Privacy Policy

StelOptica Systems, LLC

Effective Date: 06-18-2025
Last Updated: 06-18-2025

1. Introduction

StelOptica Systems, LLC ("StelOptica," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our services, software, and products.

This policy applies to all users of our services, including the StelOps Intelligence Suite, consulting services, and any future SaaS platforms or applications.

Contact Information:

  • Data Controller: StelOptica Systems, LLC
  • Address: Austin, TX 78716, United States
  • Email: privacy@steloptica.com
  • Data Protection Officer: TBA

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

2.1 Legitimate Interests (Article 6(1)(f))

  • Providing and improving our intelligence software and services
  • Security monitoring and fraud prevention
  • Business development and service enhancement
  • Export control and regulatory compliance

2.2 Contractual Necessity (Article 6(1)(b))

  • Account creation and management
  • Service delivery and customer support
  • Payment processing and billing
  • Technical support and maintenance

2.3 Legal Obligation (Article 6(1)(c))

  • Export control compliance (ITAR/EAR requirements)
  • Tax and financial reporting obligations
  • Security clearance verification (where applicable)
  • Response to lawful government requests

2.4 Consent (Article 6(1)(a))

  • Marketing communications (where required)
  • Optional data collection for service improvement
  • Cookies and tracking technologies (where required)

3. Data We Collect

3.1 Information You Provide Directly

Account and Registration Data:

  • Full legal name and professional title
  • Email address and phone number
  • Organizational affiliation and department
  • Physical address (business and billing)
  • Security clearance level and verification documents
  • Professional credentials and certifications

Payment and Billing Information:

  • Billing address and contact information
  • Payment method details (processed by third-party providers)
  • Purchase history and transaction records
  • Tax identification numbers (where applicable)

Communication Data:

  • Support ticket content and correspondence
  • Consultation meeting notes and recordings (with consent)
  • Feedback, surveys, and user research responses
  • Marketing communication preferences

3.2 Information We Collect Automatically

Technical and Usage Data:

  • IP address and geolocation data
  • Device information (browser, operating system, device type)
  • Log files and access records
  • Software usage patterns and feature utilization
  • Performance metrics and error reports
  • Session duration and frequency of use

Security and Monitoring Data:

  • Access logs and authentication records
  • Security incident data and threat detection
  • Network traffic analysis (for security purposes)
  • Failed login attempts and suspicious activities

3.3 Information from Third Parties

Verification and Background Data:

  • Security clearance verification from authorized agencies
  • Professional credential verification from issuing bodies
  • Organizational verification from official sources
  • Sanctions and export control screening results

4. How We Use Your Data

4.1 Service Provision

  • Creating and managing user accounts
  • Delivering software services and technical support
  • Processing payments and managing subscriptions
  • Providing consulting and professional services
  • Customizing services to user requirements

4.2 Security and Compliance

  • Verifying user identity and eligibility
  • Conducting export control and sanctions screening
  • Monitoring for unauthorized access and security threats
  • Maintaining audit trails for compliance purposes
  • Investigating security incidents and policy violations

4.3 Business Operations

  • Improving our products and services
  • Developing new features and capabilities
  • Conducting user research and market analysis
  • Managing business relationships and partnerships
  • Planning and executing business strategy

4.4 Legal and Regulatory

  • Complying with export control regulations (ITAR/EAR)
  • Responding to legal process and government requests
  • Maintaining records for tax and financial reporting
  • Enforcing our Terms of Use and other agreements

4.5 Communications

  • Sending service-related notifications and updates
  • Providing technical support and customer service
  • Delivering marketing communications (with consent)
  • Sharing security alerts and important announcements

5. Data Sharing and Disclosure

5.1 We Do Not Sell Personal Data

StelOptica does not sell, rent, or trade personal data to third parties for commercial purposes.

5.2 Authorized Sharing

We may share personal data in the following circumstances:

Service Providers and Contractors:

  • Cloud hosting and infrastructure providers
  • Payment processors and financial service providers
  • Security monitoring and threat intelligence services
  • Professional service providers (legal, accounting, consulting)

Government and Regulatory Bodies:

  • Export control authorities (when required by law)
  • Tax authorities and financial regulators
  • Law enforcement (with valid legal process)
  • Intelligence community partners (for authorized users)

Business Transfers:

  • In connection with mergers, acquisitions, or asset sales
  • During due diligence processes (with appropriate protections)

Legal Requirements:

  • To comply with applicable laws and regulations
  • To respond to valid legal process and court orders
  • To protect our rights, property, or safety
  • To prevent fraud or other illegal activities

5.3 International Transfers

Given our NATO-focused business model, we may transfer personal data to other NATO member countries. All international transfers are conducted with appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)
  • Other legally valid transfer mechanisms

6. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

6.1 Right of Access (Article 15)

You can request confirmation of whether we process your personal data and obtain a copy of your data.

6.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

6.3 Right to Erasure (Article 17)

You can request deletion of your personal data, subject to legal and contractual obligations.

6.4 Right to Restrict Processing (Article 18)

You can request limitation of how we process your personal data in certain circumstances.

6.5 Right to Data Portability (Article 20)

You can request transfer of your data to another service provider in a structured, machine-readable format.

6.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

6.7 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling, though we generally do not engage in such activities.

6.8 Exercising Your Rights

To exercise your rights, contact us at privacy@steloptica.com. We will respond within one month of receiving your request. Some requests may be subject to verification procedures to protect your privacy and security.

Important Note: Certain rights may be limited due to:

  • Legal obligations (export control compliance)
  • Contractual requirements (ongoing service provision)
  • Security and national interest considerations
  • Legitimate business interests

7. Data Retention

7.1 Retention Principles

We retain personal data only as long as necessary for the purposes outlined in this policy, considering:

  • Legal and regulatory requirements
  • Contractual obligations
  • Business operational needs
  • Security and audit requirements

7.2 Specific Retention Periods

Account Data: Retained during active service relationship plus 7 years for legal compliance

Security Clearance Information: Retained per government requirements (typically 5-10 years after service termination)

Financial Records: Retained for 7 years for tax and regulatory compliance

Communication Records: Retained for 3 years unless longer retention is required

Technical Logs: Retained for 1-2 years unless needed for security investigations

Export Control Documentation: Retained per regulatory requirements (typically 5 years minimum)

7.3 Secure Disposal

Upon expiration of retention periods, we securely delete or anonymize personal data using industry-standard methods.

8. Data Security

8.1 Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and access controls
  • Regular security assessments and penetration testing
  • Intrusion detection and monitoring systems
  • Secure development and deployment practices

8.2 Organizational Safeguards

  • Privacy and security training for all personnel
  • Background checks for employees with data access
  • Incident response and breach notification procedures
  • Regular policy reviews and updates
  • Third-party security audits and certifications

8.3 Data Breach Response

In the event of a personal data breach, we will:

  • Assess and contain the breach within 72 hours
  • Notify relevant supervisory authorities as required
  • Inform affected individuals when required by law
  • Document the incident and take corrective measures
  • Review and improve security measures as needed

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Strictly Necessary Cookies: Required for basic website functionality and security

Performance Cookies: Help us analyze website usage and improve performance

Functional Cookies: Remember your preferences and settings

Marketing Cookies: Used for targeted advertising (with consent)

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

9.3 Third-Party Analytics

We may use analytics services (such as Google Analytics) with appropriate data processing agreements and privacy controls.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Regional Considerations

11.1 European Union

For EU data subjects, this policy complies with GDPR requirements. You may lodge complaints with your local supervisory authority.

11.2 United Kingdom

For UK data subjects, we comply with the UK GDPR and Data Protection Act 2018.

11.3 Other NATO Countries

We comply with applicable data protection laws in all NATO member countries where we operate.

12. Changes to This Policy

12.1 Policy Updates

We may update this privacy policy to reflect changes in our practices, legal requirements, or service offerings. Significant changes will be communicated through:

  • Email notifications to registered users
  • Prominent notices on our website
  • Direct communication for material changes affecting your rights

12.2 Continued Use

Continued use of our services after policy changes constitutes acceptance of the updated policy.

13. Contact Information

13.1 General Privacy Inquiries

Email: privacy@steloptica.com
Address: Austin, TX 78716, United States
Phone: TBA

13.2 Data Protection Officer

TBA

13.3 EU Representative

TBA

13.4 Supervisory Authorities

EU data subjects may contact their local supervisory authority with privacy concerns or complaints.

14. Definitions

Personal Data: Any information relating to an identified or identifiable natural person

Processing: Any operation performed on personal data, including collection, storage, use, and deletion

Data Subject: The individual to whom personal data relates

Data Controller: The entity that determines the purposes and means of processing personal data

Data Processor: The entity that processes personal data on behalf of the data controller

This privacy policy is designed to comply with GDPR, UK GDPR, and other applicable data protection laws. For specific legal advice regarding your data protection obligations or rights, please consult with qualified legal counsel.

HomeSoftwareConsultingInfo
Resources
© 2025 StelOptica Systems, LLC. All rights reserved.
Terms Of UsePrivacy Policy