Product Privacy Policy


Effective starting: 2018-05-15

This Privacy Policy explains what information the "FusionAuth Product" collects about you and/or your users, why we collect it, what we do with that information, how we share it, and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your personal information and how you can access and update this information.

What personal information do we collect from the people that visit our blog or website?

For more information about the information we collect on our website and blog, please consult our Privacy Policy.

Scope of Product Privacy Policy

This Privacy Policy applies to the information is stored or collected through your use of the FusionAuth Product.

FusionAuth variations include:

  • FusionAuth Cloud
  • FusionAuth Downloads

By registering for or using the FusionAuth Product you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

When does the FusionAuth Product collect information?

The FusionAuth Product collects information only in the exact manner that you have specified. By using the APIs and web interfaces of the FusionAuth Product, you might be collecting and storing your information or information of your users in the FusionAuth Product.

Cookies and Other Tracking Technologies: The FusionAuth Product uses cookies to manage sessions for our web application interfaces and for some identity data including JWTs and Refresh tokens. Cookies are small data files stored on your hard drive or in device memory. These cookies are never shared with any third party unless you specifically share them. FusionAuth employees or the corporate entity never has access to any cookies generated by our products. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit.

What information do you collect?

The FusionAuth Product will collect and store any information that you specifically send it via the product APIs or web interfaces. You are completely in control of the information that is collected and stored. At any time, you can deleted any information permanently from the FusionAuth Product via the APIs or web interfaces.

How do we use this information?

FusionAuth does not process for business use any information stored in the FusionAuth Product unless instructed to by you. Data stored in the FusionAuth Product might be used internally in order to provide you with support or enhancements. Any use of the data stored in the FusionAuth Product for support or enhancements will be secured according to industry best practices.

How do we protect your information?

If FusionAuth is providing you with hosting for the FusionAuth Product, your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via TLS v 1.2 or newer.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information that is collected or stored within the FusionAuth Product.

Third-party links

We do not include or offer third-party products or services on our website.

Changes to our Product Privacy Policy

We may change this Product Privacy Policy from time to time. If we make any changes, we will notify you by revising the "Effective Starting" date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (such as by adding a notice on the FusionAuth home page, login screens, or by sending you an email notification). We encourage you to review our Privacy Policy whenever you use the FusionAuth Product to stay informed about our information practices and the ways you can help protect your privacy. If you disagree with any changes to this Product Privacy Policy, you will need to stop using the FusionAuth Product and deactivate your account(s).

How does the FusionAuth Product handle Do Not Track signals?

The FusionAuth Product handles Do Not Track signals however you have instructed them to via your use of the APIs or web interfaces.

Our policy towards children

The FusionAuth Product is specifically designed to manage and protect information for children under 13. The FusionAuth Product conform to COPPA and other regulations and it is your sole responsibility to ensure that your use of the FusionAuth Product is compliant.

International users

The FusionAuth Product is specifically designed to manage and protect the information of the citizens of the European Union or other regions with laws governing data collection and use. However, it is your sole responsibility to ensure that your use of the FusionAuth Product is compliant.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur will we notify you via email within 72 hours.


The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

The FusionAuth Product can be used to send emails to you and your users. Therefore, it is your sole responsibility to ensure that your use of the FusionAuth Product is compliant with the CAN-SPAM Act.

Accessing and updating information

Information stored in the FusionAuth Product may be accessed and updated by you at any time. It is your sole responsibility to use the APIs and web interfaces in order to access and update your information and the information of your users.

Contacting us

390 Interlocken Cres. Suite 332
Broomfield, CO 80021
United States