LegalPrivacy Policy

Privacy Policy

1. Introduction

This Privacy Policy sets out how we, RayFlat, operating remotely in San Salvador, El Salvador, collect and process your personal data and explains your rights in relation to your personal data. If you have any questions about this Privacy Policy or would like to exercise any of your rights in relation to your personal data, you can contact us by email at [email protected]. Our preferred method of contact is email.

This Privacy Policy affects your legal rights and obligations, so we encourage you to read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide us with your personal data.

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so and the changes materially affect your rights or obligations, we will take commercially reasonable steps to notify you. Otherwise, you are responsible for periodically reviewing this Privacy Policy to be aware of any changes to it.

We may collect your personal data because you provide it to us and wish to create an account for you to access our platform. In such circumstances, we are the controller of your personal data.

This website is not intended for children and we do not knowingly collect data relating to them.

This website may include links to third-party websites, plug-ins, and applications (including integration applications). By clicking on those links or enabling those connections, third parties may collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. What personal data do we collect and from whom?

By personal data we mean any identifiable information about you, such as your name, email address, gender, date of birth, mobile and home phone number, your IP address or a photo of you that you upload to our platform. We reserve the right to anonymise and/or pseudonymise such personal data so that it is no longer personally identifiable and to use it in an anonymous and/or pseudonymised form for our internal business purposes, information or any other purpose from time to time.

2.1 Data you provide to us

From time to time, you may provide us with personal data. This may be because you wish to:

  • use our website.
  • provide us with services.
  • subscribe to receive emails with product updates from us.
  • otherwise contact us, including with queries, comments or complaints.

We will process all such personal data in accordance with this Privacy Policy. It is mandatory for you to provide us with certain personal data so that we can fulfil your request, for example, to provide you with services, and we will make this clear to you at the point of collecting the personal data.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us, but we will notify you at the time if this is the case.

Any personal data you provide to us must be true, complete and accurate. If we ask you to, you must promptly provide us with evidence of your identity. If you provide us with inaccurate or false data and we suspect or identify fraud, we will record this and may also report it to you. When you correspond with us by email or post, we may keep a record of the correspondence and we may also record any telephone calls we have with you.

2.2 Data we automatically collect about you

When you use our website or mobile application, we automatically collect and store information about your device and your activities. This information could include:

  • technical information about your device, such as the type of device, web browser, or operating system.
  • your preferences and settings, such as time zone and language.

2.3 Type of data we automatically collect from connected third-party services, such as Google Services, PayPal, and GitHub

You may choose to log in or access third-party services to access this information from the RayFlat web application, and in such cases, we will automatically collect and store your user data from that third party. This may include:

  • Profile with third parties
  • Name
  • Email address
  • Emails (content, attachments, and metadata)

3. Lawful use of your personal data

We will only use your personal data where we have a legal basis to do so. The legal purposes we rely on in this Privacy Policy are:

  • consent (where you choose to provide it, for example when you choose to use an integration app to share your data between RayFlat and a third party).

  • performance of our contract with you.

  • compliance with legal requirements and legitimate interests. When we talk about legitimate interests, we mean our legitimate business interests in the normal operation of our business, which do not materially affect your rights, freedoms or interests.

We will only use your personal data where we have a legal basis to do so. How we use your personal data depends on the reason we collected it.

3.1 Use of data from connected Google and GitHub services

If we have received your personal data because you have chosen to Sign in with Google, we will process your personal data to perform any contract we have entered into with you.

Additional limits on the use of your Google and GitHub user data:

Notwithstanding any other provision of this Privacy Policy, if you provide us with access to data from connected Google and GitHub services, our use of such data will be subject to these additional restrictions:

  • We will only use access to data from a Google and GitHub service to provide our web application with the proper functioning of our service, for example: Login.

  • We will not transfer this data to third parties unless doing so is necessary to provide and improve prominent features in the user interface, comply with applicable law, or as part of a merger, acquisition, or asset sale.

  • We will never use Google user data to serve advertising, including retargeting, personalized, or interest-based advertising.

  • We will not allow humans to read this data unless we have your affirmative consent for specific messages, doing so is necessary for security purposes such as investigating abuse, complying with applicable law, or for our internal operations, and even then, only when the data has been aggregated and anonymized.

  • RayFlat’s use and transfer to any other application of information received from Google APIs will be in accordance with the Google API Services and GitHub User Data Policy, including the Limited Use requirements.

3.2 Use of data for our legitimate interests

We may also use your personal data for our legitimate interests, including handling any customer service you require, for regulatory and legal purposes (for example, to prevent money laundering and fraud), for audit purposes, and to communicate with you about changes to this Privacy Policy.

3.3 Use of data you uploaded or entered into the RayFlat app

If we have received your personal data because you uploaded it to our platform, we will process that personal data for any of the legal purposes described above and according to your instructions.

3.4 Use of data to send product update emails (marketing)

We strive to give you choices regarding certain uses of personal data, particularly around marketing and advertising.

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased our services and have not opted out of receiving such marketing.

If you opt out of receiving these marketing messages, this will not apply to personal data you provide to us as a result of a purchase, warranty registration, experience with a product or service, or other transactions. Therefore, you may receive emails relating to your use, account, and/or user or account usage even if you have opted out of receiving marketing emails from us. This is because these emails are transactional and do not require your consent to receive them. Please note that if you opt out of receiving marketing emails, it may take us a few days to update our records to reflect your request.

4. Who do we share your data with?

For our legitimate interests, we may share your personal data with any service providers, subcontractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, IT service providers, accountants, auditors and lawyers. We will provide our service providers, subcontractors and agents with only the personal data they need to provide the service to us and, if we stop using their services, we will require them to delete your personal data or anonymise it within their systems.

In order to comply with our legal obligations, in certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example as part of anti-money laundering proceedings or to protect the rights, property or safety of a third party.

For our legitimate interests, we may also share your personal data in connection with, or during negotiations of, any merger, asset sale, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company, in which case we will provide notice to our users.

5. Where we store and process your personal data

Your personal data is stored securely in the Amazon Web Services (AWS) cloud. AWS is a leading cloud service provider that adheres to the highest standards of data security and privacy.

Where is your data located?

Your data is stored on AWS servers located in the United States.

6. Security

We will process your personal data in a manner that ensures appropriate security of your personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. To do this, we use appropriate technical or organizational measures.

7. Your rights

You have a number of rights under applicable data protection legislation. Some of these rights are complex and not all of the details are included below. You can find more information here.

  • Right to access: You have the right to obtain from us a copy of the personal data we hold about you.

  • Right to rectification: You can require us to correct errors in the personal data we process about you if it is inaccurate, incomplete or out of date.

  • Right to portability: You can request that we transfer your personal data to another service provider.

  • Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal information.

  • Right to be forgotten: You also have the right to request at any time that we delete the personal data we hold about you, when it is no longer necessary for us to retain it. However, while we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws.

  • Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note that we will continue to contact you in relation to any matter relating to your report.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any other rights. This is a security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it. We may also contact you to ask for further information in relation to your request so that we can deal with it promptly.

8. Retention of personal data

We will retain personal data in accordance with applicable laws.

If we hold your personal data because you have chosen to use our platform, we will retain it in accordance with our client’s instructions.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. How to contact us

You can contact us with any questions or comments about your Personal Data, this Policy or any other privacy-related queries by sending an email to [email protected].

SubscriptionTerms of Service