Privacy Policy

Your privacy is important to JAMF Software, LLC. As a result, we’ve developed this Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

A. Overview

JAMF Software, LLC, and its affiliates (herein collectively “Jamf”) makes reasonable efforts to protect the privacy of your personal information. This Privacy Policy was created to demonstrate our commitment to fair information practices. This Privacy Policy covers Jamf’s use of personal information that we collect in the normal course of our business, when you use our corporate websites or applications, and when you otherwise interact with us, including when you attend events hosted or attended by Jamf and when you contact us for customer support (collectively, the “Services”).

In addition to covering how we collect, use, disclose, transfer, and store your information, this policy also discloses our purpose and lawful basis for processing your personal information, and your related rights. Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be that the processing (i) is necessary for our legitimate interests in carrying out our business with you, including direct marketing, provided those interests are not outweighed by your rights and interests, or (ii) is necessary to perform a contract with you. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

If you are a resident of California, please see the California Addendum below for additional details on how Jamf handles your personal information.

Our Services are not directed to anyone under the age of 16, and Jamf does not knowingly solicit or collect information from anyone under 16 years of age. If you are a parent or guardian and believe we may have collected information about a child, please contact us at privacy@jamf.com.

Jamf may update this Privacy Policy from time to time. In the event we make any material changes to this Privacy Policy, we will notify you by email or by posting the revised policy on our corporate website (https://www.jamf.com/privacy-policy//). The date of the most recent revision to this Privacy Policy will be posted at the end of this policy. Any revisions will become effective upon seven (7) calendar days following such posting on our corporate website.

B. Collection and Sources of Information

Depending on the context in which you interact with us, Jamf may collect or receive the following information:

  • Account and Profile Information: This includes information you provide when you create an account with our Services, request a trial, contact support, register for events, complete surveys and may include name, username, email address, phone number, company name, state, country, LinkedIn URL, Twitter URL, GitHub URL, and your photo.
  • Service Information: When you use our Services, we receive information generated through your use of the Services, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include, but is not limited to, name, username, company/organization, company/organization address, email address, phone number, IP address, MAC address, latitude, longitude, AppleCare ID, Apple ID, device name(s), device ID(s), and directory ID or other information you place within the Services. The information collected is kept to a minimum and depends on the use case and platforms used.
  • Performance and Usage Data: We may collect statistical, usage, configuration, and performance data of the Services to monitor the performance, integrity, and stability of the Services. Further, we may use and disclose this information for any purpose, provided that such data is first de-identified.
  • Payment Information: We use third party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors whose use of your personal information is governed by their privacy policies. The privacy policies of our current third party processors may be viewed at https://stripe.com/us/privacy, https://www.digitalriver.com/privacy-policy/, https://home.bluesnap.com/privacy-policy/, https://www.cleverbridge.com/corporate/privacy-policy/ and https://usaepay.info/policy.
  • Information from Third Parties: We receive information from third party business partners such as the contact details of prospects and sales leads from our resellers. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
  • Location Information: Some of our applications collect general location information based on IP address. This information is used to customize the services provided to you, such as location-based information of specific managed devices. Location information is only viewable by the end user. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.

C. Use of Collected Information

We may use the information we collect or receive for the following purposes:

  • To carry out the purpose for which it was originally collected or received.
  • To provide, operate, maintain, and improve our products and services.
  • To respond to your inquiries and provide support.
  • To process and complete transactions, and send you related information.
  • To market and sell our products and services. If we do so, we will provide you with an easy way to opt-out of receiving such communications in the future.
  • To monitor the performance, integrity, and stability of the Services.
  • To address or prevent technical or security issues.
  • To customize your experience related to the Services and display content that we think you might be interested in according to your preferences.
  • Jamf does not sell or rent information to third parties, and we do not share information with third parties except as described in this Privacy Policy.

D. Cookies and Similar Technologies

Jamf and our third-party partners, such as our advertising and analytics partners, use cookies and similar technologies to make our websites and applications work, and to learn more about our users and their likely interests as well as information relating to their visits and interactions with a website or application.

