Introduction

At Solutioneers, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Information We Collect

Personal Information

We may collect personal information you provide directly to us, including:

• Name and contact information
• Email address
• Phone number
• Company information
• Professional details

Automatically Collected Information

When you visit our website, we may automatically collect certain information, including:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on our site
• Referring website

Third-Party OAuth Integrations

StackIQ connects to third-party services on your behalf using OAuth 2.0 authentication or API credentials. When you authorize an integration, we request specific permissions with your explicit consent. You can revoke access at any time through your StackIQ dashboard or directly in the provider's account settings.

Google Workspace

When you connect Google Workspace, we access the following data with your permission:

• Audit Reports (admin.reports.audit.readonly): Read-only access to Google Workspace activity logs, admin actions, and security events
• Usage Reports (admin.reports.usage.readonly): Read-only access to application usage statistics and user activity metrics
• User Directory (admin.directory.user.readonly): Read-only access to user profile information, email addresses, and organizational structure

Purpose: We access this data to provide audit logging, usage analytics, and user management features across your integrated platforms. This enables you to monitor security events, optimize license allocation, and maintain compliance requirements.

Microsoft 365

When you connect Microsoft 365, we access the following data with your permission:

• User Information (User.Read.All): Read-only access to user profiles and basic directory information
• Directory Data (Directory.Read.All): Read-only access to organizational directory structure and group memberships
• Audit Logs (AuditLog.Read.All): Read-only access to Office 365 audit logs and compliance activities
• Reports (Reports.Read.All): Read-only access to Office 365 usage reports and analytics

Purpose: We access this data to provide unified identity management, compliance reporting, and usage analytics for your Microsoft 365 environment.

Okta

When you connect Okta, we access the following data with your permission:

• Users (okta.users.read): Read-only access to user profiles and directory data
• Applications (okta.apps.read): Read-only access to configured applications and integrations
• Groups (okta.groups.read): Read-only access to group memberships and organizational structure
• System Logs (okta.logs.read): Read-only access to authentication events and system activity logs

Purpose: We access this data to provide identity and access management insights, security monitoring, and authentication analytics.

ServiceNow

When you connect ServiceNow, we access the following data using API credentials:

• Incident Management: IT service tickets, incident reports, and resolution data
• User Records: Employee directory and user account information
• Configuration Management Database (CMDB): IT asset inventory and configuration data

Purpose: We access this data to provide IT service management insights and asset tracking capabilities.

Data Handling for All Integrations

For all third-party integrations, we commit to the following practices:

• Access Control: Only your organization can view your integration data through the StackIQ platform
• Data Security: All integration data is encrypted at rest and in transit using industry-standard TLS/SSL protocols
• No Selling or Sharing: We never sell, trade, or share your integration data with third parties for marketing, advertising, or any purpose other than providing our services
• Limited Retention: Integration data is retained while your integration is active and for up to 30 days after disconnection, unless longer retention is required by applicable law
• Immediate Revocation: You can disconnect any integration at any time through your StackIQ dashboard, which immediately stops new data collection
• Data Deletion: You can request deletion of stored integration data by contacting us at privacy@gosolutioneers.com
• Token Security: OAuth refresh tokens and API credentials are encrypted using AES-256 encryption and stored securely. We only use them to maintain your authorized connection
• Read-Only Access: All OAuth integrations request read-only permissions. We never modify, delete, or write data to your connected accounts

How We Use Your Information

We process your personal information based on the following legal bases:

• Contract: To provide and maintain our services.
• Consent: To send marketing communications where you have opted in.
• Legal obligation: To comply with laws and regulations.
• Legitimate interests: To improve our website and services, communicate with you, and prevent fraud.

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy:

• Service Providers: Cloud hosting, authentication, analytics, and communication vendors who support our operations (e.g., Supabase, Netlify, Google Workspace, GitHub).
• Legal Requirements: When required by law or to protect our rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

Data Security

We implement technical and organizational measures such as encryption, access controls, and regular audits to protect your personal information against unauthorized access, alteration, disclosure, or destruction. No method of transmission over the internet or electronic storage is fully secure, but we strive to use industry best practices.

Your Rights

Depending on your location, you may have rights including:

• Access to your personal information
• Rectification of inaccurate information
• Erasure of your personal information
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent (for marketing communications)

You can exercise these rights by contacting us at the address below.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. In jurisdictions where required, you will be presented with a cookie banner that allows you to accept or reject non-essential cookies. You can also manage preferences through your browser settings.

Data Retention

We retain your personal information only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law. For example:

• Customer account data: retained for the duration of the business relationship and up to 3 years after termination.
• Marketing contact data: retained until you opt out or withdraw consent.
• Employee and contractor data: retained as required by applicable employment or tax laws.

Children's Privacy

Our services are not directed to children under the age of 13 in the United States or under 16 in the EU/EEA. We do not knowingly collect personal information from children.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your information during such transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: