LastPass has implemented a robust global data privacy program, which takes into account applicable data privacy laws and regulations, including the requirements of the General Data Protection Regulation (GDPR). To find out more about LastPass and LogMeIn's comprehensive privacy and security programs or to execute a GDPR-compliant Data Processing Addendum (DPA), please visit LogMeIn's Privacy & Trust Center.
All of your sensitive vault data, including passwords, secure notes, and uploads is protected through comprehensive measures including use of AES 256 encryption with salting and hashing (for more information regarding LastPass' security features, please visit here):
- All your passwords and other saved sensitive items are stored in an encrypted manner that is never visible to LastPass in its unencrypted form.
- This ‘zero-knowledge' model is designed to ensure that the items you save in your LastPass vault may only be decrypted client-side via a Master Password that only the user possesses.
- LastPass may collect certain high-level usage data (i.e., domain-level URLs) in order to provide a better user experience and customer support.
LastPass collects and maintains data as necessary to provide, operate, and support our services. We may collect information* which includes but is not limited to:
- Your LastPass account information, which includes account owner, account type, as well as payment and transactional information.
- Your usage, which includes successful and failed log-in attempts, feature utilization, types of items stored in your vault, and sharing of folders.
- User-specific information, which may include your IP address, devices utilized and associated with your account, as well as your name, email address, and phone number.
To the extent that ‘personal data' is shared with third-parties to provide the services to you and on your behalf, such third-parties shall be identified at LogMeIn's Privacy & Trust Center.
*Some additional information may be collected if specific features are enabled and/or depending on your LastPass account tier.
Additional Privacy Features
The following are additional features which may be available to further safeguard your privacy:
- If enabled by you, the Security Challenge page offers the ability to check your hashed information against third-party data breaches and informs you if you may have been subject to a third-party data breach, as well as prompts users to reset any affected passwords. Learn more here.
- LastPass Enterprise and LastPass Identity administrators can further support data privacy by restricting certain collection behaviors within its organization for data types, such as secure notes and uploads.
EU-U.S. and Swiss Privacy Shield
TRUSTe Verified Privacy
LogMeIn has self-certified to the EU-U.S. Privacy Shield and Swiss Privacy Shield with respect to Customer Data. For more information, see our Privacy Shield Notice.
- Information We Collect and Receive
- How We Use the Information We Collect and Receive
- Analytics, Cookies and Other Web Site Technologies
- Information Sharing
- Accessing Your Data
- Changes to this Statement/Contact Us
1. Information We Collect and Receive
We collect several different types of information to provide Services to you, including:
Customer Account and Registration Data: This includes information you provide to create your account with us or register for events, webinars, surveys, etc. and may include, first and last name, billing information, a password and a valid email address.
Service Data (including Session and Usage data): When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.
Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
2. How We Use the Information We Collect and Receive
LogMeIn may access (which may include, with your consent, limited viewing or listening) and use the data we collect as necessary (a) to provide and maintain the Services; (b) to address and respond to service, security, and customer support issues; (c) to detect, prevent, or otherwise address fraud, security, unlawful, or technical issues; (d) as required by law; (e) to fulfill our contracts; (f) to improve and enhance the Services; (g) to provide analysis or valuable information back to our Customers and users.
Some specific examples of how we use the information:
- Create and administer your account
- Send you an order confirmation
- Facilitate and improve the usage of the services you have ordered
- Assess the needs of your business to determine suitable products
- Send you product updates, marketing communication, and service information
- Respond to customer inquiries and support requests
- Conduct research and analysis
- Display content based upon your interests
- Analyze data, including through automated systems and machine learning to improve our services and/or your experience
- Provide you information about your use of the services and benchmarks, insights and suggestions for improvements
- Market services of our third-party business partners
LogMeIn also collects and stores meeting attendee information to fulfill our obligation to our customers and provide the Services. With their consent, we may also directly provide product and other LogMeIn related information to attendees. LogMeIn will retain your information as long as your account with us is active, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
If you wish to cancel your account or for us to stop providing you services, or if we hold personal information about you and you want it to be removed from our database or inactivated, please contact us at firstname.lastname@example.org.
3. Analytics, Cookies and Other Web Site Technologies
LogMeIn is continuously improving our websites and products through the use of various third party web analytics tools, which help us understand how visitors use our websites, desktop tools, and mobile applications, what they like and dislike, and where they may have problems. While we maintain ownership of this data, we do not share this type of data about individual users with third parties.
