Privacy Policy

Stack Identity Privacy Notice

Introduction
Stack Identity Inc., is a Delaware corporation with its principal place of business at 1600 El Camino Real Suite 280, Menlo Park, CA 94025. Our cloud-based identity and access security services provide you visibility into the identities that access your data in the cloud. While doing so, we have engineered our Services in a least privacy-invasive way. As such, we do not need access to your applications or the content stored within them in order to deliver our Services. You may find out more about how our services operate in the diagram below. The metadata that we collect does not normally contain any Personal Data.

We do, however, process limited amounts of Personal Data in order to run our business. This privacy notice describes our practices and measures in respect of collection, usage, disclosure, retention and deletion of your Personal Data. If you have any questions regarding this privacy notice, please contact us at [email protected].

How do we collect Personal Data
We collect certain Personal Data from you when (a) you contact us to know more about us or our Services; (b) you obtain, access or use our Services; (c) when you voluntarily provide us your Personal Data in connection with any potential business relationship with us; or (d) when you visit our website (please refer to the cookies section below for further information).

We also receive Personal Data about you from third party sources, including but not limited to social media sites, data aggregators, marketers and our business partners (e.g. who provide lead referrals to us).

What Personal Data do we collect
When you contact us, we will collect Personal Data that you choose to provide to us. This may include your identification and contact information such as your name, email address, phone number, office location, name of organisation, etc. We call such information “Contact Data”. We receive similar Contact Data from the third party sources listed above. When we contact you in connection with our marketing efforts, we may receive additional Persona Data from you such as your interests and opinions about our Services.

When you visit our website, we collect Personal Data as described in the Cookie section below.

For provisioning and delivering our Services, we will collect and process the following categories of Personal Data of our users:

  • Business Email Address;
  • Name (You can choose a pseudonym, if you wish to);
  • Profile photo (optional)
  • Any other categories of information that you or your user choose to share with us while obtaining our services (including while availing our technical support from us)

We call this category of information “User Information”.

When you use our Services, we collect certain log records which include IP address of the user, logging time, usage duration, operations performed using the Services and device information. We call such records “Log Data”.

How do we use your Personal Data
We use Contact Data to contact you in connection with our Services, including for marketing and promotion of our Service.

We use User Information to deliver and improve our Services and to perform our obligations or to exercise our rights under the contract between you and us.

We use Log Data for the following purposes:

  • generate statistical reports and analysis about use of the Services (including analysis related to security trends and data patterns);
  • Audit and record-keeping purposes as are reasonably necessary to protect us against any claims or legal proceedings;
  • Information security and platform instrumentation purposes;
  • Determination of the fees and charges that are payable by you in respect of the Services;
  • Conduct internal research and development.

Cookie information is used as described in the Cookie section below.

We may process your Personal Data to the extent required for us to comply with our obligations under the laws applicable to us.

To whom do we disclose Personal Data
We disclose your Personal Data to our affiliates which support us in running our business. Currently, the only affiliate we have is Stack Identity India Private Limited, which is our wholly-owned subsidiary. We may share your Personal Data with third party service providers, who support our business operations, but we will ensure that we conduct reasonable due diligence on their security and privacy practices and to bind them to appropriate contractual obligations designed to protect the security and privacy of your Personal Data.

We do not monetise your Personal Data or share it with third parties for their own independent business purposes.

We may be required to disclose your information which includes your Personal Data with regulatory, judicial, administrative and law enforcement authorities under the laws applicable to us. To the extent permitted by such laws, we will provide you with a notice as soon as we get to know of any such requirement to disclose your such information. We will make reasonable efforts to obtain substantially similar guarantees from the authorities as those set out under this privacy notice.

We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company or entity. You will subsequently be notified via email and/or via a prominent notice on our sites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your Personal Data. The recipient of your information will be informed of the need to protect your Personal Data in accordance with this Privacy Notice.

How do we protect your Personal Data
We are in the process of obtaining ISO27001 and SOC2 certifications in respect of Personal Data. As a part of the certification process, we have put in place administrative, technical and physical safeguards such as encryption, access controls, monitoring, background checks.

How long do we retain your Personal Data
We have adopted the following retention schedule:

Contact Data will be retained until you choose to delete it (refer to the section below ‘Your Choices’). User Information is deleted after 30 days from the date of expiration or termination of your subscription to our Services. Log Data is retained for a period of 1 year from the date of expiration or termination of your subscription to our Services. When we delete your Personal Data, we will ensure that all third parties with whom we have shared it as described in this privacy notice will also delete it.

Cookies
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. Our website ( www.stackidentity.com ) may place and access certain cookies on the device you use to access it.

Our website uses the following cookies:

Type of cookie Purpose
Essential cookies These are cookies required for the operation of the website.
Functionality cookies These are used to recognize you when you return to our website. We collect these cookies for the limited purpose of identifying unique visitors by region on our website. As a part of this process, we check the IP address of the website visitor, but it is not stored by us or our service providers.

Most browsers allow you to manage how cookies are set and used as you’re browsing, and to clear cookies and browsing data. Also, your browser may have settings letting you manage cookies on a site-by-site basis. You may not be able to access our website if you disable essential cookies, though.

Your Choices
You may choose to delete, update or correct your Contact Information available with us. You may do so by sending a request email to [email protected]. We will carry out the request upon conducting a reasonable verification of your identity and will confirm back to you that your request is processed. In case of a deletion request, we may retain a copy of your Personal Data if required to meet our legal obligations, but we will continue to abide by the other requirements of this notice in respect of such data.

You may also unsubscribe from receiving marketing communications from us by following the unsubscribe instructions given in such communications.

You may delete, update or correct any User Information yourself by contacting the administrator of your Stack Identity account. Please note that our ability to provide Services to you will be affected if you choose to delete your User Information during an ongoing subscription period.

Updates
As we grow our business, we expect to make frequent changes to this privacy notice. Hence, we request you to visit this page regularly.

Definitions
Capitalised terms used in the notice are defined below:

Contact Data ” is defined in the section titled “What Personal Data Do We Collect”.

Log Data ” is defined in the section titled “What Personal Data Do We Collect”.

Personal Data ” is any information relating to an identified or identifiable natural person (data subject).

Services ” means the Stack Identity branded cloud-based identity and access security service.

User Information ” is defined in the section titled “What Personal Data Do We Collect”.

We or Us ” refers to Stack Identity Inc. whose details are set out in the Introductory section and includes our affiliate companies.

You ” refers to the individual whose Personal Data we process. You may be a website visitor, a user of our Services, an employee, candidate for employment or an individual who is associated with our customers, prospective customers, vendors or other third parties with whom we may have a business relationship.