LastPass is a leading cloud-based password vaulting and single sign-on solution that reduces friction for employees in a way that's easy to manage and effortless to use. By building security and safeguards into the product, we strive to help consumers and businesses increase productivity and decrease the likelihood of password-related breaches. Sensitive data is encrypted locally in a ‘vault' that is stored on the end user's device and on our servers. As such, we cannot view or collect any sensitive vault data stored by our users and the only data we can view is high-level information used to provide, operate, and support LastPass. The process by which we do so is outlined in our Privacy Policy below.

LastPass’ Firefox Extension Privacy Policy Addendum is below:

Privacy Program

LastPass has implemented a robust global data privacy program, which takes into account applicable data privacy laws and regulations, including the requirements of the General Data Protection Regulation (GDPR). To find out more about LastPass and LogMeIn's comprehensive privacy and security programs or to execute a GDPR-compliant Data Processing Addendum (DPA), please visit LogMeIn's Privacy & Trust Center.

LastPass Data

All of your sensitive vault data, including passwords, secure notes, and uploads is protected through comprehensive measures including use of AES 256 encryption with salting and hashing (for more information regarding LastPass' security features, please visit here):

1. All your passwords and other saved sensitive items are stored in an encrypted manner that is never visible to LastPass in its unencrypted form.
2. This ‘zero-knowledge' model is designed to ensure that the items you save in your LastPass vault may only be decrypted client-side via a Master Password that only the user possesses.
3. LastPass may collect certain high-level usage data (i.e., domain-level URLs) in order to provide a better user experience and customer support.

Personal Data

LastPass collects and maintains data as necessary to provide, operate, and support our services. We may collect information* which includes but is not limited to:

1. Your LastPass account information, which includes account owner, account type, as well as payment and transactional information.
2. Your usage, which includes successful and failed log-in attempts, feature utilization, types of items stored in your vault, and sharing of folders.
3. User-specific information, which may include your IP address, devices utilized and associated with your account, as well as your name, email address, and phone number.
   To the extent that ‘personal data' is shared with third-parties to provide the services to you and on your behalf, such third-parties shall be identified at LogMeIn's Privacy & Trust Center.

*Some additional information may be collected if specific features are enabled and/or depending on your LastPass account tier.

Additional Privacy Features

The following are additional features which may be available to further safeguard your privacy:

1. If enabled by you, the Security Challenge page offers the ability to check your hashed information against third-party data breaches and informs you if you may have been subject to a third-party data breach, as well as prompts users to reset any affected passwords. Learn more here.
2. LastPass Enterprise and LastPass Identity administrators can further support data privacy by restricting certain collection behaviors within its organization for data types, such as secure notes and uploads.

LogMeIn’s Standard Privacy Policy is below:

Introduction

This privacy policy will help you understand what information we collect and use at LogMeIn, and the choices you have associated with that information. When we refer to "LogMeIn," "we," "our," or "us" in this policy, we are referring to LogMeIn, Inc., and its subsidiaries and affiliates, which provides the Services to you. The "Services" refers to the applications, services, and websites (marketing and product) provided by LogMeIn. LogMeIn may, from time to time, introduce new products and services. To the extent that these new products and services affect this policy, we will notify you as described in Section 8 below. This privacy policy covers the digital properties listed here. The use of information collected through our service shall be limited to the purpose of providing the services for our customers and as specified herein.

If you have any questions about this privacy policy or our practices, please contact us at privacy@logmein.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

EU-U.S. and Swiss Privacy Shield

TRUSTe Verified Privacy

LogMeIn has self-certified to the EU-U.S. Privacy Shield and Swiss Privacy Shield with respect to Customer Data. For more information, see our Privacy Shield Notice.

Contents:

1. Information We Collect and Receive
2. How We Use the Information We Collect and Receive
3. Analytics, Cookies and Other Web Site Technologies
4. Information Sharing
5. Communicating
6. Accessing Your Data
7. Security
8. Changes to this Statement/Contact Us

1. Information We Collect and Receive

We collect several different types of information to provide Services to you, including:

Customer Account and Registration Data: This includes information you provide to create your account with us or register for events, webinars, surveys, etc. and may include, first and last name, billing information, a password and a valid email address.

Service Data (including Session and Usage data): When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.

Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.

Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.

Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").

2. How We Use the Information We Collect and Receive

LogMeIn may access (which may include, with your consent, limited viewing or listening) and use the data we collect as necessary (a) to provide and maintain the Services; (b) to address and respond to service, security, and customer support issues; (c) to detect, prevent, or otherwise address fraud, security, unlawful, or technical issues; (d) as required by law; (e) to fulfill our contracts; (f) to improve and enhance the Services; (g) to provide analysis or valuable information back to our Customers and users.

Some specific examples of how we use the information:

• Create and administer your account
• Send you an order confirmation
• Facilitate and improve the usage of the services you have ordered
• Assess the needs of your business to determine suitable products
• Send you product updates, marketing communication, and service information
• Respond to customer inquiries and support requests
• Conduct research and analysis
• Display content based upon your interests
• Analyze data, including through automated systems and machine learning to improve our services and/or your experience
• Provide you information about your use of the services and benchmarks, insights and suggestions for improvements
• Market services of our third-party business partners

LogMeIn also collects and stores meeting attendee information to fulfill our obligation to our customers and provide the Services. With their consent, we may also directly provide product and other LogMeIn related information to attendees. LogMeIn will retain your information as long as your account with us is active, to comply with our legal obligations, to resolve disputes, and enforce our agreements.

If you wish to cancel your account or for us to stop providing you services, or if we hold personal information about you and you want it to be removed from our database or inactivated, please contact us at privacy@logmein.com.

3. Analytics, Cookies and Other Web Site Technologies

LogMeIn is continuously improving our websites and products through the use of various third party web analytics tools, which help us understand how visitors use our websites, desktop tools, and mobile applications, what they like and dislike, and where they may have problems. While we maintain ownership of this data, we do not share this type of data about individual users with third parties.

Geolocation and Other Data:

We may utilize precise Geolocation data but only if you specifically opt-in to collection of that data in connection with a particular service. We also use information such as IP addresses to determine the general geographic locations areas of our visitors. The web beacons used in conjunction with these web analytics tools may gather data such as what browser or operating system a person uses, as well as, domain names, MIME types, and what content, products and services are reviewed or downloaded when visiting or registering for services at one of our websites or using one of our mobile applications.

Google Analytics and Adobe Marketing Cloud:

We use Google Analytics as described in "How Google uses data when you use our partners' sites or apps." You can prevent your data from being used by Google Analytics on websites by installing the Google Analytics opt-out browser add-on here. We also employ IP address masking, a technique used to truncate IP addresses collected by Google Analytics and store them in an abbreviated form to prevent them from being traced back to individual users. Portions of our website may also use Google Analytics for Display Advertisers including DoubleClick or Dynamic Remarketing which provide interest-based ads based on your visit to this or other websites. You can use Ads Settings to manage the Google ads you see and opt-out of interest-based ads. We also use Adobe Marketing Cloud as described here. You can opt-out of use of this information as described below.

Tracking Technologies:

LogMeIn and our partners use cookies and similar tracking technologies to track user traffic patterns and hold certain registration information. Tracking technologies also used are beacons, tags and scripts to collect and track information and to improve and analyze our service. If you wish to not have the information these technologies collect used for the purpose of serving you targeted ads, you may opt-out here, or if located in the European Union, click here. The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can still review the website if you choose to set your browser to refuse all cookies; however, you must enable cookies to establish an account and to install the Services. To manage Flash cookies, please click here.

Examples of Cookies We Use:

Session Cookies

• We use these cookies to operate our websites.
• Some cookies are essential for the operation of LogMeIn websites. If a user chooses to disable these cookies, the user will not be able to access all of the content and features.

Preference Cookies

• We use these cookies to remember your preferences.
• When you register at a LogMeIn website, we use cookies to store unique, randomly assigned user IDs that we generate for administrative purposes. These cookies enable you to enter the LogMeIn sites without having to log on each time.

Advertising Cookies

• These cookies are used to serve you with advertisements that may be relevant to you and your interests.
• We use cookies to make advertising more engaging to users, as well as to assist in reporting on marketing program performance and analytics

Security Cookies

• These cookies are used for general security purposes and user authentication.
• We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from access by unauthorized parties.

Mobile Analytics

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
Social Media: Our sites include social media features, such as Facebook, Google and Twitter "share" buttons. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These services will also authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form or provide feedback. Your interactions with these features are governed by the privacy policy of the company providing them.

4. Information Sharing

Ensuring your privacy is important to us. We do not share your personal information with third parties except as described in this privacy policy. We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure and (d) as needed for legal purposes. Third party service providers have access to personal information only as needed to perform their functions and they must process the personal information in accordance with this Privacy Policy.

Examples of how we may share information with service providers include:

• Fulfilling orders and providing the services
• Payment processing and fraud prevention
• Providing customer support
• Sending marketing communications
• Conducting research and analysis
• Providing cloud computing infrastructure

Examples of how we may disclose data for legal reasons include:

• As part of a merger, sale of company assets, financing or acquisition of all or a portion of our business by another company where customer information will be one of the transferred assets.
• As required by law, for example, to comply with a valid subpoena or other legal process; when we believe in good faith that disclosure is necessary to protect our rights, or to protect your safety (or the safety of others); to investigate fraud; or to respond to a government request.

We may also disclose your personal information to any third party with your prior consent.

5. Communications

LogMeIn may need to communicate with you for a variety of different reasons, including:

• Responding to your questions and requests. If you contact us with a problem or question, we will use your information to respond.
• Sending you Service and administrative emails and messages. We may contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as billing, security and fraud notices. These emails and messages are considered a necessary part of the Services and you may not opt-out of them.
• Sending emails about new products or other news about LogMeIn that we think you’d like to hear about either from us or from our business partners. You can always opt out of these types of messages at any time by clicking the unsubscribe link at the bottom of each communication.
• Conducting surveys. We may use the information gathered in the surveys to enhance and personalize our products, services, and websites.
• Offering referral programs and incentives, which allow you to utilize email, text, or URL links that you can share with friends or colleagues.

6. Accessing Your Data

Our customers can always review, update or change personal information from within their account. LogMeIn will also, when you request, provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. Please contact us here if you need assistance in reviewing your information. LogMeIn will respond to your access request to review the information we have on file for you within a reasonable time.

We may also collect information on behalf of our customers, to provide the services, and we may not have a direct relationship with the individuals whose personal data is processed. If you are a customer or end-user of one of our customers, please contact them (as the data controller) directly if: (i) you would no longer like to be contacted by them; or (ii) to access, correct, amend, or delete inaccurate data. If requested to remove data by our customer, we will respond within a reasonable timeframe.

We may transfer personal information to companies that help us provide our service, and when we do, these transfers to subsequent third parties are covered by appropriate transfer agreements. We will retain personal data we process on behalf of our customer as needed to provide services to our customer. Also, we will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

LogMeIn is headquartered in the United States of America and maintains a global infrastructure. Information that we collect and maintain may be transferred to, or controlled and processed in, the United States and/or other countries around the world. When you provide us with information, or use our website(s) and services, you consent to this transfer. We will protect the privacy and security of personal information we collect in accordance with this privacy policy, regardless of where it is processed or stored.

7. Security

LogMeIn follows generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received, however, no security measure is perfect. We recommend safeguarding your password, as it is one of the easiest ways you can manage the security of your own account – remember that if you lose control over your password, you may lose control over your personal information.

8. Changes to this Statement/Contact Us

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will provide notice on this website, and we may notify you by email (sent to the e-mail address specified in your account), prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you continue to use the Services after those changes are in effect, you agree to the revised policy.
If you have any other questions about this policy please contact the LogMeIn Privacy Team at privacy@logmein.com, or call +1 805 690 6400 or write to us via postal mail at: LogMeIn, 320 Summer Street, Boston, MA 02210. To reach our Global Customer Support department, you may contact us here.