Privacy Policy
Last Updated: June 2026
1. Overview
IMSATYA ("we," "us," "our," or "Company") operates a product studio platform offering infrastructure monitoring and alerting services. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our services, and interact with our platform.
Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our services.
2. Data Collection
2.1 Information You Provide Directly
- Account Information: When you create an account, we collect your email address, name, password hash, and any profile information you provide.
- Subscription & Billing: We collect billing address, payment method information, and subscription tier selection. Payment processing is handled by third-party providers; we do not store full credit card details.
- Monitoring Data: When using our monitoring services (Pulse), we collect infrastructure metrics, logs, performance data, and alerting configurations that you provide.
- Communication: We collect information when you contact support, submit feedback, or participate in surveys and customer research.
2.2 Information Collected Automatically
- Technical Data: IP address, browser type, operating system, device information, and unique device identifiers.
- Usage Data: Pages visited, features accessed, time spent, interaction patterns, and performance metrics.
- Location Data: We use GeoIP detection to determine your country/region for pricing, compliance, and localization purposes.
- Log Data: Server logs including request timestamps, response codes, and error messages (retained for 30 days for security and debugging).
2.3 Cookies & Tracking Technologies
- Authentication Cookies: We use HTTP-only cookies to store your authentication tokens (access and ID tokens from AWS Cognito). These are essential for maintaining your logged-in session.
- CSRF Protection Cookie: We use a CSRF token cookie to prevent cross-site request forgery attacks on form submissions.
- Device Cookie: We use a device identifier cookie for rate limiting purposes to prevent abuse.
- Session Tracking: We do not use third-party analytics cookies or tracking pixels that follow you across the web.
2.4 Service Providers & Third Parties
We share limited information with the following service providers who process data on our behalf:
- AWS Cognito: Identity provider for authentication. Your credentials and authentication metadata are stored with AWS. Review AWS's privacy policy for their data handling practices.
- Payment Processors: For subscription billing and payment processing. Payment data is processed by PCI-compliant third parties; we do not store sensitive payment details.
- Email Service Providers: For sending transactional emails (account confirmations, password resets, subscription notifications, wishlist updates).
- Cloud Infrastructure: We host our platform on Oracle Cloud. Infrastructure access is restricted and monitored.
3. How We Use Your Information
- Service Delivery: Providing account access, enabling monitoring features, sending alerts, and delivering reports.
- Account Management: Creating and maintaining your account, processing subscriptions, handling billing, and managing access controls.
- Communication: Sending transactional emails (confirmations, alerts, password resets), important service updates, and responding to support inquiries.
- Security & Compliance: Detecting and preventing fraud, enforcing terms of service, complying with legal obligations, and maintaining security logs.
- Service Improvement: Analyzing usage patterns, identifying bugs, improving features, and conducting research on service usage (aggregated and anonymized).
- Marketing (Consent-Based): If you opt-in, we may send you information about new features, offerings, or updates. You can unsubscribe at any time.
- Monitoring & Analytics: Measuring platform performance, tracking infrastructure health, and generating aggregate reports.
4. Log Retention & Data Lifecycle
- Application Logs: We retain application logs (requests, errors, system events) for 30 days for security and debugging purposes.
- Monitoring Data: Infrastructure monitoring data retention depends on your subscription tier (typically 7 days for free tier, up to 90 days for professional, unlimited for business).
- Account Data: Account information is retained for the duration of your subscription and for 30 days after cancellation (unless legally required to retain longer).
- Audit Logs: Administrative actions and permission changes are logged and retained for compliance and security auditing.
5. Your Privacy Rights & Choices
- Access & Correction: You can access, update, or correct your account information at any time through your profile settings.
- Data Download: You can request a download of your data in a portable format by contacting support.
- Deletion Requests: You can request deletion of your account and associated personal data. We will comply within 30 days, except where legal obligations require retention.
- Opt-Out: You can opt out of marketing communications through email preferences or by contacting us. You cannot opt out of transactional emails required to operate your account.
- Cookie Control: You can control cookies through your browser settings. Note that disabling essential cookies may impact service functionality.
- California Privacy Rights (CCPA): If you are a California resident, you have additional rights including the right to know, delete, and opt-out of "sales" of your data. Contact us to exercise these rights.
- EU Privacy Rights (GDPR): If you are in the EU, you have rights including access, rectification, erasure, data portability, and the right to object to processing. Contact us to exercise these rights.
6. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit (HTTPS/TLS for all communications)
- Encryption of sensitive data at rest
- HTTP-only cookies that cannot be accessed via JavaScript
- CSRF token validation on all state-changing requests
- Rate limiting by IP and device to prevent abuse
- Regular security monitoring and logging
- Restricted access to production systems
While we implement robust security measures, no system is completely secure. If you believe your account has been compromised, contact us immediately.
7. Data Sharing & Disclosure
- No Sale of Data: We do not sell, rent, or lease your personal data to third parties.
- Service Providers: We share data with third-party service providers who assist in operating our platform (listed in section 2.4).
- Legal Compliance: We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.
- Multi-Tenant Accounts: If your account is managed by an organization (tenant), account administrators may have access to your account information and usage data for administrative purposes.
8. International Data Transfers
Our servers are located in the United States (Oracle Cloud). If you are accessing our services from outside the US, your data will be transferred to, stored in, and processed in the United States. By using our services, you consent to this transfer. We will handle international transfers in compliance with applicable data protection laws.
9. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete such information promptly.
10. Third-Party Links
Our website and services may contain links to third-party websites and services. This Privacy Policy applies only to our services. We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email or by posting an updated policy on our website with a revised "Last Updated" date. Your continued use of our services following notification of changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Email: [email protected]
- Support Email: [email protected]
- Website: https://imsatya.com
For EU residents with data protection concerns, you also have the right to file a complaint with your local data protection authority.