This Privacy Disclosure may be updated from time to time as new features and functionality are added. We encourage Users to periodically review this page. Quest is constantly updating and improving the Software to include new features and functionality. Users are responsible to ensure use of the Software is in accordance with internal policies and legal requirements, including providing any required notice and obtaining any required consents.
KACE Cloud is an Azure hosted cloud SaaS product that helps organizations manage their mobile and modern endpoints, such as Android, iOS, Windows 10 and macOS devices.To this end, the Software supports the following core workflows:
- Enrollment of devices, with support for both personal- and organization-owned, including integration with vendor-based automated enrollments systems such as Apple Business Manager, Google Zero-Touch Enrollment, Samsung Knox, and Microsoft AutoPilot.
- Inventory of device information, including hardware attributes, installed apps, and device configurations.
- Provisioning devices using configurations managed through KCMDM in conjunction with OS vendor systems, such as the Apple App Store, Apple Business Manager, and Google Play Store.
- Command and control of devices for operations such as Lock, Factory Reset, Restart, and more.
- Device location services through our KACE Connect app on the Google Play and Apple App stores.
- Integration with customer identity and access management systems (IAMS) for a seamless single-sign-on (SSO) experience.
The Software collects information directly from devices and through various third-party integrations, including:
- Apple Business Manager
- Apple School Manager
- Google Zero-Touch Enrollment Portal
- Samsung Knox Enrollment Portal
- Microsoft Azure Active Directory
- Microsoft Active Directory
- Customer-supplied identity providers via SAMLv2 and OpenID Connect protocols
The data collected from third-party sources includes the following:
- Device serial number and enrollment profile information
- Basic user information:
- Email address
- User-specified attributes
- Group membership
Information collected from the device includes the following (not exhaustive):
- Device attributes, such as hardware manufacturer, model, serial number, device specifications (capabilities, screen information, adapters, storage, etc.)
- Communication identifiers (Bluetooth, Wi-Fi, cellular, MAC, other), including addresses for various communication protocols and hardware
- Operating system information
- Current device configuration (restrictions, passcode settings, VPN, Wi-Fi, installed certificates)
- Installed applications (all installed apps and app configurations are collected from fully managed devices; only apps installed and managed by KACE Cloud are collected on personal devices)
- Device location (if configured by admin and approved by end-user)
Note: Although the Software calls the getAccounts() function on the Android Account Manager class which could collect Social Account data, the Software uses this API strictly to collect data about the managed Software accounts which is communicated to the KACE Cloud tenant.
Part 1: Azure Datacenter Security
Microsoft Azure datacenters have the highest possible physical security and are considered among the most secure datacenters in the world. They are subject to regular audits and certifications including Service Organization Controls (SOC) 1, SOC 2 and ISO/IEC 27001:2005. Relevant references with additional information about the Windows Azure datacenter security can be found here:
- Azure Trust Center: https://azure.microsoft.com/en-us/support/trust-center/
- Microsoft Trust Center Compliance: https://learn.microsoft.com/en-us/compliance/regulatory/offering-home?view=o365-worldwide
- Microsoft’s submission to the Cloud Security Alliance STAR registry: https://cloudsecurityalliance.org/star/registry/microsoft/services/microsoft-azure/
- Whitepaper: Standard Response to Request for Information – Security and Privacy: http://www.microsoft.com/en-us/download/details.aspx?id=26647
- Azure data-at-rest Encryption Best Practices: https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices
Part 2: Software Data Protection & Privacy
The most sensitive data collected and stored by the Software is the device and user information collected from the sources mentioned above. All customer data is completely segregated from other customer data and stored in separate databases. All data is protected by service-level encryption present in Microsoft Azure services. And all databases are protected by transparent data encryption.
Part 3: Data Retention & Deletion
All data collected by the Software will be retained for the duration of the subscription. All data will be deleted 120 days after the service term has expired, except data required to comply with our legal obligations, resolve disputes, enforce our agreements, and for other necessary business purposes.
If you have questions or concerns regarding this Privacy Disclosure, please contact us at email@example.com or via postal mail at 20 Enterprise, Suite 100, Aliso Viejo, CA 92656. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at firstname.lastname@example.org. If you would like to request to view, correct or delete your personal information, submit your request at https://preferences.quest.com/privacy .
Last Reviewed: February 2023