Privacy Policy

1.    INTRODUCTION

CoreStack, Inc. (“CoreStack”, “we,” “us,” or “our”) respects the privacy of its Users (“User,” “your,” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the CoreStack’s software-as-a-service (SAAS) platform (the “Platform”), and our website located at https://www.corestack.io/ (the “Website”), to deliver our cloud governance solutions to enterprises (“Services”).

CoreStack is a technology company that provides a SAAS platform to provide solutions for cloud compliance, security, cost optimization, operations, and automation across multi-cloud environments (AWS, Azure, GCP and so on).

CoreStack is committed to protecting the privacy of its Users whose information is collected and stored while using the CoreStack Platform, including our website, mobile applications, and any connected or cloud-based services. This Privacy Policy applies to the Website, Platform, and all applications offered for public use or sale.

The capitalized terms have the same meaning as ascribed in our Terms of Use or Terms of Service as applicable, unless otherwise noted here.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. BY ACCESSING OR USING OUR WEBSITE, SERVICES. APP, AND PLATFORM, YOU AGREE TO ACCEPT ALL THE TERMS CONTAINED IN THIS PRIVACY POLICY AND ACKNOWLEDGE AND AGREE WITH THE PRACTICES DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS AND USE OUR WEBSITE, SERVICES, AND PLATFORM.

IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE SEND US AN EMAIL AT PRIVACY@CORESTACK.IO.

WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU. WE DO NOT USE ANY CUSTOMER DATA OR PERSONAL INFORMATION TO TRAIN ANY GENERALIZED MACHINE LEARNING MODELS.

2.    TERRITORIAL APPLICABILITY

Our Website, Services, and Platform are intended for use globally, including by individuals in the European Union (EU), the United States India, and other jurisdictions, subject to applicable law. If you are located in the EU/EEA, we process your personal data in accordance with the General Data Protection Regulation (GDPR), including by implementing appropriate safeguards for international data transfers (see Section 12, “Cross-Border Data Transfers”). Your access to and use of our Services must comply with all applicable local laws and regulations.

CoreStack operates internationally, and thus your personal information may be transferred to, stored in, or processed in the United States, India, or any other jurisdiction in which we or our subprocessors operate. Such transfers will be made in compliance with the EU General Data Protection Regulation, the UK General Data Protection Regulation, applicable United States privacy laws, and the India Digital Personal Data Protection Act, including through the use of Standard Contractual Clauses or other lawful transfer mechanisms as required.

If you are a resident of the United States, the laws of the State of Delaware, United States shall govern your use of the Website, Services, and Platform, in accordance with our Terms of Service. If you are a resident of another jurisdiction, you are responsible for ensuring that your use of our Services complies with all applicable local laws and regulations.

By using our Services, you agree to be bound by this Privacy Policy, our Terms of Use, and our Terms of Service, as applicable.

If you have any questions regarding this section or your rights under applicable law, please contact us at privacy@corestack.io

3.    WHAT INFORMATION DO WE COLLECT?

When you register to use our Website, Services, or Platform, we collect personal information (also referred to as personally identifiable information or “PII”) which may include your name, address, online contact information such as your email address or username, and other personal information. The information so collected will be stored on our servers. You are able to change your personal information via email by contacting us at privacy@corestack.io or through your profile or account settings on our Website, Services, or Platform.

4.    HOW DO WE COLLECT INFORMATION?

We collect personal information from you in the following ways: 

1. 1. At registration on our Website, Services, or Platform;
   2. In email, text, and other electronic messages between you and our Website, Services, or Platform;
   3. Through mobile and desktop applications your downloads from our Webs Services, or Platform, which provides dedicated non-browser based interaction between you and our Website, Services, or Platform;
   4. From you placing an order, which includes details of transactions you carry out on our Website, Services, or Platform;
   5. When you subscribe to a newsletter;
   6. From your responses to a survey;
   7. From forms filled out by you;
   8. From records or copies of correspondences (including email addresses) if you contact us;
   9. When you use or access CoreStack’s APIs or authorize a third party to do so on your behalf;
   10. From search queries on our Website, Services, or Platform; and

We collect information from you automatically when you navigate through our Website, Services, or Platform in the following ways:

1. 1. Usage details;
   2. IP addresses; 
   3. Information obtained through browser cookies;
   4. Information obtained through flash cookies; if applicable
   5. Web beacons on our Website;
   6. Device type, operating system, browser type, language preferences, and time zone;
   7. Unique device identifiers (such as UUID, MAC address, or advertising ID, where applicable);
   8. Geolocation data, either approximate (e.g., city or region) or precise, if you enable location features on the App;
   9. Web beacons on our Website;
   10. Web beacons on emails sent by us; and
   11. Other tracking technologies. 

5.    HOW DO WE USE YOUR INFORMATION?

We use the information that you provide to:

1. 1. Personalize your experience in using our Platform;
   2. Provide you with information, products, or services requested from us;
   3. Present our Website, Services, and Platform and their contents to you;
   4. Provide you with notices about account and/or subscription, including expiration and renewal notices;
   5. Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
   6. Notify you about changes to our Website, Services, and Platform and any products or services;
   7. Allow you to participate in interactive features on our Website, Services, and Platform;
   8. Improve the Website, Services, and Platform;
   9. Improve our customer service;
   10. Administer contests, promotions, and surveys or other Website, Services, and Platform features;
   11. Process transactions;
   12. Anonymize data and aggregate data for statistics;
   13. Contact you for other purposes with your consent;
   14. Contact you about our products and services that may be of interest;
   15. Contact you about third parties’ goods and services;
   16. Ensure compliance with legal obligations under applicable laws such as GDPR, CCPA, and PIPA, including data retention, access requests, and security measures.
   17. Enable the display of advertisements to our advertisers’ target audiences, although personal information is not shared with advertisers without your consent; and
   18. Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 17, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred.  

We may also use your information to support the artificial intelligence-enabled features of the Platform, such as for detecting issues like cost anomalies or security threats to your cloud governance, suggesting remediation actions using natural language or API, and accelerating cloud assessments. These features use your data solely for the purpose of providing Services to you. We do not use your business data or information related to your customers, processes provided to the AI agents on the Platform (“Customer Data”) or personal information to train any generalized machine learning models that are made available to other customers.

CoreStack’s artificial intelligence-enabled tools that assist with intelligent assessment operations, a continuous agentic feed on risks and anomalies, executive summaries and integrations with other platforms, analyze Customer Data solely for the purpose of providing the Services. We do not make automated decisions that produce legal or similarly significant effects on any individual, and we do not profile Users for behavioral, marketing, or employment-related purposes. Certain features of the Platform use artificial intelligence algorithms to assist with analysis and content generation. These features operate solely on your organization’s data and do not use such data to train or improve any generalized or cross-customer machine learning models. All processing performed by these features is limited to delivering the Services that you have requested and authorized.

These automated assessments are based on industry-standard security frameworks and best practices. You may request human review of any automated assessment by contacting support@corestack.io

6.    OUR COOKIE POLICY

Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this Privacy Policy, we refer to all of these technologies as “Cookies.”

We use Cookies on our Website and Platform to (a) help remember and process items in the shopping cart, (b) understand and save your preferences for future visits, (c) keep track of advertisements, (d) compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future, (e) enable secure logins and account authentication, (f) detect and prevent fraudulent activity, (g) measure the effectiveness of email campaigns, push notifications, and other communications, (h) analyze engagement and usage patterns across our Platform and connected devices, and (i) allow trusted third-party services that track this information on our behalf. You can set your browser to refuse all or some browser Cookies, but it may affect your user experience. We provide a cookie consent management platform accessible via the 'Cookie Settings' banner in the footer of our Website. Through this interface, you can review the categories of cookies we use and adjust your preferences or to withdraw your consent for non-essential cookies at any time. Where required by applicable law (such as in the EU/EEA), we will request your consent before placing or accessing non-essential Cookies, including those used for analytics or advertising.

