Updated: January 15th, 2024
Identity and Access
We collect end-user email addresses in a login popup in order to ensure only authorized users have access to our services. We send these email addresses to Microsoft, a third-party identity provider. Neither we, nor Microsoft, collect passwords from our end-users. We authenticate users with a one time code sent to the provided email.
Microsoft collects other information about the user that is stored for a maximum of 30 days, such as:
Browser type and version
Platform type and version
Time of each login
Time of each token exchange
Time of account creation
Data Storage and Usage
We also collect a non-PII identifier corresponding to applicant information from protected web pages that our end users visit solely to perform their job duties at a property management company partnered with Two Dots. These identifiers are encrypted in transit with SSL and are never persistently stored on the end user’s machine.
Both the user authentication scheme for our own service and the authentication scheme for the aforementioned protected web pages use the end user’s work email at their property management company for user identification. Each time we are sent one of these non-PII identifiers, we log the corresponding HTTPS request in Google Cloud Platform. These requests are associated with the end user’s email address.
Access to Google Cloud Platform by Two Dots employees requires the use of a physical security key.
Contacting Us
For more information related to our Privacy Policy or our procedures, contact our Privacy Department by email at privacy@twodots.net