Use of Cookies. We may collect various forms of information such as entry and exit points for our websites (i.e., referring URLs or domain names), website traffic statistics, operating system, and browser type (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the sites. In addition, when you request pages on our sites, our servers automatically log your IP address. Depending on the cookie, the cookie may expire at the end of your browser session or may stay (or “persist”) on your computer until the expiration date specified in the cookie.

Controlling or Modifying Cookies. If you accept a cookie, you can delete it at any time (e.g., as soon as you leave our websites) through your web browser. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you can set your browser to reject cookies or to alert you when a cookie is placed on your computer. If you choose to decline cookies, you may not be able to use certain features or functionality of our Services that depend on your web browser accepting cookies. You can also use opt-out tools provided by third party partners, or by the Digital Advertising Alliance (http://www.aboutads.info/choices), the EU Internet advertising industry (http://www.youronlinechoices.eu), or similar entities. Where required, Jamf obtains consent prior to using cookies.

Analytics. Jamf uses analytical services provided by Google to monitor our Services, such as Firebase, Google Analytics for Firebase, and Crashlytics. You can find out more about the types of analytical data collected, how that data is processed, and how to opt out of certain features by visiting www.google.com/policies/privacy/partners/.

Do Not Track Signals. Jamf Services do not respond to Do Not Track Signals.

E. Sharing of Personal Information & Accountability for Onward Transfer

From time to time, Jamf may engage third-party business partners, vendors, or sub-processors to perform functions such as sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, data storage, processing credit card payments, providing search results and links (including paid listings and links), and providing customer service. Such companies shall only use your information for those purposes required to perform their functions. Additionally, Jamf may share your information, without your prior consent, in the event of any reorganization, merger, sale, joint venture, or transfer of assets. When information is shared, Jamf will ascertain that the third parties receiving the information are obligated to provide at least the same level of privacy protection as is required under this policy. Should Jamf transfer information outside of a local jurisdiction, it shall only be done with adequate protections in place and in compliance with applicable laws and standards.

Jamf may share your information if we have a good faith belief that such action is necessary to (i) protect and defend the rights or property of Jamf, (ii) enforce this Privacy Policy or the Services’ terms and conditions of access and use agreement, (iii) participate in dispute resolution pursuant to this Privacy Policy, (iv) protect the interests of other users of the Services or any other person, or (v) operate or conduct maintenance and repair of the Services or equipment.

Jamf may be required to disclose an individual’s information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Jamf shall remain liable under applicable law and relevant contract obligations for its sub-processors, if they process your information in a manner inconsistent with applicable law and contract obligations, unless Jamf proves that it is not responsible for the event giving rise to the damage.

F. International Data Transfer

Your personal information might be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection and privacy laws that are different than the laws of your home country. Jamf only transfers personal information to other countries in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information. A list of Jamf’s global offices is available here.

If you are a resident of the European Economic Area (“EEA”) and your personal information is transferred outside of the EEA, we will:

  • Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
  • Otherwise implement appropriate safeguards to protect your personal information, including by EEA Standard Contractual Clauses (“EEA SCCs”) or another lawful transfer mechanism approved by the European Commission.

If you are a resident of the United Kingdom (“UK”) and your personal information is transferred outside of the UK, we will:

  • Process it in a territory which the Information Commissioner’s Office (“ICO”) has determined provides an adequate level of protection for personal information; or
  • Otherwise implement appropriate safeguards to protect your personal information, including by appending the UK Addendum to the EEA SCCs or another lawful transfer mechanism approved by the Information Commissioner’s Office.

If you are a residence of Switzerland and your personal information is transferred outside of Switzerland, we will:

  • Process it in a territory which the Swiss government has determined provides an adequate level of protection for personal information; or
  • Otherwise implement appropriate safeguards to protect your personal information, including by using the EEA SCCs, subject to modifications and amendments prescribed by the Swiss Federal Data Protection and Information Commissioner.

In addition to the transfer mechanisms described above, to further demonstrate Jamf’s commitment to privacy, Jamf complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Jamf has certified to the U.S. Department of Commerce that it adheres to the EU.-US Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Jamf has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information from Switzerland in reliance on the Swiss-U.S. DPF. In addition, Jamf's U.S. affiliate, Wandera, Inc., also adheres to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Additionally, our organization commits to cooperating with the appropriate European data protection authority/ies (“DPAs”) (i.e., the EU DPAs, and, as applicable, the United Kingdom Information Commissioner’s Office and Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authority/ies regarding human resources data. Jamf’s Employee Privacy Notice is available here https://www.jamf.com/employee-privacy-notice/. In compliance with the EU-U.S. and Swiss-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF, Jamf commits to resolve DPF Principles-related complaints about our collection or use of your personal information. European Union, Swiss and United Kingdom individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and Swiss DPF should first contact us via Section M below.

In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, Jamf commits to refer unresolved privacy complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs, which is based in the United States. If you do not receive timely acknowledgment of your DPF Principles complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers or more information or to file a complaint. The services of BBB National Programs is provided at no cost to you.

Under certain conditions, you may invoke binding arbitration for certain residual claims as to data covered by the EU-U.S. DPF, the UK Extension to the EU.U.S. DPF and Swiss-U.S. DPF. The purpose of this option is to provide a prompt, independent, and fair mechanism, at your option, for resolution of any claimed violations of the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or Swiss-U.S. DPF Principles not resolved by any of the other EU-U.S. DPF, UK Extension or Swiss-U.S. DPF mechanisms. For additional information on binding arbitration, see Annex I to the EU-U.S. DPF Principles found here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

G. Protection and De-Identification of Information

Taking into account the risks involved in the processing, the nature of information processed, and to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction while maintaining data accuracy, Jamf has put in place appropriate physical, electronic, and managerial policies and procedures to safeguard the information Jamf collects. Any payment transactions will be encrypted using SSL technology. However, the safety and security of your information also depends on you. Where you have chosen or we have given you a username and password for access to certain parts of the Services, you are responsible for keeping the username and password confidential. Although we do our best to protect the information, we cannot and do not guarantee the security of your information.

Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.

For more information on how we protect information, see https://www.jamf.com/trust-center/.

H. Retention

Jamf retains your information (including your sensitive information) in an identifiable form for as long as needed or permitted in light of the purposes for which it was collected. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide Services to you, for example, for as long as you have an account with us or keep using our Services, and the length of time thereafter during which we may have a legitimate need to reference your information to address issues that may arise;
  • Whether there is a legal obligation to which we are subject, for example, certain laws may require us to keep records of your transactions for a certain period of time before we can delete them; and
  • Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations.

I. Other Limits to Your Privacy

The Services may contain links to other non-Jamf websites. Jamf is not responsible for the privacy practices or the content of such websites. Jamf has no control over the use of such websites, and you should exercise caution when deciding to disclose any information on these websites.

J. Choice

We seek to provide you with choices regarding the information you provide to us. You can always opt not to disclose information. However, if you elect to opt out of disclosing information, such election may impact functionality or prevent the use of Jamf’s products or Services. You have the right, at any time, to opt-out of receiving marketing messages from Jamf by sending an email to privacy@jamf.com, by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing here. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important operational or administrative messages.

K. Privacy Requests

If you would like to request to access, correct, update, suppress, restrict, or delete your personal information, object to or opt out of the processing of your personal information, or receive a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us via Section M below.

To protect your privacy and security, Jamf may also take reasonable steps to verify your identity before making corrections to or deleting your account.

Jamf processes some personal information solely on behalf of its customers in the course of delivering Services. This personal information is processed to accomplish the business purposes of the customer to whom the Services are provided, and often, Jamf will not have a direct relationship with the subject of this personal information. In these cases, Jamf recommends first contacting the organization to which your personal information was originally provided with any data privacy questions. The organization can contact Jamf if escalation of your query is necessary.

