Privacy Policy
JAMF Software, LLC
Privacy Policy
Your privacy is important to us. This Privacy Policy covers how we collect, use, disclose, transfer, and store your personal information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
A. Overview
JAMF Software, LLC, and its affiliates (“Jamf,” “we," or “us”) are committed to protecting the privacy of your personal information in accordance with applicable data protection laws worldwide. This Privacy Policy explains how we maintain, use, and protect personal information we collect from you in the normal course of business, including when you visit our corporate websites and/or applications, register or attend events or training courses hosted by Jamf, participate in our online user community, or contact us to request more information Together, we refer to these as the “Services.”
This Privacy Policy applies where Jamf acts as the data controller of your personal information. It does not apply to personal information collected from customers through their use of our “Product Offerings”, which include our software and technical support for Jamf’s customers. The processing of personal information collected through our Product Offerings is governed by our customer agreements, including the Software License and Services Agreement and Data Processing Agreement. You can review these agreements on Jamf's Trust Center.
B. Collection and Sources of Information
Depending on how you interact with us, we may collect or receive the following information:
- Account and Profile Information: This includes information you provide when you create an account with our Services, request a trial, contact support, register for events, or complete surveys. It may include your name, username, email address, phone number, company name, state, country, LinkedIn URL, Twitter URL, GitHub URL, and your photo.
- Service Information: When you use our Services, we receive information generated through your use, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include name, username, company/organization, company/organization address, email address, phone number, IP address, or other information you provide to the Services. The information collected is kept to a minimum and depends on the use case and platforms used.
- Operational and Diagnostic Data: We may collect statistical, usage, and performance data related to your use of the Services to monitor and maintain the performance, integrity, and stability of our websites, online communities, and other Services.
- Payment Information: We use third-party payment processors to process payments. In connection with payment processing, we do not retain any personally identifiable information or any financial information such as credit card numbers. All such information is provided directly to our third-party processors whose use of your personal information is governed by their privacy policies. The privacy policies of our current third-party processors may be viewed at https://stripe.com/us/privacy, https://home.bluesnap.com/privacy-policy/, and https://www.cleverbridge.com/corporate/privacy-policy/.
- Information from Third Parties: We receive information from third-party business partners such as contact details of prospects and sales leads. We collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
- Location Information: Some Services collect general location information based on IP addresses. We use this information to customize the Services we provide to you. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.
- Automatically Collected Information: When you access our Services, we may collect information about your engagement on our corporate websites, content you provided during chat interactions with our third-party partners, forums, forms, and user experience and session replay technology, where applicable, to understand how you interact with our websites or apps.
- Other Information: We may collect demographic information such as geographic location, to help us analyze trends and tailor our offerings to specific user segments.
C. Use of Collected Information
We may use the personal information we collect automatically or when you use the Services for the following purposes:
- To carry out the purpose for which it was originally collected or received.
- To provide, operate, maintain, and improve our websites, online communities, and other Services.
- To respond to your inquiries and provide support.
- To process and complete transactions and send you related information.
- To market and sell our products and services. If we do so, we will comply with relevant opt-in or opt-out requirements related to sending such communications.
- To monitor and secure our websites, online communities, and other Services.
- To address or prevent technical or security issues.
- To comply with laws and regulations that apply to us or third parties we use and comply with requests from regulatory agencies, law enforcement, and other public and government authorities.
We may supplement the personal information we collect from you with additional data to better understand our users and to enhance our Services. This data allows us to offer custom recommendations, content, and features that better match your preferences. We use third-party marketing automation tools to streamline communication and deliver promotional content tailored to your interests and interactions with our platform. We do not sell or rent personal information to third parties and only share information as outlined in this Privacy Policy.
D. Artificial Intelligence and Machine Learning
We may use artificial intelligence (“AI”) technologies to support certain business operations, such as customer relationship management (CRM), talent acquisition, analytics, and security monitoring. As with other business operations described in this policy, AI-related processing is performed in our role as a data Controller, in accordance with applicable laws, including the EU AI Act and the GDPR.
E. Cookies and Similar Technologies
Jamf and our third-party partners, such as our advertising and analytics partners, use cookies and similar technologies to make our websites and applications work and to learn more about our users, their likely interests, and information relating to their visits and interactions with a website or application.
Use of Cookies. We may collect various forms of information such as entry and exit points for our websites (i.e., referring URLs or domain names), website traffic statistics, operating system, and browser type (collectively referred to as “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the sites. In addition, when you request pages on our sites, our servers automatically log your IP address. Depending on the cookie, the cookie may expire at the end of your browser session or may remain (or “persist”) on your computer until the expiration date specified in the cookie.
