Privacy Policy

1. WELCOME TO KAPSTAN!

This Privacy Policy may change over time. If we make changes to it, we will post the modified Privacy Policy on our website, www.kapstan.io/privacy-policy. We encourage you to visit this page periodically to learn of any updates.

Kapstan, Inc. (“Kapstan”, “we”, or “us”) is a software company that sells tools for companies which helps them deploy software on their chosen cloud providers easily and helps them manage their development & security operations smoothly. This Privacy Policy applies to your use of Kapstan’s tools, services, and platform, including any associated Kapstan mobile or desktop applications,  Kapstan.io  and other Kapstan websites (collectively “the Services”, and any websites specifically, the “Websites”), as well as your relationship with Kapstan.
By accessing or using the Services, you are agreeing to this Privacy Policy and concluding a legally binding agreement between yourself and Kapstan.

If you do not agree with this Privacy Policy, please do not access or use the Services.

You should read our Privacy Policy in full to understand what data we collect, how we use it, and the circumstances where we may share it.

We collect personal information (or personal data) and non-personal information (e.g., aggregated data or de-identified data) from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by a third party; we also may receive personal information about you automatically as you use the Services.

Information you Provide Us:  We receive personal information about you that you choose to provide to us, including when you create an account; search for or purchase our offerings; configure settings; seek employment or business opportunities with us, communicate with us; or otherwise use our Services.

Information from our Customers: Our customers (“Customers”) may share information with us so that we can provide them with our Services. Each Customer chooses what information it shares, which may, for example, include personal information (“Customer Data”).

Usage and Log Data: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location. This information is generally pseudonymous but is considered personal information in many places.

App Data: If you use a Kapstan application, on mobile or other platforms, we may collect analytic information about your device, such as IP address, device ID, OS version, and clickstream. This information is also generally pseudonymous but is considered personal information in many places.

Information from Public Sources or Third Parties: We may receive additional information about you from public or third-party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.

3. How We Use Your Personal Information

We collect, use, process, and store your personal information:
- To provide the Services.
- To personalize the Services.
- To receive and process job applications for jobs with us.
- To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.
- With respect to Customer Data, in accordance with our contracts with our Customers. For internal business purposes, such as to improve our Services.
- To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Kapstan and others.
- To enable communications through the Services.
- To contact you about additional Kapstan services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
- As required by applicable law, legal process, or regulation.
- For purposes as disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.

4. When We May Share Your Personal Information

    We will only share your personal information with third parties under the following circumstances:

    - With your consent.
    - With our trusted agents and vendors that are contractually engaged to provide us with services, such as email management and cloud-based hosting. We provide a list of the services these companies provide for us below and update it regularly. These companies are obligated by contract to safeguard any personal information they receive from us and have agreed to only use the personal information for the specific purpose it was provided. The services include: a) cloud computer, data storage and file storage providers, b) email marketing providers, c) website and b2b analytics providers, d) customer relationship management, contact database vendors, data hygiene vendors, survey vendors and project management software providers, e) customer billing systems vendors, f) login authentication providers to ensure that the logins to our systems are working efficiently, g) auditing, debugging and security vendors.
    - With respect to Customer Data, in accordance with our contracts with our Customers.
    - With any of our affiliated companies, including a parent company, subsidiaries, joint ventures, or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy).
    - If we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request to protect the security or integrity of the Services; and/or to protect the rights, property, or safety of Kapstan, its employees, customers, users, or others. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
    - In the event we go through a business transition (such as a merger, acquisition by another company, bankruptcy, or sale of all or a portion of our assets, including, without limitation, during the course of any due diligence process), your personal information will likely be among the assets transferred. By providing your personal information, you agree that we can transfer such information in those circumstances without your further consent. Should such a business transition occur, we will make reasonable efforts to request that the new owner or combined entity (as applicable) follow this Privacy Policy with respect to your personal information. If your personal information would be used contrary to this privacy policy, we will request that you receive prior notice.

    5. When We Use and Share Non-Personal Information

    We use and share your non-personal information in a variety of ways, including to improve the Services.

    6. Cookies and Tokens

    We use tracking technologies, such as cookies, and pixel tags as described further below.

