Privacy Policy

Last updated: March 31, 2026

Emistra ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy describes what information we collect, how we use it, and what rights you have in relation to it when you visit emistra.io or use the Emistra platform (collectively, the "Service").

1. Data Controller

Emistra is the data controller of personal data collected through the Service. If you have any questions about this policy or our data practices, please contact us at [email protected].

2. Information We Collect

We collect the following categories of personal data:

• Account data: name, email address, company name, and job title provided when you register or contact us.
• Usage data: pages visited, features used, session duration, and interaction events collected automatically through analytics tools.
• Technical data: IP address, browser type and version, operating system, and referring URLs.
• Communications: messages you send us via contact forms, email, or support channels.
• Cookies and similar technologies: see Section 6 below.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: to provide the Service you have requested and to manage your account.
• Legitimate interests: to improve the Service, prevent fraud, and send relevant product updates (where permitted).
• Consent: for marketing communications and non-essential cookies, where required by law.
• Legal obligation: to comply with applicable laws and regulations.

4. How We Use Your Information

• To create and manage your Emistra account.
• To provide, operate, and improve the Service.
• To respond to your enquiries and provide customer support.
• To send transactional emails (e.g., account confirmations, password resets).
• To send marketing communications about Emistra products and updates, where you have given consent or we have a legitimate interest to do so.
• To analyse usage patterns and monitor the performance and security of the Service.
• To comply with our legal obligations.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

• Service providers acting as data processors on our behalf (e.g., hosting, email delivery, analytics), bound by data-processing agreements.
• Professional advisers such as lawyers and accountants, where necessary.
• Law enforcement or regulatory authorities where required by applicable law or legal process.
• Acquirers in the event of a merger, acquisition, or sale of assets, subject to standard confidentiality obligations.

6. Cookies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

• Essential cookies: required for core functionality such as session management.
• Analytics cookies: used to understand how visitors interact with the Service (e.g., Microsoft Clarity, Google Analytics).
• Marketing cookies: used to deliver relevant advertisements and measure campaign performance.

You can control non-essential cookies through your browser settings. Declining analytics or marketing cookies will not affect your access to the Service.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law. Account data is retained for the duration of your account plus a reasonable period thereafter. You may request deletion of your data at any time (see Section 8).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data, subject to certain exceptions.
• Restriction: request that we limit processing of your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Data Storage Region and International Transfers

Emistra is a global platform and is not restricted to any specific region by default or design. Data may be stored and processed in servers located in various countries around the world.

Eligible accounts have the option to select a preferred data storage region through their account settings. If you choose a specific region, we will take reasonable steps to store your data within that region, subject to technical feasibility and any applicable legal requirements.

If you do not select a data storage region, you acknowledge and agree that your data may be stored and processed in any country in which Emistra or its service providers operate, and you knowingly waive any requirement for your data to be stored or processed in a particular jurisdiction. In such cases, data protection standards in the destination country may differ from those in your country of residence.

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by email. The date at the top of this page reflects the most recent revision.