We allow third party behavioral tracking and links to third-party web pages.   Occasionally, at our discretion, we may include or offer third-party products or services on our Website, Services, or Platform. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website, Services, or Platform and welcome any feedback at about these sites. Please contact us at privacy@corestack.io.

If you are an EU resident, please reach out to us at privacy@corestack.io for more information about specific cookies we use, their purpose, and how you can manage or withdraw your consent.

7.    HOW DO WE PROTECT INFORMATION WE COLLECT?

CoreStack is committed to safeguarding the personal information you entrust to us. We have implemented a combination of technical, organizational, and administrative security measures to protect your data from unauthorized access, disclosure, alteration, and destruction.

Our Website receives regular security scans and penetration tests.   Our Website also receives regular malware scans.  In addition, our Website use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your personal information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your personal information that we store and/or process on our Platform and servers.  We accept payment by credit card through a third party credit card processor on our behalf.  We will implement reasonable security measures every time you (a) place an order, or (b) enter, submit, or access your information, (c) register, or (d) access our Platform, on our Website.  

We require usernames and passwords, or other authentication credentials, for our employees who are permitted to access personal information that we store and process on our systems. Access to such information is limited to those employees and subprocessors who have a legitimate business need to access it in order to provide the Services to you. We implement measures intended to prevent unauthorized third parties from accessing personal information stored or processed on our servers or within the Platform.

Please note that although we make reasonable efforts to protect your personal information, the transmission of information via the internet is not completely secure. Any transmission of personal information is at your own risk. We cannot guarantee the security of your personal information transmitted to our Website or Platform, and are not responsible for circumvention of any privacy settings or security measures contained therein.

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with our contractual or legal obligations, resolve disputes, enforce our agreements, and maintain business and audit records. Customer Data uploaded to the Platform is retained in accordance with your organization’s instructions or the terms of our agreement with your organization. We may retain certain information for a longer period where required for legal, regulatory, tax, accounting, security, or fraud prevention purposes. When personal information is no longer required, we will take reasonable steps to delete, anonymize, or otherwise render it unusable.

8.    DATA SECURITY MEASURES.

1. Security Measures.  We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers protected by industry-standard encryption protocols and firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, Services, or Platform, you are responsible for keeping this password confidential. We recommend that you use a unique, strong password and avoid sharing your login credentials with others. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. While we actively monitor and maintain the integrity of our security systems, please note that no method of transmission over the internet or electronic storage is entirely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website, Services, or Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website, Services, or Platform. If you believe your account has been compromised, please contact us immediately at privacy@corestack.io.
   
   
2. Fair Information Practice Principles.  In the event of a personal data breach, we will notify you within seventy-two (72) hours via (i) email and/or (ii) our Platform notification system on our Website.  We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle ensures that individuals have: (i) access to legal remedies against companies that fail to protect personal data or violate privacy laws; (ii) recourse through regulatory authorities, such as data protection agencies or supervisory bodies; (iii) the right to lodge complaints with a relevant data protection authority; and (iv) the ability to seek damages, where applicable, for any unlawful processing or breaches of personal data. We are committed to upholding your rights under applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant legal frameworks.

9.    DISCLOSURE OF PERSONAL INFORMATION

There are times when we may share Personal Information that you have shared with us may be shared by CoreStack with others to enable us to provide you our Services, including contractors, service providers, and third parties (“Partners”). This section discusses only how CoreStack may share such information with Partners. We will ensure that our Partners protect your Personal Information. The following describe how and with whom we may share your Personal Information: 

Disclosure of Personal Information. 

