Privacy Policy

Effective Date: June 30, 2026

Operator: Shaleio LLC (“Shaleio,” “we,” “us,” or “our”)

Principal Address: 3564 Avalon Park E Blvd, Ste 1-A976, Orlando, FL 32828

Website: shaleio.com

Privacy Contact: info@shaleio.com

Scope And Application

This Privacy Policy explains what information Shaleio collects, how we use it, and the choices you have regarding your personal information. This policy applies to:

Covered Services. The Shaleio website (shaleio.com) and the licensing and control-plane services (StrataHQ) that support our StrataBI product.

Services Not Covered. This policy does not cover:

Offline data collection activities such as in-person events or telephone sales communications unless expressly stated.

Third-party websites, platforms, or services that may be accessed through links on our website or integrated with our services. Those third parties maintain their own privacy practices and policies, which you should review separately.

Customer-controlled business intelligence data processed by StrataBI within customer environments, as described in Article 1 below.

Territorial Scope. This policy applies to personal information collected from individuals worldwide who interact with the Shaleio website or use our licensing services. Specific rights and disclosures applicable to residents of particular jurisdictions (including the European Union, United Kingdom, and California) are set forth in the applicable sections below.

Relationship to Other Documents. This Privacy Policy is intended to be read alongside our Terms of Service, available at shaleio.com/terms. For enterprise customers who have entered into a separate Services and/or License Agreement or Data Processing Agreement with Shaleio, the data protection terms in those agreements govern the processing of any personal information provided under those contracts. In the event of a conflict between this Privacy Policy and the terms of a Data Processing Agreement regarding customer-controlled data, the Data Processing Agreement shall control.

Data Controller And Contact Information

Data Controller. Shaleio LLC, a Florida limited liability company with its principal place of business at 3564 Avalon Park E Blvd, Ste 1-A976, Orlando, FL 32828, is the data controller for personal information collected through the website and licensing services described in this policy.

Privacy Inquiries. Questions, complaints, or requests related to this Privacy Policy or our data practices may be directed to:

Email: info@shaleio.com

Subject Line: Privacy Inquiry

Postal Address: 3564 Avalon Park E Blvd, Ste 1-A976, Orlando, FL 32828

Article 1 – Data Hosting And Allocation Of Responsibilities

Customer-Controlled Data. StrataBI is software you deploy and run in your own cloud infrastructure. When you deploy StrataBI, it operates inside your cloud account, queries your data sources, and writes its outputs to storage you own and control. Shaleio does not host, receive, access, or process the business intelligence data, queries, dashboards, query results, or analytics content that StrataBI processes on your behalf. That data never leaves your environment by virtue of using StrataBI, and we have no visibility into it.

Limited Data Collected by Shaleio. This Privacy Policy principally addresses two narrow categories of information:

Website Information: Personal information collected through our website when you contact us, request information, or interact with our online properties.

Licensing and Entitlement Information: Limited operational identifiers processed by our control-plane services (StrataHQ) to verify entitlement and deliver licensed software.

Security Responsibilities. Because StrataBI runs in your environment, the security of the business intelligence data it processes—and of your deployment architecture—is governed by your own infrastructure, configuration, access controls, and cloud security policies. Shaleio is responsible for the security of the limited licensing and website data we process, as described in Article 7 below.

Article 2 – Information We Collect

Website Information.

Information You Provide.

Categories of Data: When you contact us, request information, sign up for updates, apply to a program, or otherwise submit a form or email through our website, we receive the information you choose to provide. This typically includes:

Identifiers such as your name, email address, company or organization name, job title, and phone number.

The contents of your inquiry, message, or request.

Any additional information you voluntarily submit in forms, surveys, or support requests.

Mandatory vs. Optional: Fields marked with an asterisk or labeled “required” are mandatory to fulfill your request. All other fields are optional.

Consequences of Not Providing Data: If you do not provide required information, we may be unable to respond to your inquiry or provide the requested services.

Technical and Usage Information.

Categories of Data: Like most websites, our site and its hosting provider automatically receive standard technical data when you visit, including:

Internet or other network activity information such as IP address, browser type and version, device type and identifiers, operating system, and referring and exit pages.

