Privacy policy

KinetiStack™ LLC ("KinetiStack™," "we," "us," or "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the choices and rights you have.

This policy applies to:

• Visitors to our website at https://kinetistackllc.com (the "Site");
• Customers and prospective customers who acquire or evaluate any KinetiStack™ product through a marketplace (for example, the Microsoft Commercial Marketplace) or directly from us; and
• People who contact us for sales, support, partnership, or other business purposes.

This policy does not apply to data that flows through our products into a customer's own cloud environment. KinetiStack™ never receives or stores that data. See Section 3 — What we do not collect.

KinetiStack™ provides products and services to businesses; the Site and our products are not intended for personal, family, or household use.

1. Who we are

KinetiStack™ LLC is a Minnesota limited liability company.

Privacy contact: [email protected]

For the purposes of the European Union and United Kingdom General Data Protection Regulations, KinetiStack™ is the "controller" of the personal data described in this policy. KinetiStack™ has not designated a representative under Article 27 of the EU GDPR because it does not target the offering of goods or services to individuals in the European Union or United Kingdom; see Section 11.

2. What we collect

When you visit the website

• Information you submit through our contact form — your name, corporate email address, company name, and the project brief or message you choose to send. You decide what to include in the message field.
• Server request logs — when your browser requests a page, our hosting provider (Cloudflare) automatically records technical data such as your IP address, browser type and user-agent, the page requested, referring page, and a timestamp. These logs are retained by Cloudflare for a short period (approximately seven days under our current plan tier) and are used for security, abuse prevention, and reliability.
• Analytics — we use Cloudflare Web Analytics, a privacy-focused, aggregate measurement tool provided with our hosting. It is cookieless, does not use a client-side persistent identifier, and does not build a behavioral profile of you or track you across other websites. We do not use Google Analytics, Google Tag Manager, Microsoft Clarity, Plausible, PostHog, or any other behavioral-analytics or advertising service, and we do not load third-party social-media tracking pixels.
• Search-engine indexing — we use Bing Webmaster Tools to submit our sitemap to search engines. This is a server-to-server channel; it does not track Site visitors and sets no cookies in your browser.

When you deploy or evaluate a KinetiStack™ Marketplace offer

• Marketplace lead data — if you choose, during deployment, to share your information with the publisher, Microsoft provides us limited deployment metadata through the Microsoft Commercial Marketplace customer-leads program: company name, contact name, contact email, country, the offer and plan deployed, your subscription type, and a timestamp. Microsoft's own collection and use of your data is governed by Microsoft's privacy statement.
• Support and other communications — any support tickets, emails, or other communications you initiate with us about a deployment, and the business context you choose to share in them.
• Billing information for paid plans — for free plans (currently the Oracle ⇄ ADLS Bridge offer is available as a free Bicep template, for which customers pay Microsoft only for the Azure resources the template provisions), no billing information passes to KinetiStack™. For paid Marketplace plans (offered separately), billing is handled by the Microsoft Commercial Marketplace; we receive only the disbursement reports Microsoft provides (payout amount, plan, country) and not your payment instrument.
• Professional-services invoicing information — if you separately engage KinetiStack™ for professional services or support, the invoicing details you provide directly to us (company name, billing contact, billing address, and tax identification number).

When you contact us

• The content of emails and other communications you send us, any attachments, and any business context you choose to share.

3. What we do not collect

KinetiStack™'s products are deployed into the customer's own cloud (Azure) subscription and run entirely within the customer's tenancy. KinetiStack™ does not receive, transmit, or store any of the data that a customer's deployment processes. Specifically, for the Oracle ⇄ ADLS Bridge offer:

• The Oracle database contents the customer archives are stored in the customer's own Azure Data Lake Storage account. KinetiStack™ has no read or write access.
• The Oracle credentials the customer provides are stored in the customer's own Azure Key Vault. KinetiStack™ has no read access.
• Operational telemetry from the deployment (container logs, monitoring workbook data) is stored in the customer's own log analytics workspace. KinetiStack™ has no read access.
• The product does not "phone home." KinetiStack™ receives no usage telemetry from a deployment. If a future product release adds any telemetry, it will be opt-in and disclosed before collection.

If you voluntarily share data with us in a support ticket or other communication, that data is handled under Section 2 ("When you contact us") and the rest of this policy.

4. How we use what we collect

We use the information described above to:

• respond to contact-form submissions, sales inquiries, and support requests;
• provide, maintain, and improve our products, services, and the Site (analytics use is aggregated and not used to build profiles of individuals);
• operate the Microsoft Marketplace relationship and route customer support;
• send product updates only to people who opt in to receive them (we do not add anyone to a marketing list without an affirmative action by that person, and every such message includes an unsubscribe link);
• invoice for, and keep records of, paid services;
• protect the security and integrity of the Site and our systems, and prevent fraud and abuse; and
• comply with our legal obligations (including tax and accounting obligations) and respond to lawful requests.

We do not use your personal information for behavioral advertising, and we do not sell or "share" your personal information (as those terms are defined under California law) or otherwise disclose it to data brokers or advertising networks.

5. Legal bases for processing (EEA / UK / Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the applicable General Data Protection Regulation:

• Contact-form submissions, sales communications, and support requests — our legitimate interest in responding to you and operating our business, and the steps you ask us to take before or during a business relationship.
• Marketplace lead data and customer-relationship records — the performance of, or steps toward, a contract, and our legitimate interest in understanding and serving our customer base.
• Server logs and security measures — our legitimate interest in operating a secure and reliable website.
• Product-update emails — your consent, which you may withdraw at any time using the unsubscribe link in every message.
• Tax, accounting, and other records we must keep — compliance with our legal obligations.

