Privacy Policy

TL;DR

We know policies in general can be a pain to read. They're filled with legal words and confusion. Even though we've tried to make this as simple as possible to read and understand, the general gist of it is we only obtain information that we absolutely need to.

We follow and abide by GDPR and CCPA rules and regulations, and we allow for deletion of data when necessary or requested. We don't obtain any information on you without your explicit permission, and we have built our systems with that mindset.

For legal reasons, this TL;DR isn't part of the Privacy Policy. It's just a friendly note. Nothing in this TL;DR should be construed to take away from or add to our Privacy Policy, and this TL;DR should not be considered for any disputes regarding any of our policies.

Term Inheritance:

The terms within this Privacy Policy will be inherited by the Acceptable Use Policy, available on this website, unless otherwise denoted.

Additional Agreements:

This Privacy Policy inherits all clauses from the Acceptable Use Policy and any other relevant Policies, available on this website, except where otherwise denoted.

Who This Agreement is for:

By accessing and using this website, you accept and agree to be bound by the terms and provisions of this agreement and any other agreement published on this website and any website owned and operated by Create Azure LLC (hereafter collectively referred to as the “Policies”). In addition, when using any service provided by Create Azure LLC, or by cloudMonic (subsidiary of parent Create Azure LLC), you shall be subject to any posted guidelines or rules applicable to such services, which may be posted and modified at-will by Create Azure LLC/cloudMonic (hereafter collectively referred to as the “Provider” or the “Company”).

General Purpose:

The purpose of this agreement (“Privacy Policy”) is to provide a better understanding of the Provider’s commitment to the privacy of the User. Any reference in the first-person narrative will refer to the Provider and their commitments. Any reference in the second-person narrative will refer to the User directly. It is the User’s responsibility to ensure their responsibilities are maintained by their agents, representatives, and end-users.

A Moral Obligation:

The Provider is not legally obligated, but to meet the Provider’s ideologies and mission has a moral obligation to follow the guidelines set forth on data privacy by the European Union under the EU General Data Protection Regulation (GDPR).

As such, the Provider promises to, where possible:

· Explain how the Provider processes data in a “concise, transparent, intelligible and easily accessible form, using clear and plain language”

· Make it easy for the User to make privacy-related requests to the Provider

· Communicate clearly the usage of the User’s private data when provided, including but not limited to:

o   The amount of time the data is stored, or the criteria used to determine the amount of time the data is stored

o   The legitimate interests pursued when processing the User’s data

o   The protocol for reviewing, removing, and obtaining the User’s data

· Delete all of the User’s private data that is no longer required to provide Services to the User

· Anonymize any data that does not specifically need to be stored with a User’s personal information (ie. Geolocation, IP addresses, access information, etc)

· Make it easy for a User to request their information, or request their information stored on our servers be sent to a third-party

· Make it easy for a User to request withdrawal from any agreement or consent with Policies

· Regularly review this Privacy Policy for changes, effectiveness, changes in handling of data or the state of affairs of other countries that our data may flow to

· Make it easy for a User to update their information within our system

· Train agents and representatives on the importance of privacy and on these key points

In some cases, such as withdrawing consent from this and other Policies, the User may forfeit their access to the site and our Services. Due to the nature of the Provider’s work, the Provider cannot accept anonymous sign-ups, and as a result some personal data is required to continue Services with the Provider.

Do Not Sell My Data:

We do not sell, nor have we ever sold data to any third-party company. Your data will be solely retained for the use of Create Azure LLC and its subsidiaries, and will never be sold or used outside of the Company.

Reciprocating Data and Data Removal Requests:

When the Provider reciprocates (or copies) data to another subsidiary company, and a request for deletion has been made, all companies within the parent company’s organization (Create Azure LLC) will receive the request and act on it as appropriate. In the event of discontinuing services due to the deletion of this data, the User will lose access to all services provided by all companies under the parent company’s organization.

Opting In:

The Provider uses an opt-in system, similar to those used in the EU, as part of the commitment to following as many privacy regulations from the GDPR as possible. The User will be prompted to allow for cookies and other location/browser-related data to be collected for analytical purposes at the time of their first entry, or their subsequent entry following the clearing of their browser’s history/cookies/cache or expiration of the Provider's consent acceptance cookie (30 days).

In the event the User chooses to opt-out of this prompt, only anonymous session data will be collected and stored. The Provider disables Google Analytics, any internal analytics, and session logging for the User’s private data in the session. The User will continue to be prompted on subsequent visits, as no session data will exist for the User following the previous visit and no permanent storage of the User’s response will be made. This may limit the features of the site, and the User will not be able to log-in, register or purchase Services until they have opted-in.

Our Commitment to Removing Data:

We stand by our word in transparency, and will inform the User when data pertaining to your personal information has been removed from our systems or network. This notification will be in the form of an e-mail or other electronic message (ie. Account notifications, etc) and will be received within seven (7) days of the deletion of this data.

When a request is made for the deletion of data by a User, we will provide the User with an initial response within fourteen (14) business days of the request date. This initial response will include the following information:

· What the User forfeits by removing this data from our system (if applicable)

· The length of time required to securely remove this information from our system

· The estimated timing for complete removal of this information from our system

In the event data cannot be removed without disabling access to the Services or site, the initial response will outline the implications of removing this data and will ask for final consent in the removal once all necessary information is obtained by the User.

In the event the User has entered an agreement for Services provided by the Provider, the commitment term must be completed before the data can be removed, except where early cancellation or term cancellation is applicable per the Provider’s Acceptable Use Policy.

Notification of Breach:

The Provider will provide notification of security breaches that affect a User’s personal data to the User within twenty-one (21) days of resolution of the breach, including a full security analysis performed either by internal representatives or agents of the Company, or by a third-party security firm. The Provider reserves the right to maintain the security of their infrastructure, and to decide the third-party security firm or responsible agents or representatives to carry out security investigations in the event of a breach.

The Provider is not responsible for breaches caused by the negligence or actions of a User, such as but not limited to insecure passwords, re-using passwords on other sites, breaches resulting from the use of the Services, or breaches pertaining to the use of the Services. The User is solely responsible for any security breaches of their Services and the Provider retains no moral, legal, or other obligation to monitor the Services provided for security or any other form of breach.

GDPR Article 8 and COPPA:

The Provider’s Services are not intended for use by any minor, and the User must be of full legal age to consent to a contract in their jurisdiction or in the applicable jurisdiction of the Policies, whichever holds more lawful in the applicable court. Any information retained from a minor, upon notification of such access, shall be immediately destroyed by the Provider and Services and access to all sites provided will be immediately discontinued.

Types of Data Collected:

The User, upon opting in as laid out in the “Opting In” section of this Privacy Policy, will consent to the following data being collected:

· Google Analytics cookies and related information

o   Google Analytics is a web analysis tool provided by Google LLC (“Google”).

o   Google utilizes the User’s data collected to track and examine the usage of the Provider’s websites, and applications, to prepare reports on the User’s activities and share them with Google’s services.

o   Google may use any data collected to contextualize and personalize the ads of its own advertising network

o   Personal Data processed: Cookies; Usage data

· Session Logging

o   The Provider will implement a single cookie to collect the User’s opt-in response to avoid repeat requests for approval in the event the User has opted in

o   The Provider may save temporary session files, to be retained for a maximum of seven (7) days, on their systems to better the user experience and features of the user interface

· Chat Stream

o   The Provider utilizes a third-party system, Stream, for support and for contact forms.

o   Stream may implement cookies or session data for a user, and the Provider may send personal data to its implementation of the Stream system in order to better serve the User and its agents, representatives or end-users.

The User, upon opting out as laid out in the “Opting In” section of this Privacy Policy, will consent to the following data being collected:

· The Provider may collect IP addresses that access this website to prevent misuse, and to aid authorities in investigations

· The Provider may collect any data manually submitted by the User on any form of this website

The User, upon opting out as laid out in the “Opting In” section of this Privacy Policy, understands that some features of this website and the applications the Provider provides may be limited due to their decision, and may require a future opt-in agreement to access. These include, but are not limited to:

· Registration

· Login

· Accessing account information

· Purchasing Services

· Creating support requests via chat

Legal Action:

The User’s personal data may be used for legal purposes by the Provider in court or in the stages leading up to possible legal action arising from improper use of the Services or this site.

The User declares to be aware that the Provider may be required to reveal personal data upon the request of the public or law enforcement authorities.

Information Not Contained Within:

The User may request additional information on the processing and collection of data at any time from the Provider by completing a support request.

Do Not Track HTTP Headers:

When opting out, as per the “Opting In” section of this Privacy Policy, the Provider will attempt to attach “Do Not Track” headers to the HTTP/HTTPS requests following the opt-out.

While the Provider will attempt to attach these headers, the Provider is not responsible for whether these headers will be respected in their entirety, or by third-party services.

The Provider is not responsible or liable for browsers that do not support these headers. The Provider is in no way legally obligated to attach these headers, and these headers will only be attached in the event the technology allows for it.

Limitation of Liability for Opt-Out:

If the User opts out, as per the “Opting In” section of this Privacy Policy, they fully understand that their experience may be less than ideal on this site. The Provider is not to be held liable or responsible for any inconvenience, frustration, confusion, injury, or other means caused by or related to the experience.

Retention Time:

The User’s data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

· User data collected for purposes related to the performance of a contract between the Provider and the User shall be retained until such contract has been fully performed and for a period of up to one (1) year thereafter

· User data collected for purposes related to the legitimate interests of the Provider shall be retained as long as needed to fulfill such purposes. Specific information regarding the legitimate interests of the Provider can be found within the related sections of this Privacy Policy, or may be requested via support request to the Provider directly.

As part of the Provider’s commitment to this retention time, if a User account has been without contract for a period of one (1) year, the Provider will erase all personal data stored in the account for the User, except where retention is necessary to comply with local authorities or applicable laws. The User may request the retention and renewal of this data up to three (3) days prior to the erasure of this data, and will be contacted via electronic message (e-mail or otherwise) about the erasure up to twenty-one (21) days prior to this removal.

Once the retention of data period expires, all User data will be permanently erased. Therefore, the right to access, the right of erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

Basis of Processing:

The Provider may process personal data of the User if any of the following are applicable:

· The User opts in, as per the “Opting In” section of this Privacy Policy.

· The User has given their consent for one or more specific purposes, until the User specifically opts-out, without having to rely on consent or any other of the following bases.

· Provision, collection, processing or transfer of data is required and necessary for the performance of any other agreement between the Provider and the User or its agents, representatives, or end-users or for any pre- or post- contractual agreement thereof

· Provision, collection, processing or transfer of data is required for compliance with a legal obligation to which the Provider is subject

· Provision, collection, processing or transfer of data is necessary to a task that is carried out in the public interest or in the exercise of official authority vested in the Provider

· Provision, collection, processing or transfer of data is necessary for the purposes of the legitimate interests pursued by the Provider or its agents, representatives or vendors or any third-party the Provider uses for the betterment of user experience and interface or any other purpose

In any case, we are always happy to expand on this at request, and will be happy to clarify the specific basis that applies to our processing, collection, transfer, or provisioning of data and whether the provisioning is a statutory or contractual requirement, or a requirement necessary to enter into a contract or agreement with us.

Data Processing Location(s):

The Provider will process data at their offices, including remote offices around the globe for its representatives, agents, or vendors, and at the locations of our internal and public systems. In some cases, the User’s data may be transferred to a country other than their own, depending on the User’s location.

Data Safeguarding:

The Provider makes a commitment to safeguard the User’s data to the best of their ability. This includes transferring data securely over the Advanced Encryption Standard (“AES”) or Transport Layer Security (“TLS”). The Provider does not currently, nor has any intention of partnering with any vendors that do not accept at minimum a TLS secured connection.

The data stored on the Provider’s network and systems will at all times be encrypted or hashed, depending on the available industry best standards and practices at that moment. The Provider also routinely monitors their systems and network for possible breaches and required security improvements.

Credit card data is not stored on the Provider’s internal systems, and is securely transmitted to Stripe, a third-party payment vendor used by the Provider. Stripe stores all relevant payment information (such as bank account information or credit/debit card information), and the Provider only stores a token provided by Stripe to charge cards and accounts at a later time.

Your Rights:

The Provider will provide the User with a handful of rights that are laid out in the GDPR, as per the Provider’s moral obligation and mission:

· Withdrawal of the User’s consent at any time

o   Users have the right to withdraw their consent to data processing where they have previously given their consent to the processing of their personal data as applicable and with regard to the other provisions of this Privacy Policy

· Object to the processing of the User’s data

o   Users have the right to object to the processing of their personal data if the processing is carried out on a basis other than those defined in the “Basis of Processing” section of this Privacy Policy

· Access of Data

o   Users have the right to learn if data is being processed by the Provider, and obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing except where doing so may open the Provider to criminal or civil liability or where the Provider is legally unable to (ie. Gag orders and subpoenas)

· Verify and seek rectification

o   Users have the right to access their data to verify the accuracy of the data and ask for it to be updated where necessary

· Restrict the processing of the User’s data

o   Users have the right, under certain circumstances as laid out in the other provisions of this Privacy Policy, to restrict the processing of their data. In this case, the Provider may still store data, but will not process it for any other purpose.

· Request deletion of personal data

o   Users have the right, as laid out in the provisions of this Privacy Policy, to obtain the erasure of their personal data from the Provider’s network and systems.

· Lodge a complaint

o   Users have the right to bring a complaint to the Provider, which will be initially responded to within fourteen (14) business days of receipt, of the practices and provisions in this Privacy Policy or how their data is processed.

In all cases, the Provider is not legally responsible or liable for these rights, and the final decision will be made by the Provider. The Provider retains the right to approve or deny a request, within reasonable causes as defined by the Provider within this Privacy Policy.

Enforcement of this Privacy Policy:

The User agrees and accepts that all provisions set out in this Privacy Policy related to GDPR, CCPA or any other privacy act not recognized by the competent court as defined by the Acceptable Use Policy is of a moral obligation, not a legal one. The Provider is not legally responsible or liable for any of the provisions that are not mandatory by the competent court or jurisdiction, either by implicit understanding or written. Any compensation for breach, if applicable, provided by the Provider does not waive this enforceability clause and does not constitute any additional legal rights to the User.