Usage data such as pages viewed, timestamps of visits, clickstream data, and interactions with website features.

Approximate geographic location derived from IP address (country and city level, not precise geolocation).

Purposes: This information is used to operate, secure, analyze, and improve the website, detect and prevent fraud and abuse, and understand how visitors use our services.

Cookies and Similar Technologies.

Current Use: The Shaleio website uses only cookies and local storage that are strictly necessary to deliver basic functionality you have requested, such as remembering your light/dark theme preference and maintaining session state. These cookies do not track you across other websites and are essential to the website’s operation.

Analytics and Non-Essential Cookies: We do not currently use analytics, advertising, or other non-essential cookies or tracking technologies. If we implement such technologies in the future, we will update this policy to describe the provider, purposes, and categories of data collected, and we will obtain your consent where required by applicable law through a cookie banner or preference management tool.

Your Choices: You may configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling strictly necessary cookies may prevent you from using certain features of the website. Instructions for managing cookies are available in your browser’s help documentation.

Licensing and Entitlement Information.

Information Processed by StrataHQ.

If you use a licensed edition of StrataBI, our control-plane service (StrataHQ) and licensing tools process a limited set of operational identifiers to verify entitlement and deliver licensed software:

License or Entitlement Token: A unique identifier issued to you or your organization to authenticate your licensed use.

Cloud Account Identifiers: The cloud account identifier (such as AWS account ID) associated with your license, used solely to confirm that a deployment is operating within its licensed scope.

License Metadata: Information such as edition (e.g., Enterprise, Guild Community), version number, entitlement status, license expiration dates, and timestamps of verification or artifact-download requests.

Contact and Account Details: The name, email address, and contact information of the licensee organization and its designated administrators, used for licensing administration, support, and communications regarding license renewals or product updates.

Telemetry and Logging: No telemetry, logs, or usage data from your deployed StrataBI environment is transmitted to Shaleio through the entitlement verification process. StrataHQ receives only the identifiers listed above.

Not Your Business Intelligence Data. The licensing and entitlement information described in this section is operational data used to administer your license. It is not the dashboards, queries, datasets, or analytics content that StrataBI processes on your behalf in your environment.

Managed Services and Support Data. If you purchase managed services, operated support, incident response, monitoring, or similar services from Shaleio, you may choose to provide, or authorize Shaleio to receive, limited operational information from your StrataBI deployment, such as administrative contact information, support communications, alert and health notifications, system health indicators, error messages, logs, configuration details, deployment metadata, screenshots, diagnostic files, and other information reasonably necessary to provide the requested service.

You Control What You Share. Shaleio does not require, and does not request, access to your business intelligence datasets, dashboard contents, query results, source-system data, or analytics outputs to provide licensing, entitlement, managed, or support services. Because support materials such as logs, screenshots, and diagnostic files are prepared and provided by you, they may incidentally contain such content; you are responsible for minimizing and, where appropriate, redacting information you do not wish to share. Shaleio processes information you provide solely to deliver the requested service, in accordance with this Privacy Policy and the applicable agreement between you and Shaleio.

Processor Role. When Shaleio provides managed or operated services that involve processing personal information on your behalf, Shaleio acts as your service provider or processor, and that processing is governed by the applicable Services and/or License Agreement and Data Processing Agreement, which control over this Privacy Policy with respect to that data.

Self-Managed Baseline Unchanged. For standard self-managed deployments, no telemetry, logs, or usage data from the deployed StrataBI environment is transmitted to Shaleio through the entitlement-verification process. Only managed services, operated support, monitoring, or customer-requested support workflows involve the additional operational data described in this section.

Article 3 – Purposes Of Processing And No Sale Of Personal Information

How We Use Information. We use the information described in Article 2 for the following purposes:

Service Delivery and Operations:

To operate, maintain, secure, and improve the Shaleio website and our licensing and control-plane services.

To verify entitlement, administer licenses, and deliver licensed software and updates.

Communications and Support:

To respond to inquiries, provide customer support, and communicate with you about your account or license.

To send transactional or administrative communications, such as license renewal notices, security alerts, and service announcements.

