As the global “work from anywhere” company, LogMeIn provides products that simplify how people connect with each other and the world around them. With users in nearly every country around the world, we maintain a global data privacy program designed to secure and protect the data entrusted to us by our customers, users, and end-users.
Global Data Privacy Program
LogMeIn’s data privacy program is designed to respond to today’s applicable privacy rules and regulations and takes into account many of the world’s major data protection regimes, including, but not limited to:
TRUSTe Enterprise Privacy & Data Governance Practices Certification
LogMeIn has obtained the TRUSTe Enterprise Privacy & Data Governance Practices Certification to further demonstrate our ongoing commitment to data protection. To view our certification status please click here. To learn more, please visit our blog post.
APEC CBPR and PRP Certifications
Data Processing Addendum
In addition to maintaining Terms of Service and Privacy Policies designed to support and adapt to changing regulatory requirements and industry standard practices, LogMeIn is pleased to offer a comprehensive global Data Processing Addendum (“DPA”), available here (in multiple languages), which is designed to meet the requirements of applicable data privacy laws and regulations, including the CCPA, GDPR, and LGPD. Key features of our DPA include:
We are dedicated to ensuring that our services continue to comply with the applicable provisions of the CCPA (and the CPRA, once in effect), and that our privacy and security measures are meeting or exceeding industry standard practices. To account for CCPA, our global DPA includes: (a) definitions which are mapped to CCPA; (b) applicable access and deletion rights; and (c) warranties that LogMeIn will not sell our users’ ‘personal information.’
Our DPA incorporates several GDPR-focused data privacy protections, including: (a) data processing details, sub-processor disclosures, etc. as required under Article 28; (b) the revised 2021 Standard Contractual Clauses (the “SCCs”) to permit lawful transfer of ‘personal data’ under Chapter 5; and (c) the incorporation by reference of LogMeIn's technical and organizational measures documentation.
LogMeIn has taken steps designed to ensure that our Brazilian customers can benefit and use our products in compliance with the LGPD. These steps include provisions in our DPA that: (a) address LogMeIn’s compliance with LGPD; (b) support lawful transfers of personal data to/from Brazil; and (c) ensure that our users enjoy the same privacy benefits as our other global users.
Standard Contractual Clauses
The SCCs are standardized contractual terms, recognized and adopted by the European Commission, drafted to help ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. LogMeIn’s DPA offers customers the latest SCCs, issued by the European Commission on June 4, 2021, that make specific guarantees around transfers of personal data for in-scope LogMeIn services as can be found here. Execution of the SCCs helps ensure that LogMeIn customers can freely move data from the EEA to the rest of the world.
International Data Transfers and Supplemental Measures
LogMeIn has designed its privacy and security programs to ensure an appropriate level of data protection and has outlined the supplemental measures and safeguards for transfers of personal data outside of the European Union, European Economic Area, and the United Kingdom in this FAQ document (also available in German).
To help ensure sufficient service availability, uptime, and redundancy to provide our global user base with the best possible experience, LogMeIn uses a combination of geographically distributed physical co-location facilities and cloud hosting providers that perform replication in near-real-time.
Each product makes use of different infrastructures. Therefore, product-specific data centers are identified in the applicable Sub-processor Disclosure located in the Product Resources section of our Trust and Privacy Center at www.logmein.com/trust.
Data Retention, Deletion, Export, and Access Controls
LogMeIn's product offerings feature comprehensive technical privacy controls and capabilities which include data retention, deletion, export (into a machine-readable format), and access functionality. Please consult the product-specific technical and organizational measures as found in the Security and Privacy Operational Controls (“SPOC”) documentation available in the Trust and Privacy Center for more details. For best results, please filter by service or suite at the top of the Product Resources page.
Technical and Organizational Measures
LogMeIn’s technical and organizational security measures are designed to prevent the unauthorized access to personal data, and to ensure the ongoing confidentiality, integrity and availability of LogMeIn’s products and services. Detailed information regarding LogMeIn’s encryption capabilities and other security measures can be found in the Trust & Privacy Center’s Product Resources page. For best results, please filter by service or suite at the top of the Product Resources page.
LogMeIn engages with first and third-party sub-processors to provide and operate our services. Please consult the Trust & Privacy Center’s Product Resources page to review service or suite-specific hosting and processing locations, including applicable affiliate and third-party sub-processor disclosures. For best results, please filter by service or suite at the top of the Product Resources page.
LogMeIn maintains a comprehensive Government Request Policy and will only provide customer information if a government request is supported by applicable law. While detailed information about how LogMeIn handles government requests may be found in the policy linked above, it is LogMeIn’s position that absent a valid warrant, subpoena, court order, or equivalent legal process, LogMeIn will not disclose customer information. In addition, LogMeIn may seek to narrow requests that we believe are overly broad in scope, request additional context if the nature of the investigation is unclear, or push back on the request for other reasons.