WSO2 API Manager (referred hereafter as “API-M ”) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting, and analytics in one cleanly integrated system.
This section explains how API-M captures your personal information, purpose of capturing, and the retention of your personal information.
Please note that this policy is for reference only, and is applicable for the software as a product. WSO2 Inc., or its developers have no access to the information held within API-M. Please refer “Disclaimer” for more information.
What are the personal information ?
API-M considers anything related to you as your personal information. This includes, but is not limited to,
- Your user name (except in the case where your user name is created by your employer under contract)
- The IP address you use to login
- Your device ID, if you choose to login with a device (Phone, Tablet)
However API-M does not consider the following as your personal information, and uses this only for analytical purposes, since this information cannot be used to track you.
- City/Country from which your TCP/IP connection originates
- Time of the day you login.(Year, Month, Week, Hour or Minute)
- Type of the device you use to login (Phone, Tablet, etc.)
- Operating system and Generic browser information
Collection of your information
API-M collects your information to only serve your access requirements.
- API-M uses your IP address to detect any suspicious login attempt to your account.
- API-M uses your First Name, Last Name, etc to provide rich and personalized information.
API-M collects your information through the following,
- The user sign up page where you enter your personal data
- Tracking your IP address with HTTP request, HTTP headers, and TCP/IP
- Tracking your geographic information with the IP address
Use of your personal information
API-M will use your personal information only for the purposes for which it was collected (or for a use identified as consistent with that purpose).
API-M uses your personal information only for the following purposes.
- To provide you with a personalized user experience. API-M uses attributes such as your name for this purpose
- To protect your account from unauthorized access or a potential hacking attempt. API-M use HTTP or TCP/IP Headers for this purpose
- This includes,
- IP address,
- Browser fingerprinting,
- To derive statistical data for analytical purposes on system performance improvements. API-M will not keep any personal information after statistical calculations. Thus a statistical report has no means to identify an individual person
- API-M may use
- The IP Address to derive geographic information
- Browser fingerprinting to determine the browser technology and version
Disclosure of your personal information
API-M will disclose personal information only for the purposes for which it was collected (or for a use identified as consistent with that purpose), unless you have consented otherwise or where it is required by law.
API-M may disclose your personal information with or without your consent where it is required by law following the due and lawful process.
How API-M keeps your personal information
Where your personal information is stored
API-M stores your personal information in secured databases. API-M exercises proper industry accepted security measures to protect the database where your personal information is held./p>
API-M may use encryption to keep your personal data with added level of security.
How long does API-M keep your personal information ?
API-M keep your personal data as long as you are an active user of our system. You can update your personal data at any time with the given self-care user portals.
How can you request a removal of your personal information ?
You can request the administrator to delete your account The administrator will be the administrator of the tenant you are registered or the super-administrator if you do not use the tenant feature.
You can additionally request to anonymize all traces of your activities that may have been retained by API-M in Logs, Databases or Analytical storage.
Changes to this policy
- WSO2 or its employees, partners, affiliates do not have access to any data, including privacy-related data held at the organization running API-M.
- This policy should be modified according to the organizational requirements.