Privacy Policy

Last Updated: June 8, 2026

Introduction

Software Tailor is committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and relevant U.S. privacy regulations. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our websites, applications, and services. By using Software Tailor’s services, you acknowledge that you have read and understood this policy.

Scope: Apps and Services Covered

This Privacy Policy is issued by Software Tailor and applies uniformly to every product Software Tailor publishes, including but not limited to:

• All Software Tailor mobile applications distributed through Google Play and the Apple App Store (current and future). The same data-handling rules described below apply to every such app unless that app’s in-store data-safety disclosures explicitly say otherwise.
• All Software Tailor desktop applications distributed through the Microsoft Store, the Mac App Store, or direct download from softwaretailor.com.
• The Software Tailor websites, including softwaretailor.com and any subdomains under it.
• The Software Tailor administration consoles operated by enterprise customers and Software Tailor operators.

Where this policy refers to “the app”, “our apps”, “the application”, or “our applications”, it means any application in the list above. The current published catalogue is available at our Products page. When we publish a new application, it is automatically covered by this policy from launch unless we publish a separate, app-specific privacy notice for it.

Software Tailor — the legal entity named in the Google Play, Apple App Store, and Microsoft Store listings of each application — is the data controller for the data described in this policy. Contact details for data-protection enquiries are in the Contact Us section at the bottom of this page.

Data Collection

We collect personal and usage information in several ways, always with transparency and, where required, with your consent:

• Local Application Data: Our Windows and Android applications run AI processing locally on your device, meaning your data generally stays on your device. By default, these apps do not automatically transmit personal content to our servers. They may, however, collect anonymous usage statistics or error reports only with your explicit consent. For example, you may be asked if you want to share performance metrics or crash reports to help us improve the app. You can decline or disable such data sharing, and any statistics collected will exclude direct personal identifiers and will be used strictly for debugging and improving our software.

• Information You Provide via Forms: We offer various forms for you to get in touch and provide feedback. Any personal information is voluntarily provided by you. Each form specifies required and optional fields, as detailed below:

  • App Customization Request Form – Required: Full Name, Email, Country/Region. Optional: Company Name, Job Title, Phone Number.
  • Feature Request Form – Optional: Full Name, Email.
  • New Bug Report Form – Optional: Full Name, Email.
  • Customer Experience Survey – Optional: Full Name, Email. (Note: The survey may also include your responses/feedback which could contain personal insights you choose to provide.)

  For each form, required fields are the minimum information we need to fulfill your request or respond (for example, we need your contact details to reply to an app customization inquiry). Optional fields are additional details that you may provide at your discretion to help us better understand your needs or follow up with you. If you choose not to fill out optional fields, you can still submit the form and use our services. The information from these forms is collected with your consent when you submit them.

• Website Usage Data and Cookies: When you visit our website, we automatically collect certain technical data to understand how our site is used and to ensure it functions properly. This Usage Data may include your IP address, browser type, device information, pages viewed, date/time of visits, and referring website. We collect this through cookies and similar tracking technologies. Cookies are small text files stored on your device that help us recognize you and remember your preferences. For example, we may use analytics cookies to gather information about site traffic and interaction (see our separate Cookies Policy for details on what cookies we use and how you can control them). These usage details help us improve our website’s performance and user experience. Where required by law (e.g., in the EU), we will ask for your consent before using non-essential cookies or tracking tools. You can manage your cookie preferences at any time via your browser settings or our cookie consent banner.

Mobile and Desktop App Data

This section is the canonical disclosure for every Software Tailor application — present and future — and is the reference for each app’s Google Play Data Safety form and Apple App Store Privacy Nutrition Label. Individual app store listings may further constrain (but never exceed) this disclosure.

What our apps may collect

• Anonymous install identifier — a random GUID generated on first launch, stored only on your device in the app’s private sandbox. Used to deduplicate diagnostic events. Not linked to your name, email, account, advertising id, or any other identifier unless you voluntarily register the app.
• App diagnostics — app version, operating system version, device model, anonymized event names (for example, an event recording that a translation completed), and coarse counts and durations. Used to detect crashes and improve reliability. Never includes the text or files you process inside the app, file names, file paths, prompts, your email address, your IP address, or your precise or coarse location.
• Telemetry consent state — a single on/off flag stored on your device. For users we detect as being in the EU, EEA, UK, Switzerland, Canada, or Brazil, telemetry is off by default until you explicitly opt in. Elsewhere it is on by default and can be turned off in Settings at any time. When off, no telemetry events leave your device.
• License activation key — only if you enter one in Settings → Enter license key. Sent over HTTPS to our license server to validate the entitlement; the validated entitlement is then cached locally.
• Cloud service requests — only when the app sends a request to a Software Tailor cloud service to perform work that cannot run on-device (for example, a translation request from a device that does not have an on-device model). The request content (for example, the text to translate) is transmitted over HTTPS, used to produce the response, and not stored, not logged, and not used to train any model.
• Optional registration data — only if you voluntarily register an app for product updates, marketing, free-tier qualification, or subscription tracking: your email address, your name (if you provide it), your marketing-consent flag, and your subscription tier history. Stored in a Cloudflare D1 database hosted at registration.softwaretailor.com. Cascade-deleted on your GDPR/CCPA deletion request.

What our apps do NOT collect

• The text, audio, images, or files you input into or process with the app.
• Source documents, file names, file paths, or clipboard contents.
• Microphone or camera input outside the active feature you invoke (and only for the duration of that feature). Where an app contains voice or chat features that are gated off in published store builds, those features collect no data at all in the published build.
• Contacts, calendar, photos, files outside the app sandbox, or precise or coarse location.
• Advertising identifiers; we serve no advertising and run no advertising SDKs in any of our apps.
• Your IP address as part of telemetry. The cloud service endpoints and the registration endpoint will see your IP at the TCP layer (this is unavoidable for HTTPS) but we do not persist it alongside telemetry events.

Where the data goes

• Telemetry events → Cloudflare Worker on the Software Tailor Cloudflare account, persisted to a Cloudflare D1 database (APAC region). Redacted on insert as defence-in-depth.
• Registration data → Cloudflare Worker at registration.softwaretailor.com, persisted to a separate Cloudflare D1 database. Verification and notification email delivery uses Amazon SES (eu-west-1).
• Cloud service requests → the Software Tailor cloud API endpoint over HTTPS. Request and response are processed in memory and are not written to durable storage.
• License validation → license server over HTTPS; only the license key (no personal data) is sent.
• Store-managed purchase data stays with Google, Apple, or Microsoft as applicable. We receive only an opaque entitlement signal that you hold a paid subscription. We do not receive your payment instrument, billing address, or store-account email.

Retention and deletion

• Anonymous telemetry events are retained for at most 90 days for aggregation, then deleted or kept only in fully aggregated form (for example, totals per country, per model).
• Registration records (email, name, marketing-consent flag, subscription history) are retained until you request deletion. To delete: email [email protected] with the subject “Registration data deletion” and the email address you registered with, OR use the in-app “Delete my registration data” action in Settings when present. We permanently delete the registration row and all cascaded history within 30 days and confirm by email.
• Local on-device data (install identifier, telemetry consent flag, cached license, downloaded models, your settings) is removed by uninstalling the app.

Permissions requested

Each app requests only the operating-system permissions it actually needs to deliver the function the user invokes. Permissions are listed on each app’s store listing. For example, the current Google Play release of AI Translate requests only the standard INTERNET permission and no other permission. Future apps may request feature-specific permissions (for example, microphone for a voice-input feature); when an app requests a permission, that app’s store listing and in-app prompt will state the specific feature it enables.

