1. Introduction

Stellarwind ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website stellarwind.io and use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

Contact Information: Name, email address, company name, phone number
Business Information: Number of team members, monthly leads, average ticket size, and other business metrics (via ROI Calculator)
Communication Data: Content of messages sent through our contact forms

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

Usage Data: Pages visited, time spent, click patterns (via PostHog)
Device Information: Browser type, operating system, screen resolution
IP Address: For rate limiting and security purposes
Cookies: Analytics cookies, performance cookies (see Cookie Policy)

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide ROI calculations, send reports, and respond to inquiries
Communication: To send marketing emails, product updates, and newsletters (with your consent)
Analytics: To understand user behavior and improve our website (via PostHog, Google Analytics)
Security: To prevent fraud, abuse, and protect our systems (rate limiting)
Legal Compliance: To comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Consent: You have given explicit consent for marketing communications
Contract: Processing is necessary to provide services you requested (e.g., ROI reports)
Legitimate Interest: Analytics to improve our services, security measures
Legal Obligation: Compliance with laws and regulations

5. Third-Party Services

We use the following third-party services that may collect your data:

Resend (Email Service)

Purpose: Transactional emails, ROI report delivery, newsletter
Data: Email address, name
Privacy Policy: resend.com/legal/privacy-policy

PostHog (Product Analytics)

Purpose: Usage analytics, session recording, feature tracking
Data: Pageviews, clicks, device info, IP address
Privacy Policy: posthog.com/privacy

Google Analytics 4

Purpose: Website traffic analysis
Data: Pageviews, demographics, interests
Privacy Policy: policies.google.com/privacy

Sentry (Error Tracking)

Purpose: Bug tracking, performance monitoring
Data: Error logs, browser info, IP address (anonymized)
Privacy Policy: sentry.io/privacy

Stover (Attribution Tracking)

Purpose: Lead attribution and source tracking
Data: Contact information, referral source
Privacy Policy: stover.app/privacy

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined:

Contact Form Data: 2 years from last interaction
ROI Calculator Data: 1 year from submission
Analytics Data: 14 months (PostHog), 14 months (Google Analytics)
Email Marketing: Until you unsubscribe

7. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (e.g., unsubscribe)

To exercise these rights, contact us at privacy@stellarwind.io

8. Data Security

We implement industry-standard security measures to protect your data, including:

SSL/TLS encryption for data in transit
Rate limiting to prevent abuse (5 requests per 15 minutes per IP)
Input validation and XSS prevention
Regular security audits and monitoring (via Sentry)
Access controls and authentication (Payload CMS)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate safeguards are in place:

EU Standard Contractual Clauses (SCCs) with third-party providers
GDPR-compliant data processing agreements
Privacy Shield certified vendors (where applicable)

10. Children's Privacy

Our services are not intended for individuals under 18 years old. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

For significant changes, we will notify you via email (if you have provided one) or a prominent notice on our website.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Stellarwind

Email: privacy@stellarwind.io

Data Protection Officer: dpo@stellarwind.io

You also have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.