Privacy Policy

Privacy Policy

1. Introduction

Automate Stacks (“we,” “our,” or “us”) is an automation implementation agency specializing in Robotic Process Automation (RPA), API integrations, and agentic AI solutions. We are committed to protecting the privacy and security of your personal information and data processed through our automation services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, or engage with us as a client.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, job title
  • Account Information: Login credentials, user preferences, billing information
  • Project Information: Business requirements, process documentation, system specifications
  • Communication Data: Correspondence, support requests, feedback

2.2 Information Collected Through Automation Services

  • System Access Data: Credentials and access tokens for systems where we implement automation
  • Process Data: Data flowing through automated workflows, including business documents, transaction records, and operational data
  • Log Data: System logs, error reports, performance metrics, and audit trails
  • AI Training Data: Data used to train, test, or improve agentic AI models (only with explicit consent)

2.3 Automatically Collected Information

  • Technical Data: IP addresses, browser type, device information, operating system
  • Usage Data: Pages visited, features used, time spent, interaction patterns
  • Cookies and Tracking Technologies: Session data, preferences, analytics information

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

  • Designing, implementing, and maintaining automation solutions
  • Configuring RPA bots, API integrations, and agentic AI systems
  • Processing data through automated workflows on your behalf
  • Monitoring system performance and ensuring reliability

3.2 Service Improvement

  • Analyzing automation performance and identifying optimization opportunities
  • Developing and improving our AI models and automation capabilities
  • Testing and quality assurance of automation solutions
  • Troubleshooting and resolving technical issues

3.3 Business Operations

  • Communicating about projects, updates, and support matters
  • Processing payments and managing accounts
  • Complying with legal obligations and contractual commitments
  • Protecting against fraud, security threats, and unauthorized access

3.4 Marketing and Analytics

  • Sending relevant updates about our services (with consent)
  • Understanding user behavior and preferences
  • Improving our website and user experience

4. Data Processing in Automation Services

4.1 Client Data Processing

When implementing automation solutions, we act as a data processor on behalf of our clients. We process data strictly according to:

  • Written instructions from the client
  • Agreed-upon scope of work and project specifications
  • Applicable data processing agreements
  • Relevant data protection regulations

4.2 RPA and API Integration Data

  • Access Limitations: We implement role-based access controls and process only data necessary for automation functions
  • Data Minimization: We configure automations to collect and process only essential data
  • Temporary Storage: Data may be temporarily stored in system logs or cache for operational purposes
  • Secure Transmission: All data transfers use encryption and secure protocols

4.3 Agentic AI Data Handling

  • Training Data: We do not use client data to train AI models without explicit written consent
  • Model Isolation: Client-specific AI agents operate in isolated environments
  • Data Retention: AI processing data is retained only as long as necessary for the specific automation task
  • Human Oversight: Critical decisions made by agentic AI systems include human review mechanisms where appropriate

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We engage third-party vendors who assist in delivering our services:

  • Cloud infrastructure providers (e.g., AWS, Azure, Google Cloud)
  • RPA platform providers (e.g., UiPath, Automation Anywhere, Blue Prism)
  • AI and machine learning service providers
  • Payment processors and accounting services
  • Analytics and monitoring tools

All service providers are bound by confidentiality obligations and data processing agreements.

5.2 Client-Authorized Integrations

We connect to and share data with systems and platforms as authorized by clients:

  • Enterprise software systems (ERP, CRM, HRMS)
  • Third-party APIs and services
  • Cloud storage and collaboration platforms

5.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Enforce our terms of service and other agreements
  • Protect the rights, property, or safety of Automate Stacks, our clients, or others
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, client information may be transferred to the acquiring entity, subject to equivalent privacy protections.

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

  • Encryption: Data encryption in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Multi-factor authentication, role-based access, principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, VPNs for remote access
  • Secure Development: Security testing, code reviews, vulnerability assessments
  • Credential Management: Secure vaults for storing API keys, passwords, and access tokens

6.2 Organizational Safeguards

  • Employee Training: Regular security awareness and data privacy training
  • Background Checks: Screening of personnel with access to sensitive data
  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Incident Response: Documented procedures for detecting and responding to security incidents
  • Regular Audits: Periodic security assessments and compliance reviews

6.3 Automation-Specific Security

  • Bot Isolation: RPA bots operate in controlled environments with restricted access
  • Audit Logging: Comprehensive logging of all automated activities
  • Change Management: Controlled processes for updating and deploying automation
  • AI Model Security: Protection against model poisoning, adversarial attacks, and unauthorized access

7. Data Retention

We retain information only as long as necessary for the purposes outlined in this policy:

  • Active Client Data: Retained for the duration of the business relationship plus any contractually agreed period
  • Project Documentation: Typically retained for 3-7 years after project completion for support and legal purposes
  • Automation Logs: Retained according to client requirements, typically 30-90 days unless longer retention is needed for compliance
  • Financial Records: Retained according to applicable tax and accounting regulations (typically 7 years)
  • Marketing Data: Retained until consent is withdrawn or the data is no longer needed

Upon request or contract termination, we securely delete or return client data according to agreed procedures.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a structured, commonly used format

8.2 Correction and Updating

  • Request correction of inaccurate or incomplete information
  • Update your contact and account information

8.3 Deletion and Erasure

  • Request deletion of your personal information (subject to legal retention requirements)
  • Request anonymization of data where deletion is not possible

8.4 Restriction and Objection

  • Restrict or object to certain processing activities
  • Opt-out of marketing communications
  • Withdraw consent for data processing (where consent is the legal basis)

8.5 Automated Decision-Making

  • Object to decisions made solely by automated means without human involvement
  • Request human review of automated decisions that significantly affect you

To exercise these rights, contact us at [email protected].

9. International Data Transfers

As a global automation agency, we may transfer data across borders. When we transfer personal information internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-organizational transfers
  • Explicit consent where required by law

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

11.1 Types of Cookies

  • Essential Cookies: Required for website functionality and security
  • Performance Cookies: Help us understand how visitors use our site
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Track effectiveness of marketing campaigns (with consent)

11.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

12. Third-Party Links and Services

Our website may contain links to third-party sites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

  • Post the updated policy on our website with a new effective date
  • Notify clients of material changes via email or through our platform
  • Obtain consent for changes that materially expand how we use personal information

We encourage you to review this policy regularly to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Automate Stacks
Email: [email protected]

Data Protection Officer

Email: [email protected]

For clients in the European Union, you also have the right to lodge a complaint with your local data protection authority.

15. Regional-Specific Information

15.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

15.2 European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation, including:

  • Legal bases for processing: Contract performance, legitimate interests, legal compliance, consent
  • Right to data portability
  • Right to lodge complaints with supervisory authorities
  • Special protections for sensitive personal data

15.3 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate. Contact us for region-specific information.