Affiliate Program

We may offer an affiliate or referral program to allow individuals and partners to earn rewards by referring others to Software Tailor. If you choose to participate in our Affiliate Program, we will collect the information necessary to administer the program, such as your name, contact information (e.g. email), and payment details (if commissions or rewards are provided). This information is used solely for internal tracking and payout purposes. We will not publicly disclose your personal information as part of the affiliate program. In other words, if you refer someone, that person will not see your personal details from us, and we will not publish lists of affiliates containing personal data. We treat affiliate participants’ data with the same care and confidentiality as any other personal data under this Privacy Policy. Any personal information collected for the affiliate program will only be shared as needed to process referrals (for instance, with a payment processor to deliver your referral reward, in which case that third party is bound to protect your data—see Third-Party Service Providers below) or if required by law.

How We Use Your Information

We use the personal and usage information we collect for the following purposes, and we ensure that each use of your data has a lawful basis (such as your consent, our legitimate interests in improving our services, or performing a contract with you):

• Providing and Improving Services: We use your information to deliver our services and products to you and to personalize your experience. For example, data from an App Customization Request Form is used to understand your requirements and develop a tailored solution. Similarly, optional app usage statistics (if you consent to share them) are analyzed to debug issues and improve app performance and features. This helps us refine our AI models and software updates to better meet user needs.

• Responding to Inquiries and Support: We use contact details and information you provide (like your name and email from a Feature Request or Bug Report Form) to respond to you. This includes addressing your requests for customization, acknowledging and fixing bugs you report, and answering questions you send via our contact or support channels. Your information enables us to provide customer support and ensure we resolve any issues you encounter.

• Collecting Feedback and Enhancing User Experience: Information from the Customer Experience Survey or any feedback forms is used to gauge satisfaction and gather suggestions. We analyze survey responses (in an aggregated manner whenever possible) to improve our products, add requested features, and enhance overall user experience. This feedback is invaluable in guiding our development roadmap and ensuring we focus on what matters most to our users.

• Analytics and Usage Insights: We process website usage data and app statistics (where you’ve consented) to understand how our services are used. This includes analyzing which website pages are most visited, how users navigate our app features, and other usage patterns. These insights are used for internal analytics to optimize our website layout, content, and software interface, as well as to troubleshoot technical issues. For instance, we might detect that a particular feature is rarely used and gather that it may need better documentation or improvements. All such analytic processing is done in compliance with applicable laws (with consent for analytics cookies in jurisdictions that require it), and wherever feasible, we use aggregated or anonymized data that does not directly identify individuals.

• Communications and Updates: With your permission, we may use your email or other provided contact info to send you newsletters, updates, or promotional materials about our products and services. For example, if you opted in to receive updates, we might email you about new AI features or upcoming products from Software Tailor. You are not automatically subscribed to marketing emails by simply submitting one of our forms; we will only send you such communications if you have explicitly agreed (such as by ticking an opt-in box for a newsletter, or if you request information from us). You can opt out of these communications at any time by using the unsubscribe link in emails or contacting us, and we will honor such requests promptly.

• Affiliate Program Administration: If you are part of our affiliate referral program, we use your information to track the referrals you generate, credit you appropriately, and provide any rewards or commissions. For example, we might log that Affiliate ID 123 (linked to your account) referred a new customer, and we would use that info to calculate your reward. This may involve communicating with you about your referrals or sending payments. We ensure this data is used only for running the program and not for unrelated purposes.

• Legal Compliance and Protection: We may use or disclose your information as necessary to comply with applicable laws, regulations, legal processes or enforceable governmental requests. For instance, if we receive a lawful subpoena or need to comply with GDPR or CCPA verification requirements, we might access and provide the relevant data. Additionally, we will use your information to enforce our Terms of Service, investigate potential violations or fraud, and protect the rights, property, and safety of Software Tailor, our users, or others. This includes using data to detect and prevent fraudulent activity or security breaches. We will only use the minimum amount of information required for these purposes and will do so in accordance with the law.

We do not use your personal data for any purposes incompatible with the ones listed above. If we ever need to process your information for a new purpose not described in this Privacy Policy, we will update this policy and, if required by law, notify you or obtain your consent before doing so.

Data Storage and Retention

We take care to store your personal information securely and retain it only for as long as necessary to fulfill the purposes described above or as required by law:

• Storage Locations and Security: Personal data we collect may be stored on our secure servers and trusted cloud services. For example, form responses (like your customization requests or survey answers) may be stored in our Microsoft 365 account since we use Microsoft Forms for data collection. These cloud services may be located in multiple regions (including the United States or other countries). Regardless of where data is stored, we apply robust security measures (described in the Security Measures section below) to protect it. If you are located in the European Economic Area (EEA) or other regions with data transfer restrictions, and your data is transferred to servers outside of your country (for instance, to Hong Kong or the U.S.), we ensure that appropriate safeguards are in place. This could include using contracts based on the European Commission’s Standard Contractual Clauses or other legally recognized mechanisms to ensure your data remains protected to GDPR standards even abroad.

• Retention Periods: We retain personal information only for as long as necessary to achieve the purposes for which it was collected, unless a longer retention period is required or permitted by law. In practice, this means:

  • If you submit an App Customization Request or contact form, we will keep your information for as long as it takes to process your request and any subsequent service to you, plus a reasonable period for follow-up or legal record-keeping. For example, we may retain that information for a certain number of years to maintain business records or in case you have additional questions or requests.
  • Feature requests, bug reports, and survey responses may be retained internally so we can track the progress of your suggestions or issues over time. This helps us avoid duplicate reports and improves our products. We might periodically review older feedback and delete or anonymize data that is no longer useful.
  • If you have opted into marketing communications, we will retain your contact information until you unsubscribe or ask us to delete it, or if we periodically refresh our mailing lists and remove contacts that have been inactive for a long time.
  • Affiliate program data is retained for the duration of your participation in the program. If you leave the program, we may still keep records of payouts and referrals as required for financial and audit purposes, but we will archive or delete personal contact details that are no longer needed.
  • General website analytics data (like logs and cookie data) is typically retained for a limited period (for example, analytics data might be kept for 14 months or a similar standard period) in order to identify trends over time. After that, it may be automatically deleted or stored only in aggregate form.

After the applicable retention period, or upon your valid request for deletion (see User Rights below), we will either securely delete or anonymize your personal information so it can no longer be associated with you. If complete deletion is not immediately feasible (for example, stored in secure backups), we will isolate the data and ensure it is not actively processed until it can be erased. Please note that we may need to retain certain information if required to do so by law (for instance, retention of transaction records for tax/regulatory compliance) or to resolve disputes or enforce our agreements. In all cases, our retention practices are designed to comply with GDPR, CCPA, and other applicable data retention rules.

Contact form data flow (current)

Last updated 2026-05-28. This section describes the technical handling of submissions made through the contact form on this website as of the date above. Older Microsoft Forms references below are retained for historical reference.

• Transport: Submissions are sent over HTTPS to a Cloudflare Pages Function at /api/contact hosted in the Cloudflare network.
• Anti-bot: Each submission is verified by Cloudflare Turnstile. Cloudflare receives your IP address, user agent, and a challenge result token to determine whether the submission is automated. See Cloudflare's privacy policy.
• Email delivery: The Function relays your submission to us via Amazon Simple Email Service (Amazon SES), region us-east-1. AWS acts as a data processor for the email transmission only.
• Database log: Each submission (name, email, company, phone, topic, message, IP address, user agent, timestamp, SES delivery status) is also written to a Cloudflare D1 database hosted in the Cloudflare APAC region. This is our internal audit trail for received messages.
• Consent: The form requires you to tick a consent checkbox before submission. Submissions without that consent are rejected at the API level and not stored.
• Retention: Submissions are retained indefinitely as part of our customer-communication record. You can request deletion at any time by writing to [email protected]; we will delete the corresponding row from the D1 database and confirm in writing.
• Free AI consultation: Requests submitted through the Free AI Consultation page travel the same path with the topic field set to consultancy. No additional data is collected.

Newsletter subscription data flow (current)

Last updated 2026-05-28. Describes the technical handling of newsletter sign-ups made through the subscribe band that appears in the footer of every page on this website.