Marketing (With Your Consent or Where Permitted):

Where you have opted in or where permitted by applicable law, to send you updates, newsletters, and information about our products and services.

You may opt out of marketing emails at any time using the unsubscribe link in each message or by contacting us at info@shaleio.com.

Security, Fraud Prevention, and Legal Compliance:

To detect, prevent, and address security incidents, fraud, abuse, unauthorized access, and technical problems.

To comply with legal obligations, enforce our Terms of Service and other applicable agreements between you and Shaleio, and respond to lawful requests from government authorities or legal process.

Product Analytics and Improvement:

To analyze usage patterns and performance of our website and licensing services in order to improve functionality, develop new features, and enhance user experience.

Any analytics are conducted on aggregated or pseudonymized data where feasible and do not involve the business intelligence data processed by StrataBI in customer environments.

No Sale or Sharing of Personal Information.

No Sale: Shaleio does not sell personal information as that term is defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or analogous state privacy laws. We do not exchange personal information for monetary or other valuable consideration.

No Cross-Context Behavioral Advertising: Shaleio does not share personal information for cross-context behavioral advertising or targeted advertising as defined under the CCPA/CPRA or similar laws. We do not currently use third-party advertising networks or analytics providers that engage in such practices.

Future Changes: If our practices change such that we engage in activities that would constitute a sale or sharing under applicable law (for example, by implementing certain analytics or advertising tools), we will update this policy to disclose those activities and provide the required opt-out mechanisms, including a “Do Not Sell or Share My Personal Information” link.

Article 4 – Legal Bases For Processing

Applicability. Where the European Union General Data Protection Regulation (EU GDPR), the United Kingdom GDPR (UK GDPR), or other laws require us to identify a legal basis for processing personal information, we rely on the following grounds:

Legal Bases.

Performance of a Contract: Processing necessary to fulfill our obligations under the Terms of Service, licensing agreements, or other contracts with you, including administering licenses, delivering software, and providing support.

Legitimate Interests: Processing necessary for our or a third party’s legitimate interests, except where overridden by your data protection rights. Legitimate interests include:

Operating, securing, and improving our website and services.

Detecting and preventing fraud, abuse, and security incidents.

Understanding how users interact with our services to enhance functionality.

Enforcing our legal rights and complying with legal obligations.

Consent:

Where required by law, such as for non-essential cookies or certain marketing communications, we process personal information based on your freely given, specific, informed, and unambiguous consent.

You may withdraw consent at any time by using the mechanisms described in this policy (e.g., unsubscribe links, cookie settings, or contacting us). Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

Legal Obligation: Processing necessary to comply with applicable laws, regulations, legal process, or enforceable governmental requests.

Article 5 – How We Share Information

We share personal information only in the limited circumstances described below. We do not share the business intelligence data StrataBI processes for you, because we never receive it.

Service Providers and Processors.

Categories of Recipients: We engage third-party service providers to perform functions on our behalf, including:

Website hosting and infrastructure providers.

Cloud computing and storage services.

Email delivery and communication platforms.

Customer support and helpdesk tools.

Payment processors (if applicable).

Contractual Protections: Service providers are bound by written agreements that require them to process personal information only for the purposes we specify, maintain appropriate confidentiality and security measures, and comply with applicable data protection obligations.

Legal, Safety, and Regulatory Disclosures.

Lawful Requests: We may disclose personal information when we believe, in good faith, that disclosure is:

Required by law, regulation, legal process, or enforceable governmental request.

Necessary to enforce our Terms of Service or other agreements, including investigation of potential violations.

Necessary to detect, prevent, or address fraud, security incidents, or technical issues.

Necessary to protect the rights, property, or safety of Shaleio, our users, or the public, as required or permitted by law.

Government and Law Enforcement Requests:

Shaleio responds only to lawful, properly served government or law enforcement requests that are specific and proportionate. We assess the scope and legal basis of each request.

Where permitted by law, we will notify affected users before disclosing their personal information in response to legal process, except where prohibited or where providing notice could undermine the purpose of the request.

We do not provide government authorities with bulk access to user data or voluntarily disclose personal information absent a valid legal obligation.

Business Transfers.

