Privacy Policy

1. Introduction

SaaSVista ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shadow SaaS Discovery platform and related services (the "Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and employee count
• Partner Information: Partner codes and referral information
• Communication Data: Messages, support requests, and feedback you send to us

2.2 Information We Collect Automatically

• Authentication Logs: OAuth sign-in data from connected identity providers (Okta, Google Workspace, Azure AD)
• SaaS Discovery Data: Information about SaaS applications accessed by your organization
• Usage Analytics: How you interact with our platform and dashboard
• Technical Data: IP addresses, browser information, device identifiers, and session data

2.3 Information from Third Parties

• Identity Provider Data: Authentication logs and user directory information from your Okta, Google, or Azure AD systems
• Email Data: Email metadata from Office 365 or Gmail integrations (no email content is accessed)
• Risk Enrichment Data: Public information about SaaS applications for risk scoring

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Shadow SaaS Discovery Service
• Discover and catalog SaaS applications used within your organization
• Generate risk scores and security assessments for discovered applications
• Create reports and analytics dashboards
• Process partner referrals and commissions
• Communicate with you about your account and our services
• Provide customer support and respond to your requests
• Improve our services and develop new features
• Comply with legal obligations and enforce our terms

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 When We May Share Information

• Partners: With verified partners who referred you to our service, for commission purposes
• Service Providers: With trusted third-party vendors who help us operate our service
• Legal Requirements: When required by law, legal process, or government request
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Security: To protect the rights, property, or safety of SaaSVista, our users, or others

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption in transit and at rest using industry-standard protocols
• Multi-factor authentication and access controls
• Regular security assessments and monitoring
• SOC 2 compliance and security certifications
• Employee training on data protection practices

6. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active and for up to 7 years after termination
• Authentication Logs: Retained for 90 days for active analysis, archived for up to 2 years
• Discovery Data: Retained while your subscription is active and for 90 days after termination
• Support Data: Retained for 3 years for quality assurance and legal compliance

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access and review your personal information
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Export your data in a portable format
• Restrict or object to certain processing activities

7.2 Communication Preferences

You can opt out of marketing communications at any time by clicking unsubscribe links in our emails or contacting us directly.

8. International Data Transfers

Our services are primarily hosted in the United States. If you are located outside the US, your information may be transferred to and processed in the US. We implement appropriate safeguards to protect your data during international transfers, including standard contractual clauses and adequacy decisions.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: