Privacy Notice
Effective Date: December 4, 2023
This Privacy Notice describes how we collect and process your personal information in relation to the stackless Platform (together, “Platform Services”).
We offer Platform Services either directly or via our authorized partners. Where we refer to our customers in this notice, we also mean our partners and their customers.
Information We Collect
Stackless processes Customer Data, Partner Data and Service Data in order to provide Platform Services. This Privacy Notice applies solely to Service Data and does not apply to Customer Data or Partner Data.
Customer Data and Partner Data are defined in our agreement(s) covering Platform Services and represent the data that you and our customers provide for processing in Platform Services.
Service Data is the personal information Stackless collects or generates during the provision and administration of the Platform Services, excluding any Customer Data and Partner Data.
Service Data includes:
Platform payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
Platform settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
Technical and operational details of your usage of Platform Services. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain Platform Services and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Why We Process Data
Stackless processes Service Data for the following purposes:
Provide Platform Services you request. Service Data is primarily used to deliver the Platform Services that you and our customers request. This includes a number of processing activities that are necessary to provide the Platform Services, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use.
Make recommendations to optimize use of Platform Services. We may process Service Data to provide you and our customers with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
Maintain and improve Platform Services. We evaluate Service Data to help us improve the performance and functionality of Platform Services. As we optimize Platform Services for you, this may improve them for our customers and vice versa.
Provide and improve other services you request. We may use Service Data to deliver and improve other services that you and our customers request, including Stackless or third-party services that are enabled via the Platform Services, administrative consoles, APIs, or the Stackless Store.
Assist you. We use Service Data when needed to provide technical support and professional services as requested by you and our customers, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you and our customers. This includes notifications about updates to Platform Services, and responding to support requests.
Protect you, our users, the public, and Stackless. We use Service Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Stackless. These activities are an important part of our commitment to secure our services.
Comply with legal obligations. We may need to process Service Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.
To achieve these purposes, we may use Service Data together with information we collect from other Stackless products and services. We may use algorithms to recognize patterns in Service Data. Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Service Data to eliminate personal details, and we may use Service Data for internal reporting and analysis of applicable product and business operations.
Where Data is Stored
We maintain data centers around the world, and provide Platform Services from these locations. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. When transferring Service Data outside of the European Economic Area, we comply with certain legal frameworks.
How We Secure Data
We build Platform Services with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Stackless from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
- We encrypt Service Data at rest and while in transit between our facilities.
- We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
- We restrict access to personal information to Stackless employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
How We Share Data
We do not share Service Data with companies, organizations, or individuals outside of Stackless except in the following cases:
With your consent. We’ll share Service Data outside of Stackless when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Stackless Store or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
With your administrators and authorized resellers. When you use Platform Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
For external processing. We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
For legal reasons. We may share Service Data outside of Stackless if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues
- Protect against harm to the rights, property or safety of Stackless, our customers, users, and the public as required or permitted by law.
If Stackless is involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information becomes subject to a different privacy policy.
Access to Data
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Stackless. Some Platform Services enable you to directly access and download the data you have stored in the services.
You and your organization’s administrator can access several categories of Service Data directly from the Platform Services, including your billing contact information, payment and transaction information, as well as product and communication settings and configurations.
Deletion and Retention of Data
We retain Service Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Service Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Stackless processes a payment for you, or when you make a payment to Stackless, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
Using Stackless Accounts and Products
Your Stackless Account is your connection to all Stackless products and services, not just Platform Services. When you choose to use Stackless products and services the Stackless Privacy Notice describes how data (including your Stackless Account profile information) is collected and used. You and your administrator can control which other Stackless services you may use while logged into a Stackless Account managed by your organization.
If you interact with Platform Services using a Stackless Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
EU Privacy Standards and GDPR
If European Union (EU), UK or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
For users based in the European Economic Area, UK or Switzerland, the data controller responsible for Service Data is Stackless. However, where our customer has entered into an agreement covering Platform Services with a different Stackless affiliate, that affiliate will be the data controller responsible for processing Service Data in connection with billing for the Platform Services only.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact Stackless via our Privacy Help Center. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
Where necessary for the performance of a contract with you. We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
When we’re complying with legal obligations. We’ll process your information when we have a legal obligation to do so.
When we’re pursuing legitimate interests. We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing Platform Services you request; making recommendations to optimize use of Platform Services; maintaining and improving Platform Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Stackless, our users, our customers, and the public, as required or permitted by law.
California Requirements
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents.
This Privacy Notice is designed to help you understand how Stackless handles your information:
We explain the categories of information Stackless collects and the sources of that information in Information We Collect.
We explain how Stackless uses information in Why We Process Data.
We explain when Stackless may share information in How We Share Data. Stackless does not sell your personal information.
The CCPA also provides the right to request information about how Stackless collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Stackless delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
We provide the information and tools described in this Notice so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity (for example, by confirming that you’re signed in to your Stackless Account). If you have questions or requests related to your rights under the CCPA, you (or your authorized agent) can also contact Stackless.
The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
Categories of personal information we collect
Service Data is the personal information Stackless collects or generates during the provision and administration of the Platform Services, excluding any Customer Data and Partner Data. Service Data includes:
Identifiers such as your name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using.
Demographic information, such as your preferred language.
Commercial information such as records of charges, payments, and billing details and issues.
Internet, network, and other activity information such as device identifiers, identifiers from cookies or tokens, IP addresses, and information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain Platform Services and related software.
Geolocation data, such as the country you’re in, as may be determined by GPS or IP address, depending in part on your device and account settings.
Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.
Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Business purposes for which information may be used or disclosed
Stackless processes Service Data for the following purposes:
Protecting against security threats, abuse, and illegal activity. Stackless uses and may disclose Service Data to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Stackless may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. Stackless uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips.
Maintaining our services. Stackless uses Service Data to provide Platform Services, technical support, and other services you request, and ensure they are working as intended, for example by tracking outages or troubleshooting bugs and other issues that you report to us.
Product development. Stackless uses Service Data to improve Platform Services and other services you request, and to develop new features and technologies that benefit our users and customers.
Use of service providers. Stackless shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
Legal reasons. Stackless also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be shared
We do not share Service Data with companies, organizations, or individuals outside of Stackless except in the following cases:
With your consent. We’ll share Service Data outside of Stackless when we have your consent. For example, when you or our customer chooses to procure a third-party service through the Stackless Store or use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
With your administrators and authorized resellers. When you use Platform Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:
- View account and billing information, activity and statistics
- Change your account password
- Suspend or terminate your account access
- Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
For legal reasons. We may share Service Data outside of Stackless if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable agreements, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of Stackless, our customers, users, and the public as required or permitted by law.
Updates to this Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.