Controlling or Modifying Cookies. If you accept a cookie, you can delete it at any time (e.g., as soon as you leave our websites) through your web browser. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you can set your browser to reject cookies or to alert you when a cookie is placed on your computer. If you choose to decline cookies, certain features or functionality of our Services that depend on your web browser accepting cookies may not work properly. You can also use opt-out tools provided by third-party partners, or by the Digital Advertising Alliance (http://www.aboutads.info/choices), the EU Internet advertising industry (http://www.youronlinechoices.eu), or similar entities. Where required we obtain consent prior to using cookies.
Analytics. We use analytical services provided by Google to monitor our Services, including Firebase, Google Analytics for Firebase, and Crashlytics. You can learn more about the types of analytical data collected, how that data is processed, and how to opt out of certain features by visiting: www.google.com/policies/privacy/partners/.
Do Not Track Signals. Jamf Services do respond to Do Not Sell and Do Not Track Signals through Global Privacy Controls.
F. Lawful Basis for Processing Your Personal
Our lawful basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be the following:
- Legitimate Interests: We process personal information where it is necessary for us to operate and improve our business, including communicating with you about our Services. This can include direct marketing, provided this is not overridden by your privacy rights and choices.
- Consent: We process your personal information when you have given us your consent, provided we explain the purpose of the processing in advance. We rely on consent when you sign up for our events, fill out forms on our website, or accept cookies. You can withdraw your consent at any time, but this will not affect any processing already carried out based on your previous consent.
- Performance of Contract: We process certain personal information where it is necessary to fulfil our contract with you, such as providing access to our products, managing your subscriptions, or delivering support services. This includes activities like authenticating users, deploying software, and responding to service requests.
- Legal Obligations: We process personal information in accordance with legal or regulatory obligations. This includes responding to valid legal requests, maintaining required records, and complying with applicable laws such as tax, financial reporting, and employment laws.
G. Sharing Personal Information & Accountability for Onward Transfer
We engage third-party partners and processors to support business operations such as mailing services, data analysis, marketing, managing and optimizing customer data, data storage, payment processing, search functionality, and customer support. We permit these parties to use personal information only as necessary to perform services on our behalf.
We may also share your personal information, without your prior consent, in the event of any reorganization, merger, sale, joint venture, or transfer of assets. When personal information is shared, we will ensure that the third parties receiving the information are obligated to provide at least the same level of privacy protection as is required under this Privacy Policy. If we transfer information outside of a local jurisdiction, it will only be done with adequate protections in place and in compliance with applicable laws and standards.
We may share your personal information if we have a good faith belief that such action is necessary to (i) protect and defend our rights or property, (ii) enforce this Privacy Policy, (iii) participate in dispute resolution pursuant to this Privacy Policy, (iv) protect the interests of other users of the Services or any other person, or (v) operate or conduct maintenance and repair of the Services or equipment as necessary to provide Services to you.
We may be required to disclose your personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. If we receive a request for this personal information, we will (unless prohibited by law from doing so) inform the relevant individual as soon as reasonably practicable and take reasonable actions to address or assist in addressing such request.
We will remain liable under applicable laws and relevant contractual obligations for its processors, if they process your personal information in a manner inconsistent with applicable laws and contractual obligations.
H. Parents’ Rights and Children's Privacy
Our Services are not directed to anyone under the age of 16, and we do not knowingly solicit or collect information from individuals under 16 years of age. However, some of our Product Offerings are used by educational institutions that serve children. “Children” are individuals under the age of 16 (or below the legal age of majority as mandated by the laws of the jurisdiction in which they reside). We are committed to protecting the privacy of children who use our Product Offerings.
- We will NOT knowingly collect, use or distribute personal information from children under the age of 16 without prior consent from a parent and/or guardian or the educational entity using our Product Offerings.
- We will never knowingly request personal information from anyone under the age of 16.
- We only share children's data with parents, guardians, educators, or other authorized third parties, which was obtained in the course of providing our Product Offerings to educational institutions that serve children. We only disclose personal information if permitted and/or required by law and in the course of providing our Product Offerings and as required or permitted by the contractual obligations associated with our Services.
- We will not provide Product Offerings that knowingly ask a child under 16 years-of-age to divulge more information than is required to ensure the features of the our applications operate for their intended purposes, and for educational purposes.
I. International Data Transfer
Your personal information might be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection and privacy laws that are different than the laws of your home country. We only transfer personal information to other countries in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information. A list of our global offices is available here.
If you are a resident of the European Economic Area (“EEA”) and your personal information is transferred outside of the EEA, we will:
- Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by EEA Standard Contractual Clauses (“EEA SCCs”) or another lawful transfer mechanism approved by the European Commission.
If you are a resident of the United Kingdom (“UK”) and your personal information is transferred outside of the UK, we will:
- Process it in a territory which the Information Commissioner’s Office (“ICO”) has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by appending the UK Addendum to the EEA SCCs or another lawful transfer mechanism approved by the ICO.
