Privacy Policy
Last updated: March 2026
1. Introduction
StdioX Labs ("StdioX", "we", "us", or "our") operates StdioX Comms, a communications infrastructure platform accessible at stdiox.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. By accessing or using StdioX Comms, you agree to the collection and use of information in accordance with this Policy.
2. Information We Collect
We collect the following categories of information:
Account Information: When you register, we collect your name, email address, company name, phone number, and password (stored in hashed form).
Usage Data: We automatically collect information about how you use the Service, including IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps. This data is collected via cookies, log files, and similar tracking technologies.
Messaging Data: Content of messages you send through our platform, recipient contact information (phone numbers and email addresses), delivery status, and engagement data (opens, clicks) are stored and processed to provide the Service.
Contact Data: Contact lists and groups you upload or create within the platform, including names, phone numbers, and email addresses of your contacts.
Payment Information: Billing details including name, billing address, and payment method information. Full payment card data is processed by our payment processors (M-Pesa, Visa/Mastercard networks) and is not stored on our servers.
API Credentials: API keys generated for your account are stored in hashed form. We log API usage including request timestamps, endpoints accessed, and response codes.
Communications: If you contact us for support, we retain those communications for service improvement and legal compliance purposes.
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process transactions and send transactional communications (receipts, invoices, account alerts)
- Authenticate your identity and prevent unauthorized access
- Monitor and analyze usage patterns to improve performance and reliability
- Detect, investigate, and prevent fraudulent activity, abuse, and violations of our Terms of Service
- Comply with legal obligations and respond to lawful requests from authorities
- Send product updates, security alerts, and administrative notices
- With your explicit consent, send marketing communications about new features or offerings
We do not sell your personal data to third parties. We do not use your contact lists or message content for our own marketing purposes.
4. Data Sharing and Disclosure
We may share your information with:
Service Providers: Third-party vendors who assist in operating our platform, including cloud infrastructure providers (hosting, storage), analytics providers, payment processors, and email/SMS delivery infrastructure. These providers are contractually bound to use your data only for the purpose of providing services to us.
Telecommunications Partners: To deliver SMS messages, phone numbers and message content are transmitted to telecommunications carriers and aggregators in the destination country. These partners have their own privacy and data handling obligations.
Legal Requirements: We may disclose information when required by law, court order, or government authority, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of users.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service before your information becomes subject to a different privacy policy.
5. Data Retention
We retain your account data for the duration of your account and for 7 years after account closure for legal and compliance purposes. Message logs are retained for 90 days by default. You may request export or deletion of your data by contacting privacy@stdiox.com.
Contact data you upload is retained until you delete it or close your account. Delivery reports and analytics data are retained for 24 months.
6. Security
We implement industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for sensitive data at rest, multi-factor authentication options, regular security audits, and access controls limiting employee access to customer data on a need-to-know basis. No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data (subject to our legal retention obligations)
- Object to or restrict certain processing activities
- Receive your data in a portable format
- Withdraw consent for processing activities based on consent
To exercise these rights, contact privacy@stdiox.com. We will respond within 30 days.
8. Cookies
We use essential cookies for authentication and session management, analytics cookies to understand usage patterns, and preference cookies to remember your settings. You may disable non-essential cookies in your browser settings, though this may affect Service functionality.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us personal data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice within the Service at least 14 days before the changes take effect. Continued use of the Service after changes constitutes acceptance of the updated Policy.
11. Contact Us
StdioX Labs
privacy@stdiox.com
For support: support@stdiox.com