    Cookies
    Cookies may be set and accessed on your computer. Upon your first visit to the Services, a cookie will be sent to your computer that uniquely identifies your browser. “Cookies” are small files containing a string of characters that is sent to your computer’s browser and stored on your device when you visit a website. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent; however, if you reject cookies, you may not be able to sign into the Services or take full advantage of our Services. Additionally, if you clear all cookies on your browser, you may need to reset any privacy settings in your browser which are stored in cookies.

    Our Services use the following types of cookies for the purposes set out below:  

    Type of Cookie

    Purpose

    Analytics and Performance Cookies

    These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor, but rather enables us to count the number of unique visitors. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages that they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here. You can find out more about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link. Please note that our transfer of information to Google might be deemed a sale in certain jurisdictions. Where applicable, we will provide you a notice of our transfer of information and provide you with the ability to opt-out of such sale or sharing of information.

    Essential Cookies

    These cookies are essential to provide you with services available through our Services and to enable you to use its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

    Functionality Cookies

    These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. These cookies also enable us to identify you across various screens and devices as you login and use our Services, as well as enable us to work with partners to resolve your digital identities and personalize your experiences across our Services, our partners and customers, and across channels. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

    Pixel Tags

    We also use “pixel tags,” which are small graphic files that allow us and third parties to monitor the use of the Services and collect usage data. We may also insert pixel tags on third parties’ websites. A pixel tag can collect information such as the IP address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time (and length of time) the page containing the pixel tag was viewed; the type of browser that retrieved the pixel tag; and the identification number of any cookie previously placed by that server on your computer. We use pixel tags to collect information about your visit, including the pages you view, the links you click, and other actions taken in connection with our sites and Services and use them in combination with our cookies to provide offers and information of interest to you. We may also use pixel tags to collect data related to a website visit. Similar functionality may be enabled in a mobile app through the use of an SDK (Software Development Kit). Pixel tags also enable ad networks to serve targeted advertisements to you when you visit the Services or other websites.  Please note that our transfer of information to these third-party might be deemed a sale in certain jurisdictions. Where applicable, we will provide you a notice of our transfer of information and provide you with the ability to opt-out of such sale or sharing of information. In addition, we use a variety of other technologies that collect similar information for security and fraud detection purposes.

    2. What Information We Collect

    You can also find more information about cookies and how they work, what cookies have been set on your computer or mobile device and how to manage and delete them at  http://www.allaboutcookies.org  and  http://www.youronlinechoices.com.

    7. How to Opt-Out of Email Communications

    To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email. For purposes of this policy, we refer to data subjects located in the European Economic Area, United Kingdom, and Switzerland as “EEA“ users. We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information for EEA Users” below.

    8. Storage, Security and How to Remove Your Information

    We use industry standard technical, administrative, and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss, or other breach will never occur. We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law.  The criteria used to determine the period of storage of information is the respective statutory retention period. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

    9. De-Activating Your Account  

    You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to support@kapstan.io

      10. Third-Party Links

      The Services may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, which may differ substantially from ours, and that we do not accept any responsibility or liability for their activities or the content of their privacy policies.

      11. U.S. State Privacy Rights

      Certain U.S. States (e.g., California, Virginia) provide additional privacy protections for data subjects located within their jurisdictions, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete), c) the right to correct data we have about you, your computer or device,  d) the right to opt-out of the sale or sharing of data about you, your computer or device to certain third parties (i.e., the right to opt-out from sales/sharing of your information), and e) the right to port such data to a different company. We do not discriminate against you if you exercise any of the above rights.   Please note that we may not be able to honor a right if doing so would otherwise violate applicable law.

      Applicable law in those states provide you with the right to opt-out of the sale or sharing of your personal information, profiling and targeted ads. We do not transfer your personal information to third parties in exchange for money or engage in profiling or targeted ads, but we may share it with certain third parties for activities like targeted advertising, marketing, and analytics, and these may be deemed a “sale” under applicable law. You can email us at privacyrequest@kapstan.io to opt-out of sale if you are located in a place that requires such rights.

      Personal Information We Collect and Disclose for a Business Purpose.  Without limiting the description of the information we collect, we collect the categories of personal information about U.S. consumers identified in the chart below.  This information is required under California law, but we think it might be helpful to all readers of this policy as it provides a fair description of the types of information collected by Kapstan in most places.  

      Categories of Personal Information

      Examples

      Collected in Prior 12 Months

      A. Personal and online identifiers

      A real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, and account name.

      Yes

      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

      These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. These cookies also enable us to identify you across various screens and devices as you login and use our Services, as well as enable us to work with partners to resolve your digital identities and personalize your experiences across our Services, our partners and customers, and across channels. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

      We collect names, certain payment information from Customers and partners and (while not covered under this policy) social security and insurance information for our personnel.

      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

      These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. These cookies also enable us to identify you across various screens and devices as you login and use our Services, as well as enable us to work with partners to resolve your digital identities and personalize your experiences across our Services, our partners and customers, and across channels. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.

      We collect names, certain payment information from Customers and partners and (while not covered under this policy) social security and insurance information for our personnel.

      C. Protected classification characteristics under California or federal law.

      Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

      No, except as required pursuant to management of employment (covered under a different policy).

      D. Commercial information.

      Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

      No

      E. Biometric information.

      Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

      No

      F. Internet or other similar network activity.

      Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

      We only collect this in connection with the Website.

      G. Geolocation data.

      Physical location or movements.

      No

      H. Sensory data.

      Audio, electronic, visual, thermal, olfactory, or similar information.

      No

      I. Professional or employment-related information.

      Current or past job history or performance evaluations.

      Yes, only in an employment context, which is covered under a different policy.

      J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

      Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

      No

      K. Inferences drawn from other personal information.

      Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

      No

        12. Nevada Policy Rights

        This section, which supplements the rest of this Privacy Policy, applies to residents of Nevada.

        Under Nevada law, Nevada residents may submit a request directing us not to make certain disclosures of personal information we maintain about them.

        To exercise this right, please contact us:
        By email at privacyrequest@kapstan.io.

        13. International Data Transfers for EU, UK Swiss and Brazil Individuals

        Personal data collected through our Services will be transferred to and stored by us in the United States; therefore, your personal data will be processed outside your jurisdiction in a country that is not currently subject to an adequacy decision by the European Commission, and that may not provide the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your personal data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulator.

        14. GDPR/LGPD: Information for EEA Users

        This section applies to our European Economic Area (“EEA”) users. For purposes of this privacy policy, UK, Swiss and Brazil users are treated the same as EEA users.

        Individuals located in the EEA have certain rights in respect of your personal data, including:
        - The right of access to your personal data.
        - The right to correct or rectify any inaccurate personal data.
        - The right to restrict the processing of personal data.
        - The right to object to processing of personal data;
        - The right to erase your personal data; and
        - The right to personal data portability.

        As a Kapstan user:
        - We rely on your consent as a lawful basis for processing personal data to provide you with marketing or promotional communications.
        - We process personal data in order to provide you with Services as requested by you or to perform our contract with you as described in this document, including:
        -
        To enable the Services to function as expected; and
        - To communicate with you in response to customer service inquiries and to deliver non-promotional, service-related emails.
        - Additionally, we process personal data based on our “legitimate interests” in providing you the Services including:
        - To protect against fraud.
        - Network and information security; and
        - To offer the Services.

        In some cases, Kapstan may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.

        Kapstan will offer EEA, UK, Brazil and Swiss individuals whose personal data has been transferred to us the opportunity to choose whether the personal data we have received may be used or disclosed for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses or disclosures of their personal data by contacting us at privacyrequest@kapstan.io.

        15. Exercising Rights, Contacting Us and Accessing Your Information

        Kapstan users may exercise their rights regarding their personal information as follows:
        - By email at  privacyrequest@kapstan.io 
        - You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within Kapstan email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.

        Harshil is Kapstan’s worldwide data protection officer; and such person can be contacted at privacyrequest@kapstan.io
        Note: we tailor your privacy preferences based on applicable law in the place where our systems believe your computer or device is currently located.

        16. Children's Privacy

        We do not knowingly collect personal data about children. Our websites and systems are not designed for use by individuals under the age of 16, and in particular are not designed for children under the age of 13. If we learn we have collected or obtained personal data of someone under 13, we will delete that information from our database. If you believe that this has occurred, please contact us at  privacyrequest@kapstan.io.