Lookout uses commercially reasonable physical, managerial, and technical safeguards. For example, we use a combination of firewalls, authentication, physical security, and other safeguards to protect your account and your data. When you enter sensitive information (such as credit card number or location based information) on our website, within the Lookout app, or in our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We also perform third-party penetration tests to harden our systems from attack.
Because no method of transmission over the Internet or method of electronic storage is 100% secure, we cannot ensure or warrant the security of any information, data or content that Lookout receives on your behalf to operate the Lookout services, or that you transmit to Lookout. All such receipt or transmission of your information is at your own risk. We cannot guarantee that such information will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If Lookout learns of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. Lookout may also post a notice on the Lookout services if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
You are responsible for maintaining the secrecy of your password at all times. We recommend a strong password that you do not use with other services. If you believe your password has been compromised, please change your password immediately via the Lookout website, or contact us at email@example.com for assistance. You are responsible for ensuring that the email address associated with your account is accurate. We use that email to contact you about service updates, changes to our policies, and account activities such as requests for your information or locate attempts on your device. Lookout is not responsible for personal data transmitted to a third party as a result of a user’s providing an incorrect email address.
Do Not Track
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. For information about Do Not Track, visit www.allaboutdnt.org. At this time, we do not respond to Do Not Track browser settings or signals. In addition, some of our third-party services providers may use standard technology, such as cookies, pixel tags and web beacons, to collect information about your internet activities. You may be able to disable certain third-party cross-site tracking as described in the “Your Choices” section above.
Lookout is a San Francisco-based company with servers housed in the United States. Personal information collected from users outside the United States is transferred to the United States. Lookout has certified with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Lookout may process some personal data from individuals or companies in Switzerland via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. To learn more about the U.S.-Swiss Safe Harbor program, and to view Lookout's certification, please visit http://export.gov/safeharbor.
Lookout has further certified with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of “personal data” (as defined under the Privacy Shield principles) from applicable European Union member countries. Lookout has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data. To learn more about the Privacy Shield, view a list of entities who have current certifications under Privacy Shield, or view Lookout’s certification, please visit http://www.privacyshield.gov. As required under the principles, when Lookout receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Lookout’s behalf, Lookout has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Lookout is responsible for the event giving rise to the damage.
If you have any questions or complaints about Lookout’s privacy practices, including questions related to the Privacy Shield, you may contact us at the email address or mailing address set forth under “Contact Us if You Have Any Questions or Concerns.” We will work with you to resolve your issue.
If you are a resident of the European Union and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from our designated Privacy Shield independent recourse mechanism, which you can learn more about by visiting https://www.jamsadr.com/eu-us-privacy-shield.
Residents of the European Union may elect to arbitrate unresolved complaints but prior to initiating such arbitration, you must: (1) contact Lookout and afford us the opportunity to resolve the issue; (2) seek assistance from Lookout’s designated independent recourse mechanism above; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. Each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual. Lookout is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In addition to the rights granted under the section above entitled, “You Can Access and Update Your Privacy Settings,” some international users (including those whose information we collect under the Privacy Shield) have certain legal rights to access certain information we hold about them and to obtain its deletion. To exercise those rights, these users may contact us at firstname.lastname@example.org with their request.
Lookout does not knowingly collect or store any personal information about children under the age of 13. If you believe a child is using this service without parental consent, please contact us at email@example.com.
Our site contains links to other websites. When you click on one of these links, you leave Lookout’s website and go elsewhere. Lookout does not accept liability for misuse of any information by any website controller to which we may link. We encourage you to read the privacy statements of these linked sites, which may differ from ours. In addition, if you take advantage of an offer from one of our partners, you may be providing information directly to that partner. We encourage you to review the privacy statements of these partners, as we are not responsible for the privacy practices of any partners or linked sites.
In the event that Lookout is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction.