Privacy Policy
Your privacy is important to JAMF Software, LLC. As a result, we’ve developed this Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
A. Overview
JAMF Software, LLC, and its affiliates (herein collectively “Jamf”) makes reasonable efforts to protect the privacy of your personal information. This Privacy Policy was created to demonstrate our commitment to fair information practices. This Privacy Policy covers Jamf’s use of personal information that we collect in the normal course of our business, when you use our corporate websites or applications, when you use our software and Hosted Services, and when you otherwise interact with us, including when you attend events hosted or attended by Jamf and when you contact us through our third-party partners for customer support (collectively, the “Services”). Jamf’s obligations to our customers when processing personal information related to the use our products and services are provided in our customer agreements located at Jamf Trust Center: https://www.jamf.com/trust-center/.
In addition to covering how we collect, use, disclose, transfer, and store your information, this policy also discloses our purpose and lawful basis for processing your personal information, and your related rights. Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be that the processing (i) is necessary for our legitimate interests in carrying out our business with you, including direct marketing, provided those interests are not outweighed by your rights and interests, or (ii) is necessary to perform a contract with you. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.
If you are a resident of California, please see Section P (the California Addendum) for additional details on how Jamf handles your personal information.
Our Services are not directed to anyone under the age of 16, and Jamf does not knowingly solicit or collect information from anyone under 16 years of age. If you are a parent or guardian and believe we may have collected information about a child, please contact us at privacy@jamf.com.
B. Collection and Sources of Information
Depending on the context in which you interact with us, Jamf may collect or receive the following information:
- Account and Profile Information: This includes information you provide when you create an account with our Services, request a trial, contact support, register for events, complete surveys and may include name, username, email address, phone number, company name, state, country, LinkedIn URL, Twitter URL, GitHub URL, and your photo.
- Service Information: When you use our Services, we receive information generated through your use of the Services, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include, but is not limited to, name, username, company/organization, company/organization address, email address, phone number, IP address, MAC address, latitude, longitude, AppleCare ID, Apple ID, device name(s), device ID(s), and directory ID or other information you place within the Services. The information collected is kept to a minimum and depends on the use case and platforms used.
- Performance and Usage Data: We may collect statistical, usage, configuration, and performance data of the Services to monitor the performance, integrity, and stability of the Services; address or prevent technical or security issues; provide support Services; and improve the Services. Further, we may use and disclose this information for any purpose, provided that such data is first de-identified, anonymized and aggregated.
- Payment Information: We use third party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors whose use of your personal information is governed by their privacy policies. The privacy policies of our current third party processors may be viewed at https://stripe.com/us/privacy, https://home.bluesnap.com/privacy-policy/, and https://www.cleverbridge.com/corporate/privacy-policy/.
- Information from Third Parties: We receive information from third party business partners such as the contact details of prospects and sales leads. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
- Location Information: Some of our applications collect general location information based on IP address. This information is used to customize the services provided to you, such as location-based information of specific managed devices. Location information is only viewable by the end user. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.
- Automatically Collected Information: When you access our Services, we may collect information about your engagement on our corporate websites, content you provided during chat interactions with our third-party partners, forums, and forms, and user experience and session replay technology, where applicable, to understand how you interact with our websites or apps.
- Childrens’ Data: Our customers include educational institutions who control the Service Information provided to us. These educational institution customers may provide us with Service Information related to devices used by students under the age of 16, including, but is not limited to, device name(s) and device ID(s).”
- Other Information: We may collect demographic information such as geographic location, to help us analyze trends and tailor our offerings to specific user segments.
C. Use of Collected Information
We may use the information we collect automatically or when you use the Services for the following purposes:
- To carry out the purpose for which it was originally collected or received.
- To provide, operate, and maintain and improve our products and services.
- To respond to your inquiries and provide support.
- To process and complete transactions, and send you related information.
- To market and sell our products and services. If we do so, we will comply with relevant opt-in or opt-out requirements related to sending such communications.
- To monitor the performance, integrity, and stability of the Services.
- To address or prevent technical or security issues.
- To comply with laws and regulations that apply to us or third parties with whom we work, and comply with requests from regulatory agencies, law enforcement, and other public and government authorities.
- Jamf does not sell or rent information to third parties, and we do not share information with third parties except as described in this Privacy Policy.
- Jamf may supplement the information we collect from you with additional data to enhance our understanding of our user base and improve our Services.
- Jamf utilizes marketing automation tools provided by third-party partners to streamline our communications and deliver targeted content or promotions based on your interests and interactions with our platform.
- Jamf may personalize your experience by using data to customize recommendations, content, or features to better suit your preferences.
D. Cookies and Similar Technologies
Jamf and our third-party partners, such as our advertising and analytics partners, use cookies and similar technologies to make our websites and applications work, and to learn more about our users and their likely interests as well as information relating to their visits and interactions with a website or application.
Use of Cookies. We may collect various forms of information such as entry and exit points for our websites (i.e., referring URLs or domain names), website traffic statistics, operating system, and browser type (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the sites. In addition, when you request pages on our sites, our servers automatically log your IP address. Depending on the cookie, the cookie may expire at the end of your browser session or may stay (or “persist”) on your computer until the expiration date specified in the cookie.
Controlling or Modifying Cookies. If you accept a cookie, you can delete it at any time (e.g., as soon as you leave our websites) through your web browser. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you can set your browser to reject cookies or to alert you when a cookie is placed on your computer. If you choose to decline cookies, you may not be able to use certain features or functionality of our Services that depend on your web browser accepting cookies. You can also use opt-out tools provided by third party partners, or by the Digital Advertising Alliance (http://www.aboutads.info/choices), the EU Internet advertising industry (http://www.youronlinechoices.eu), or similar entities. Where required, Jamf obtains consent prior to using cookies.
Analytics. Jamf uses analytical services provided by Google to monitor our Services, such as Firebase, Google Analytics for Firebase, and Crashlytics. You can find out more about the types of analytical data collected, how that data is processed, and how to opt out of certain features by visiting www.google.com/policies/privacy/partners/.
Do Not Track Signals. Jamf Services do not respond to Do Not Track Signals.
E. Sharing of Personal Information & Accountability for Onward Transfer
From time to time, Jamf may engage third-party business partners, vendors, or sub-processors to perform functions such as sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, data storage, processing credit card payments, providing search results and links (including paid listings and links), and providing customer service. Such companies shall only use your information for those purposes required to perform their functions. Additionally, Jamf may share your information, without your prior consent, in the event of any reorganization, merger, sale, joint venture, or transfer of assets. When information is shared, Jamf will ascertain that the third parties receiving the information are obligated to provide at least the same level of privacy protection as is required under this policy. Should Jamf transfer information outside of a local jurisdiction, it shall only be done with adequate protections in place and in compliance with applicable laws and standards.
Jamf may share your information if we have a good faith belief that such action is necessary to (i) protect and defend the rights or property of Jamf, (ii) enforce this Privacy Policy or the Services’ terms and conditions of access and use agreement, (iii) participate in dispute resolution pursuant to this Privacy Policy, (iv) protect the interests of other users of the Services or any other person, or (v) operate or conduct maintenance and repair of the Services or equipment as necessary to provide Services to you.
Jamf may be required to disclose an individual’s information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. If Jamf receives a request for an individual’s information, Jamf will (unless prohibited by law from doing so) inform the relevant individual or customer as soon as reasonably practicable and take reasonable actions to address or assist in addressing such request.
Jamf shall remain liable under applicable law and relevant contract obligations for its sub-processors, if they process your information in a manner inconsistent with applicable law and contract obligations, unless Jamf proves that it is not responsible for the event giving rise to the damage.
F. Parents’ Rights and Childrens’ Privacy
Some of our Services are used by educational institutions that serve children. “Children” are individuals under the age of 16 (or below the legal age of majority as mandated by the laws of the jurisdiction in which they reside). Jamf is committed to protecting the privacy of children who use our Services. We've taken the Student Privacy Pledge to demonstrate our commitment to parents, educators, and schools. Visit https://studentprivacypledge.org to learn more.
- We will NOT knowingly collect, use or distribute personal information from children under the age of 16 without prior consent from a parent and/or guardian or the educational entity using our Services.
- Jamf will never knowingly request personally identifiable information from anyone under the age of 16.
- Data processed about children is set forth in Section B.
- We only share childrens’ data with parents, guardians, educators, or other authorized third parties, which was obtained in the course of providing our Services to educational institutions that serve children. We only disclose personal information if permitted and/or required by law and in the course of providing our Services and as required or permitted by the contractual obligations associated with our Services.
- Jamf will not provide Services that knowingly ask a child under 16 years-of-age to divulge more information than is required to ensure the features of the Jamf applications operate for their intended purposes, and for educational purposes.
G. International Data Transfer
Your personal information might be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection and privacy laws that are different than the laws of your home country. Jamf only transfers personal information to other countries in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information. A list of Jamf’s global offices is available here.
If you are a resident of the European Economic Area (“EEA”) and your personal information is transferred outside of the EEA, we will:
- Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by EEA Standard Contractual Clauses (“EEA SCCs”) or another lawful transfer mechanism approved by the European Commission.
If you are a resident of the United Kingdom (“UK”) and your personal information is transferred outside of the UK, we will:
- Process it in a territory which the Information Commissioner’s Office (“ICO”) has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by appending the UK Addendum to the EEA SCCs or another lawful transfer mechanism approved by the Information Commissioner’s Office.
If you are a resident of Switzerland and your personal information is transferred outside of Switzerland, we will:
- Process it in a territory which the Swiss government has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by using the EEA SCCs, subject to modifications and amendments prescribed by the Swiss Federal Data Protection and Information Commissioner.
In addition to the transfer mechanisms described above, to further demonstrate Jamf’s commitment to privacy, Jamf complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Jamf has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Jamf has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information from Switzerland in reliance on the Swiss-U.S. DPF. In addition, Jamf's U.S. affiliate, Wandera, Inc., also adheres to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the relevant DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Additionally, our organization commits to cooperating with the appropriate European data protection authority/ies (“DPAs”) (i.e., the EU DPAs, and, as applicable, the United Kingdom Information Commissioner’s Office and Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner) and comply with the advice given by such authority/ies regarding human resources data. Jamf’s Employee Privacy Notice is available here https://www.jamf.com/employee-privacy-notice/. In compliance with the EU-U.S. and Swiss-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF, Jamf commits to resolve DPF Principles-related complaints about our collection or use of your personal information. European Union, Swiss and United Kingdom individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and Swiss DPF should first contact us via Section R below.
In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, Jamf commits to refer unresolved privacy complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs, which is based in the United States. If you do not receive timely acknowledgment of your DPF Principles complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers or more information or to file a complaint. The services of BBB National Programs is provided at no cost to you.
Under certain conditions, you may invoke binding arbitration for certain residual claims as to data covered by the EU-U.S. DPF, the UK Extension to the EU.U.S. DPF and Swiss-U.S. DPF. The purpose of this option is to provide a prompt, independent, and fair mechanism, at your option, for resolution of any claimed violations of the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or Swiss-U.S. DPF Principles not resolved by any of the other EU-U.S. DPF, UK Extension or Swiss-U.S. DPF mechanisms. For additional information on binding arbitration, see Annex I to the EU-U.S. DPF Principles found here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
H. Protection and De-Identification of Information
Taking into account the risks involved in the processing, the nature of information processed, and to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction while maintaining data accuracy, Jamf has put in place appropriate physical, electronic, and managerial policies and procedures to safeguard the information Jamf collects. Any payment transactions will be encrypted using SSL technology. However, the safety and security of your information also depends on you. Where you have chosen or we have given you a username and password for access to certain parts of the Services, you are responsible for keeping the username and password confidential. Although we do our best to protect the information, we cannot and do not guarantee the security of your information.
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
For more information on how we protect information, see https://www.jamf.com/trust-center/.
I. Retention
Jamf retains your information (including your sensitive information) in an identifiable form for as long as needed or permitted in light of the purposes for which it was collected. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide Services to you, for example, for as long as you have an account with us or are using our Services, and the length of time thereafter during which we may have a legitimate need to reference your information to address issues that may arise;
- When there is a legal obligation to which we are subject, for example, certain laws may require us to keep records of your transactions for a certain period of time before we can delete them; and
- When retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations.
J. Other Limits to Your Privacy
The Services may contain links to other non-Jamf websites. Jamf is not responsible for the privacy practices or the content of such websites. Jamf has no control over the use of such websites, and you should exercise caution when deciding to disclose any information on these websites.
K. Choice
We seek to provide you with choices regarding the information you provide to us. You can always opt not to disclose information. However, if you elect to opt out of disclosing information, such election may impact functionality or prevent the use of Jamf’s products or Services. You have the right, at any time, to opt-out of receiving marketing messages from Jamf by sending an email to privacy@jamf.com, by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing here. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important operational or administrative messages.
L. Legal Compliance
We may disclose your information in response to valid legal requests or court orders, complying with subpoenas, warrants, and other legal processes as required. This is done only to protect rights, comply with legal obligations, or respond to lawful requests, and to prevent illegal activities, fraud, or potential harm. If Jamf receives any government agency requests, it will (unless prohibited by law from doing so) inform the customer in writing as soon as reasonably practical. We will cooperate with law enforcement agencies and authorities within the bounds of applicable laws and regulations while prioritizing the protection of your privacy.
M. Privacy Requests
If you would like to request to access, correct, update, suppress, restrict, or delete your personal information, object to or opt out of the processing of your personal information, or receive a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us via Section R below or by submitting a Data Subject Access Request (DSAR) here.
To protect your privacy and security, Jamf may also take reasonable steps to verify your identity before responding to DSARs.
Jamf processes some personal information solely on behalf of its customers in the course of delivering Services. This personal information is processed to accomplish the business purposes of the customer to whom the Services are provided, and often, Jamf will not have a direct relationship with the subject of this personal information. In these cases, Jamf recommends first contacting the organization to which your personal information was originally provided with any data privacy questions. The organization can contact Jamf if escalation of your query is necessary.
N. Regulatory Oversight
For this Privacy Policy, its content, and Jamf’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Jamf is subject to the jurisdiction of the Federal Trade Commission (“FTC”). If Jamf becomes subject to an FTC or court order based on non-compliance with this policy, applicable privacy laws, the EU-U.S. and Swiss-U.S. DPFs, or the UK Extension to the EU-U.S. DPF, Jamf shall make public any relevant information of any compliance or assessment reports submitted to the FTC, to the extent consistent with confidentiality requirements.
O. Data Disclosure Notification
Should we become aware of a data breach or security incident involving the disclosure of your personal information, Jamf will notify you as required by applicable laws. Our notification will include details of the breach, corrective actions, and contact information for further assistance. Our Information Security Breach Management process can be found here.
P. California Addendum—For Residents of California
This California Addendum applies to California residents and supplements the information provided above in the Privacy Policy. It does not apply to our employees or other personnel where the personal information we collect about those individuals relates to their current, former, or potential employment at Jamf.
Categories of Personal Information Collected and Sources
In the preceding 12 months, Jamf has collected the following categories of personal information about California consumers. We may collect this personal information directly from you, from third parties, and from your interactions with our Services. As defined by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), the personal information categories are:
- Personal information as defined in the California customer records law, such as name, contact details (address, phone number, email), and employment information, such as current employer.
- Characteristics of protected classifications under California or federal law, such as primary language.
- Commercial information, such as purchase history and transaction information.
- Internet or network activity information, such as browsing history, online identifiers, search history, and interactions with our online properties or ads.
- Geolocation data as approximate location derived from IP address.
- Audio, electronic, visual, and similar information, such as photos and call or video recordings.
Purposes for Collection, Use, and Disclosure of Personal Information
Jamf collects the categories of personal information described above for business and operational purposes, marketing and commercial purposes, security purposes, and legal and compliance purposes, as further described above in Section C. We disclose each of these categories to our service providers, affiliates, third-party partners that provide services such as data analysis, data storage, payment processing, and customer service, trusted business partners, and public and governmental authorities, such as regulatory authorities and law enforcement, as further described above in Section E.
Sensitive Personal Information
Jamf has not collected, shared, or sold any sensitive personal information, as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated. Without limiting the foregoing, we do not “sell” or “share” sensitive personal information.
Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising
We disclose the above categories of personal information to third-party advertising partners, such as in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA.
We do not knowingly “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.
Individual Requests
You may, subject to applicable law, make the following requests:
- You may request that we disclose to you the following information:
- The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
- The business or commercial purpose for collecting, “selling,” or “sharing” personal information about you;
- The categories of personal information about you that we “sold” or “shared” and the categories of third parties to whom we “sold” or “shared” such personal information; and
- The categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
- You may request to correct inaccuracies in your personal information.
- You may request to have your personal information deleted.
- You may request to receive the specific pieces of your personal information, including a copy of the personal information you provided to us in a portable format.
- You may opt out of the “sale” or "sharing” of your personal information for cross-context behavioral advertising through cookie consent.
We will not unlawfully discriminate against you for making an individual request. To make a request, please contact us at either privacy@jamf.com or 888-755-1421. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your personal information. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.
We also process opt-out preference signals, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using. For information about how to use the Global Privacy Control, please visit https://globalprivacycontrol.org/.
Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
Q. Changes to Our Privacy Policy
Jamf may update this Privacy Policy from time to time. In the event we make any material changes to this Privacy Policy, we will notify you by posting the revised policy on our corporate website (https://www.jamf.com/privacy-policy/), so please be sure to visit our corporate website periodically. The date of the most recent revision to this Privacy Policy will be posted at the end of this policy. Any revisions will become effective upon seven (7) calendar days following such posting on our corporate website.
R. How to Contact Us
If you have any questions or complaints about this Privacy Policy, please contact us as follows:
JAMF Software, LLC
100 Washington Avenue South
Suite 1100
Minneapolis, MN 55401
If you would like to request access to the personal information that we may maintain about you, please submit a request here.
Jamf has a designated Data Protection Officer (“DPO”) to respond to questions and complaints. If you have questions regarding our privacy practices or how we handle your information, please email our DPO at privacy@jamf.com.
Date Updated: June 14, 2024