Privacy Policy

Effective Date: December 13, 2024

This Privacy Policy describes how NotLocalStorage.io ("NLS", "we", "us", or "our") collects, uses, and handles your information when you use our services. We are committed to compliance with the EU General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988, including the Australian Privacy Principles (APPs).

1. Data Controller

NotLocalStorage.io is the data controller for personal information collected through our services. For privacy inquiries, contact us via our contact form.

2. Information We Collect

We collect information you provide directly:

• Account Information: Email address, name, and password when you register.
• Payment Information: Billing details processed through our payment provider, Stripe (we do not store full card numbers).
• Stored Data: Any key-value data you store through our API.
• Usage Data: API calls, timestamps, IP addresses, storage usage, and application activity.

You may use our services without providing your real name (pseudonymous use), but a valid email address is required for account verification and security notifications.

3. Legal Basis for Processing (GDPR)

We process your personal information under the following legal bases:

• Contract: Processing necessary to provide our services (account management, data storage, support).
• Legitimate Interests: Security monitoring, fraud prevention, service improvement, and analytics—where these interests are not overridden by your rights.
• Legal Obligation: Compliance with applicable laws, tax requirements, and responding to lawful requests.
• Consent: Marketing communications (where applicable). You may withdraw consent at any time.

4. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve our services (Contract)
• Process transactions and send related information (Contract)
• Monitor usage patterns for capacity planning and fraud prevention (Legitimate Interest)
• Send technical notices, updates, and administrative messages (Contract)
• Respond to support requests (Contract)
• Enforce our Terms of Service and prevent abuse (Legitimate Interest)
• Comply with legal obligations (Legal Obligation)

5. Data Storage and Security

Your data is stored on secure servers. We implement industry-standard security measures including encryption in transit (TLS 1.3) and isolated application namespaces. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data for specific periods based on purpose:

• Account data: Retained while your account is active, plus 30 days after deletion.
• Stored data (key-value): Retained while your account is active, deleted within 30 days of account deletion.
• Usage logs: Retained for 90 days for security and debugging purposes.
• Billing records: Retained for 7 years to comply with tax and accounting requirements.
• Support correspondence: Retained for 2 years after resolution.

7. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service providers: Hosting (AWS, located in the United States and Australia), payment processing (Stripe), and email delivery services—under data processing agreements.
• Legal authorities: To comply with legal obligations, court orders, or government requests.
• Protection purposes: To protect our rights, property, or safety, or that of our users or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified via email and prominent website notice).

8. International Data Transfers

Your data may be transferred to and processed in:

• United States: Primary hosting infrastructure (AWS US regions)
• Australia: Backup and regional hosting

For transfers from the EU/EEA, we rely on:

• EU-US Data Privacy Framework (for US transfers to certified providers)
• Standard Contractual Clauses (SCCs) approved by the European Commission

For transfers from Australia, we ensure recipient countries provide comparable privacy protections or obtain your consent where required under APP 8.

9. Your Rights

All users have the right to:

• Access and export your data via the dashboard (JSON export available)
• Correct inaccurate information
• Delete your account and associated data

EU/EEA residents (GDPR) additionally have the right to:

• Data portability: Receive your data in a structured, machine-readable format
• Restrict processing: Request limitation of processing in certain circumstances
• Object to processing: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior processing
• Lodge a complaint: File a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, or your national data protection authority)

Australian residents have rights under the Privacy Act 1988 to:

• Access your personal information (APP 12)
• Request correction of inaccurate information (APP 13)
• Complain about privacy breaches to the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us. We will respond within 30 days (or sooner where required by law).

10. Cookies and Tracking

We use essential cookies for authentication and session management. These are strictly necessary and do not require consent. We do not use third-party advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may prevent you from using our services.

11. Children's Privacy

Our services are not directed to children under 16 (or under 13 in jurisdictions where that is the applicable age). We do not knowingly collect information from children. If we become aware of such collection, we will delete the information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will:

• Update the effective date at the top of this page
• Notify registered users via email at least 14 days before changes take effect
• Post a prominent notice on our website

Continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, to exercise your rights, or to lodge a complaint:

• Contact form: https://notlocalstorage.io/contact
• Email: privacy@notlocalstorage.io

We aim to resolve all complaints internally. If you are unsatisfied with our response, you may escalate to:

• EU residents: Your local data protection authority
• Australian residents: Office of the Australian Information Commissioner