Updated: December 22nd, 2022
Identity and Access
We collect end-user email addresses in a login popup in order to ensure only authorized users have access to our services. We send these email addresses to Auth0, a third-party identity provider. Neither we, nor Auth0, collect passwords from our end-users. We authenticate users with a one time code sent to the provided email.
Auth0 collects other information about the user that is stored for a maximum of 30 days, such as:
Browser type and version
Platform type and version
Time of each login
Time of each token exchange
Time of account creation
Auth0 maintains the following security certifications:
SOC Type 2
Gold CSA STAR
Data Storage and Usage
We also collect a non-PII identifier corresponding to applicant information from protected web pages that our end users visit solely to perform their job duties at a property management company partnered with Two Dots. These identifiers are encrypted in transit with SSL and are never persistently stored on the end user’s machine.
Both the user authentication scheme for our own service and the authentication scheme for the aforementioned protected web pages use the end user’s work email at their property management company for user identification. Each time we are sent one of these non-PII identifiers, we log the corresponding HTTPS request in Google Cloud Platform. These requests are associated with the end user’s email address.
Access to Google Cloud Platform by Two Dots employees requires the use of a physical security key.
Two Dots Inc., 420 E 58th Street, New York, NY, 10022