Skip to content
On-demand recording | SAP IdM End of Life: Migration Without Disruption | With Deloitte · 60 min Watch recording
Legal

Privacy Policy

Last updated May 7, 2026

The Dot Net Factory, LLC dba EmpowerID

Address: 4393-A Tuller Road, Dublin, OH 43017 USA
Phone: +1 614-652-6825
Effective Date: June 16, 2020
Last Updated: May 7, 2026

Introduction

At The Dot Net Factory, LLC dba EmpowerID ("EmpowerID," "we," "our," or "us"), we are committed to respecting your privacy. This Privacy Policy explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights. It applies to information we collect through our public-facing websites, including www.empowerid.com, info.empowerid.com, blog.empowerid.com, training.empowerid.com, and docs.empowerid.com (collectively, the "Websites"), as well as related sales, marketing, support, and recruiting activities.

In this Privacy Policy, references to "EmpowerID" include The Dot Net Factory, LLC and its applicable affiliates involved in the relevant processing activity. The contact information of our offices can be found at https://www.empowerid.com/contact.

Consent to Recording, Tracking, and Communications

IMPORTANT — PLEASE READ CAREFULLY. By accessing or using our Websites after receiving notice, and where required by applicable law providing consent, you acknowledge the practices described in this Section and throughout this Privacy Policy. If you do not agree, you should not use the Websites.

You acknowledge and agree that EmpowerID and its service providers may, in accordance with this Privacy Policy:

  • Use cookies, pixels, tags, software development kits, web beacons, and similar tracking technologies on the Websites;
  • Record, store, and analyze your interactions with the Websites, including page views, clicks, scroll behavior, mouse movements, and limited form-interaction metadata. We do not intentionally record passwords, payment fields, government identifiers, or other fields we have designated as sensitive, and we configure recording technologies to mask or suppress sensitive form-field content where supported;
  • Disclose information collected through these technologies to our service providers, analytics partners, and advertising partners as described in this Privacy Policy; and
  • Record telephone, video, and chat communications you have with us, where applicable, after providing notice and obtaining any required consent.

This consent is intended to satisfy any applicable legal requirement, including under the California Invasion of Privacy Act (Cal. Penal Code §§ 630–638), the federal Electronic Communications Privacy Act, and any analogous state or federal laws. California residents have additional rights described in the "California Privacy Rights" section below, including the right to opt out of the sharing of personal information for cross-context behavioral advertising and the right to direct us to honor the Global Privacy Control (GPC) signal sent by your browser.

Where required by applicable law, we provide just-in-time notice or obtain consent before using technologies that record or analyze interactions with the Websites. We honor the GPC signal as a valid request to opt out of sale and sharing of personal information for California residents. The Websites do not respond to browser-based "Do Not Track" signals because no common standard for those signals has been adopted; we honor GPC instead.

EmpowerID's Role

EmpowerID is the controller of personal data described in this Privacy Policy unless stated otherwise. This Privacy Policy does not describe or govern EmpowerID's processing of customer-controlled identity, access management, directory, authentication, authorization, entitlement, audit, workflow, or other data processed through EmpowerID products or deployments (whether cloud or on-premises). That data is processed under the applicable customer agreement, data processing agreement, order form, statement of work, and customer instructions, and the customer is the controller. You should direct privacy inquiries regarding that data to the relevant customer. EmpowerID will support customers as needed in responding to data subject requests within a reasonable timeframe.

For on-premises deployments of EmpowerID, the customer remains the controller of all personal data connected to the local deployment.

Categories of Personal Data We Collect

Information You Provide to Us

Contact and Work Data: name, email, phone, mailing address, employer, job title, industry — collected when you request information, register for a demo or trial, attend an event, or otherwise communicate with us. Because EmpowerID primarily provides business-to-business services, much of the information we collect consists of business contact information used to communicate with prospective customers, customers, partners, vendors, and other business contacts.

Support-Related Data: contact information, descriptions of issues, logs, error reports, and other information you submit to our help center or bug-reporting platform.

