For the best web experience, please use IE11+, Chrome, Firefox, or Safari
Free Trials Request Pricing
Home / Legal / KACE Cloud Privacy Disclosure

KACE Cloud Privacy Disclosure

This Privacy Disclosure is a product-specific addendum to Quest Software’s Privacy Policy at https://quest.com/legal/privacy.aspx for the KACE® Cloud app "Kace MDM Agent" (the “Software”) available from Google Play Store. The purpose of this Privacy Disclosure is to inform KACE Cloud users (“Users”) regarding the types of information collected by the Software about Users and their devices.

This Privacy Disclosure may be updated from time to time as new features and functionality are added. We encourage Users to periodically review this page. Quest is constantly updating and improving the Software to include new features and functionality. Users are responsible to ensure use of the Software is in accordance with internal policies and legal requirements, including providing any required notice and obtaining any required consents.

Overview

KACE Cloud is an Azure hosted cloud SaaS product that helps organizations manage their mobile and modern endpoints, such as Android, iOS, Windows 10 and macOS devices.To this end, the Software supports the following core workflows:

  • Enrollment of devices, with support for both personal- and organization-owned, including integration with vendor-based automated enrollments systems such as Apple Business Manager, Google Zero-Touch Enrollment, Samsung Knox, and Microsoft AutoPilot.
  • Inventory of device information, including hardware attributes, installed apps, and device configurations.
  • Provisioning devices using configurations managed through KCMDM in conjunction with OS vendor systems, such as the Apple App Store, Apple Business Manager, and Google Play Store.
  • Command and control of devices for operations such as Lock, Factory Reset, Restart, and more.
  • Device location services through our KACE Connect app on the Google Play and Apple App stores.
  • Integration with customer identity and access management systems (IAMS) for a seamless single-sign-on (SSO) experience.

Data Collection

The Software collects information directly from devices and through various third-party integrations, including:

  • Apple Business Manager
  • Apple School Manager
  • Google Zero-Touch Enrollment Portal
  • Samsung Knox Enrollment Portal
  • Microsoft Azure Active Directory
  • Microsoft Active Directory
  • Customer-supplied identity providers via SAMLv2 and OpenID Connect protocols

The data collected from third-party sources includes the following:

  • Device serial number and enrollment profile information
  • Basic user information:
    • Email address
    • Name
    • User-specified attributes
    • Group membership

Information collected from the device includes the following (not exhaustive):

  • Device attributes, such as hardware manufacturer, model, serial number, device specifications (capabilities, screen information, adapters, storage, etc.)
  • Communication identifiers (Bluetooth, Wi-Fi, cellular, MAC, other), including addresses for various communication protocols and hardware
  • Operating system information
  • Current device configuration (restrictions, passcode settings, VPN, Wi-Fi, installed certificates)
  • Installed applications (all installed apps and app configurations are collected from fully managed devices; only apps installed and managed by KACE Cloud are collected on personal devices)
  • Device location (if configured by admin and approved by end-user)

Purpose

The Software collects this information to enable the IS team for Your company to manage endpoint devices according to Your company’s security policies. For fully managed devices (issued by Your company), the IS team can identify, reconfigure, update, disable and/or remove unauthorized applications. For personal devices, the Software enables Your company’s IS team to manage just the applications distributed by Your company.

Data Access

The data collected by the Software may be accessed by Your IS team for Your company.

Data Protection

Part 1: Azure Datacenter Security

Microsoft Azure datacenters have the highest possible physical security and are considered among the most secure datacenters in the world. They are subject to regular audits and certifications including Service Organization Controls (SOC) 1, SOC 2 and ISO/IEC 27001:2005. Relevant references with additional information about the Windows Azure datacenter security can be found here:

Part 2: Software Data Protection & Privacy

The most sensitive data collected and stored by the Software is the device and user information collected from the sources mentioned above. All customer data is completely segregated from other customer data and stored in separate databases. All data is protected by service-level encryption present in Microsoft Azure services. And all databases are protected by transparent data encryption.

Part 3: Data Retention & Deletion

All data collected by the Software will be retained for the duration of the subscription. All data will be deleted 120 days after the service term has expired, except data required to comply with our legal obligations, resolve disputes, enforce our agreements, and for other necessary business purposes.

Contact Us

If you have questions or concerns regarding this Privacy Disclosure, please contact us at privacy@quest.com or via postal mail at 20 Enterprise, Suite 100, Aliso Viejo, CA 92656. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at listmaster@quest.com. If you would like to request to view, correct or delete your personal information, submit your request at https://preferences.quest.com/privacy .

Last Reviewed: April 2024