This analysis describes what Duo Security's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the scope of data collection activities and clarifies Duo's role in the data processing relationship. This designation as data processor rather than controller determines the legal framework and responsibility allocation for how collected data is handled and protected.
The terms authorize collection of authentication and device-level data as an operational component of the service. Users' authentication events, device characteristics, network location, and identifiers are processed according to the specified privacy and data processing agreements.
How other platforms handle this
"By clicking 'Next', you are indicating that you have read and agree to the TERMS OF USE AND PRIVACY POLICY"
We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products th...
Location data. Data about your device's location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device's IP address...
Monitoring
Duo Security has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"In connection with your use of the Service, Duo may collect and process data relating to end users, including authentication event data, device information, IP addresses, and user identifiers. Customer acknowledges that Duo processes such data as a data processor on behalf of Customer and in accordance with Duo's Privacy Statement and applicable Data Processing Addendum.— Excerpt from Duo Security's Duo Terms of Service
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the scope of data collection activities and clarifies Duo's role in the data processing relationship. This designation as data processor rather than controller determines the legal framework and responsibility allocation for how collected data is handled and protected.
The terms authorize collection of authentication and device-level data as an operational component of the service. Users' authentication events, device characteristics, network location, and identifiers are processed according to the specified privacy and data processing agreements.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Duo Security.