Privacy Policy

Our legal responsibilities depend on how you interact with us:

• When you visit the Website: We act as the Data Controller. We determine the purpose and means of processing the data you provide via contact forms or cookies.
• When you use the Application (IPCLOUD): The Application is a business-to-business (B2B) service. We act strictly as a Data Processor on behalf of the organization ("Tenant") that granted you access. Your organization is the Data Controller.

To provide full transparency, we have separated the data collection practices of our public marketing website from the IPCLOUD software platform.

Data Collected via the Public Website (verticlab.com)

• Inquiry Data: Your email address and any other details provided when you submit a contact or inquiry form.
• Analytics Data: Your device's Internet Protocol (IP) address, browser details, pages visited, time and date of your visit, and time spent on the website. This data is collected for analytics to help us improve the site and can be declined via our cookie consent banner.
• Diagnostic Data: Website errors and automated crash reports used for technical tracing, debugging, and stability improvements.

Data Collected via the IPCLOUD Platform (Web and Mobile Apps)

• User Profile Data: Because accounts are provisioned by your organization's system administrators, we store your email address, userId, name, surname, and language/locale preferences to create and authenticate your account.
• Diagnostic Data: Application crash reports and technical error logs used for system tracing, troubleshooting, and improving platform reliability.
• Mobile-Specific Data: If using the IPCLOUD mobile application, we collect your Device ID and Push Notification Tokens (a unique identifier generated by your operating system) strictly to route push alerts to your device.

The Service Provider may use the information you provide to:

• Provide, maintain, and support the Application's functionality.
• Send important information, required notices, and, where permitted by law, marketing communications.
• Detect, investigate, and prevent fraudulent activities or security incidents.

Where processing is based on consent, you provide that consent by affirmatively opting in to the relevant feature or action. You may withdraw consent at any time without affecting processing carried out before withdrawal. Processing based on other lawful bases (such as Legitimate Interest, Contractual Necessity, or Legal Obligation) is carried out as described above.

The Application, the Website, or third-party SDKs may use cookies, SDKs, pixels, and similar technologies to support functionality, analytics, or service delivery. Where required by applicable law, the Service Provider will obtain consent before using non-essential tracking technologies.

The Service Provider may share your information with third parties in the ways that are described in this privacy statement. The Application utilizes third-party services that have their own Privacy Policy about handling data:

• Amazon Web Services (AWS): Used for cloud hosting, database storage, and backend infrastructure.
• Google Play Services: Used for mobile application infrastructure.
• Sentry: Used for application crash reporting and error monitoring.

The Service Provider may disclose User Provided and Automatically Collected Information:

• As required by law, such as to comply with a subpoena, or similar legal process.
• When they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• With their trusted service providers who work on their behalf, do not have an independent use of the information the Service Provider discloses to them, and have agreed to adhere to the rules set forth in this privacy statement.

You can stop further collection of information from your mobile device or computer by uninstalling the Application. Uninstalling will stop the Application from collecting data from your device, but it does not automatically delete information that has already been transmitted to the Service Provider or to third parties.

To provide core functionality, the Application may request Notifications permissions strictly to send push alerts regarding system events. You can manage this through your device settings.

The Service Provider or its third-party service providers may transfer personal data to countries outside your country of residence, including outside the European Economic Area (EEA). Data protection laws in other countries may differ from those in your jurisdiction. Where applicable law requires safeguards for international transfers, the Service Provider will apply appropriate mechanisms and obtain any consent required for the transfer, utilizing:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions or other legally recognized transfer mechanisms.
• Your consent, where required and legally permitted.

Security

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information the Service Provider processes and maintains.

Data Breach Notification

If a data breach occurs that affects your personal data, the Service Provider will notify you (or your organization/Data Controller) in accordance with applicable legal requirements, including, where required, providing information about the nature of the breach and the steps being taken to address it.

Data Retention Policy

The Service Provider retains personal data based on its necessity for the stated purposes:

• User Provided Data: Retained for the duration of your use of the Application plus 12 months thereafter, unless longer retention is required by law.
• Automatically Collected Data: Retained for up to 24 months from collection, unless longer retention is required for legal compliance.
• Aggregated and Anonymized Data: Retained indefinitely as it no longer identifies you.
• Data required for legal compliance: Retained as long as required by applicable law.

You may request access to, correction of, or deletion of your personal data held by the Service Provider. To exercise these rights, or to withdraw consent where processing is based on consent, contact the Service Provider at info@verticlab.com. Please note that some User Provided Data may be required for the Application to function properly, and if your account is managed by your organization, we may route your request to your system administrator.

Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. To exercise your CCPA/CPRA rights, contact the Service Provider at info@verticlab.com.

The Application is not intended for children under 16 years of age, or such higher age as required by applicable law. The Service Provider does not knowingly solicit data from children or market the Application to them.

Where parental or guardian consent is required under applicable law, the Application is not intended for use without that consent. The Service Provider does not knowingly collect personally identifiable information from children under 16 years of age in violation of applicable law. In the event the Service Provider discovers that a child has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided the Service Provider with personal information, please contact the Service Provider (info@verticlab.com) so that they will be able to take the necessary actions.

The Service Provider may update this Privacy Policy from time to time. The Service Provider will notify you of material changes by posting the updated Privacy Policy with an effective date. Where required by law, the Service Provider will seek your consent to material changes before they take effect.

Previous versions of this Privacy Policy will be maintained and made available upon request by contacting the Service Provider at info@verticlab.com.

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at info@verticlab.com.