Cloudastructure Privacy Policy

The following describes Cloudastructure’s (“Cloudastructure” or the “Company”) privacy policy and the manner in which Cloudastructure handles information that it receives that may constitute either personal or sensitive information concerning individuals. Cloudastructure intent is to comply with all applicable legal and regulatory requirements of those jurisdictions in which it does business, including the Safe Harbor Principles of the European Union Directive on Data Protection.

Our Privacy Commitment

At Cloudastructure, we truly value your privacy and are committed to maintaining the privacy, integrity, and confidentiality of the personal information collected. We encourage you to read this Privacy Policy so that you understand our commitment to you and your privacy, and how you can help us maintain our commitment. Cloudastructure will process Customer Data (as such term is defined in Cloudastructure customer agreements), which may include personal data, only to the extent and in such a manner as is necessary to provide the Services under the Agreement or as otherwise instructed by Customer from time to time.

Our privacy practices, described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System, the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation of the European Union (GDPR).

Scope and your consent to our use of your information:

This Privacy Policy applies to personal information and other information collected by Cloudastructure or its service providers from or about: (i) visitors to, or users of, Cloudastructure Websites; (ii) prospective and current customers using Cloudastructure information technology services (the “Services”); (iii) users of any mobile-device applications that it offers (such as its iOS and Android applications); (iv) service providers and business partners; (v) job applicants; and (vi) other third-parties that it interacts with.

1. What information does Cloudastructure collect and for what purpose is it used?

When we refer to “Personal Information”, we mean any information that can identify you. It includes information or an opinion from which you are reasonably identifiable. In some jurisdictions, Personal Information includes information that identifies a legal entity, such as company name. We describe the Personal Information that we collect in more detail below.

We may also collect information that is related to you but that does not personally identify you (“Non- personal Information”). Non-personal Information also includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregating, anonymizing or de-identifying such information) to remove or hide any Personal Information.

When we collect information about you:

Information you give us or our service providers. You may provide Personal Information when you: (i) access Cloudastructure Websites, (ii) request, purchase and use the Services, (iii) communicate with Cloudastructure via phone calls, chat, email, web forms, social media and other methods of communication, (iv) subscribe to Cloudastructure marketing material, (v) apply for a job, (vi) attend our events, or (vii) provide services to Cloudastructure.

Information we collect about you and your device via automated means. Each time you visit a Cloudastructure Website, view a Cloudastructure advertisement on a third party-owned website or read a Cloudastructure marketing email, we may automatically collect information about you via cookies, web beacons and other similar technologies.

Information we receive from other sources. We work closely with third parties (for example, business partners, service providers, sub-contractors, advertising networks, analytics providers, search information providers, credit reference agencies, fraud protection services, channel partners and resellers) and may receive information about you from them.

The types of information we collect:

Contact Information includes your name, company name, job title, telephone numbers, fax numbers, postal addresses, email addresses, or other addresses at which you receive communications from or on behalf of Cloudastructure (“Contact Information”). When you are expressing an interest in obtaining additional information about the Services or signing up to use the Services, Cloudastructure requires that you provide contact information (“Required Contact Information”).

Transactional Information includes information about the Services you use, and how you interact with us and the Services (for example through email, customer portal, or phone).

Billing Information includes financial qualification and billing information, such as billing name and address, and a credit card number, including card security number and credit card date of expiration.

Optional Information includes your company’s annual revenues, number of employees, industry or similar information that helps us tailor our Services to you.

Information Collected by Automated Means includes information that Cloudastructure collects through commonly used information-gathering tools, such as cookies and web beacons. Such information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and your activities on Cloudastructure Websites (such as the web pages viewed and the links clicked, number of visits, access time, device ID or other unique identifier, domain name, screen views, language information, device name and model, and operating system type), the URL of the site from which you came and the site to which you are going when you leave Cloudastructure Websites, your computer operating system, and mobile device operating system (if you are accessing Cloudastructure Websites using a mobile device). Information Collected by Automated Means also includes information that we may collect about: your use of certain Service features; the functionality of the Services; when you click on ads; your participation in research initiatives like surveys about our Services. While Cloudastructure does not monitor or view the specific data stored by its customers who are using the Services, it is necessary for Cloudastructure to track various parameters of transferred data (file size, etc.) to support features including, but not limited to, bandwidth monitoring

and storage usage. Cloudastructure treats such information as Non-personal Information and in accordance with its agreements it has in place with its customers.

Sensitive Information: We will not collect or maintain, and do not want you to provide, any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.

How we use your information:

Unless otherwise stated in our terms of service or other agreements between us / your company, we use your information only for providing you the Services that you have requested from us.

Disclosure of Personal Information

Except for the limited circumstances described in this Privacy Policy or your applicable agreement / terms of service, the Personal Information we gather is for internal use only and we will not authorize the release of this information to anyone outside of Cloudastructure unless to our authorized service providers or if you have consented to such disclosure. When we need to provide your Personal Information to third parties, we will only share it to the extent reasonably necessary. We may also share your Personal Information as required or permitted by law.

We may disclose information that does not identify any individual or company (e.g., anonymous, aggregated data) without restriction. For example, we may provide our advertisers or other third parties with reports that contain aggregated and statistical data about our users.

How you can manage your personal information

Communication Preferences and Opt-outs. If you wish to stop receiving email marketing communications from us, please click on the “unsubscribe” link at the bottom of the relevant email marketing communication or by following the instructions detailed in the communication. Please note that this may not unsubscribe you from all other communications. If you wish to opt-out completely then please contact us using the details provided below. Please note that you cannot unsubscribe from service-related messages. In accordance with industry standards and applicable laws, we reserve the right to retain your Personal Information for a reasonable amount of time so we can ensure that we do not contact you in the future.

Access and Correction. If you would like to know what Personal Information we hold about you, like to correct, delete inaccuracies, or update the information we hold about you, or revoke consent previously granted, you may submit a request to us by using the contact details below. We will inform you whether we have honored your request within the reasonable timeframes stipulated by law, but at least within 30 days. Please note that some requests may be subject to a reasonable fee. If you’re an existing customer, please log in to the applicable Cloudastructure control panel to submit a support ticket. Clients of our customers must contact the customer directly with any data subject access requests. If Cloudastructure receives a data subject access request from its customers’ clients, Cloudastructure will notify the customer as soon as reasonably practicable.

To protect your privacy, we will require you to prove your identity before granting access to, or agreeing to update, correct or delete your Personal Information and we will only implement requests with respect to Personal Information about you (not anyone else).

Choosing not to provide us with certain information. You can choose not to provide certain information when using Cloudastructure Websites, Services but this may prevent you from being able to take full advantage of the functions available online and it may prevent us from being able to provide you with Services.

Security of your information:

We are committed to industry best practice when it comes to preventing loss, misuse, alteration, unauthorized access, or unlawful or unnecessary processing of the information we collect. This includes, but is not limited to, encryption of data where appropriate, access control, and monitoring for possible vulnerabilities and attacks. For technical specifics and documentation, please contact us.

Children:

Our websites and the Services are not designed for or directed at individuals under the age of thirteen (13) or minors otherwise defined in local law or regulation. We will not intentionally collect or maintain information about these individuals. If you believe that we may have collected Personal Information from someone under the age of 13 or from a minor as may be otherwise defined in your country, please let us know.

Verification

Cloudastructure utilizes a self-assessment approach or outside compliance review to assure its compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented, and in conformity with the Privacy Shield Principles or other applicable laws and regulations. Cloudastructure conducts its self-assessment on an annual basis to ensure that all relevant privacy practices are being followed. Appropriate employee training is in place and internal procedures for periodically conducting objective reviews of compliance are in place.

Customer data – personal information of our customers’ clients

Our customers use the Service to host, transmit or process data on our hosted systems, which may include your Personal Information (“Customer Data”). In these situations, it is our customers rather than us who decide the reasons for which the Customer Data is collected and otherwise processed. Cloudastructure will not review, share, distribute, nor reference any such Customer Data except as provided in the agreement that we have in place with the customer, or as may be required by law. Nothing contained in this Privacy Policy shall be construed to alter specific terms and conditions

applicable to the Services. Our customers remain responsible for Personal Information that they collect and process and for compliance with applicable data protection laws.

For details of how the Customer Data will be used and protected, and details of how to access or correct it, amend or delete inaccuracies please refer to the privacy policy of the relevant Cloudastructure customer to which you submitted your Personal Information. If requested to remove your personal data, we will inform our customer within a reasonable timeframe.

Cloudastructure provides its services under the direction of its customers, and has no direct relationship with the individuals whose personal data our customers process. If you are a client of one of our customers and would no longer like to be contacted by one of our customers that use our service, please contact the customer that you interact with directly.

GDPR compliance statement

Cloudastructure act in compliance with the General Data Protection Regulation of the European Union (GDPR), and we require all our employees, contractors, and other third-party suppliers that come in contact with your Personal Information to do so as well. To ensure that data from the European Union is handled with care as prescribed by the GDPR, we only transfer data to countries that have an adequate level of legal privacy protection. We use the European Commission-approved Model Clause International Data Transfer Agreements for transfers from the European Union to the United States of America.

Inquiries or complains:

If you have a question or complaint about this Privacy Policy or our information collection practices, please contact us at privacy@cloudastructure.com or write us at, Cloudastructure, Inc. 55 E 3rd Ave, San Mateo, CA 94401.

Changes

Our business changes constantly and our Privacy Policy may also change from time to time. The “Last Updated” section at the bottom of this page states when this Privacy Policy was last revised. You should check the Cloudastructure Websites frequently to see recent changes.

If any change materially affects the privacy of your Personal Information, we will notify you by posting a notice to this site or by email (to the email address tied to your account) and by posting the Privacy Policy before its effective date and give you a reasonable period of time to object to any changes (which you may do by ceasing to use our Services).

Feature Report: The Power of Remote Guarding
Learn More