The purpose of this datasheet is to provide Sophos customers with information on how your privacy choices can be tailored with our offerings. In this document, we provide information about Sophos Mobile data handling practices, including personal information collection, use and storage.
Sophos Mobile
Sophos Mobile is a secure Unified Endpoint Management (UEM) solution that helps businesses spend less time and effort to manage and secure traditional and mobile endpoints. Sophos Mobile lets customers secure any combination of personal and corporate-owned devices with minimal effort.
Information Processed by Sophos Mobile
Every device managed by Sophos Mobile sends device related data to the mobile backend. The actual data sent varies based on the operating system and management mode. Sophos Mobile may process some of the data categories below:
- IP-Address
- MAC Address
- IMEI/MEID
- Wi-Fi IP-Address + Wi-Fi MAC address
- ActiveSyncID
- SIM Serial
- Phone Number
- App name
- App version
- App identifier
Purpose of Information Processed by the Sophos Mobile
Data is processed by Sophos Mobile to provide services to the customer and is analysed for purposes of Sophos threat detection and response, reporting, customer-side analysis and future innovation.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos Service Agreement.
Sub-processors
Data processed by Sophos Mobile is hosted in AWS data centers in the region(s) selected by the customer at the time of Sophos Central account creation. Visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
Retention
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected. Customer data is retained while the customer keeps the device under management and thereafter removed if the customer deletes the device.
Security
Sophos secures customer information by authenticating access via username and password which may be based on managed Active Directory group membership coupled with multi-factor authentication.
Sophos Central has achieved SOC2 Type II certification and PCI DSS v3.2 attestation to demonstrate its strong security practices, policies and internal controls environment.
For information about the security protections used in the data centers where Sophos Mobile data resides, visit the AWS Security Documentation Center.
Further information on how Sophos Central protects your data is available at https://docs.sophos.com/central/Framework/security-framework/central/Framework/concepts/SophosCentralPlatform.html
Our Commitment to Privacy
Sophos is committed to complying with data protection rules and protecting the personal data it processes. Unless otherwise stated, Sophos will access data to enable it to provide the services you have signed up for, to enhance features and services that bring benefits to the customer and for R&D innovation of future capabilities.
Access
Customer Access
Customers with Sophos Central can access their account and product information in Sophos Central. Multi-factor authentication (MFA) must be enabled for all administrators of a Sophos Central account.
Sophos Access
Sophos may access customer account on Sophos Mobile for purposes of providing technical support. This is only available if customer expressly turns on remote support. Specific services may also require access to customer account as detailed in the applicable EULA.
Sophos Labs or Sophos AI teams may access the data for analysis, threat detection and for continuous evolution of products and new threat detections.
Disclaimer
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Privacy Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.