Job Applicant Data: resume, education, employment history, and, where permitted by applicable law and relevant to the role or hiring process, additional applicant information such as government identifiers, work authorization information, background check information, or legally required equal-employment-opportunity information. We collect criminal records, credit checks, or similar sensitive information only where permitted by law and appropriate for the position or legal requirement.

Contract and Payment Data: billing name and address, signatures, and payment details.

Audio, Electronic, or Visual Data: recordings of demos, webinars, phone calls, video conferences, and chat sessions, with notice and required consent.

Information Collected Automatically

We collect technical and usage information automatically when you visit the Websites, including IP address, device identifiers, browser type and version, operating system, referring URL, pages viewed, time spent, clickstream data, search terms, and approximate geographic location derived from IP. This category also includes information collected through cookies and similar technologies as further described in the Cookies section below.

Information from Third-Party Sources

We may receive business contact information and information about job applicants from third-party marketing services, data aggregators, referral partners, recruiting platforms, background-check providers, and publicly available sources such as LinkedIn.

Sensitive Personal Information

We do not generally collect sensitive personal information from Website visitors. We may collect government identifiers, work authorization information, or legally required equal-employment-opportunity information (which may include racial or ethnic origin) from job applicants where permitted by law and necessary for legitimate employment purposes or legal compliance. California residents may direct us to limit the use and disclosure of their sensitive personal information; see the California Privacy Rights section.

Cookies and Similar Tracking Technologies

The Websites use cookies and similar technologies for the purposes summarized in the table below. You can manage your preferences through our cookie consent tool, accessible at any time via the "Cookie Settings" link in the footer of each Website.

Category Purpose Examples of Providers Consent Required
Strictly Necessary Site functionality, security, load balancing, fraud prevention EmpowerID first-party cookies; Azure Front Door No (essential)
Functional / Preferences Remember language, region, and user interface preferences EmpowerID first-party cookies Yes
Analytics / Performance Understand how visitors use the Websites Google Analytics; Google Tag Yes
Marketing / Advertising Measure advertising effectiveness; cross-context behavioral advertising LinkedIn Insight Tag; HubSpot; Google AdWords Yes

Where required by applicable law, we obtain your consent before placing non-essential cookies. You may withdraw consent or change your preferences at any time through the cookie consent tool. Blocking non-essential cookies will not affect your access to the Websites but may limit certain functionality.

SalesViewer. Our websites use SalesViewer® technology from SalesViewer® GmbH on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in B2B marketing analysis. The data captured is hashed and pseudonymized and is not used to identify individual visitors. You may opt out at any time at https://www.salesviewer.com/opt-out.

How We Use Personal Data

We use personal data for the following purposes:

  • Provide and improve the Websites and services, including delivering requested content, processing demo and trial requests, and improving functionality, performance, and security.
  • Communicate with you about products, services, events, support requests, security alerts, and administrative messages.
  • Marketing and advertising, including sending promotional communications consistent with your preferences and applicable law, and displaying relevant advertisements on third-party platforms such as LinkedIn and Google.
  • Recruiting, including evaluating applications, conducting reference and background checks where permitted, and communicating about opportunities.
  • Process payments and perform contractual obligations.
  • Safety, security, fraud prevention, and legal compliance, including detecting and responding to suspicious activity, enforcing our terms, and meeting legal, regulatory, audit, and tax obligations.
  • Other purposes with your consent include testimonials and customer stories.

Aggregated and Deidentified Data. We may create and use aggregated, anonymized, or deidentified information for analytics, benchmarking, security, product improvement, and other lawful business purposes. We do not attempt to reidentify deidentified information except as permitted by law.

Lawful bases (EEA/UK/Switzerland). Where the GDPR or UK GDPR applies, we rely on the following lawful bases: performance of a contract; our legitimate interests in operating, securing, and growing our business; compliance with a legal obligation; and your consent (which you may withdraw at any time).

Marketing Opt-Out. You may opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting privacy@empowerid.com. We may still send transactional, administrative, security, legal, or contractual communications.

How We Share Personal Data

We share personal data with the following categories of recipients:

  • Group companies and affiliates for the purposes described in this Privacy Policy.
  • Service providers and processors that help us operate the Websites, host data, send communications, deliver advertising, run analytics, process payments, perform background checks, and provide security services. These providers are bound by contract to use personal data only for the purposes we specify.
  • Advertising and analytics partners for cross-context behavioral advertising and measurement, where permitted and where you have not opted out.
  • Legal, regulatory, and law-enforcement authorities where disclosure is necessary to comply with law, exercise legal rights, or protect vital interests.
  • Acquirers or successors in connection with an actual or proposed merger, acquisition, financing, or sale of all or part of our business.
  • Other parties with your consent.

Sales and Sharing of Personal Information. EmpowerID does not sell personal information for monetary consideration. We do share certain identifiers, internet activity, and inferences with advertising partners for cross-context behavioral advertising as that term is defined under the California Privacy Rights Act. California residents may opt out of this sharing using the "Cookie Settings" link in our footer or by sending a GPC signal from a supported browser.

International Data Transfers

EmpowerID is headquartered in the United States and hosts the Websites and most processing infrastructure on Microsoft Azure. Personal data we collect may be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data protection as your country of residence.

EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework. Where personal data originates in the European Economic Area, the United Kingdom, or Switzerland and is transferred to the United States, EmpowerID complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce. EmpowerID has certified to the U.S. Department of Commerce that it adheres to the DPF Principles. To learn more or view our certification, visit https://www.dataprivacyframework.gov.

EmpowerID commits to cooperate with the European Data Protection Authorities, the UK Information Commissioner's Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable, with respect to unresolved complaints. EmpowerID is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Where appropriate, we also rely on EU Standard Contractual Clauses and the UK International Data Transfer Addendum for transfers from the EEA and UK.

Independent Recourse Mechanism. In compliance with the DPF Principles, EmpowerID has selected VeraSafe as our independent recourse mechanism for unresolved DPF-related complaints. If you have an unresolved privacy or data use concern under the DPF that we have not addressed satisfactorily, you may contact VeraSafe at no cost to you at https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. Under certain conditions described on the DPF website, you may also invoke binding arbitration through the DPF Panel.

California Privacy Rights

Under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), California residents have specific rights regarding their personal information, summarized below. These rights apply to the extent permitted by applicable law.

  • Right to Know: the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of recipients, and whether we have sold or shared personal information.
  • Right to Delete: deletion of personal information we collected from you, subject to legal exceptions.
  • Right to Correct inaccurate personal information.
  • Right to Limit Use and Disclosure of Sensitive Personal Information to uses necessary to provide the requested service.
  • Right to opt Out of Sale or Sharing for cross-context behavioral advertising. We honor the Global Privacy Control (GPC) browser signal as a valid opt-out request.
  • Right to non-discrimination for exercising your privacy rights.
  • Right to Use an Authorized Agent to submit a request on your behalf.

How to exercise your rights. Submit a request via the "Cookie Settings" link in our footer, by emailing privacy@empowerid.com, or by calling +1 614-652-6825. We will verify your identity in accordance with applicable law before processing certain requests. We do not offer financial incentives in exchange for personal information.

Notice of Right to opt Out. A "Cookie Settings" link is available in the footer of our websites. You may also opt out of cross-context behavioral advertising by enabling GPC in a supported browser.

Categories collected, sources, purposes, and disclosures (CCPA notice at collection). We collect the categories of personal information described in the Categories section above from the sources described there for the purposes described in How We Use Personal Data and disclose them to the categories of recipients described in How We Share Personal Data.

We retain this information for the periods described in Data Retention.

Other U.S. State Privacy Rights

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have rights similar to those described in California Privacy Rights, including the right to access, delete, correct, and port personal data, and to opt out of targeted advertising, sale, and certain profiling. Submit requests to privacy@empowerid.com. We respond to verifiable consumer requests within the timeframes required by applicable law.

EU, UK, and Swiss Privacy Rights (GDPR / UK GDPR / FADP)

If you are a data subject in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to personal data we process as controller:

  • Right of Access to your personal data.
  • Right to Rectification of inaccurate or incomplete personal data.
  • Right to Erasure ("right to be forgotten") in certain circumstances.
  • Right to Restrict Processing in certain circumstances.
  • Right to Data Portability for data you have provided to us.
  • Right to Object to processing based on legitimate interests, including direct marketing.
  • Right Not to Be Subject to Automated Decision-Making that produces legal or similarly significant effects.
  • Right to Withdraw Consent at any time, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint with a supervisory authority, including the data protection authority of your country of residence, the UK ICO, or the Swiss FDPIC.

To exercise these rights, contact privacy@empowerid.com. Complaints under the Data Privacy Framework that we cannot resolve directly may be submitted at no cost to VeraSafe under the VeraSafe Data Privacy Framework Dispute Resolution Procedure (https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/) and, as a last resort, to binding arbitration through the DPF Panel.

Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy or as required by applicable law. Indicative retention periods are:

  • Marketing contact data: until you opt out, after which we retain a suppression record.
  • Demo and trial registrations: up to 36 months from last activity.
  • Support tickets and bug reports: up to 7 years for security, audit, legal, and operational purposes, unless a shorter or longer period is required by applicable law, customer agreement, or documented customer instruction.
  • Job applicant data: up to 24 months for unsuccessful candidates, or longer if required by law or with your consent.
  • Contract and payment data: as required by tax, accounting, and contract law (typically 7 years).
  • Website analytics and cookies: see the cookie consent tool for the specific lifetime of each cookie.

When we no longer have a legitimate business or legal need to retain personal data, we delete or anonymize it, or — where deletion is not feasible (for example, due to backup retention) — we securely store and isolate it from further processing until deletion is possible.

Data Security

EmpowerID maintains a comprehensive written information security program with administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our program is aligned with SOC 2 Type II and ISO/IEC 27001:2022 certifications and is subject to ongoing third-party audit. EmpowerID trains its employees in data handling and requires its service providers to maintain comparable safeguards.

In the event of a security incident affecting personal data, we will notify affected individuals and regulators where required by applicable law and within the timeframes required by that law.

No security control is perfect. You are responsible for protecting your credentials and the security of your devices.

Automated Decision-Making and Artificial Intelligence

We do not currently use automated decision-making or profiling on Website visitors that produces legal or similarly significant effects within the meaning of GDPR Article 22 or applicable U.S. state automated-decision-making laws. Where we use AI-assisted tools in contexts that may materially affect you (for example, recruiting), we use human review as appropriate and do not rely solely on automated processing to make decisions that produce legal or similarly significant effects, unless permitted by applicable law. You may request human review by contacting privacy@empowerid.com.

Children

The Websites are intended for business users and are not directed to children. We do not knowingly collect personal information from children under the age of 16. If we learn that we have collected personal information from a child under 16 in a manner inconsistent with the Children's Online Privacy Protection Act or analogous laws, we will delete that information as soon as practicable. If you believe a child has provided us with personal information, contact privacy@empowerid.com.

Accessibility

EmpowerID is committed to digital accessibility. We aim to conform to Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. If you experience an accessibility barrier on our websites, contact accessibility@empowerid.com and we will work to provide the information through an accessible alternative.

Changes to This Privacy Policy

EmpowerID may amend this Privacy Policy from time to time. The "Last Updated" date at the top of this policy reflects the most recent revision. For material changes, we will provide reasonable advance notice — for example, by email to registered users or by a banner on the Websites — before the change takes effect.

Continued use of the Websites after the effective date constitutes acceptance of the revised Privacy Policy.

Contact Us

For questions or to exercise your privacy rights, contact our Privacy Officer:

EmpowerID — Privacy Officer

The Dot Net Factory, LLC

4393-A Tuller Road, Dublin, OH 43017 USA

Email: privacy@empowerid.com

Phone: +1 614-652-6825

Representative (EU/UK)

EmpowerID has appointed the following representative under Article 27 of the GDPR:

Brödermann Jahn Rechtsanwaltsgesellschaft mbH
ABC-Straße 15, 20354 Hamburg, Germany
Tel.: +49 (0)40 - 370 90 5 - 75

EU, UK, and Swiss residents may also contact us directly at the address above.

Disputes regarding our collection or use of your personal data may be referred to your local data protection authority or, for unresolved DPF complaints, to VeraSafe at https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.