Privacy Policy for Strato

Privacy Policy for Strato

Table of Contents

  • Introduction

At SpinifexIT, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our cloud-based SaaS product Strato. It also outlines your rights regarding your data and our compliance with various data privacy regulations, including the GDPR, CCPA, PDPL, and other applicable international standards.

By using our services, you agree to the practices described in this policy.

  • Data We Collect

When you use Strato, we may collect the following categories of personal data:

  • Account Information: Name, email address, contact details, company name, billing information.
  • Usage Data: Information related to your usage of the application (e.g., login times, features accessed).
  • Technical Data: IP address, browser type, operating system, and device identifiers.
  • Communications: Customer service interactions, emails, chat logs.
  • Location Data: Where applicable, your location based on your IP address.
  • Signature: Once a candidate, an employee, or an external party to your company signs a document with Strato Sign.
  • How We Collect Data

We collect personal data in the following ways:

  • Directly from You: Information provided during registration, account setup, and service use.
  • Automatically: Technical and usage data collected through cookies, web beacons, and similar tracking technologies.
  • Third Parties: Information obtained from partners, integrations, or external platforms connected to our service.
  • How We Use Your Data

We use the data collected for the following purposes:

  • To Provide Our Services: Ensure functionality and security of Strato.
  • Account Management: Create and manage your user account.
  • Performance Monitoring: Track and improve product performance and features.
  • Compliance: Meet legal and regulatory obligations.
  • Communications: Respond to your inquiries, provide customer support, and send important service-related notifications.
  • Data Sharing and Transfers

We may share your data under the following circumstances:

  • Service Providers: We use trusted third-party providers (e.g., AWS for cloud hosting) to store and process data securely.
  • Compliance with Laws: We may disclose your data to comply with legal obligations, regulatory requirements, or court orders.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to a third party.
  • International Data Transfers

We do not transfer any data out of the selected AWS region by you.

  • Data Retention

Strato Documents

The Strato documents core functionality stores User Information: User ID, first name, last name, and email address. 

External Data Sources​

  • CSV Files: Strato has the capability to store CSV files as an external data source. These files are stored in our database until the customer decides to delete them within Strato.

Temporary Data Storage

  • In-Process Transactions: Strato temporarily stores data securely in its database and/or memory for transactions that are in process. Once the process is complete, the generated documents are deleted from our servers.
  • Encrypted Data for Reporting: Some data may remain in our database, encrypted and not deleted, as it is used for reporting purposes. This data is configured within the workflow as containers.​

Strato Storage

Strato Storage is a content management system that securely stores documents in our local data centers. The key aspects of data retention in Strato Storage are as follows:

  • Document Storage: Documents are securely stored and encrypted with AES256 with salt.
  • Retention Rules: The retention of files is based on business rules defined during the implementation of Strato Storage. These rules determine how long documents are retained and when they are deleted.
  • Security Measures

We take data security seriously and implement industry-standard measures to protect your personal data. This includes:

  • Encryption: Data encryption at rest using AES256 encryption with salt and in transit using TLS 1.2
  • Access Controls: Role-based access control to sensitive information.
  • Regular Audits: Periodic security assessments of our infrastructure and systems.
  • Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request the deletion of your personal data (subject to certain legal obligations).
  • Data Portability: Request a copy of your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdrawal of Consent: If processing is based on your consent, you may withdraw this at any time.

To exercise your rights, contact us at [email protected]

  • Cookies

We use cookies and similar technologies to enhance your experience, track usage, and personalize content. You can control cookies through your browser settings, but some features may be unavailable if cookies are disabled.

  • Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. Any changes will be posted on our website, and we encourage you to review the policy periodically.

  • Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: [email protected].