• What we collect: your email address, your IP address, your user agent, and the timestamp of the subscription. A consent checkbox is required.
• What we use it for: sending you email when we release a new free AI product, ship a major update, or have something genuinely useful to share. Nothing else.
• Transport: Subscriptions are sent over HTTPS to a Cloudflare Pages Function at /api/subscribe.
• Storage: Your email and metadata are stored in a Cloudflare D1 database (APAC region) hosted by Cloudflare in a table named subscribers. This list is separate from the AI Suite product-registration database; subscribing here does not register you for any of our products.
• Email delivery: Newsletter emails are sent through Amazon Simple Email Service (Amazon SES), region us-east-1, from [email protected].
• Unsubscribe: Every email contains a one-click unsubscribe link that immediately marks your row as unsubscribed in our D1 table. We never email a previously-unsubscribed address. You can also email [email protected] to request full deletion of your subscription row.
• No sharing: We do not share or sell newsletter-subscriber emails to third parties. The list lives entirely inside the Cloudflare infrastructure described above and AWS SES for delivery.
• Retention: Subscriber rows (including unsubscribed ones) are retained indefinitely so we honour past opt-outs. Unsubscribed rows are kept only to prevent re-mailing; you can request full deletion at any time.

Third-Party Service Providers

In providing our services, we sometimes rely on trusted third-party companies to perform tasks on our behalf. We only share personal data with these providers to the extent necessary for them to fulfill the services we require, and they are contractually obligated to protect it and use it only for those purposes. Key third-party service providers we work with include:

• Microsoft Forms (Microsoft 365): We use Microsoft Forms to create and host some of our online forms (such as the Customer Experience Survey or request forms). When you submit information through these forms, your responses are processed and stored on Microsoft’s cloud servers. Microsoft acts as a data processor for us, which means they handle your data on our instructions. Microsoft is a reputable provider that implements strong security and is compliant with frameworks like GDPR. They will not use your form responses for their own purposes. However, Microsoft’s general privacy policy may also apply to the handling of data on their platform. We have agreements in place to ensure your data collected via forms enjoys a high level of protection.

• Website Hosting and Analytics: Our website may be hosted by a third-party hosting provider which stores the website data and logs on their servers. We ensure that our hosting provider maintains industry-standard security practices. Additionally, we use third-party analytics tools (such as Google Analytics or similar) to collect website usage information (as described in Data Collection). These analytics providers set cookies and process usage data (e.g., your IP address and browsing behavior) on our behalf to generate reports on website traffic. We only use such analytics in accordance with law (seeking consent where required). The analytics providers may use or retain the data as needed for their service, but they are not allowed to use it for any other purpose than providing analytics to us. You can opt-out of or block these analytics cookies via our Cookies Policy controls or browser settings.

• Email and Communication Tools: We may use third-party email service providers to send out newsletters, support communications, or transaction emails (for example, if we send an automated confirmation that we received your form submission). These providers (such as Mailchimp, SendGrid, or others we may use) will process your name and email address and the content of the email on our behalf. They are not permitted to use your email information for their own marketing and must adhere to privacy protections.

• Payment Processors: If our affiliate program or any future service involves payments (e.g., paying out referral commissions or processing a purchase you make), we will use established payment processors (such as PayPal, Stripe, or banking services). These third parties will have access to the necessary personal and financial information to process transactions (such as your name and payment account details). Payment processors are responsible for handling your payment information securely and must comply with PCI-DSS and other applicable security standards. We do not store your full financial account details on our own systems; any sensitive payment information is handled by the processor.

• Other Service Providers: We might employ other vendors for specialized services, such as customer relationship management (CRM) tools, cloud storage/backup services, or IT support. In all cases, we choose providers that have strong privacy and security track records. We share with them only what is needed (for example, if we use a CRM to manage interactions, it will store your contact info and our communication history). These third parties are required to keep your information confidential and use it only to deliver their services to us.

We do not sell your personal information to any third parties. We also do not share it with third parties for their own marketing or advertising purposes. All third-party processing of your data is solely to help us run our business and provide services to you. If we ever need to share data in a manner not covered above, we will explain it to you at the time of collection or obtain your consent as required.

Aside from service providers, we may also disclose information in a few special scenarios: (1) if required by law or legal process (for instance, in response to a court order or government demand, we may have to provide data we hold), (2) if we are defending our legal rights or the rights of others (such as sharing information with law enforcement to investigate fraud or a security incident), or (3) as part of a business transfer. In the event that Software Tailor is involved in a merger, acquisition, bankruptcy, or sale of assets, your information could be transferred to a successor or affiliate of the company as part of that transaction. If such a transfer occurs, we will ensure the new entity is bound to the same privacy commitments, and we will provide notice on our website or contact you if your data will be subject to a different privacy policy.

User Rights

We respect your rights over your personal data. Depending on your location and the laws that apply to you, you have certain rights regarding the information we hold about you:

Rights Under GDPR (for users in the European Union, United Kingdom, and similar jurisdictions): If you are located in the EU/EEA or a jurisdiction with similar data protection laws, you have the following rights under the GDPR (General Data Protection Regulation) and equivalent laws:

• Right to Access: You may request a copy of the personal data we hold about you, as well as information on how we process it. This helps you understand what data we have collected about you. We will provide this information free of charge within the legally required timeframes (typically within one month).

• Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. For example, if you change your email address or notice we spelled your name wrong, you can request a correction.

• Right to Erasure: Commonly known as the “Right to be Forgotten,” you can request that we delete your personal data when it’s no longer necessary for the purposes we collected it, or if you withdraw consent (in cases where consent is the basis for our processing), or if you object to our processing (and we have no overriding legitimate grounds to continue), or if we handled your data unlawfully. We will honor valid deletion requests and erase your data, provided we don’t have a legal obligation to keep it (for instance, we might need to retain certain transaction records for financial reporting).

• Right to Restrict Processing: You have the right to ask us to limit or pause the processing of your data in certain circumstances. For example, if you contest the accuracy of your data, you can request we refrain from using it (apart from storing it) until we verify accuracy. Similarly, if you object to our use of your data, we may need to restrict processing while we consider your request.

• Right to Data Portability: You have the right to obtain your personal data that you provided to us in a structured, commonly used, machine-readable format, and you have the right to have that data transmitted to another controller (for example, another service provider) where technically feasible. This right applies when our processing is based on your consent or a contract with you and carried out by automated means. In practical terms, if you request it, we will provide your data in a format like CSV or JSON that can be easily used by another service.

• Right to Object: You may object to our processing of your personal information when such processing is based on our legitimate interests or performed for direct marketing purposes. For instance, you can object to us using your data for analytics or marketing. In many cases, we will be able to accommodate an objection (especially for marketing, where we would simply stop). If we have compelling legitimate grounds to continue certain processing (such as security logging), we will inform you of those if you object.

• Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, if you consented to share app usage statistics or to receive marketing emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. If you withdraw consent for a particular feature (say, sharing app analytics), we will stop that data collection going forward.

• Right to Lodge a Complaint: If you believe we have infringed your data protection rights or processed your information unlawfully, you have the right to file a complaint with your country’s data protection supervisory authority. We encourage you to contact us first at Software Tailor so we can address your concerns directly, but you always have the option to go to the regulator. For example, EU users can contact the Data Protection Authority in their member state, and UK users can contact the ICO (Information Commissioner’s Office).

We will not charge you for exercising these rights, and we will respond to your requests within the timeframe required by law (generally one month, with the possibility of extension in certain cases). To protect your privacy, we will need to verify your identity before fulfilling certain requests (such as access or deletion requests) – this is to ensure we don’t disclose or delete the wrong person’s data.

Rights Under CCPA/CPRA (for California Residents): If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know (Access): You have the right to know what personal information we have collected about you in the past 12 months, including the categories of personal information, the sources of that information, the business or commercial purpose for collecting it, and the categories of third parties with whom we shared that information. You also have the right to request the specific pieces of personal information we have collected about you (essentially similar to the access right above). We will provide this information to you upon a verifiable request.

