This analysis describes what Duo Security's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your data as an EU or UK user is transferred to the US, which has different privacy protections. The legal mechanism used (SCCs) has been challenged in courts and requires ongoing review to remain valid.
When you use Duo Security's authentication products or visit its website, Cisco collects your authentication logs, device identifiers, IP addresses, and usage patterns, and the policy permits sharing this data with affiliates, service providers, and in corporate transaction scenarios. For end users whose employers have deployed Duo, the privacy terms applicable to your authentication activity may be governed primarily by your employer's data processing agreement with Cisco rather than this public statement, which limits the direct rights you can exercise against Cisco. You can submit a data access, correction, or deletion request via Cisco's Privacy Request portal at https://www.cisco.com/c/en/us/about/legal/privacy-full.html.
How other platforms handle this
If you are located in the European Economic Area, the United Kingdom, or Switzerland, please be aware that we may transfer your personal information to countries outside of these regions, including to the United States, where data protection laws may not provide the same level of protection as those...
Where Zendesk transfers personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of pro...
Pinterest, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. When we transfer your personal data from the EEA, Switzerland, or the UK to...
Monitoring
Duo Security has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Cisco transfers personal data internationally, including to the United States, and relies on legally recognized transfer mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, and other applicable safeguards to ensure that personal data transferred outside of the European Economic Area (EEA), United Kingdom, or other jurisdictions receives an adequate level of protection.— Excerpt from Duo Security's Duo Privacy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your data as an EU or UK user is transferred to the US, which has different privacy protections. The legal mechanism used (SCCs) has been challenged in courts and requires ongoing review to remain valid.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duo Security.