The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of the personal data of EU residents and provides individuals rights to exercise control over their data. We are committed to our customers’ success, including supporting them on their GDPR compliance journey
We are clear about our practices so that you can understand how your data is collected and used.
We design our products to ensure you remain in control of your data, at all times.
We protect your data at all times, using strong security measures that are regularly verified by internal safeguards and external auditors.
We operate a high standard designed so you can operate around the world, including in regions with strict privacy rules for data handling.
Safeguarding data is a team effort. We listen to your feedback, and we provide information and customizable security and privacy tools to you.
Aleafsoft employees are required to take annual training on Business Conduct, which reflects our commitment to respect human rights and to conduct business ethically, honestly, and in compliance with applicable laws and regulations.
Privacy training is an essential part of Business Conduct Training. Aleafsoft requires its employees who have access to customer data and personal information to undergo an additional Privacy and Security Training course on a bi-annual basis or in response to updated laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Privacy Complaints If a user makes a privacy complaint that indicates a material privacy issue, we will take steps to remediate that issue at the next reasonable opportunity. In the event that a privacy issue has resulted in a material negative impact on a user or related third party, we will take steps to address that with that user or that other person.
Security, privacy, and Customer Data
A. Security We maintain technical and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, or unlawful destruction.
B. Privacy and data location We treat Customer Data in accordance with the terms herein and our Privacy Statement. We may transfer to, store, and process Customer Data in the United States or in any country where we or our Affiliates or subcontractors have facilities used for Developer Services. You will obtain any necessary consent or rights from end users or others whose data or personal information or other data you will be hosting in the Services.
C. Rights to Provide Customer Data You are solely responsible for your Customer Data. You must have, and you hereby grant us, sufficient rights to use and distribute Customer Data (including Customer Data sourced from third parties) necessary for us to provide you the Developer Services without violating the rights of any third party, or otherwise obligating Microsoft to you or to any third party. We do not assume any additional obligations that may apply to Customer Data except as required by applicable law.
D. Ownership of Customer Data Except for software and Content we license to you, as between the parties, you retain all right, title and interest in and to Customer Data. We acquire no rights in Customer Data.
E. Use of Customer Data The Services transmit Customer Data to us, including usage and performance data and crash dumps you choose to send. We will use Customer Data to provide the Services. This use may include troubleshooting to prevent, find and fix problems with the operation of the Services and ensuring compliance with this Agreement. It may also include: providing you with suggestions to help you discover and use functionality within the Services; improving the features of our Services; and otherwise use patterns, trends, and other statistical data derived from Customer Data to provide, operate, maintain, and improve our products and services. We will not use Customer Data or derive information from it for any (1) advertising or (2) other commercial purposes (beyond providing you with the Services) without your consent.
F. Customer Data return and deletion You may delete your Customer Data at any time. If you terminate your account we may delete Customer Data immediately without any retention period. We have no additional obligation to continue to hold, export, or return Customer Data and have no liability whatsoever for the deletion of Customer Data pursuant to this Agreement.
G. Third-party requests of Customer Data We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant, but excluding our subcontractors) except as you direct or unless required by law. We will ask any third party demanding access to your Customer Data to contact you directly using your basic contact information. We will promptly notify you and provide a copy of the demand unless legally prohibited. You are responsible for responding to requests by a third party regarding your use of Services.
H. Subcontractors We may hire other companies to provide limited services on our behalf, such as customer support. Any such subcontractors will be permitted to obtain Customer Data only to deliver the services we have retained them to provide. We remain responsible for our subcontractors’ compliance with the obligations set forth in this Agreement.
I. Compliance with law We will comply with all laws applicable to our provision of the Services, including applicable security breach notification laws, but not including any laws applicable to you or your industry that are not generally applicable to information technology services providers. You will comply with all laws applicable to your Customer Data, and use of the Services, including any laws applicable to you or your industry.
J. Certifications and compliance The Developer Services shall be subject to any security, privacy, and compliance practices specifically described for the Developer Services at the Developer Services Portal. These obligations do not apply to any other elements of the Services.
K. Claims of infringement We will inform you if we receive a notice claiming that your usage of the Service infringes a third party’s intellectual property rights, and in such instances, we may provide your basic contact information to the third party. You will promptly respond to such complaints.