• Right to Delete: You can request that we delete any personal information we have collected from you and retained, subject to certain exceptions. For example, if you ask us to delete data, we will remove the information we hold about you from our records (and instruct our service providers to do the same), unless it is necessary for us or our service providers to keep it for reasons allowed by CCPA—such as completing a transaction you requested, detecting security incidents, complying with legal obligations, or other exempt purposes.

• Right to Correct: Under the CPRA (effective January 2023), California residents have the right to request correction of inaccurate personal information maintained about them. If you believe any information we have is incorrect, you can ask us to fix it, and we will do so upon verification.

• Right to Opt-Out of Sale/Sharing: The CCPA gives you the right to opt out of the “sale” of your personal information to third parties (or the sharing of personal information for cross-context behavioral advertising). Important: Software Tailor does not sell personal information to third parties in exchange for money. We also do not share your personal information with third parties for targeted advertising in a manner that would be considered a “sale” or “sharing” under CCPA. Because we do not engage in selling data, we do not provide a “Do Not Sell My Info” link by default. If this practice ever changes, we will update this policy and provide a clear method for you to opt out. Rest assured, currently your data is used only by us and our service providers as described, and never sold.

• Right to Limit Use of Sensitive Personal Information: The CPRA introduced rights around “sensitive personal information” (such as precise geolocation, social security numbers, etc.). We do not collect or process sensitive personal information as defined by CPRA (the data we collect is mainly contact details and usage data, not highly sensitive data). In the event we ever did, California residents would have the right to direct us to limit the use of such sensitive information to only what is necessary to perform the services or provide the goods. Since we don’t collect that category of data, this right is generally not applicable to our current practices.

• Right of No Retaliation/Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you goods or services, charge you a different price, or provide a different level of quality just because you exercised your rights under CCPA. For example, if you ask us to delete your data or opt out of sales (not that we sell data), we won’t terminate your service or degrade your experience as a result. (Do note, however, that deleting certain data might affect our ability to provide certain services if that data was necessary for them – but in no case will we ever punish you for making a privacy request.)

California residents can exercise these rights by contacting us through the methods listed in Contact Us below. We may need to verify your identity (for instance, by confirming information we already have on file like your email or phone number) before fulfilling certain requests. If you prefer, you may designate an authorized agent to make requests on your behalf. If you do so, we will need proof that the agent is authorized to act for you (such as a written permission or power of attorney) and we will still take steps to verify your identity directly.

Rights in Other Regions / U.S. Privacy Compliance: If you reside in a state or country with privacy laws not explicitly listed above, you may have similar rights under those laws. For example, residents of certain U.S. states like Virginia, Colorado, Utah, and Connecticut (which have enacted their own privacy laws in 2023) have rights to access, delete, and correct personal information, and to opt out of certain data uses. Software Tailor is committed to complying with all applicable privacy regulations (including U.S. federal and state requirements, sometimes referred to collectively as “US 104” privacy requirements). This means we extend appropriate privacy rights and principles to all our users, even if not strictly required in every jurisdiction. So even if you are not in the EU or California, you can still contact us to request access or deletion of your data, and we will do our best to honor it in accordance with applicable law and our internal policies. We adhere to U.S. privacy laws such as the Federal Trade Commission Act which prohibits deceptive or unfair practices, and we follow industry best practices to ensure transparency, user control, and accountability in our data handling. We also do not knowingly collect personal information from children under 13 (and our services are not directed to children), in compliance with the U.S. Children’s Online Privacy Protection Act (COPPA).

How to Exercise Your Rights: To exercise any of your privacy rights or to make an inquiry about your personal data, please contact us using the information provided in the Contact Us section. Provide us with your name, the email you used with Software Tailor (if applicable), and clearly state which right you wish to exercise (for example, “I’d like a copy of my data” or “Please delete my form submission data”). We will respond as soon as possible, and no later than the timeframes required by law. If for any reason we cannot fulfill your request (such as a legal obligation to retain certain data), we will explain the reason to you. Rest assured, our aim is to give you control over your personal information and make sure we handle your data in line with your expectations and rights.

