Privacy Policy

_{Effective Date: August 09, 2024}

Executive Summary

This Privacy Policy explains how StackBooster Corporation collects, uses, and protects your information. We categorize data into three main types: Customer Content (your data, which we only process on your behalf), Service Data (telemetry from your Kubernetes environment, used to operate and improve our service), and Usage Data (information about how you interact with our website and platform). We are committed to data minimization and purpose limitation. By default, we retain data for 30 days and will never use your Customer Content to train our AI models. This policy outlines your privacy rights under laws like GDPR and CCPA and explains how to exercise them.

1. Introduction

This Privacy Policy applies to all information that StackBooster Corporation (“StackBooster”, “we”, “us”) collects. This includes information collected through our website, the StackBooster platform (“Platform”), and in connection with our events, sales, and marketing activities.

This policy is designed to be transparent about our privacy practices. It describes the types of data we collect, our purposes for using it, and the choices you have regarding your information.

For the purposes of this policy, StackBooster Corporation, located at 8 The Green #21543, Dover, DE, 19901, US, is the data controller.

2. Data We Collect

We collect different categories of information to provide and improve our services.

a. Customer Content: This is the data that you or your users run on, or cause to interface with, your Kubernetes environments. We consider this your proprietary data. We only process Customer Content on your behalf and in accordance with your instructions, as detailed in our Master SaaS Agreement and Data Processing Addendum (DPA). We do not access the substance of your Customer Content except with your permission for support purposes.

b. Service Data (Telemetry): To provide our autoscaling services, our Agent collects telemetry data from your connected Kubernetes environments. This includes:

• Infrastructure Metrics: CPU/memory utilization, node counts, pod statuses, and resource allocation.
• Operational Metadata: Events, logs, and configuration details relevant to scaling decisions and system health.

This Service Data is essential for the Platform’s core functionality, such as node and pod autoscaling, right-sizing, and predictive scaling. It may be persisted in StackBooster’s secure cloud account to ensure reliability, provide support, and for analysis to improve the service. This data is handled in accordance with the security and confidentiality terms in our agreements.

c. Usage and Support Data: This is information we collect when you interact with our website, Platform, or support teams. This may include:

• Account Information: Your name, email address, company name, and user credentials.
• Contact Information: Information you provide when you contact us for support or sales inquiries, including your email address and phone number.
• Website Usage Data: Your IP address, browser type, pages visited, and other interaction data collected via cookies and similar technologies.

3. How and Why We Use Your Data

We are committed to the principles of purpose limitation and data minimization. We only use your data for specified, explicit, and legitimate purposes.

Data CategoryPurposes of UseGDPR Legal BasisCustomer ContentTo provide the services you have requested, as instructed by you.Performance of a ContractService Data (Telemetry)To operate, secure, and improve the Platform; provide predictive scaling; troubleshoot issues; and for capacity planning.Performance of a Contract; Legitimate InterestUsage and Support DataTo manage your account; provide customer support; communicate with you about our services; and analyze and improve our website and Platform.Performance of a Contract; Legitimate Interest; Consent (for marketing communications)

No Model Training on Customer Content: We will not use your Customer Content to train our machine learning models. Our predictive models are trained on aggregated, de-identified Service Data from across our customer base to improve the quality and accuracy of our services for all users.

4. Data Retention

We retain your data only for as long as necessary to fulfill the purposes for which it was collected.

• Default Retention: By default, Service Data and Customer Content processed by the Platform are retained for 30 days to support operational requirements.
• Configurable Retention: Customers may have the option to configure longer retention periods for certain data types, as specified in an Order Form.
• Aggregated Analytics: We may retain aggregated and de-identified data for longer periods for analytics and service improvement.

For more details, please see our Data Retention Matrix in the Security Documentation.

5. Data Sharing and Disclosure

We do not sell your personal data. We only share information with third parties in the following limited circumstances:

• Subprocessors: We use a limited number of third-party service providers (subprocessors) to help us provide our services, such as cloud infrastructure providers. We have written agreements with each subprocessor that include strict data protection terms. A list of our subprocessors is available in our DPA.
• Legal Compliance: We may disclose your information if required to do so by law or in response to a valid request from a law enforcement or government agency.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

StackBooster operates globally, and your data may be transferred to and processed in countries other than your own. We ensure that all data transfers comply with applicable data protection laws. For transfers of personal data from the European Economic Area (EEA), the UK, and Switzerland, we rely on mechanisms such as the EU Standard Contractual Clauses (SCCs) and the UK Addendum, as further detailed in our DPA.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data under laws like the GDPR, UK GDPR, and CCPA. These rights may include:

• The right to access: You can request copies of your personal data.
• The right to rectification: You can request that we correct any information you believe is inaccurate.
• The right to erasure: You can request that we erase your personal data, under certain conditions.
• The right to restrict processing: You can request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You can object to our processing of your personal data, under certain conditions.
• The right to data portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at support@stackbooster.io. We will respond to your request in accordance with applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect Usage Data and to help us understand how our website is being used. You can control the use of cookies at the individual browser level. We will provide a cookie management tool to allow you to customize your preferences.

9. Security

We take the security of your data very seriously. We have implemented appropriate technical and organizational measures to protect your information from unauthorized access, use, or disclosure. These measures are detailed in our Security Documentation.

10. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

• Legal & Privacy: support@stackbooster.io
• General Inquiries: info@stackbooster.io

Variables to Set

• Cookie Manager Placeholder: A specific tool or link for cookie management needs to be implemented.
• Retention Exceptions: Any specific, non-default retention periods for aggregated analytics should be clearly defined.

Counsel Review Flags

• Localization: This policy is drafted with GDPR and CCPA in mind. It should be reviewed for compliance with other specific national or state privacy laws where StackBooster operates.
• New Regulations: The policy should be reviewed periodically to ensure it aligns with new and emerging privacy regulations.

Comparative Notes

This Privacy Policy is more explicit than the competitor examples in its classification of data, particularly the distinction between Customer Content and Service Data (Telemetry). This approach provides greater clarity for customers, especially regarding how their data is used for service improvement. The plain-language explanation of telemetry collection and its purpose is a key differentiator, aiming to build trust. The policy also directly addresses the

‍