If you are a resident of Switzerland and your personal information is transferred outside of Switzerland, we will:
- Process it in a territory which the Swiss government has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by using the EEA SCCs, subject to modifications and amendments prescribed by the Swiss Federal Data Protection Act and Information Commissioner.
J. Participation in the EU-U.S., UK, and Swiss Data Privacy Frameworks
In addition to the transfer mechanisms described above, to further demonstrate our commitment to privacy, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Jamf has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information from Switzerland in reliance on the Swiss-U.S. DPF.
Our U.S. affiliate also adheres to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the relevant DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Additionally, our organization commits to cooperating with the appropriate European data protection authority/ies (“DPAs”) (i.e., the EU DPAs, and, as applicable, the United Kingdom Information Commissioner’s Office and Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner) and comply with the advice given by such authority/ies regarding human resources data. Jamf’s Employee Privacy Notice is available here. In compliance with the EU-U.S. and Swiss-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF, Jamf commits to resolve DPF Principles-related complaints about our collection or use of your personal information. European Union, Swiss and United Kingdom individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and Swiss DPF should first contact us via Section V below.
In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, we commit to refer unresolved privacy complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs, which is based in the United States. If you do not receive timely acknowledgment of your DPF Principles complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers or more information or to file a complaint. The services of BBB National Programs is provided at no cost to you.
Under certain conditions, you may invoke binding arbitration for certain residual claims as to data covered by the EU-U.S. DPF, the UK Extension to the EU.U.S. DPF and Swiss-U.S. DPF. The purpose of this option is to provide a prompt, independent, and fair mechanism, at your option, for resolution of any claimed violations of the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or Swiss-U.S. DPF Principles not resolved by any of the other EU-U.S. DPF, UK Extension or Swiss-U.S. DPF mechanisms. For additional information on binding arbitration, see Annex I to the EU-U.S. DPF Principles found here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
K. Protection and De-Identification of Information
Considering the risks involved in the processing, the nature of personal information processed, and to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction while maintaining data accuracy, we have implemented appropriate physical, electronic, and managerial policies and procedures to safeguard the personal information we collect.
Where we maintain or use de-identified information, we will not attempt to re-identify the information.
For more information on how we protect information, see Jamf's Trust Center.
L. Retention
We retain your personal information (including your sensitive data) in an identifiable form for as long as needed or permitted considering the purposes for which it was collected. We look at the following criteria to determine our retention periods:
- The duration of our relationship with you, including the time we provide Services and any period after during which we may need to retain personal information to fulfill legitimate business needs;
- If we have a legal obligation to keep the personal information, for example, certain laws may require us to keep records of your transactions for a specified period before we can delete them; and
- If there is an applicable statute of limitations, litigation, or regulatory investigations that require us to retain the information.
M. Other Limits to Your Privacy
The Services may contain links to other non-Jamf websites. We are not responsible for the privacy practices or the content of such websites. We have no control over the use of non-Jamf websites, and you should exercise caution when deciding to disclose any information on these websites.
N. Choice
You have control over the personal information you provide to us. While you can choose not to share certain information, doing so may limit functionality or prevent access to our Services. You have the right to opt out of our marketing communications at any time by emailing privacy@jamf.com, clicking the unsubscribe link in our emails, or unsubscribing here. We will process your request(s) as soon as reasonably possible. Please note that even if you opt out of marketing messages, you may still receive service-related or operational communications from us.
O. Legal Compliance
We may disclose your information in response to valid subpoenas, warrants, court orders, and other legal requests as required to comply with our legal obligations. If we receive any government agency requests, we will inform you in writing as soon as reasonably practical unless prohibited by law from doing so. We will cooperate with law enforcement agencies and authorities within the bounds of applicable laws and regulations while prioritizing the protection of your privacy.
P. Privacy Requests
If you would like to request to access, correct, update, suppress, restrict, or delete your personal information, object to or opt out of the processing of your personal information, or receive a copy of your Personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us as set out in Section V below or by submitting a Data Subject Request (DSR) here.
To protect your privacy and security, we may also take reasonable steps to verify your identity before responding to DSRs.
We may process certain types of personal information for our customers when providing our Product Offerings. We process this personal information to provide customers the Product Offerings according to the license and services agreement between us and the customer. Often, we will not have a direct relationship with the data subjects of this personal information, as our relationship is with the business or organization, not an individual employee of the organization. If you have questions about your personal information, we recommend first contacting the organization that originally collected your personal information. The organization can contact us if further assistance is needed.
Q. Regulatory Oversight
For this Privacy Policy, its content, and our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we are subject to the jurisdiction of the Federal Trade Commission (“FTC”). If we become subject to an FTC or court order based on non-compliance with this policy, applicable privacy laws, the EU-U.S. and Swiss-U.S. DPFs, or the UK Extension to the EU-U.S. DPF, we will make public any relevant information of any compliance or assessment reports submitted to the FTC, if consistent with confidentiality requirements.