L. Regulatory Oversight

For this Privacy Policy, its content, and Jamf’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Jamf is subject to the jurisdiction of the Federal Trade Commission (“FTC”). If Jamf becomes subject to an FTC or court order based on non-compliance with this policy, applicable privacy laws, the EU-U.S. and Swiss-U.S. DPFs, or the UK Extension to the EU-U.S. DPF, Jamf shall make public any relevant information of any compliance or assessment reports submitted to the FTC, to the extent consistent with confidentiality requirements.

M. How to Contact Us

If you have any questions or complaints about this Privacy Policy or if you would like to request access to the personal information that we may maintain about you, please contact us as follows:

JAMF Software, LLC
100 Washington Avenue South
Suite 1100
Minneapolis, MN 55401
privacy@jamf.com

As of the writing of this Privacy Policy, Jamf has appointed a Data Protection Officer (“DPO”) to respond to questions and complaints. If you have questions regarding our privacy practices or how we handle your information, please email our DPO at privacy@jamf.com.

California Addendum—For Residents of California

This California Addendum applies to California residents and supplements the information provided above in the Privacy Policy. It does not apply to our employees or other personnel where the personal information we collect about those individuals relates to their current, former, or potential employment at Jamf.

Collection and Disclosure of Personal Information

The following chart details which categories of personal information we collect and process, as well as which categories of personal information we disclose to which third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Policy was last updated.

Categories of personal information Disclosed to which categories of third parties for operational business purposes
Identifiers, such as name, contact details (address, phone number, email), IP address, and online identifiers. Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement
Personal information as defined in the California customer records law such as name, contact information, and employment information. Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement
Characteristics of protected classifications under California or federal law, such as sex, age, gender, race, medical conditions, and primary language Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement
Commercial information, such as purchase history and transaction information Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement
Internet or network activity information, such as browsing history, search history, and interactions with our online properties or ads Our affiliates; vendors that provide services such as data analysis and data storage; public and governmental authorities, such as regulatory authorities and law enforcement
Geolocation data, such as approximate location derived from IP address and device location Our affiliates; vendors that provide services such as data analysis, data storage, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement
Audio, electronic, visual, and similar information, such as photos and call or video recordings Our affiliates; vendors that provide services such as data storage and customer service; public and governmental authorities, such as regulatory authorities and law enforcement
Professional or employment-related information, such as current employer Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement
  • Sensitive Personal Information
  • Personal information that reveals an individual’s account log-in in combination with any required security or access code, password, or credentials allowing access to an account; the contents of mail, email, and text messages unless Jamf is the intended recipient of the communication.
Our affiliates; vendors that provide services such as data analysis, data storage, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement

We do not “sell” or “share” your personal information, including your sensitive personal information, as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated.

Without limiting the foregoing, we do not “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.

Purposes for the Collection, Use, and Disclosure of Sensitive Personal Information

We collect, use, and disclose sensitive personal information for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, countering wrong or unlawful actions, short term transient use such as displaying first party, non-personalized advertising, order processing and fulfillment, servicing accounts, providing customer service, verifying customer information, processing payments, activities relating to quality and safety control or product improvement, and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal information for additional purposes.

Individual Requests

You may, subject to applicable law, make the following requests:

  1. You may request that we disclose to you the following information:
    a. The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
    b. The business or commercial purpose for collecting personal information about you; and
    c. The categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
  2. You may request to correct inaccuracies in your personal information.
  3. You may request to have your personal information deleted.
  4. You may request to receive the specific pieces of your personal information, including a copy of the personal information you provided to us in a portable format.

We will not unlawfully discriminate against you for making an individual request. To make a request, please contact us at either privacy@jamf.com or 888-755-1421. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your personal information. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.

Authorized Agents

If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.

Date Updated: August 23, 2023