Privacy Policy

1. Introduction

Welcome to MigroStack ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud migration platform and related services (collectively, the "Services").

By accessing or using MigroStack, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Key Points:

• We are committed to protecting your privacy and data
• We only collect data necessary to provide our services
• We never sell your personal information to third parties
• You have control over your data and can request deletion at any time

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Services:

Account Information: Name, email address, company name, phone number, job title
Authentication Credentials: OAuth tokens, API keys, service account credentials
Billing Information: Credit card details (processed securely by Stripe), billing address, tax ID
Support Communications: Information in support tickets, emails, chat messages
Migration Configuration: Source and destination URLs, user mappings, migration settings

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

Usage Data: Migration statistics, files transferred, data volume, success rates
Log Data: IP address, browser type, device information, operating system, timestamps
Performance Metrics: Response times, error rates, system health data
Cookies: Session tokens, preference settings, analytics data (see Section 7)

2.3 Migrated Data

During migrations, we temporarily process your content:

Files and Documents: Temporarily cached during transfer
Metadata: File names, dates, authors, permissions
Email Content: Subject lines, sender/recipient information, message bodies (for mailbox migrations)

Important:

Migrated data is only temporarily stored during the migration process and is automatically deleted upon completion. We do not permanently retain your migrated content.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

Process and execute cloud migrations
Authenticate users and authorize access
Provide customer support and respond to inquiries
Monitor system performance and troubleshoot issues
Send service-related notifications and updates

3.2 Billing and Payments

Process subscription payments
Generate invoices and receipts
Detect and prevent fraud
Manage subscription plans and usage limits

3.3 Product Improvement

Analyze usage patterns to improve features
Develop new migration capabilities
Optimize performance and reliability
Conduct research and testing

3.4 Communication

Send migration completion notifications
Provide product updates and feature announcements
Share security alerts and service status updates
Send marketing communications (with your consent)

3.5 Legal Compliance

Comply with legal obligations and regulations
Respond to lawful requests from authorities
Enforce our Terms of Service
Protect our rights and prevent fraud

4. Data Storage and Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

Encryption: AES-256 encryption at rest, TLS 1.3 encryption in transit
Access Controls: Role-based access, multi-factor authentication, least privilege principle
Network Security: Firewalls, intrusion detection, DDoS protection
Monitoring: 24/7 security monitoring and incident response
Auditing: Comprehensive audit logs of all data access

4.2 Data Centers

Your data is stored in secure, SOC 2 Type II certified data centers located in:

United States (primary)
European Union (for EU customers)
Additional regions available upon request

4.3 Compliance Certifications

SOC 2 Type II: Security, availability, and confidentiality
GDPR: European data protection regulation
CCPA: California Consumer Privacy Act
HIPAA: Healthcare data protection (available for Enterprise customers)

Zero-Knowledge Architecture:

For maximum security, our remote agents use end-to-end encryption. Migration data is encrypted on your premises before transmission and only decrypted at the destination.

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not and will never sell your personal information or migrated data to third parties.

5.2 Service Providers

We share limited data with trusted third-party service providers who assist in operating our Services:

Payment Processing: Stripe (credit card processing)
Cloud Infrastructure: AWS, Azure (hosting and storage)
Email Services: SendGrid (transactional emails)
Analytics: Google Analytics (anonymized usage data)
Support Tools: Zendesk (customer support tickets)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal process (subpoena, court order, warrant)
Government or regulatory requests
Protection of our rights, property, or safety
Prevention of fraud or illegal activity

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Your Rights

You have the following rights regarding your personal data:

6.1 Access and Portability

Request a copy of your personal data
Export your data in machine-readable format (CSV, JSON)
View migration history and logs

6.2 Correction and Update

Update your account information
Correct inaccurate data
Modify preferences and settings

6.3 Deletion and Erasure

Request deletion of your account and data
Remove specific data or migrations
Exercise "right to be forgotten" (GDPR)

6.4 Opt-Out

Unsubscribe from marketing emails
Disable cookies (may affect functionality)
Opt out of analytics tracking

6.5 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@migrostack.com
Privacy Portal: Dashboard Settings
Phone: 1-800-MIGROSTACK

We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services.

7.2 Types of Cookies We Use

Essential Cookies: Required for authentication and security (cannot be disabled)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how you use our Services
Marketing Cookies: Track campaign effectiveness (with consent)

7.3 Managing Cookies

You can control cookies through:

Browser settings (block, delete, or receive warnings)
Opt-out tools (Google Analytics opt-out browser add-on)
Our cookie preferences center

Note: Disabling essential cookies may prevent you from using certain features.

7.4 Third-Party Tracking

We use Google Analytics to understand usage patterns. Google Analytics uses cookies to collect anonymized data. You can opt out using the Google Analytics Opt-out Browser Add-on.

8. International Data Transfers

MigroStack operates globally, which may require transferring your data across borders.

8.1 Data Residency

US Customers: Data stored in US data centers
EU Customers: Data stored in EU data centers (GDPR compliant)
Enterprise Customers: Custom data residency options available

8.2 Transfer Safeguards

When data is transferred internationally, we ensure protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
EU-US Privacy Shield compliance (where applicable)
Encryption during transfer and at rest
Data Processing Agreements (DPAs) with all processors

9. Data Retention

9.1 Retention Periods

Account Data: Retained while account is active + 90 days after closure
Migrated Data: Deleted immediately upon migration completion (or within 24 hours)
Audit Logs: Retained for 7 years (compliance requirement)
Billing Records: Retained for 7 years (tax and legal compliance)
Support Tickets: Retained for 3 years

9.2 Deletion Process

When data is deleted:

Immediate removal from production systems
Backup deletion within 30 days
Secure erasure methods (DoD 5220.22-M standard)
Certificate of destruction available upon request (Enterprise)

10. Children's Privacy

MigroStack is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@migrostack.com, and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

11.1 Notification of Changes

Email notification to registered users
Prominent notice on our website for 30 days
Updated "Last Updated" date at the top of this page

11.2 Material Changes

For significant changes that affect your rights, we will:

Provide at least 30 days advance notice
Request consent where required by law
Offer opt-out options if applicable

11.3 Continued Use

Your continued use of MigroStack after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MigroStack Privacy Team

Email: privacy@migrostack.com
Phone: 1-800-MIGROSTACK
Address: MigroStack
123 Cloud Street, Suite 100
San Francisco, CA 94105, USA

Data Protection Officer: dpo@migrostack.com
EU Representative: eu-rep@migrostack.com

Table of Contents