Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Cisco's privacy policy covering Duo Security products and websites, explaining what personal data Cisco collects about you when you use Duo's authentication services, visit its website, or contact its sales and support teams. Most importantly, Cisco may use your authentication logs, device identifiers, and usage data to improve its products and train internal systems, and may share that data with its global network of affiliates and service providers. If you are in the EU or California, you have specific rights to access, correct, or delete your personal data, and you can exercise those rights through Cisco's Privacy Request portal.
This document is the Cisco Online Privacy Statement governing Cisco's collection, use, and sharing of personal data across Cisco and Duo Security websites, products, and services, with legal bases including consent, legitimate interests, contractual necessity, and legal obligation depending on jurisdiction. The statement asserts that Cisco collects a broad range of personal data including identifiers, authentication logs, device information, usage data, and geolocation, and the terms authorize sharing this data with Cisco affiliates, business partners, service providers, and in connection with corporate transactions such as mergers or acquisitions. The statement reserves the right to use personal data for product improvement, security research, and AI/ML model development, which extends beyond transactional service delivery and may warrant scrutiny under data minimization principles applicable in certain jurisdictions. The policy engages GDPR and EU adequacy frameworks for EEA residents, CCPA and CPRA for California residents, and references compliance with sector-specific frameworks relevant to Duo's authentication and identity management context; applicability of specific protections depends on user location and applicable law. Organizations deploying Duo as a B2B security product should note that employee authentication data processed through Duo may be governed by separate data processing agreements rather than this consumer-facing statement, creating a dual-layer governance structure that compliance teams should map carefully.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Duo Security has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Controller vs. Processor Distinction for Enterprise Users and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.