R. Data Disclosure Notification
Should we become aware of a data breach or security incident involving the disclosure of your personal information, we will notify you as required by applicable laws. Our notification will include details of the breach, corrective actions, and contact information for further assistance. Our Information Security Breach Management process can be found here.
S. Privacy Rights for Residents of the United States
Depending on your place of residence, you may have certain privacy rights under U.S. state privacy laws. These rights may include the ability to access, correct, delete, or restrict the processing of your personal information. If eligible, you can submit a request through our webform or by emailing us at privacy@jamf.com.
We may require you to verify your identity by providing personal information that we will match against our records. Where permitted, you may designate an authorized agent to make a request on your behalf. Please refer to sub-section T.6.
T. California Notice—For Residents of California
This section applies to California residents and supplements the information provided above in the Privacy Policy. It does not apply to our employees or other personnel where the personal information we collect about those individuals relates to their current, former, or potential employment at Jamf.
T.1 Categories of Personal Information Collected and Sources
We may collect this personal information directly from you, from third parties, and from your interactions with our Services. As defined by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”), the personal information categories we have collected about California consumers in the preceding 12 months are:
- Personal information as defined in the California customer records law, such as name, contact details (address, phone number, email), and employment information, such as current employer.
- Characteristics of protected classifications under California or federal law, such as primary language.
- Commercial information, such as purchase history and transaction information.
- Internet or network activity information, such as browsing history, online identifiers, search history, and interactions with our online properties or ads.
- Geolocation data as approximate location derived from IP address.
- Audio, electronic, visual, and similar information, such as photos and call or video recordings.
T.2 Purposes for Collection, Use, and Disclosure of Personal Information
We collect the categories of personal information outlined above for business operations, marketing, security, and legal and compliance purposes, as detailed in Section C. We may share this information with our service providers, affiliates, and business partners that support functions such as data analysis, data storage, payment processing, and customer support. We may disclose information to public and governmental authorities, including regulatory authorities and law enforcement, as described above in Section G.
T.3 Sensitive Personal Information
We have not collected, shared, or sold any sensitive personal information, as defined under the CCPA. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated. Without limiting the foregoing, we do not “sell” or “share” sensitive personal information.
T.4 Categories of Personal Information Sold/Shared for Cross-Context Behavioral Advertising
We may disclose the categories of personal information listed above to third-party advertising partners, in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA.
We do not knowingly “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.
T.5 Individual Requests
Subject to applicable law, California residents may make the following requests regarding their personal information:
A. Right to Know
You may request that we disclose to you the following:
- The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
- The business or commercial purpose for collecting, “selling,” or “sharing” personal information about you;
- The categories of personal information about you that we “sold” or “shared” and the categories of third parties to whom we “sold” or “shared” such personal information; and
- The categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
B. Right to Correct - You may request to correct inaccuracies in your personal information.
C. Right to Delete - You may request to have your personal information deleted.
D. Right to Access and Data Portability - You may request to receive the specific pieces of your personal information, including a copy of the personal information you provided to us in a portable format.
E. Right to Opt Out of Sale or Sharing - You may opt out of the “sale” or "sharing” of your personal information for cross-context behavioral advertising through cookie consent.
We will not unlawfully discriminate against you for exercising your privacy rights. To submit a request, please contact us at privacy@jamf.com or 888-755-1421. We will verify and respond to your request in accordance with applicable law, considering the type and sensitivity of the personal information involved.
To protect against fraudulent requests, we may ask you to provide additional information to verify your identity. If you have a password-protected account with us, we may verify your identity through our standard authentication process and require you to re-authenticate yourself before fulfilling certain requests. For deletion requests, we may ask you to confirm the request before proceeding.
We also process opt-out preference signals, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using. For information about how to use Global Privacy Control, please visit https://globalprivacycontrol.org/.
T.6 Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in sub-section T.5. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in sub-section T.5 or confirm that you provided the agent permission to submit the request.
U. Changes to Our Privacy Policy
We may update this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you by posting the revised policy on our corporate website (https://www.jamf.com/privacy-policy/), so please visit it periodically. The date of the most recent revision to this Privacy Policy will be posted at the end. Any revisions will become effective upon seven calendar days following such posting on our corporate website.
V. How to Contact Us
If you have any questions or complaints about this Privacy Policy, please contact us as follows:
JAMF Software, LLC
100 Washington Avenue South
Suite 900
Minneapolis, MN 55401
If you would like to request access to the personal information that we may maintain about you, please submit a request here.
We have a designated Data Protection Officer (“DPO”) to respond to questions and complaints. If you have questions regarding our privacy practices or how we handle your information, please email our DPO at privacy@jamf.com.
Date Updated: June 19, 2025