Geolocation and Other Data:
We may utilize precise Geolocation data but only if you specifically opt-in to collection of that data in connection with a particular service. We also use information such as IP addresses to determine the general geographic locations areas of our visitors. The web beacons used in conjunction with these web analytics tools may gather data such as what browser or operating system a person uses, as well as, domain names, MIME types, and what content, products and services are reviewed or downloaded when visiting or registering for services at one of our websites or using one of our mobile applications.
Google Analytics and Adobe Marketing Cloud:
We use Google Analytics as described in "How Google uses data when you use our partners' sites or apps." You can prevent your data from being used by Google Analytics on websites by installing the Google Analytics opt-out browser add-on here. We also employ IP address masking, a technique used to truncate IP addresses collected by Google Analytics and store them in an abbreviated form to prevent them from being traced back to individual users. Portions of our website may also use Google Analytics for Display Advertisers including DoubleClick or Dynamic Remarketing which provide interest-based ads based on your visit to this or other websites. You can use Ads Settings to manage the Google ads you see and opt-out of interest-based ads. We also use Adobe Marketing Cloud as described here. You can opt-out of use of this information as described below.
Examples of Cookies We Use:
- We use these cookies to operate our websites.
- Some cookies are essential for the operation of LogMeIn websites. If a user chooses to disable these cookies, the user will not be able to access all of the content and features.
- We use these cookies to remember your preferences.
- These cookies are used to serve you with advertisements that may be relevant to you and your interests.
- These cookies are used for general security purposes and user authentication.
- We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from access by unauthorized parties.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
4. Information Sharing
Examples of how we may share information with service providers include:
- Fulfilling orders and providing the services
- Payment processing and fraud prevention
- Providing customer support
- Sending marketing communications
- Conducting research and analysis
- Providing cloud computing infrastructure
Examples of how we may disclose data for legal reasons include:
- As part of a merger, sale of company assets, financing or acquisition of all or a portion of our business by another company where customer information will be one of the transferred assets.
- As required by law, for example, to comply with a valid subpoena or other legal process; when we believe in good faith that disclosure is necessary to protect our rights, or to protect your safety (or the safety of others); to investigate fraud; or to respond to a government request.
We may also disclose your personal information to any third party with your prior consent.
LogMeIn may need to communicate with you for a variety of different reasons, including:
- Responding to your questions and requests. If you contact us with a problem or question, we will use your information to respond.
- Sending you Service and administrative emails and messages. We may contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as billing, security and fraud notices. These emails and messages are considered a necessary part of the Services and you may not opt-out of them.
- Sending emails about new products or other news about LogMeIn that we think you’d like to hear about either from us or from our business partners. You can always opt out of these types of messages at any time by clicking the unsubscribe link at the bottom of each communication.
- Conducting surveys. We may use the information gathered in the surveys to enhance and personalize our products, services, and websites.
- Offering referral programs and incentives, which allow you to utilize email, text, or URL links that you can share with friends or colleagues.
6. Accessing Your Data
Our customers can always review, update or change personal information from within their account. LogMeIn will also, when you request, provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. Please contact us here if you need assistance in reviewing your information. LogMeIn will respond to your access request to review the information we have on file for you within a reasonable time.
We may also collect information on behalf of our customers, to provide the services, and we may not have a direct relationship with the individuals whose personal data is processed. If you are a customer or end-user of one of our customers, please contact them (as the data controller) directly if: (i) you would no longer like to be contacted by them; or (ii) to access, correct, amend, or delete inaccurate data. If requested to remove data by our customer, we will respond within a reasonable timeframe.
We may transfer personal information to companies that help us provide our service, and when we do, these transfers to subsequent third parties are covered by appropriate transfer agreements. We will retain personal data we process on behalf of our customer as needed to provide services to our customer. Also, we will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
LogMeIn follows generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received, however, no security measure is perfect. We recommend safeguarding your password, as it is one of the easiest ways you can manage the security of your own account – remember that if you lose control over your password, you may lose control over your personal information.
8. Changes to this Statement/Contact Us
If you have any other questions about this policy please contact the LogMeIn Privacy Team at email@example.com, or call +1 805 690 6400 or write to us via postal mail at: LogMeIn, 320 Summer Street, Boston, MA 02210. To reach our Global Customer Support department, you may contact us here.