6. How we share information

We share personal information only with service providers that help us operate our business, and only with the minimum data each provider needs. We do not sell personal information.

We do not share personal information with advertising networks, data brokers, or social-media platforms, and we do not load third-party social-media tracking pixels.

We may disclose personal information when we believe in good faith that doing so is required by law (for example, in response to a subpoena, court order, or other lawful request), or where necessary to establish or exercise our legal rights, protect against legal claims, or protect the rights, property, or safety of KinetiStack™, our users, or the public. If KinetiStack™ is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this policy.

7. How long we keep information

For the purposes of this policy, an "active business relationship" means any one of the following: an open sales opportunity or quote; an active or in-term services, support, or license agreement; or business correspondence exchanged with you within the preceding 12 months. When none of these conditions is met, the standard retention periods above apply.

When we no longer need personal information, we delete it or de-identify it.

8. Your privacy rights

Depending on where you live and the applicable law, you may have some or all of the following rights regarding the personal information we hold about you:

• to access or obtain a copy of that information, and to confirm whether we process it;
• to correct inaccurate information;
• to delete your information (subject to limits — for example, we may need to keep certain records for tax, accounting, or legal reasons);
• to restrict or object to certain processing;
• to port your information to another service in a portable format;
• to withdraw consent for any processing that is based on consent, without affecting processing already carried out; and
• not to receive discriminatory or retaliatory treatment for exercising any of these rights.

California residents. KinetiStack™ does not meet the thresholds that make a business subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the "CCPA"). We nonetheless honor the core access, correction, and deletion requests described above for California residents as a matter of good practice. We do not sell or "share" personal information as those terms are defined under the CCPA, and we do not process personal information for cross-context behavioral advertising.

Minnesota residents. KinetiStack™ is a small business as defined by the U.S. Small Business Administration and is therefore exempt from most operative requirements of the Minnesota Consumer Data Privacy Act; the Act nonetheless prohibits a small business from selling sensitive data without consent, and we do not sell personal data of any kind. We honor the access, correction, and deletion requests described above for Minnesota residents as a matter of good practice.

EEA / UK / Switzerland residents. In addition to the rights above, you may lodge a complaint with your local data protection authority — in the United Kingdom, the Information Commissioner's Office.

How to exercise your rights. Email [email protected]. We may need to verify your identity before acting on a request. We will respond within the time required by applicable law — generally within 45 days — and we may extend that period where the law permits, in which case we will tell you. There is no fee for a reasonable request.

9. Cookies and similar technologies

A cookie is a small text file a website stores in your browser. The Site uses the following cookies:

Both cookies above are strictly necessary for the Site to operate securely; they are set by our hosting provider for bot management and security. The Site does not set analytics, advertising, or remarketing cookies, and does not load third-party social-media tracking pixels.

No cookie-consent banner. Because the Site sets no non-essential cookies — our analytics tool is cookieless, and the only cookies used are strictly necessary security cookies — no cookie-consent banner is required, including for visitors in the European Economic Area and the United Kingdom. You can still block or delete cookies through your browser settings, though the strictly necessary cookies above are needed for the Site to function. If the Site ever introduces a non-essential cookie or a tracking analytics tool, we will add a consent mechanism and update this policy before doing so.

10. Do Not Track

Some browsers can send a "Do Not Track" ("DNT") signal. There is no common industry standard for how to interpret DNT signals. The Site does not respond to DNT signals. We do not permit third parties to collect personally identifiable information about your online activities over time and across different websites when you use the Site. As noted in Section 9, the Site sets no analytics or advertising cookies in the first place.

11. International data transfers

KinetiStack™ is based in the United States, and our service providers process data in the United States and other countries. If you are located in the European Economic Area, the United Kingdom, or Switzerland and you contact us or otherwise provide personal information, that information will be transferred to and processed in the United States.

KinetiStack™ does not target the offering of goods or services to individuals in the EEA or the UK; our products and services are directed to businesses, and any personal data we receive from individuals in those regions is incidental (for example, an unsolicited contact-form message). Where we do transfer such data, we rely on the European Commission's and the UK's Standard Contractual Clauses, or another lawful transfer mechanism. Our major service providers (Microsoft and Cloudflare) maintain their own transfer safeguards, including Standard Contractual Clauses and certification under the EU-U.S. Data Privacy Framework and its UK extension.

12. Security

We protect personal information with measures appropriate to its sensitivity, including encryption in transit (TLS), encryption at rest at the platform level provided by our vendors (Microsoft Azure and Cloudflare), role-based access controls, and vendor due-diligence reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; we treat security as a continuous operational discipline.

For security-vulnerability reports concerning our products, please see our Security Policy, linked from the product repository.

13. Data breach notification

If we become aware of a security breach that compromises the personal information we hold, we will investigate promptly and will notify affected individuals, and any regulators or other parties, as and when required by applicable law, including the Minnesota data breach notification statute (Minn. Stat. sec. 325E.61) and any other law that applies to you. We will make that notification without unreasonable delay, consistent with the needs of any investigation and of restoring the integrity of our systems, and will describe what happened and the steps you can take.

14. Children's privacy

The Site and our products are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under 13 (or, for visitors in the European Economic Area, under the age of consent in their country, which may be as high as 16). If you believe a child has provided us personal information, email [email protected] and we will delete it.

15. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Effective date" above. For material changes that affect how we use your personal information, we will provide additional notice — for example, a notice on the Site or, where we have your contact details and the change is significant, a direct message.

16. Contact us

Questions, requests, or complaints about this policy or your personal information:

Email: [email protected]