Privacy Policy

1. Controller and Scope

Nordsat ("we", "our", "us") is the data controller for personal data processed through nordsat.io, the booking flow, and the monitoring platform.

This policy explains what data we process, why we process it, legal bases, retention periods, and your rights under GDPR.

2. Data We Process

• Account data: email, company, phone, role, authentication metadata.
• Operational data: device, telemetry, route, and event records linked to customer workspaces.
• Demo/contact data: name, email, company, phone, industry, selected slot, and telemetry interests.
• Security data: login attempts, session metadata, and audit logs.
• Website analytics data: page views, referrer, campaign fields, pseudonymous visitor/session identifiers.

3. Legal Bases (GDPR Article 6)

• Contract performance: account, service delivery, support, and operational dashboards.
• Legitimate interests: service security, fraud prevention, reliability monitoring, and product improvement.
• Consent: optional analytics cookies and demo-contact consent where requested.
• Legal obligations: compliance, tax/accounting, and security incident obligations where applicable.

4. Cookies and Similar Technologies

We use a consent banner to let you choose optional cookies.

• Essential cookies/storage: required for login, security, and core functionality.
• Analytics cookies/storage (optional): enabled only after consent; used to measure page usage and campaign performance.
• Marketing cookies/storage (optional): enabled only after consent.

You can update preferences at any time from the consent banner and browser storage controls.

5. Data Recipients and Processors

We use trusted processors for specific services, including infrastructure, email, and scheduling integrations.

• Hosting/database: Vercel and PostgreSQL service providers.
• Caching/rate limiting: Upstash Redis.
• Email delivery: Resend.
• Calendar scheduling integrations: Zoho services (when enabled).
• Content delivery: third-party font/icon CDNs where configured.

We maintain data processing agreements (DPAs) with processors where required.

6. International Data Transfers

If personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses and supplementary controls where required.

7. Retention

• Account and customer workspace data: while account is active, then according to contractual/legal obligations.
• Telemetry history: default up to 730 days unless otherwise configured by contract.
• Website analytics events: default up to 365 days.
• Audit and security logs: default up to 365 days.
• Privacy request records: up to 3 years for accountability evidence.

8. Your GDPR Rights

You can request:

• Access to your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restriction or objection to processing
• Data portability (structured export)
• Withdrawal of consent at any time (for consent-based processing)

To exercise rights, contact us at info@nordsat.io. We may request identity verification before completing requests.

9. Security

We apply technical and organizational controls including access control, role-based authorization, encrypted transport (TLS), rate limiting, and audit logging for sensitive actions.

10. Data Breach Response

We maintain breach response procedures. Where required by GDPR, we notify supervisory authorities within 72 hours and affected data subjects without undue delay.

11. Contact and Complaints

Privacy contact: info@nordsat.io

You may also lodge a complaint with your local supervisory authority.

Terms of Service

For commercial billing and subscription conditions (including commitment period, renewal terms, VAT, and cancellation), see the Subscription Terms.

Service Use

You agree to use the platform lawfully and only for authorized business purposes.

Account Security

You are responsible for keeping your credentials confidential and for activities under your account.

Availability

We aim for high availability but do not guarantee uninterrupted service in all circumstances.

Liability

To the extent permitted by law, Nordsat is not liable for indirect or consequential damages.

Changes

We may update these terms and this privacy policy; material changes will be communicated on our website or service channels.