SAML-tracer Privacy Policy

Last Updated 3 JUNE 2024

1. Introduction - SimpleSAMLphp and SAML-tracer

The SimpleSAMLphp project is an open source project registered with Stichting The Commons Conservancy, The Netherlands. The SimpleSAMLphp project provides the SAML-tracer browser plugin, which can be downloaded by a user (the data subject) from browser extension stores for installation in the user’s web browser.

Any questions can be directed to saml-tracer-admin@googlegroups.com.

This Privacy Policy is published pursuant to data protection laws (including the General Data Protection Regulation (EU) 2016/679 as amended from time to time).

This policy explains that no personal data is collected or otherwise processed by us.

2. No Personal Data is Collected, Stored or otherwise Processed by SimpleSAMLphp

All processing that the SAML-tracer plugin does, happens inside the user’s own browser on the user’s own device. No personal data is shared with SimpleSAMLphp or any third party by installing or running the extension. The user is the Data Controller in respect of the user’s own personal data; SimpleSAMLphp is not a Data Processor.

The SAML-tracer plugin is installed in the browser by the user. From there, a user can navigate to the URL of an application, click on the “login” button, then log in with a chosen Identity Provider. When the SAML-tracer plugin is showing, in that user’s browser, the data being sent from the application to the identity provider and the identity provider to the application helps the user pinpoint where there is a mismatch between what is being sent, and what is expected from either party.

The personal data is displayed in the browser window as you use the SAML-tracer, but the data is not persisted (stored). When the window is closed, the data is no longer available or retained.

3. What Data The User May Collect using the SAML-tracer plugin

The SAML-tracer plugin can be used by the user to process:

1. personal data: name, address, email address, age or identification number; and
2. authentication data such as passwords, credentials, security questions or personal identification number (PIN).

The SAML-tracer plugin does not collect technical data about the environment the user is running, such as browser settings, platform information or hardware properties.

4. The User Controls Their Personal Data and Decides what to store and what to do with exports

The SAML-tracer limits data collection by the user (and the user’s developers) to what is necessary for functionality and the personal data can only be used for the purpose for which it was collected. The user is provided with a clear way to control the add-on’s personal data collection immediately after installation of the add-on. The personal data collection is specific to the add-on, and the SAML-tracer does not contain extraneous information or provisions unrelated to the add-on. The extension provides an option for the user to export the collected data into a file in JSON format. This file will contain all requests performed by the browser when the extension was running and are visible in the extension window when the export is created. The user may choose to delete sensitive form and header fields or mask them with a hash value before the export is created. This file is also stored locally and it is up to the user with whom they want to share this file and via which channel.

The SAML-tracer may collect browsing information from Private Browsing sessions, but only if the user explicitly enables the add-on for use in Private Browsing mode within the web browser and has the trace window active when using Private Browsing.

SAML-tracer provides no functionality in and of itself to share personal data with third parties. The SimpleSAMLphp project does not sell personal data to third parties. Transfers to third parties are by the user’s (or its developer’s) use of the plugin within approved use cases only and there is no transfer or use outside of the plugin’s core functionality, whether to determine creditworthiness or for lending purposes or otherwise.

The SAML-tracer does not install cookies. It does not enable third party websites to see that it is installed. SAML-tracer does not require the collection of visited URLs or user search terms for the add-on to work. Search functionality provided or loaded by the add-on does not collect search terms or intercept searches that are going to a add-on’s primary function.

If the user processes any personal data on behalf of third parties, the user is responsible for their own compliance with data protection laws. The user should check and is referred to the privacy policies of all third party platforms which they choose to visit.

5. Additional Privacy Protocols

The SAML-tracer plugin does not:

• leak local or user-specific information to websites or other applications (e.g. through native messaging)
• use native messaging
• store personal data from private browsing sessions; no information that identifies a user across browsing sessions or containers is made available to web content
• inject advertising into web page content
• include any cryptocurrency miners
• modify web content or facilitate redirects to include affiliate promotion tags

6. Changes to this policy

Any changes we may make to this policy in the future will be published on this website.

You have the right to make a complaint at any time to the Autoriteit Persoonsgegevens (The Data Protection Authority in The Netherlands): https://www.autoriteitpersoonsgegevens.nl/

We would, however, appreciate the chance to deal with your concerns before you approach Autoriteit Persoonsgegevens, so please contact us in the first instance.