Our contact details Stellastra Ltd
E-mail: [email protected]. We are registered as a company in England - 14409839. We are registered with the Information Commissioner’s Office (UK) - ZB440145.
We currently collect and process the following information: Your name, email address, and hashed password. Any associated reviews you have left for Solutions. If you choose to give it while leaving a review, your job title, country, profile picture, and company size. Website user stats, our website host collects access logs including your IP address, but which is held for less than 30 days.
Most of the personal information we process is provided to us directly by you for one of the following reasons: We also receive personal information indirectly, from the following sources in the following scenarios: IP information is processed by our servers, but it is not attached to your user entry in the database. It is processed to understand from which countries, regions, and cities traffic is originating so that we may improve our services. Vendor solution listings: When managing a profile we may share your information in the dashboard with anyone else who is logged in using a company authorised domain. For example, if [email protected] edits the organization XYZ solution, [email protected] may see an audit log showing the edits that were made.
We also log queries for the purposes of improvement when info is submitted through apps such as email header analysis, Stellastra Discover, and other forms on the website. Furthermore, if you add Stellastra as a recipient in your DNS DMARC record, we will receive copies of DMARC reports, which will allow you to view these in the portal.
We may use your email address to contact you regarding your account, without limitation, to verify your email address, reset your password, to notify you if a Solution owner responds to a comment, or to ask if you wish to provide updated feedback. Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: (a) Your consent. You are able to remove your consent at any time. You can do this by contacting: [email protected]. You can withdraw your consent or delete your account at any time by emailing [email protected]. Our database services store your personal data in the EU, however, our website operates on servers globally which will process your data trasiently, I.E., your non-anonymised data is not stored on our Website servers.
We keep your account information for as long as your account remains active. If you decide to delete your account, we will then anonymize your reviews and then dispose your information by deletion from database.
Under data protection law, you have rights including:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at [email protected] or by writing to us at: Stellastra Ltd 167-169 Great Portland Street London W1W 5PF United Kingdom if you wish to make a request. How to complain If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected] or by writing to use at:
The ICO’s address:
To gain instant on-page access to a site’s cyber security risk score, you may install the Stellastra Cyber Security Risk Scoring Browser Add-On. By default a cyber security risk score will be generated for every page you access. Your browser should allow you to modify this to all pages, specific pages, or on click/interaction with the add-on. Stellastra transfers and stores a small amount of metadata from a request to facilitate the generation of Stellastra’s cyber security risk score for a site. The following headers are transferred alongisde the website domain: [“content-security-policy”, “content-security-policy-report-only”, “cross-origin-opener-policy-report-only”, “cross-origin-opener-policy”, “cross-origin-embedder-policy-report-only”, “cross-origin-embedder-policy”, “cross-origin-resource-policy”, “content-type”, “x-content-type-options”, “x-frame-options”, “permissions-policy”, “feature-policy”, “strict-transport-security”], as well as information from a site’s “security.txt” file. The security.txt file is a public document that a website uses to help the public report security issues: https://stellastra.com/.well-known/security.txt We transfer and process this information in order to provide you with a cyber security score for a company, as well as using this updated data to facilitate providing cached results for other sites globally. We store the website’s domain name, and this metadata, but personally identifiable data such as your IP address are not stored with the record. We only store a timestamp accurate to the most recent day. That is, records are stored anonymously. The reason we need to store the website name is to be able to tie it to the score listed, and to match it with DNS queries generated on the Stellastra server.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.