Privacy Policy

1. Introduction

TARA Flow ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our cybersecurity compliance automation platform and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, company name, job title, phone number when you create an account
• Payment Information: Billing address, payment method details (processed securely by Stripe)
• Profile Information: Professional background, industry, compliance needs
• Content: Threat assessments, diagrams, reports, and other data you create using our Services
• Communications: Messages, support tickets, feedback you send us

3.2 Information Collected Automatically

• Usage Data: Features used, actions taken, time spent, preferences
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, pages viewed, referring URLs
• Cookies and Tracking: See our Cookie Policy

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Services (Article 6(1)(b))
• Legitimate Interests: Improving services, security, fraud prevention (Article 6(1)(f))
• Consent: Marketing communications, non-essential cookies (Article 6(1)(a))
• Legal Obligation: Tax records, compliance requirements (Article 6(1)(c))

5. How We Use Your Data

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Send technical notices, security alerts, and support messages
• Respond to your comments, questions, and requests
• Develop new features and services
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address fraud and security issues
• Personalize and improve your experience
• Send marketing communications (with your consent)
• Comply with legal obligations

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data retained while your account is active
• After Cancellation: 30 days to export, then securely deleted
• Backup Retention: Encrypted backups retained for 90 days
• Legal Requirements: Financial records retained for 10 years per German law
• Marketing Data: Until consent is withdrawn

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@taraflow.io. We respond within 30 days.

8. Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Controls: Role-based access, MFA for staff
• Infrastructure: SOC 2 Type II certified cloud providers
• Monitoring: 24/7 security monitoring and alerting
• Testing: Regular penetration testing and vulnerability assessments
• Training: Annual security awareness training for all employees

9. Cookies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices: