Privacy Policy — StratosGrid

This Privacy Policy explains how StratosGrid, operated by [LEGAL_ENTITY_NAME] (sole proprietor registered in Ukraine), collects, uses, stores, and protects your personal data when you use our website at stratosgrid.com and the StratosGrid platform (collectively, the "Service").

By accessing or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

Account data — name, email address, company name, phone number, and password when you create an account or request a demo.
Payment data — billing address, payment card details, and transaction history. Card numbers are processed by our PCI-compliant payment processor and never stored on our servers.
CRM data — contacts, deals, notes, emails, call logs, and any other information you or your team enter into the platform.
Communications — messages you send us via support chat, email, or feedback forms.

1.2 Information Collected Automatically

Usage data — pages visited, features used, clicks, session duration, referring URLs, and timestamps.
Device data — IP address, browser type and version, operating system, screen resolution, and device identifiers.
Cookies & similar technologies — we use cookies, local storage, and pixel tags. See Section 6 for details.

1.3 Information from Third Parties

Data enrichment partners (e.g., company firmographic data).
OAuth providers (Google, Microsoft) when you choose to sign in with a third-party account.
Integration partners whose apps you connect to your StratosGrid workspace.

2. How We Use Your Information

We process your data for the following purposes:

Service delivery — to operate, maintain, and improve the platform.
Account management — to create and manage your account, process payments, and provide customer support.
Communication — to send transactional emails (password resets, invoices, feature updates) and, with your consent, marketing communications.
Analytics & improvement — to understand usage patterns, diagnose technical issues, and develop new features.
Security & fraud prevention — to detect, investigate, and prevent unauthorized access or malicious activity.
Legal compliance — to fulfill obligations under applicable laws and respond to lawful requests from authorities.

3. Legal Bases for Processing

Depending on your jurisdiction, we rely on one or more of the following legal bases:

Contract performance — processing necessary to provide the Service you requested.
Legitimate interest — analytics, security, and product improvement, balanced against your privacy rights.
Consent — marketing emails and non-essential cookies (you can withdraw consent at any time).
Legal obligation — where required by law.

4. Data Sharing & Disclosure

We do not sell your personal data. We share information only in the following circumstances:

Service providers — hosting (cloud infrastructure), payment processing, email delivery, analytics, and customer support tools, bound by data processing agreements.
Integrations — third-party apps you connect to your workspace (data is shared only at your direction).
Legal requirements — when required by law, court order, or governmental request.
Business transfers — in connection with a merger, acquisition, or sale of assets, with advance notice to affected users.

5. Data Retention

Active accounts — we retain your data for as long as your account is active or as needed to provide the Service.
After deletion — when you delete your account, we remove or anonymize personal data within 90 days, except where retention is required by law (e.g., financial records).
Backups — encrypted backups are purged within 180 days of account deletion.

6. Cookies & Tracking Technologies

We use the following categories of cookies:

Essential — required for the Service to function (authentication, security, load balancing). Cannot be disabled.
Analytics — help us measure traffic and usage patterns (e.g., Google Analytics). Set only with your consent.
Marketing — used to deliver relevant advertising and measure campaign performance. Set only with your consent.

You can manage cookie preferences through your browser settings or the cookie banner displayed on your first visit.

7. Your Rights

Depending on your location, you may have the right to:

Access your personal data and obtain a portable copy.
Rectify inaccurate or incomplete data.
Delete your data ("right to be forgotten").
Restrict or object to certain processing activities.
Withdraw consent at any time for consent-based processing.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. International Data Transfers

Your data may be processed on servers located outside your country of residence, including in the United States and the European Union. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with this policy.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, regular security audits, and incident response procedures. While no system is 100% secure, we are committed to protecting your information.

10. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending you an email. The "Effective date" at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]
Operator: [LEGAL_ENTITY_NAME], Ukraine