Security Measures

Data Security is a top priority at Software Tailor. We maintain strict technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Some of the key security practices we implement include:

• Encryption: All personal data exchanged between your browser/app and our website or servers is encrypted in transit using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). You can verify this by the “https” in our website URL. In addition, sensitive information stored with our service providers may be encrypted at rest (for example, our cloud storage uses encryption to protect data on their servers).

• Access Controls: We restrict access to personal data to authorized personnel who need it to perform their job duties (for instance, support staff who need to respond to customer inquiries, or developers troubleshooting an issue). Our team members are trained on the importance of confidentiality and privacy. All employees and contractors with access to personal information are bound by confidentiality obligations. We also implement account controls and authentication measures internally to prevent unauthorized logins to systems that contain personal data.

• Firewalls and Network Security: Our servers and databases are protected by firewalls and monitored for potential vulnerabilities or intrusions. We regularly update our software and systems to address security updates and patch known vulnerabilities. We also employ anti-malware and monitoring tools to detect and prevent any suspicious activities on our network.

• Data Minimization and Pseudonymization: We follow the principle of data minimization – we only collect information that we truly need. Whenever possible, we use anonymized or pseudonymized data (for example, using unique user IDs instead of real names in analytical contexts) so that individuals are not easily identified unless necessary. If aggregated statistical data can serve our needs (such as overall usage counts), we will not keep data in a personally identifiable form longer than needed.

• Regular Audits and Testing: We periodically review our privacy and security practices. This can include conducting risk assessments, penetration testing of our applications, and audits of how data is handled. These tests help us strengthen our defenses and ensure we are keeping up with evolving security standards. We also have incident response plans ready, so in the unlikely event of a data breach or security incident, we can act quickly to mitigate harm and notify affected parties and authorities as required by law.

While we strive to protect your information with these measures, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we work very hard to safeguard your personal data, we cannot guarantee absolute security. We encourage you to also take precautions on your end, such as using strong passwords, not sharing your account information, and keeping your devices secure. If you have reason to believe that your interaction with us or your data might no longer be secure (for example, if you feel your account has been compromised), please contact us immediately so we can assist.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will change the “Effective Date” at the top of this policy to indicate the date of the latest revision. Your continued use of our services after any update to the Privacy Policy constitutes your acceptance of the changes. However, for significant changes we will take additional steps to notify you in advance:

• Notification of Material Changes: If we make any material changes to how we collect or use personal data, or any changes that could significantly impact your rights or the scope of this Privacy Policy, we will provide a prominent notice. This may include posting a notice on our website’s homepage or within our applications, or contacting you via the email address we have on file. For example, if we were to begin collecting new types of personal data or start using existing data for a new purpose, we would inform you and, if required, obtain your consent.

• Reviewing Updates: We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The latest version will always be available on our website (typically in the “Legal” or “Privacy” section). Older versions of the privacy policy may be requested from us if needed to see how practices have changed over time.

If you do not agree with the changes to the Privacy Policy, you should discontinue use of our website and services, and you may request us to remove your data (exercising your rights as described above). If you continue to use our services after the new policy has become effective, it will be deemed as your acknowledgment of the modified Privacy Policy.

Contact Us

Your privacy is important to us, and we welcome any questions or concerns you might have about this Privacy Policy or our data practices. If you would like to exercise your rights, or if you need further information, please reach out to us:

• Email: [email protected]
• Phone: +852 2781 3049
• Postal Address: Software Tailor, 17/F, 80 Gloucester Road, Wanchai, Hong Kong

When you contact us regarding your personal data, please provide sufficient information for us to verify your identity (for example, your name and the context in which you interacted with us) and to process your request. We will respond as promptly as possible, and no later than required by applicable law.

If you have any questions about this Privacy Policy, or if you need assistance with any privacy-related matters, please do not hesitate to contact us. We are here to help and committed to maintaining your trust.

Thank you for choosing Software Tailor. We value your trust and will continue working hard to protect your privacy while delivering our services to you.