Privacy Policy

Planasonix ("Planasonix," "Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Planasonix ETL platform, website (app.planasonix.com), and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including customers, website visitors, and authorized users of customer accounts. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Data Controller: For the purposes of applicable data protection laws, Planasonix is the data controller responsible for processing your personal data in connection with our Services. When we process personal data on behalf of our customers (as a data processor), our customers act as the data controllers.

We use the information we collect for the following purposes:

• Provide and Operate Services: To deliver, maintain, and improve our ETL platform and related services.
• Account Management: To create and manage your account, authenticate users, and provide customer support.
• Billing and Payments: To process payments, manage subscriptions, and send billing-related communications.
• Communication: To send service announcements, technical notices, updates, security alerts, and administrative messages.
• Marketing: To send promotional communications (with your consent where required) about our products, services, and events.
• Analytics and Improvement: To analyze usage patterns, monitor performance, and improve our Services.
• Security: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
• Compliance: To comply with legal obligations, enforce our terms, and protect our rights and the rights of others.
• Research and Development: To develop new features, products, and services based on aggregated and anonymized data.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal bases for processing personal data:

• Contract Performance: Processing necessary to perform our contract with you (e.g., providing the Services, managing your account, processing payments).
• Legitimate Interests: Processing based on our legitimate business interests, such as fraud prevention, security, analytics, and service improvement, balanced against your privacy rights.
• Consent: Processing based on your explicit consent (e.g., marketing communications, certain cookies). You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal processes.

We do not sell your personal information. We may share your information in the following circumstances:

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods are determined based on:

• The duration of your relationship with us
• Legal, regulatory, or contractual obligations
• Legitimate business purposes (e.g., dispute resolution, fraud prevention)
• Your requests for deletion (subject to legal requirements)

Account Data: Retained while your account is active and for up to 7 years after closure for legal and audit purposes.

Customer Data: Retained in accordance with your data processing agreement and deleted within 90 days of account termination or upon request.

Log Data: Retained for up to 2 years for security and troubleshooting purposes.

Planasonix is headquartered in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms with our service providers.
• EU-U.S. Data Privacy Framework: Where applicable, we rely on certified participants in the EU-U.S. Data Privacy Framework.
• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate protection.
• Supplementary Measures: Additional technical and organizational measures to protect transferred data.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to exceptions).
• Portability: Request transfer of your data in a machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@planasonix.com. We will respond within the timeframes required by applicable law.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

• Right to Be Informed: You have the right to be informed about how your data is collected and used.
• Right of Access (Article 15): Request a copy of your personal data free of charge.
• Right to Rectification (Article 16): Request correction of inaccurate data.
• Right to Erasure (Article 17): Request deletion ("right to be forgotten") in certain circumstances.
• Right to Restrict Processing (Article 18): Request restriction of processing in specific situations.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used format.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
• Rights Related to Automated Decision-Making (Article 22): Rights concerning profiling and automated decisions.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority.

Supervisory Authorities: You have the right to lodge a complaint with your local data protection authority. For a list of EEA supervisory authorities, visit: European Data Protection Board

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Your California Rights:

• Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell about you.
• Right to Delete: Request deletion of your personal information (with exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to specified purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Do Not Sell or Share My Personal Information: Planasonix does not sell your personal information or share it for cross-context behavioral advertising purposes.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authorization.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

To exercise your rights, contact us at privacy@planasonix.com or call us at 1-888-XXX-XXXX. We will verify your identity before processing requests.

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws:

• Consent: We obtain your meaningful consent before collecting, using, or disclosing personal information, except where permitted or required by law.
• Access: You have the right to access your personal information and understand how it has been used and disclosed.
• Correction: You may challenge the accuracy and completeness of your personal information and have it amended.
• Withdrawal of Consent: You may withdraw consent at any time, subject to legal or contractual restrictions.
• Complaints: You have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Office of the Privacy Commissioner of Canada:
Website: www.priv.gc.ca
Toll-free: 1-800-282-1376

Residents of the following states have additional privacy rights under state law:

To exercise any of these rights, contact us at privacy@planasonix.com. Appeals may be submitted to the same address.

We implement industry-standard security measures to protect your personal information:

• Encryption: All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256.
• Access Controls: Role-based access controls, multi-factor authentication, and least-privilege principles.
• Infrastructure Security: Secure cloud infrastructure with network segmentation, firewalls, and intrusion detection.
• Monitoring: Continuous security monitoring, logging, and alerting for suspicious activities.
• Vendor Security: Security assessments and contractual protections for third-party vendors.
• Employee Training: Regular security awareness training for all employees.
• Incident Response: Documented incident response procedures for security events.
• Credential Storage: Connection credentials are encrypted at rest and never stored in plaintext.

While we strive to protect your information, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and protect your account credentials.

We use cookies and similar technologies to enhance your experience:

Managing Cookies: You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

Do Not Track: We honor Do Not Track signals where technically feasible. However, there is no industry consensus on Do Not Track implementation.

Global Privacy Control: We recognize and honor the Global Privacy Control (GPC) signal.

Our Services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@planasonix.com, and we will take steps to delete such information.

Our Services may contain links to third-party websites, integrations, and services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

When you connect third-party data sources or destinations, those services have their own privacy practices. Your use of those services is governed by their respective terms and privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on our website
• Provide you the opportunity to review changes before they take effect

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes become effective constitutes acceptance of those changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all legitimate requests within 30 days (or sooner where required by applicable law). In some cases, we may need to verify your identity or request additional information before processing your request.