Data Protection

At Orkestrate, we are committed to protecting your personal data and ensuring your privacy. We implement comprehensive security measures and follow industry best practices to safeguard your information.

Encryption

• All data is encrypted in transit using SSL/TLS protocols
• Data at rest is encrypted using AES-256 encryption
• Database connections are secured with encryption
• API communications are protected with secure protocols

Access Controls

• Multi-factor authentication for administrative access
• Role-based access controls for all systems
• Regular access reviews and audits
• Principle of least privilege access

Infrastructure Security

• Secure cloud infrastructure with regular updates
• Network security with firewalls and intrusion detection
• Regular security monitoring and logging
• Automated backup and disaster recovery systems

We follow these key principles when processing your data:

• Lawfulness: We only process data when we have a legal basis
• Fairness: We process data in a transparent and fair manner
• Transparency: We clearly communicate how we use your data
• Purpose Limitation: We only use data for specified purposes
• Data Minimization: We only collect data that is necessary
• Accuracy: We keep your data accurate and up-to-date
• Storage Limitation: We don't keep data longer than necessary
• Security: We protect your data with appropriate measures

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of data processing
• Rights Related to Automated Decision Making: Human review of automated decisions

In the unlikely event of a data breach, we have procedures in place to:

• Immediately assess and contain the breach
• Notify relevant authorities within 72 hours
• Inform affected individuals without undue delay
• Document the incident and response actions
• Implement measures to prevent future breaches

We retain your personal data only for as long as necessary:

• Account Data: Retained while your account is active
• Event Data: Retained for 7 years for business purposes
• Client Data: Retained for 7 years for business purposes
• Communication Data: Retained for 3 years
• Analytics Data: Retained for 2 years in anonymized form

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Adequacy decisions by relevant authorities
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

We may share your data with trusted third parties only when necessary:

• Service Providers: Cloud hosting, payment processing, analytics
• Legal Requirements: When required by law or legal process
• Business Transfers: In case of merger or acquisition
• Consent: When you explicitly consent to sharing

If you have any questions about data protection or want to exercise your rights, contact our Data Protection Officer: