Privacy Policy

Effective Date: October 27, 2025

Last Updated: October 27, 2025

At Sthan.io, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services.

By using Sthan.io, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Definitions

For the purposes of this Privacy Policy:

  • "Personal Information" means information that identifies or can reasonably identify an individual.
  • "Services" means the Sthan.io website, APIs, and related products or tools.
  • "User," "You," or "Your" refers to any individual or organization using our Services.
  • "We," "Us," or "Our" refers to Sthan.io.
  • "Data Controller" means the entity that determines the purposes and means of processing Personal Information.
  • "Processing" means any operation performed on Personal Information, such as collection, storage, use, disclosure, or deletion.

1. Information We Collect

1.1 Personal Information

We collect information that identifies you as an individual when you:

  • Create an account (name, email address, company name, phone number)
  • Subscribe to our services (billing information, payment method details)
  • Contact us for support (correspondence, support tickets)
  • Subscribe to our newsletter or marketing communications

1.2 API Usage Data

When you use our API services, we collect:

  • API requests and responses (excluding sensitive personal data in queries)
  • API keys and authentication tokens
  • Usage metrics (number of requests, response times, error rates)
  • IP addresses and request timestamps

1.3 Technical and Analytics Data

We automatically collect certain information about your device and usage patterns:

  • Browser type and version
  • Operating system
  • IP address and geographic location
  • Pages visited, time spent, and navigation patterns
  • Referring website addresses
  • Cookie data and device identifiers

1.4 Address Data Processed Through APIs

When you use our address verification, autocomplete, parsing, or geocoding APIs:

  • We temporarily process the address data you submit solely to provide the requested service.
  • API request logs are retained for up to 24 hours for debugging and performance analysis, then deleted or anonymized.
  • No address data is stored permanently unless required for service delivery or legal compliance.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our API services
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Communication: To send you service updates, security alerts, technical notices, and support messages
  • Analytics: To analyze usage patterns, optimize performance, and develop new features
  • Marketing: To send promotional materials, newsletters, and product announcements (with your consent)
  • Security: To detect, prevent, and address fraud, security issues, and technical problems
  • Legal Compliance: To comply with legal obligations, enforce our terms, and protect our rights

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Cloud Hosting: Microsoft Azure for infrastructure and data storage
  • Payment Processing: Secure payment processors for billing and transactions
  • Analytics: Google Analytics for website usage analysis
  • Email Services: Email service providers for transactional and marketing emails
  • Customer Support: Support tools and ticketing systems

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal process (subpoenas, court orders)
  • Government or regulatory requests
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

3.3 Business Transfers

If Sthan.io is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data in transit is encrypted using SSL/TLS protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Secure Infrastructure: Enterprise-grade cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Employee Training: Regular security awareness training for all employees
  • Incident Response: Established procedures for responding to security incidents

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (tax, accounting, regulatory requirements)
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format.

6.2 Correction and Update

You can update your account information at any time through your account dashboard or by contacting us.

6.3 Deletion

You can request deletion of your personal information. We will comply unless we have a legal obligation to retain the data.

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email or by updating your communication preferences in your account settings.

6.5 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. Currently, no industry standard exists for handling DNT signals, and we do not respond to DNT browser signals.

6.6 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to object to processing
  • Right to restrict processing
  • Right to data portability
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

6.7 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

To exercise any of these rights, please contact us at: [email protected]

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Types of Cookies We Use

  • Essential Cookies: Required for the website to function (authentication, security)
  • Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our website and services.

8. Third-Party Services

Our website and services may contain links to third-party websites and services:

  • Google Analytics: Web analytics service (Privacy Policy: Google Privacy Policy)
  • Payment Processors: For secure payment processing
  • Cloud Providers: Microsoft Azure for hosting and infrastructure

We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards such as:

  • Standard contractual clauses approved by the European Commission
  • Data processing agreements with service providers
  • Compliance with applicable data protection frameworks

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected], and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email (if you have an account)
  • Display a prominent notice on our website

Your continued use of our services after such modifications constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sthan.io

Privacy: [email protected]

Support: [email protected]

Website: https://www.sthan.io

Address: (Insert your business or registered address here)

We will respond to your inquiry within 30 days. For GDPR-related requests, we will respond within the timeframe required by applicable law.

13. Additional Information for Specific Jurisdictions

13.1 European Economic Area (EEA)

Data Controller: Sthan.io is the data controller responsible for your personal information.

If you are located in the EEA, the legal basis for collecting and using your personal information depends on the information concerned and the context in which we collect it:

  • Contract Performance: Processing necessary to provide our services
  • Consent: You have given explicit consent (e.g., marketing communications)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., security, analytics)
  • Legal Obligation: Processing necessary to comply with legal requirements

13.2 California Residents

California residents have specific rights under the CCPA. In the past 12 months, we have collected the following categories of personal information: identifiers, commercial information, internet activity, and professional information. We do not sell personal information.

13.3 India

For users in India, we comply with applicable data protection laws. You have the right to access, correct, and delete your personal information, and to withdraw consent where processing is based on consent.

Questions About Your Privacy?

We are committed to protecting your privacy and being transparent about our data practices. If you have any questions or concerns, please don't hesitate to reach out to us at [email protected].