Privacy Policy
Stellastra Privacy Policy
Our contact details Stellastra Ltd
- 167-169 Great Portland Street
- London
- W1W 5PF
- United Kingdom
Privacy Note
E-mail: [email protected]. We are registered as a company in England - 14409839. We are registered with the Information Commissioner’s Office (UK) - ZB440145.
The type of personal information we collect
We currently collect and process the following information: Your name, email address, and hashed password. Any associated reviews you have left for Solutions. If you choose to give it while leaving a review, your job title, country, profile picture, and company size. Website user stats, our website host collects access logs including your IP address, but which is held for less than 30 days.
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons: We also receive personal information indirectly, from the following sources in the following scenarios: IP information is processed by our servers, but it is not attached to your user entry in the database. It is processed to understand from which countries, regions, and cities traffic is originating so that we may improve our services. Vendor solution listings: When managing a profile we may share your information in the dashboard with anyone else who is logged in using a company authorised domain. For example, if [email protected] edits the organization XYZ solution, [email protected] may see an audit log showing the edits that were made.
We also log queries for the purposes of improvement when info is submitted through apps such as email header analysis, Stellastra Discover, and other forms on the website. Furthermore, if you add Stellastra as a recipient in your DNS DMARC record, we will receive copies of DMARC reports, which will allow you to view these in the portal.
We may use your email address to contact you regarding your account, without limitation, to verify your email address, reset your password, to notify you if a Solution owner responds to a comment, or to ask if you wish to provide updated feedback. Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: (a) Your consent. You are able to remove your consent at any time. You can do this by contacting: [email protected]. You can withdraw your consent or delete your account at any time by emailing [email protected]. Our database services store your personal data in the EU, however, our website operates on servers globally which will process your data trasiently, I.E., your non-anonymised data is not stored on our Website servers.
Partners and Data Processors
We keep your account information for as long as your account remains active. If you decide to delete your account, we will then anonymize your reviews and then dispose your information by deletion from database.
Your data protection rights:
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at [email protected] or by writing to us at: Stellastra Ltd 167-169 Great Portland Street London W1W 5PF United Kingdom if you wish to make a request. How to complain If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected] or by writing to use at:
- Stellastra Ltd
- 167-169 Great Portland Street
- London
- W1W 5PF
- United Kingdom Privacy Note Last Modified 8th November 2022. W1W 5PF United Kingdom You can also complain to the ICO if you are unhappy with how we have used your data, citing our name and/or registration number: ZB440145.
The ICO’s address:
- Information Commissioner’s Office
- Wycliffe House
- Water Lane
- Wilmslow
- Cheshire
- SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk
Cyber Security Risk Scoring Browser Add-On
To gain instant on-page access to a site’s cyber security risk score, you may install the Stellastra Cyber Security Risk Scoring Browser Add-On. By default a cyber security risk score will be generated for every page you access. Your browser should allow you to modify this to all pages, specific pages, or on click/interaction with the add-on. Stellastra transfers and stores a small amount of metadata from a request to facilitate the generation of Stellastra’s cyber security risk score for a site. The following headers are transferred alongisde the website domain: [“content-security-policy”, “content-security-policy-report-only”, “cross-origin-opener-policy-report-only”, “cross-origin-opener-policy”, “cross-origin-embedder-policy-report-only”, “cross-origin-embedder-policy”, “cross-origin-resource-policy”, “content-type”, “x-content-type-options”, “x-frame-options”, “permissions-policy”, “feature-policy”, “strict-transport-security”], as well as information from a site’s “security.txt” file. The security.txt file is a public document that a website uses to help the public report security issues: https://stellastra.com/.well-known/security.txt We transfer and process this information in order to provide you with a cyber security score for a company, as well as using this updated data to facilitate providing cached results for other sites globally. We store the website’s domain name, and this metadata, but personally identifiable data such as your IP address are not stored with the record. We only store a timestamp accurate to the most recent day. That is, records are stored anonymously. The reason we need to store the website name is to be able to tie it to the score listed, and to match it with DNS queries generated on the Stellastra server.
Information for those downloading from the Chrome Web Store
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.