Privacy Policy

1. Introduction

Steadwing ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our incident management platform located at app.steadwing.com (the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and email address
• Organization information
• Authentication credentials
• IP address and device information
• Usage data and analytics

2.2 Incident Data

When you use our Service to manage incidents, we collect:

• Incident descriptions and metadata
• Integration data from connected services (Slack, Datadog, etc.)
• Root cause analysis information
• Team collaboration data

2.3 Automatically Collected Information

We automatically collect certain information when you visit our Service:

• Browser type and version
• Operating system
• Access times and dates
• Pages viewed and actions taken
• Referring website addresses

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Consent: For analytics and marketing communications
• Contract: To provide our incident management services
• Legitimate Interests: For service improvement and security
• Legal Obligations: To comply with applicable laws

4. How We Use Your Information

We use the collected information for:

• Providing and maintaining our Service
• Processing incidents and generating analyses
• Communicating with you about the Service
• Improving our Service and developing new features
• Ensuring security and preventing fraud
• Complying with legal obligations

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third parties that help us operate our Service (e.g., Supabase for database, PostHog for analytics)
• Integrated Services: Services you connect to Steadwing (with your explicit consent)
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In case of merger, acquisition, or sale of assets

We never sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication
• Regular security audits and updates
• Row-level security in our database
• Secure credential storage for integrations

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

Incident data is retained for your organization's configured retention period. Personal account data is retained until account deletion.

8. Your Rights (GDPR)

If you are in the EEA, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Restriction: Limit processing of your data
• Objection: Object to certain processing activities
• Withdraw Consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@steadwing.com. We process requests manually during our beta phase:

• Data Export: Email privacy@steadwing.com - processed within 30 days
• Consent Withdrawal: Email privacy@steadwing.com - processed within 48 hours
• Account Deletion: Available in Settings or email us - immediate processing
• Data Correction: Update in Settings or email us - 24 hour processing

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential functionality (authentication, security)
• Analytics and performance monitoring
• User preferences and settings

You can manage cookie preferences through our cookie consent banner or your browser settings. See our Cookie Policy for more details.

10. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Supabase (Database and Authentication)
• PostHog (Analytics)
• Slack (Communication)
• Datadog (Monitoring)
• GitHub (Code Repository)
• PagerDuty (Incident Management)

We encourage you to review their privacy policies when using these integrations.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where required

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through the Service.

14. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

For EU residents: You also have the right to lodge a complaint with your local supervisory authority.