Last updated: 12 March 2021

1 Introduction

Hi, welcome and thank you for your interest.

SUDOLESS SRL is a limited liability company (referred to as "SUDOLESS", "we", "us" and/or "our"). This Privacy Policy (the "Policy") describes:

• Our practices regarding our collection, use, and disclosure of information (including Personal Information, defined below) through our websites at sudoless.com sudoless.net sudoless.eu sudoless.org sdls.io (the "Sites") and the related software interfaces made available as "SaaS" (Software as a Service) (collectively, the "Services").

• Your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns.

Please note that this Privacy Policy does not apply to any website, offering, product or service of any third party, even if it links to our Site or incorporates the Services – please refer to the applicable privacy policies.

We process and store your information strictly for functional or performance purposes of the Sites and Service. The information and purposes are explained in detail in the sections bellow. We want to assure you that we DO NOT make a business out of selling our users or their data.

Contact Us

For any and all privacy-related matters, questions or comments, or to exercise your rights, you may contact us by email at privacy@sudoless.org or in writing to our Headquarters.

Our Promise

You, the user, will never become the product. We will not sell or disclose your information for profit. We will not share or otherwise disclose your personal information except as necessary to provide our Services or as otherwise described in this Policy without first providing you with notice and the opportunity to consent.

2 Information We Collect

We may collect a variety of information from or about you and from third parties, as well as automatically through your use of the Services or your devices from various sources, as described below. Certain information may be automatically anonymized before being stored.

2.1 Personal Information (you provide)

Where required by applicable law, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.

Information you provide will be stored with us for as long as necessary to offer you the Services. All personal information provided will be deleted together with your account. Where required by applicable law, we may store personal information for longer periods of time, to respect our financial and legal obligations.

Registration and Profile Information

When you sign up for an account, we may collect information such as your name, email address, display name, company, title and department, country.

Communications and Support

If you contact us directly, we may receive additional information about you such as phone number, email address, the contents of any message or attachments you may send to us, and any other information you choose to provide.

2.2 Personal Information (automatically collected)

The information we collect automatically may be only statistical data and may not include personal information.

Sites and Services

We may automatically collect information about your visit, including via cookies, beacons, invisible tags, and similar technologies (collectively "cookies"). This information may include Personal Information, such as your IP address, web browser, device type, and the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as the date and time of your visit, and which page and resources you requested.

Traffic log data from our Sites web servers or from our Services is collected when you visit and interact with the Sites and Services. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, URLs of referring pages, browser type, browser version (collectively, the "Logs"). Logs are not shared with or sold to third parties, and are permanently deleted after a short amount of time. The purpose of these log files is enable us to operate and provide you with our Services, and to monitor for malicious activity.

2.3 Children under the Age of 18

Our Sites do not intended for children under 18 years of age. No person under the age of 18 may provide any information to the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on the Sites or to the Services. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information and any associated accounts. If you believe we might have any information from or about a child under 18, please contact us at privacy@sudoless.org.

2.4 Job Applicants

We also provide the ability to submit job applications. For this we need to collect and process your provided Personal Information, which may also be carried out electronically. If we begin an employment contract with you, the submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. We maintain your Personal Information for the period of time necessary to carry out our legitimate business interests and according to applicable laws.

3 How We Use Information

The collected information is securely (as defined at 4) transmitted and processed in our EEA servers and machines.

3.1 Use Cases

• Providing the Services. We use your Personal Information to operate, maintain, enhance, and provide features of our Services.

• Support. We use Personal Information to provide technical support, including diagnosing and resolving any issues you report.

• Security. We use Personal Information to determine and stop security threats, malicious or illegal activity and mischievous use of the Sites or Services.

• Performance. We use statistical information we automatically collect to help better operate, load-balance and assign infrastructure resources for our Services.

• Communicating with you. We may use your email address and other Personal Information as necessary to contact you for administrative purposes such as to provide information that you request, and to respond to comments and questions.

• Administrative and legal purposes. We may use your Personal Information to address any administrative or legal issues pertaining to SUDOLESS, including but not limited to intellectual property infringement, defamation, or rights of privacy issues.

• For any other purpose with your consent.

Cookies (and similar technologies)

We do not believe in tracking user activity with cookies, targeting user ad preference, analytics, cross-site tracking or other marketing purposes. As such we will only use strictly functional cookies to offer our Services.

You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Sites.

• Functional cookies. Some cookies are strictly necessary to make our Sites and Services available to you. For example, to remember your preferences, to securely store auth information and to maintain a working integration between frontend (Sites, Services) and backend (Services).

• Security, Performance (Functional). We use Cloudflare to protect, secure and unload some of the traffic coming to our Sites and Services. Cloudflare adds a single cookie but are planning to deprecate it.

3.2 Information Sharing and Disclosure

Anonymized Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

Third Party Service Providers

We work with other companies who help us run our business ("Service Providers"). These companies provide services to help us deliver customer support, process credit card payments, manage and contact our existing Customers and Administrators as well as sales leads and otherwise operate and improve our Services. These Service Providers may only process personal information pursuant to our instructions and in compliance both with this Privacy Policy and other applicable confidentiality and security measures and regulations.

Specifically, we do not permit our Service Providers to sell any personal information we share with them or to use any personal information we share with them for their own marketing purposes or for any purpose other than in connection with the services they provide to us.

In addition to sharing with Service Providers as described above, we also may share your information with others in the following circumstances:

• In the event of a merger, sale, change in control, or reorganization of all or part of our business.

• When we are required to disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.

• Where we have a good-faith belief sharing is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms and Conditions, or as otherwise required to comply with our legal obligations.

• To fulfil the purpose for which you provide it.

• Other purposes for which we obtain your consent.

To provide our services, we share specific data with third parties that may be considered our "sub-processors" under GDPR. Before engaging any service provider, we perform due diligence, including a security, and data usage assessment. Additionally, we only share what's required for their purpose.

4 Data Security and Integrity

We implement appropriate technical and organizational measures to protect the information we collect and store, and require all agents who carry out our processing on our behalf to do the same. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at security@sudoless.org.

The safety and security of your information also depends on you. Certain parts of the Sites and Services are accessible using an authentication and authorization method, such as a password, token, certificate, API-key (collectively, the "Credentials"); you are responsible for keeping the Credentials confidential and never to share your Credentials. SUDOLESS Employees, Service Providers, or any other Third Party has no reason to ask for your Credentials. If you have reason to believe someone is impersonating SUDOLESS staff or trying to obtain your Credentials, please contact security@sudoless.com.

If we discover any personal data breach that poses a risk for your rights and freedoms, we shall notify the appropriate authorities. You will be informed with regard to your personal data breach.

6 Your Rights

We recognize that you have certain rights in regards to your Personal Information. You are encouraged to review and understand these rights as they pertain to you and your Personal Information. In certain circumstances, these rights include, but are not limited to:

• Right to be Informed: This means we have to tell you why we process your Personal Information, our retention periods, and who it will be shared with.

• Right of Access: This means we have to provide you with a copy of your Personal Information we process upon your request. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section by using our Sites or Services. If you are unable to perform these actions yourself, please contact us to assist you at any of the email addresses mentioned in this Policy or on our Sites.

• Right to Rectification: This allows you to have inaccurate Personal Information rectified, or completed if it is incomplete.

• Right to Erasure: This allows you to have your Personal Information erased.

• Right to Restrict Processing: This means you can limit the way we use your data.

• Right to Data Portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and accessible format.

• Right to Object: This allows you to object to the processing of your Personal Information at any time.

• Right to Lodge a Complaint: You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data.

• Right to Withdraw Consent: This means you can withdraw your consent at any time.

If you wish to delete, modify or suspend your account, please note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us to request deletion of that said account.

For your protection, we may only respond with the Personal Information associated with the particular email address or Service account that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within 30 days.

7 Notification of Changes

It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Policy has been updated on the Sites home page. If we make material changes to this Policy, we will revise the "Last Updated" date at the top of this Policy, and in some cases, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification). You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Sites and this Privacy Policy to check for any changes.

We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all or part of our business.