1. 1. We may disclose aggregated, de-personalized information about you that does not identify any individual to other parties without restriction, such as for marketing, advertising, or other uses.
   2. We may disclose personal information to our subsidiaries and affiliates.
   3. We may disclose personal information to contractors, services providers, and other third parties.
   4. We require all contractors, service providers, and other third parties to whom we disclose your personal information to be under contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose them.
   5. We may disclose personal information in the event of a merger, acquisition, sale of business, etc.
   6. We may disclose to third parties to market their products and services to you if you have either consented or not opted out of these disclosures.
   7. We may disclose personal information to third parties to market their products and services if you have either consented or not opted out of these disclosures.
   8. We require all other Partners, to whom we disclose your personal information, to enter into contracts with us to keep personal information confidential and use it only for the purposes for which we disclose it to such Partners.
   9. We may disclose personal information to cloud-based analytics and platform infrastructure vendors, including those based in the United States, India, or other jurisdictions, where data protection laws may differ from those in your home country.
   10. Where required by law (such as under the General Data Protection Regulation in the EU), we will ensure an adequate level of protection is in place before transferring data cross-border.
   11. We disclose personal information to fulfill the purpose for which you have provided it, for instance, if you gave us an email address to use the “email a friend” feature of the Platform.
   12. We may disclose personal information for any other purpose for which you have provided it.
   13. We may only disclose personal information as described in this Privacy Policy or your consent.

Other Disclosure of Personal Information. 

1. 1. We will disclose personal information (i) to comply with any court order, law, or legal process, including to respond to any government or regulatory request, (ii) to enforce or apply our Terms of Use or Terms of Service and other agreements, including for billing and collection purposes, (iii) if we believe it is necessary or appropriate to protect the rights, property, or safety of CoreStack, our customers or others, and/or (iv) if it is necessary or appropriate to protect the rights, property, or safety of CoreStack, our customers, or others, and this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Third Party Disclosure.

1. 1. We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice.  This does not include our hosting partners and other parties who assist us in operating our Website, Services, or Platform, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
   2. We do not provide non-personally identifiable visitor information for marketing purposes.
   3. All third parties located outside of the European Economic Area (EEA) that receive personal information will be subject to contractual safeguards, such as standard contractual clauses or similar legal mechanisms.

Choices Users Have About How CoreStack Uses and Discloses Information. 

1. 1. Tracking Technologies and Advertising. You can set their browser to refuse some or all the browser cookies, but if you disable or refuse cookies, some parts of our Website may not be accessible or function properly.
       
   2. Disclosure of Users’ Information for Third-Party Advertising.  Users can opt-out by (i) checking the relevant form when we collect the data; (ii) logging into the Platform and adjusting their preferences in their account profile by checking or unchecking the relevant boxes, or (iii) emailing us their opt-out request at privacy@corestack.io Users receiving promotional email can opt-out by sending a return email requesting to be omitted from future promotional email distributions. This opt-out will not apply to information provided by CoreStack for product purchases, warranty registration, or other transactions.

10.    DATA RETENTION, MINIMIZATION, AND AUTOMATED PROCESSING

1. 1. Data Retention. We retain Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, and regulatory obligations. The specific retention periods include: (i) Account Information: Retained while your account remains active and for twelve (12) months after account closure; (ii) Platform Performance Metrics: Retained for twenty-four (24) months to assist with product performance monitoring and enhancement; and (iii) Transaction Records: Retained for seven (7) years to comply with applicable financial and tax regulations.
      We may retain Personal Information for longer periods when: (i) required by applicable law or regulation; (ii) necessary for the establishment, exercise, or defense of legal claims; (iii) requested by a User with respect to their own Personal Information; or (iv) retained in an anonymized or aggregated form that does not reasonably identify the User.
      
      
   2. Data Minimization. We are committed to the principle of data minimization. CoreStack collects only the Personal Information necessary to provide and improve our Services. We implement technical and organizational safeguards to ensure that data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We conduct quarterly data minimization audits to identify and eliminate any unnecessary or excessive data in our systems.
      
      
   3. Secure Deletion. Upon expiration of the applicable retention period, we securely delete Personal Information using industry-standard methods designed to render the data permanently unrecoverable. We maintain internal documentation of all secure deletion activities in compliance with applicable laws and internal data governance protocols.
      

11.    FOR OUR EUROPEAN CUSTOMERS AND VISITORS

We are headquartered in the United States, and most of our operations are located in the United States and India. Your Personal Information, which you give to us during registration or use of our Website or Platform, may be accessed by or transferred to us in the United States or India. If you are visiting our Website or registering for our Services from outside these countries, be aware that your Personal Information may be transferred to, stored, and processed in the United States or India. Our servers or our third-party hosting service providers are located in the United States and India. By using our site, you consent to the transfer of your Personal Information out of Europe, the UK, or Switzerland for processing in the US, India, or other countries where we or our subprocessors operate.

• If you are a resident of or a visitor to Europe, you have certain rights with respect to the processing of your Personal Data, as defined in the General Data Protection Regulation (“GDPR”).
• Please note that in some circumstances, we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request.
• In such situations, however, we will still respond to let you know of our decision.
• As used herein, “Personal Data” means any information that identifies you as an individual, such as name, address, email address, IP address, phone number, business address, business title, business email address, company, etc.

1. 1. EU Standard Contractual Clauses.  On June 4, 2021, the EU promulgated a new set of SCCs (the “New SCCs”), which replaced the old SCCs which had been in place for over a decade. We now comply with the New SCCs with respect to the transfer of Personal Data from the EU to the US and other countries for Processing, as defined in the GDPR. If there is any conflict between the terms and conditions in this Privacy Policy and your rights under the New SCCs, the terms and conditions in the new SCCs will govern.
      
      
   2. The New SCCs.
      • The New SCCs took effect on June 27, 2021.
      • The Old SCCs may still be used for new data transfers in new contracts during a three-month transition period that ends on September 27, 2021.
      • Existing data transfers contracts that rely on the Old SCCs can be used until December 27, 2022, by which time all data transfers relying on the Old SCCs must be transitioned to the New SCCs.
      • As of now, we and our customers are using the New SCCs to transport Personal Data from the EU to other countries including the US for processing by us.
      • You are the Controller, as defined in the GDPR, and the Exporter, as defined in the New SCCs, of the Personal Data and we are a processor, as defined in the GDPR, and the Importer of such Personal Data. 
      • You agree to comply with the GDPR rules that apply to Controllers and the New SCCs rules that apply to Data Exporters. We agree to comply with the GDPR rules that apply to Processors and the New SCCs rules that apply to Data Importers.
        
        
   3. Our GDPR Compliance Commitment.
      • We agree to fully comply with the letter and the spirit of the GDPR and the New SCCs with respect to the transfer or your Personal Data for Processing outside the EU.
      • As a Data Importer, a User may contact us as set forth in Subsection 12(d) below with respect to the Personal Data we store and process on you. 
      • We hereby notify you that we will be processing, as defined in the GDPR, the Personal Data of your Authorized Users (i.e., those individuals whom you have authorized to access our Platform and to use our Services) in the US, Canada, and India for us to be able to provide the Services to you that we have agreed to do in our definitive service agreement between you and us. 
      • Upon request, we will provide you with a list of your Personal Data that we will process and a copy of the New SCCs under which we will transport your Personal Data for processing. 
      • We hereby warrant that, at the time of agreeing to the SCCs for the transport of your Personal Data, we have no reason to believe that the laws and practices applicable to us as a data processor and a data importer, including those of the US, Canada, and India are not in line with the requirements of the New SCCs. 
      • If we cannot satisfy any request or dispute to your satisfaction, we will agree to arbitrate or litigate the dispute in the EU jurisdiction in which you reside. 
      • We will only transfer your Personal Data to a third country in accordance with documented instructions from you.
      • Your Personal Data will be transferred and stored in an encryption format. 
      • Only our employees, who have a need to access your Personal Data to enable us to meet our contractual and legal obligations to you, will be given access to your Personal Data.
      • Such employees will be given a User Name and Password to access your Personal Data. 
      • We will keep an automated record of all persons who have accessed your Personal Data.
        
        
   4. Rights of Data Subjects. To make any of the following requests, with respect to this Privacy Policy, our Terms or Use, and/or Personal Data, please contact us via email at privacy@corestack.io 

• • 
    
    1. Access: You can request more information about the Personal Information we hold about you. You can also request a copy of the Personal Information.
    2. Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
    3. Objection: You can contact us to let us know that you object to the collection or use of your Personal Information for certain purposes.
    4. Erasure: You can request that we erase some or all of your Personal Information from our systems.
    5. Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
    6. Portability: You have the right to ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
    7. Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services or Platform and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services and Platform.
    8. Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. Please go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to locate your Data Protection Authority in the EU. You may contact the UK’s Information Commissioner at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
    9. We will respond to your inquiry within thirty (30) days of the receipt.  

12.    FOR OUR CANADIAN USERS

This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website, Services, or Platform, who reside in Canada (“consumers” or “you”). We ensure with the Personal Information Protection and Electronics Document Act of 2000 (“PIPEDA”) and any terms defined in the PIPEDA have the same meaning when used in this Section.

1. 1. Definition of Personal Information.  Any information about an identifiable individual. Whatever may be the physical form or characteristics of a particular regime for “business contact information” (name, position, title, address, professional phone number, etc.)
      
      
   2. Right to Access Personal Information.  You can request to access your personal information we hold about you. We will first confirm whether you have requested such information, explain how we have used your information, provide a list of names with whom your information has been shared and provide a copy of your information in an accessible format and make alternative formats available if requested.
      
      
   3. Right to Correction/Limited Right to Deletion.  You can request us to correct or delete your information IF you demonstrate that the personal information we hold on you is inaccurate. We will delete or correct your information within thirty (30) calendar days. When we delete/correct your personal information we will inform the third parties with whom we have shared your information.
      
      
   4. Right to be Forgotten.  Your information will be kept with us for as long as it is required for the fulfillment of the purposes of CoreStack Platform. Unless we otherwise give you notice, we will retain your Information on the CoreStack Platform on your behalf until such times as you or we terminate your User Account.
      
      
   5. Data Breach Notification.  We will send a notification to you as soon as feasible regarding the information of any breach that creates a “real risk of significant harm” to you. We keep a record of every data breach and, on request, provide the Office of the Privacy Commissioner with access to the record.
      
      
   6. Canadian Privacy Officer. We have appointed a Canadian Privacy and Data Protection Officer, privacy@corestack.io to make sure the privacy rights of our Canadian users are protected in compliance with PIPEDA.
      
      
   7. Two Factor Authentication. You may enable two-factor authentication on your account to help ensure that only you can access your account. If you do, in addition to entering your password to log in to your account to access the CoreStack Platform, we will send a code to your mobile number, which you will need to enter. This added security prevents anyone else from accessing your CoreStack account unless they have access to your login information.
      
      
   8. Contact Information. You may contact us (i) at privacy@corestack.ai or (ii) by writing to us at Privacy Officer, at 3600 136th Pl SE, Suite 400, Bellevue, Washington 98006 to (i) make a Personal Information Request, (ii) correct or delete your personal information, (iii) discuss our Privacy Policy and/or anything that has to do with it. We will respond within thirty (30) calendar days of receiving such a request or query. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity.
      
      

13.    YOUR CALIFORNIA PRIVACY RIGHTS

CoreStack does not sell, trade, or otherwise transfer to outside third parties your “Personal Information” as the term is defined under the California Civil Code Section § 1798.82(h). Additionally, California Civil Code Section § 1798.83 permits Users of our Website, Services, or Platform that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email to privacy@corestack.ai or write us at CoreStack, Inc. 

Note that (i) if we delete your Personal Information as requested, we will no longer be able to provide our services to you and (ii) we may need to keep such Personal Information for a while during the shutting down and billing process. If you would like to discuss our Personal Information storage and processing process with us, please send us an email at privacy@corestack.io or write us at CoreStack, Inc., 3600 136th Pl SE, Suite 400, Bellevue, Washington 98006.

14.    CALIFORNIA CONSUMER PRIVACY ACT 

This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website, Services, or Platform, who reside in the State of California (“consumers” or “you”). We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Section.

1. 1. Right to Request Personal Information. Upon request, we will provide you with (i) a list of all Personal Information that we have collected on you, (ii) from whom we obtained such Personal Information, (iii) the reason why we collected such Personal Information, and (iv) with whom (if any) we have shared such Personal Information. If we sell your Personal Information or disclose your Personal Information to third parties, upon request, we will provide you with (i) a list of the Personal Information that we have collected on you, (ii) a list of the Personal Information that we sell or disclose to others on you, and (iii) to whom we have sold or disclosed your Personal Information. A consumer can make such a request only twice in a 12-month period.

We require such Personal Information to be able to provide to you our Services. 

Unless otherwise specified, we only collect Personal Information from you. We do not use others to provide us with your Personal Information.

1. 1. Disclosure of Personal Information. We only share your Personal Information with service providers, e.g., billing and collection agents, who enable us to provide our Services to you. We do not sell or give your Personal Information to third parties for purposes unrelated to our provision of Services to you.
      
      
   2. Right to have Personal Information Deleted. Upon request, we will delete all of your Personal Information that we have collected on you and will direct our Service Providers to also delete all of your Personal Information. But note that if we do delete all of this Personal Information, you will no longer be able to use our Services.
      
      
   3. Non-Discrimination Right. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
      1. 1. Deny you goods or services.
         2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
         3. Provide you a different level or quality of goods or services.
         4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
            
            
   4. Financial Incentives. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
      
      
   5. Contact Information. You may contact us (i) at CoreStack.io, or (ii) by writing to us at Privacy Officer, at 3600 136th Pl SE, Suite 400, Bellevue, Washington 98006 to (i) make a Personal Information Request, (ii) lodge a complaint about our use or storage of your Personal Information, (iii) ask us to delete such Personal Information, and/or (iv) discuss our Privacy Policy and/or anything that has to do with it. We will respond within forty-five (45) days of receiving such request or query. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity.
      
      
   6. Under 16. We will not sell your Personal Information if you are under the age of 16 unless we have the consent of your parent or your guardian nor will we sell it if you ask us not to do so.
      
      
   7. Opt Out Right. Upon your request, we will stop selling your Personal Information (sometimes called your Opt Out Right). You may send the request to Opt Out (i) to privacy@corestack.io, or (ii) by writing to us at Privacy Officer, 3600 136th Pl SE, Suite 400, Bellevue, Washington 98006.
      
      

15.    INDIAN CONSUMER LAWS

This Section is applicable to you only if you are a consumer of CoreStack Services based in India to whom the Indian Consumer Protection E-Commerce Rules, 2020 (“CP Laws”) apply.

1. Complaints to grievance redressal officer.  Should you have any complaints or grievances in relation to, or if you believe there has been any violation of, the CP Laws, in the provision of services through the Website, App and/or Platform, please contact the Company’s grievance redressal officer for CP Laws,(Perumal Balakrishnan, Senior Vice President) at Perumal.b@corestack.io detailing your complaint, or reach out to customer care at support@corestack.io.
   
   
2. Procedure for redressal of complaints.  Once we receive your complaint, we will do our best to acknowledge it within 48 hours through email or through SMS or call on your phone number. You hereby consent to being contacted for the redressal of your complaint. You will be provided with a ticket number for your complaint. We will do our best to redress your complaint within one month from the date of our receipt of the complaint, however we do not warrant and hereby disclaim any liability if our redressal of your complaint does not resolve your complaint to your satisfaction and/or in such time frame.
   
   

16.    COPPA COMPLIANCE (FOR CHILDREN UNDER 13 USERS ONLY)

The Children’s Online Privacy Protection Act (“COPPA”) is a federal legislation that applies to entities that collect and store “Personal Information,” as the term is defined under COPPA, from children under the age of 13. We are committed to ensure compliance with COPPA. Our Website, Services, and Platform are not meant for use by children under the age of 13. Our Website, Services, and Platform do not target children under the age of 13, but we do not age-screen or otherwise prevent the collection, use, and personal disclosure of persons identified as under 13. If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at privacy@corestack.io
We do not conduct age verification, and as a result, may unintentionally collect Personal Information from individuals under the age of 13 without our knowledge. If we learn that we have collected Personal Information from a child under the age of 13 without verification of parental consent, we will delete such information promptly.

IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR WEBSITE, SERVICES, OR PLATFORM. 

17.    CAN-SPAM ACT OF 2003

The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations.  Per the CAN-SPAM Act, we will:

1. not use false or misleading subjects or email addresses; 
2. identify the email message as an advertisement in some reasonable way; 
3. include the physical address of CoreStack, which is 3600 136th Pl SE, Suite 400, Bellevue, Washington 98006; 
4. monitor third-party email marketing services for compliance, if one is used;
5. honor opt-out/unsubscribe requests quickly; and
6. give an “opt-out” or “unsubscribe” option.    

We also ensure that unsubscribe mechanisms are clearly visible and function reliably. Users will not be required to take any steps beyond sending a reply email or visiting a single webpage to opt out.

If you wish to opt out of email marketing, follow the instructions at the bottom of each email or contact us at privacy@corestack.io and we will promptly remove you from all future marketing correspondences.

18.    MODIFICATIONS TO OUR PRIVACY POLICY

We will post any changes to this Privacy Policy in a notice of the change at the bottom of our web page with a hyperlink thereto. We will also send you an email describing such changes. Please regularly review this Privacy Policy. Notwithstanding if you continue to use our services, you are bound by any changes that we make to this Privacy Policy.

19.    LIST OF THIRD-PARTY SERVICE PROVIDERS

CoreStack uses the following third-party service providers for the provision of services as detailed under the Terms of Use or Terms of Service, as applicable

Additionally, if you have any questions or concerns about our third-party service providers, please email us at privacy@corestack.io.

20.    ANTI-BRIBERY COMPLIANCE

CoreStack represents and warrants that it is fully aware of and will comply with, and in the performance of its obligations hereunder will not take any action or omit to take any action that would cause it or its customers to be in violation of, (i) U.S. Foreign Corrupt Practices Act, (ii) U.K. Anti-Bribery Act, (iii) India Prevention of Corruption Act of 1988, or (iv) any other applicable anti-bribery statutes and regulations, and (v) any regulations promulgated under any such laws.  Company represents and warrants that neither it nor any of its employees, officers, or directors is an official or employee of any government (or any department, agency or instrumentality of any government), political party, state owned enterprise or a public international organization such as the United Nations, or a representative or any such person (each, an “Official”).  CoreStack further represents and warrants that it has instituted and will maintain policies and procedures reasonably designed to ensure compliance with such anti-bribery laws. Company further represents and warrants that, to its knowledge, neither it nor any of the supplier personnel has offered, promised, made or authorized to be made, or provided any contribution, thing of value or gift, or any other type of payment to, or for the private use of, directly or indirectly, any Official for the purpose of influencing or inducing any act or decision of the Official to secure an improper advantage in connection with, or in any way relating to, (A) any government authorization or approval involving CoreStack, or (B) the obtaining or retention of business by CoreStack.  CoreStack further represents and warrants that it will not in the future offer, promise, make or otherwise allow to be made or provide any payment and that it will take all lawful and necessary actions to ensure that no payment is promised, made or provided in the future by any of the supplier personnel.  

21.    CONTACT US 

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

-    Privacy Officer

-    Email: privacy@corestack.io
 

PLEASE NOTE: IF YOU USE OUR WEBSITE, SERVICES, OR PLATFORM, YOU HAVE AGREED TO AND ACCEPTED THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS SET FORTH IN OUR TERMS OF USE OR OUR TERMS OF SERVICE, AS APPLICABLE. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE OUR WEBSITE, SERVICES, OR PLATFORM.