Privacy Policy for Daestro

Effective Date: Feb 7, 2025

1. Introduction

Daestro ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Daestro platform and all its subdomains (collectively, the "Services"). Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy.

Contact Information: If you have any questions or concerns about our Privacy Policy or our data practices, please contact us at hq[at]daestro.com.

2. Information We Collect

We collect the following types of information from and about users of our Services:

  • Account Information: When you create an account, we collect your name and email address. We verify email addresses by sending a verification link.
  • Cloud and Container Registry Credentials: To enable the functionality of Daestro, we collect your cloud provider API keys/tokens/OAuth credentials and Container Registry credentials. We encrypt these credentials using AES 256 encryption and store them securely.
  • Usage Data: We collect data related to your use of the Platform, including:
    • Workload Data: Information about the compute workloads you run, including batch jobs, configurations, and related settings.
    • Container Logs and Job Logs: Logs generated by your compute workloads, which are stored to assist you in monitoring and managing your jobs. The retention period for these logs may depend on your subscription plan.
    • Feature Usage: Information about the features of the Platform you access and use.
    • Frequency of Use: Data on how often you use the Platform.
  • Server Logs, IP Addresses, and Device Information: We automatically collect server logs, IP addresses, browser types, operating systems, and device information when you access our website and Platform to help us administer the Platform, analyze trends, improve security, and better serve users.
  • Cookies: We use server-side cookies for authentication, authorization, and session management on our web application to ensure secure and efficient access to the Services.
  • Analytics Data: We use a self-hosted analytics tool that does not rely on cookies to understand usage patterns and improve our Services.
  • Google Tag: We use Google Tag to measure user activity on our website, which serves as a conversion metric for our advertisements across Google services and the web. Google Tag may use cookies to track user interactions with our site, helping us understand the effectiveness of our marketing campaigns and optimize our advertising efforts. This data is processed according to Google's privacy policy.
  • Communications Data: If you contact us for support or other inquiries, we may collect and retain records of your communication.
  • Payment Information: If you subscribe to a paid plan, we may use third-party payment processors (such as LemonSqueezy, Stripe, or Paddle) to process payments. We do not directly collect or store your full payment information (e.g., credit card details), as this is handled by the payment processors according to their privacy policies.

3. How We Use Your Information

We use the collected information for various purposes, including:

  • Providing and Maintaining the Services: To operate Daestro, provide you with access to the Platform and its features, and ensure the Services function correctly.
  • Account Management: To create and manage your user account, verify your identity, and communicate with you about your account and the Services.
  • Workload Orchestration: To orchestrate and execute the compute workloads you define across your connected cloud providers.
  • Service Improvement and Personalization: To understand how you use the Services, analyze usage trends, personalize your experience, and improve our Platform, features, and offerings.
  • Communication: To send you important notices, updates, security alerts, support messages, and marketing communications (if you have opted in to receive them).
  • Security: To monitor and protect the security of our Platform, detect and prevent fraud and abuse, and ensure the security of your account.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Customer Support: To provide customer support and respond to your inquiries and requests.

4. Cookies and Tracking Technologies

We use server-side cookies for essential functions on our web application, such as authentication and session management. These cookies are necessary for the Platform to operate securely and efficiently.

We also utilize a self-hosted analytics tool to analyze website and platform usage. This tool is configured to not use cookies, ensuring user privacy while still providing us with valuable insights into how our Services are used.

5. Sharing and Disclosure of Your Information

We do not share your personal information with third parties except as described in this Privacy Policy.

We may share your information with the following categories of recipients:

  • Third-Party Service Providers: We engage third-party service providers to assist us in providing and supporting the Services, such as:
    • Payment Processors: We use payment processors like LemonSqueezy, Stripe, or Paddle to process payments for paid subscriptions. These processors handle your payment information according to their own privacy policies.
    • Customer Support Services: We may use third-party or self-hosted customer support services to manage and respond to user inquiries.
    • Email Service Providers: We use Resend (https://resend.com/) to send email communications, including verification emails and marketing emails (if you have opted in).
  • Legal and Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., to comply with a subpoena or court order).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We do not share your personal data with third parties for marketing or advertising purposes outside of our own marketing communications which you can opt-out of.

6. International Data Transfers

Your information may be transferred to and maintained on computer systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.

Our servers are currently located in Canada and India, and data may be transferred and processed between these countries to provide the Services. We currently do not store user data in the European Union (EU).

If, in the future, we transfer personal data outside of your jurisdiction, including to countries that may not have data protection laws equivalent to those in your jurisdiction, we will implement appropriate safeguards to protect your personal data, such as Standard Contractual Clauses, where applicable.

7. Data Security

We take reasonable measures to protect your information from unauthorized access, use, or disclosure. We encrypt your cloud provider API keys/tokens/OAuth credentials and Container Registry credentials using AES 256 encryption. We also implement other security measures, and plan to implement access controls to further enhance data security for teams.

However, please remember that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We will not be liable for any unauthorized access, misuse, or leakage of your data, even if caused by our negligence, except to the extent such liability cannot be lawfully excluded.

8. Data Retention

We retain your personal information for as long as your account is active and as necessary to provide you with the Services. Certain data, such as container logs and job submission history, may be deleted periodically depending on your subscription plan and to manage storage costs. We may offer options to adjust log retention based on your needs, potentially for an additional fee.

If you decide to delete your account, we will initiate the deletion process immediately. Your data will be removed from our primary systems within 7 days of your account deletion request. Complete erasure from all our systems, including backups, will be completed within 45 days. This extended period is due to our backup retention policies to ensure data recovery in case of system failures.

9. Your Rights Regarding Your Information

Currently, we offer all users the right to request deletion/erasure of their personal data. You can request deletion of your account and associated data directly through the Platform or by contacting us at hq[at]daestro.com. We will process your request within a reasonable timeframe, and complete data erasure, including from backups, within 45 days.

While not currently offered, depending on your jurisdiction and applicable privacy laws (such as GDPR or CCPA), you may have additional rights regarding your personal data, including the right to access, rectification, restriction of processing, data portability, and objection to processing. We are continually evaluating our practices and may offer these rights to our users in the future.

If you have any questions or wish to exercise your right to deletion or any other rights you may have, please contact us at hq[at]daestro.com.

10. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hq[at]daestro.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Effective Date" at the top of this policy. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Services after the posting of changes constitutes your acceptance of such changes.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

hq[at]daestro.com