1. Introduction
Oversilo, Inc. ("Oversilo," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website oversilo.com, use our services, or otherwise interact with us.
This policy applies to all information collected through our website, mobile applications, support portal, and any related services, sales, marketing, or events (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.
Important: For enterprise clients with a Master Services Agreement (MSA), the data processing terms in your MSA supersede this Privacy Policy where they conflict.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you:
- Register for an account or request our services
- Fill out forms on our website
- Submit a support ticket or contact us
- Subscribe to our newsletter or marketing communications
- Participate in surveys, promotions, or events
- Apply for employment
This information may include:
| Category | Examples |
|---|---|
| Identity Data | First name, last name, username, job title |
| Contact Data | Email address, phone number, billing address, company name |
| Account Data | Username, password, account preferences, support history |
| Financial Data | Payment card details, bank account information, billing records |
| Technical Data | IP address, browser type, device information, access logs |
| Support Data | Ticket content, chat transcripts, call recordings (with consent) |
| Employment Data | Resume, cover letter, references, background check information |
2.2 Information Collected Automatically
When you access our Services, we automatically collect certain information, including:
- Device Information: Hardware model, operating system, unique device identifiers, mobile network information
- Log Information: Access times, pages viewed, IP address, referring URL, browser type and version
- Location Information: General location based on IP address; precise location only with your consent
- Usage Information: Features used, actions taken, time spent on pages, navigation paths
2.3 Information from Third Parties
We may receive information about you from third parties, including:
- Business Partners: Companies with whom we offer co-branded services or joint marketing
- Service Providers: Analytics providers, advertising networks, payment processors
- Public Sources: Publicly available databases, social media platforms, business directories
- Your Employer: If your company has contracted with us for services, your employer may provide your contact information
2.4 Client System Data
In the course of providing IT support services, we may access, collect, or process data from your systems, including:
- System configuration information
- Error logs and diagnostic data
- Network topology and device inventories
- Security event logs
- Performance metrics
We treat all Client System Data as confidential and process it solely for the purpose of providing our contracted services. This data is subject to additional protections outlined in your Service Agreement.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- Provide, maintain, and improve our Services
- Process transactions and send related information
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns and trends
- Diagnose and resolve technical issues
3.2 Communication
- Send administrative notices, such as account and security alerts
- Provide customer support and respond to inquiries
- Send marketing communications (with your consent where required)
- Notify you about changes to our Services or policies
3.3 Security and Compliance
- Protect against fraudulent, unauthorized, or illegal activity
- Enforce our terms and conditions and other policies
- Comply with legal obligations and regulatory requirements
- Respond to lawful requests from public authorities
3.4 Business Operations
- Conduct research and analytics to improve our Services
- Develop new products, services, and features
- Facilitate business transfers, mergers, or acquisitions
- Manage our workforce and recruitment processes
3.5 Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process personal data based on:
- Contract Performance: Processing necessary to fulfill our contractual obligations to you
- Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, network security, and service improvement
- Legal Compliance: Processing necessary to comply with applicable laws
- Consent: Processing based on your explicit consent, which you may withdraw at any time
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf, including:
- Cloud hosting and infrastructure providers (AWS, Microsoft Azure)
- Payment processors (Stripe)
- Customer support platforms
- Analytics and monitoring services
- Email delivery services
- Security and fraud prevention services
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
4.2 Business Partners
We may share information with business partners when you request or consent to such sharing, such as when you:
- Request information about integrated solutions
- Participate in joint marketing programs
- Use services that require data sharing with partners
4.3 Legal Requirements
We may disclose your information when required to:
- Comply with applicable laws, regulations, or legal processes
- Respond to lawful requests from government authorities
- Protect our rights, privacy, safety, or property
- Enforce our agreements and policies
- Investigate potential violations
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and outline your choices.
4.5 With Your Consent
We may share your information for any other purpose with your explicit consent.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Duration of account + 7 years | Service delivery and legal compliance |
| Financial Records | 7 years after transaction | Tax and regulatory requirements |
| Support Tickets | 3 years after resolution | Service improvement and legal protection |
| System Logs | 90 days (standard) / 1 year (security) | Security monitoring and troubleshooting |
| Marketing Data | Until consent withdrawn + 30 days | Marketing preferences |
| Employment Applications | 2 years after decision | Legal compliance and future opportunities |
When the retention period expires, we will securely delete or anonymize your personal information, unless retention is required for legal, regulatory, or legitimate business purposes.
6. Data Security
We implement comprehensive technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
6.1 Technical Safeguards
- Encryption: TLS 1.3 encryption for data in transit; AES-256 encryption for data at rest
- Access Controls: Role-based access controls, multi-factor authentication, and principle of least privilege
- Network Security: Firewalls, intrusion detection/prevention systems, and network segmentation
- Endpoint Protection: Antivirus, endpoint detection and response (EDR), and device management
- Monitoring: 24/7 security monitoring, SIEM, and real-time alerting
6.2 Organizational Safeguards
- Personnel: Background checks, security training, and confidentiality agreements
- Policies: Information security policies, incident response procedures, and regular audits
- Certifications: SOC 2 Type II, ISO 27001, and industry-specific certifications
- Vendor Management: Security assessments of third-party providers
6.3 Incident Response
In the event of a data breach that affects your personal information, we will:
- Notify affected individuals within 72 hours where required by law
- Notify relevant supervisory authorities as required
- Take immediate steps to mitigate harm and prevent recurrence
- Provide information about the breach and recommended protective actions
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
7.1 Access and Portability
You have the right to request a copy of the personal information we hold about you and to receive it in a structured, commonly used, machine-readable format.
7.2 Correction
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
7.3 Deletion
You have the right to request that we delete your personal information, subject to certain exceptions (such as legal obligations or ongoing service delivery).
7.4 Restriction
You have the right to request that we restrict the processing of your personal information in certain circumstances.
7.5 Objection
You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes.
7.6 Withdraw Consent
Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time.
7.7 How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@oversilo.com. We will respond to your request within 30 days (or sooner if required by law). We may ask you to verify your identity before processing your request.
No Fee Usually Required: You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and use information about you and your interaction with our Services. For detailed information about our use of cookies, please see our Cookie Policy.
8.1 Types of Cookies We Use
- Essential Cookies: Required for the website to function properly
- Functional Cookies: Remember your preferences and settings
- Analytics Cookies: Help us understand how visitors use our website
- Marketing Cookies: Track visitors across websites for advertising purposes
8.2 Managing Cookies
You can manage your cookie preferences through:
- Our cookie consent banner when you first visit our website
- Your browser settings (note: disabling cookies may affect website functionality)
- Opt-out tools provided by analytics and advertising partners
9. Third-Party Services
Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.
9.1 Key Third-Party Services
- Google Analytics: Website analytics
- Stripe: Payment processing
- Intercom: Customer support
- HubSpot: Marketing automation
10. International Data Transfers
Oversilo is headquartered in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
10.1 Transfer Mechanisms
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Your explicit consent where appropriate
10.2 Data Localization
For enterprise clients with data residency requirements, we offer data localization options. Please contact your account manager for details.
11. Children's Privacy
Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a child under 16, please contact us at privacy@oversilo.com.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
12.1 Your Rights
- Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: Not be discriminated against for exercising your rights
- Right to Limit: Limit use and disclosure of sensitive personal information
12.2 Categories of Information
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, IP address)
- Commercial information (purchase history, service records)
- Internet activity (browsing history, interactions with our Services)
- Professional information (job title, employer)
- Geolocation data (general location based on IP)
12.3 Do Not Sell My Personal Information
We do not sell personal information as defined under the CCPA/CPRA. We do share information with advertising partners for targeted advertising, which may be considered "sharing" under CPRA. You can opt out of this sharing by contacting us or using our cookie preference center.
12.4 Authorized Agents
You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may verify your identity directly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the policy was last revised.
For material changes, we will provide notice through:
- A prominent notice on our website
- Email notification to registered users
- In-app notification where applicable
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Privacy Officer
Oversilo, Inc.
129 S Powers Blvd
Colorado Springs, CO 80916
United States
Email: privacy@oversilo.com
Phone: +1 (719) 239-3245
For data protection inquiries from the European Union, you may also contact our EU representative:
EU Representative
Email: gdpr@oversilo.com
Supervisory Authority: If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.