Mergers, Acquisitions, and Asset Sales: In the event of a merger, acquisition, financing, reorganization, bankruptcy, sale of all or substantially all of our assets, or similar corporate transaction, personal information may be transferred to the acquiring or successor entity.

Continued Protection: Any such transfer will be subject to this Privacy Policy or a policy that provides at least equivalent protections. If the practices of the acquiring entity will materially change, we will provide notice as described in Article 12 below, and, where required by law, seek your consent or offer you the opportunity to opt out or delete your information.

With Your Consent or at Your Direction. We may share personal information for other purposes with your explicit consent or at your direction.

Article 6 – Data Retention

Retention Principles. We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, enforce our agreements, and maintain accurate business and financial records.

Deletion and Anonymization.

Once Need for Retention Concludes: Once we no longer have a need to retain personal information, such information is either securely deleted or irreversibly anonymized such that it can no longer be associated with an identified or identifiable individual.

Backup and Archive Systems: Personal information may persist in backup or disaster recovery systems for a limited additional period consistent with our backup retention schedules. Backup data is not used for operational purposes and is securely deleted in accordance with our data lifecycle policies.

Article 7 – Security Measures And Incident Response

Security Measures.

Reasonable Protections: Shaleio uses reasonable administrative, technical, and organizational measures designed to protect the personal information we process against unauthorized access, disclosure, alteration, and destruction. These measures include:

Access Controls: Role-based access controls, unique user credentials, strong password requirements, and multi-factor authentication for access to systems that process personal information.

Encryption: Encryption of personal information in transit using industry-standard protocols (TLS 1.2 or higher) and encryption at rest where appropriate based on sensitivity and risk.

Network Security: Firewalls, intrusion detection and prevention systems, and regular vulnerability scanning to protect network perimeter and infrastructure.

Least Privilege and Segmentation: Access to personal information is limited to employees and contractors who require it to perform their job functions, and systems are segmented to minimize exposure.

No Guarantee: No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect personal information, we cannot guarantee its absolute security.

Customer Responsibilities: As described in Article 1, the security of business intelligence data processed by StrataBI in your environment is governed by your own infrastructure, cloud security configuration, identity and access management policies, and operational controls.

Data Breach and Incident Response.

Notification Obligations:

In the event of a data breach or security incident affecting personal information that we process, Shaleio will notify affected individuals and applicable regulatory authorities as required by applicable law, including the EU GDPR, UK GDPR, U.S. state data breach notification laws, and other relevant regulations.

Notification will be provided without undue delay and, where feasible, within the timeframes required by law (e.g., 72 hours to supervisory authorities under GDPR, and as specified under applicable state breach notification laws).

Notice to affected individuals will include a description of the incident, the categories of personal information affected, steps individuals can take to protect themselves, contact information for further inquiries, and the measures Shaleio is taking to address the incident.

Customer Notification: Enterprise customers who have entered into a Data Processing Agreement or similar contract will receive incident information consistent with the notification and cooperation obligations set forth in those agreements.

Article 8 – Your Rights

Depending on your location and applicable law, you may have some or all of the following rights with respect to your personal information:

Right of Access: You may request confirmation of whether we process your personal information and obtain a copy of that information.

Right to Rectification: You may request that we correct inaccurate or incomplete personal information.

Right to Erasure (Right to be Forgotten): You may request deletion of your personal information in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where it has been unlawfully processed.

Right to Restriction of Processing: You may request that we restrict processing of your personal information in certain situations, such as while we verify the accuracy of data you have contested or assess whether your interests override our legitimate interests.

Right to Data Portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format and, where technically feasible, transmit it to another controller.

Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your information for those purposes.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Marketing Opt-Out: You may opt out of marketing emails at any time by using the unsubscribe link in each message or by contacting us at info@shaleio.com.

To exercise any of the rights described above, please contact us at:

Email: info@shaleio.com with the subject line “Privacy Rights Request”

Postal Mail: 3564 Avalon Park E Blvd, Ste 1-A976, Orlando, FL 32828

Article 9 – California-Specific Disclosures And Rights (CCPA/CPRA)

Applicability. This Article applies to California residents and supplements the information in this Privacy Policy. Terms defined in the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) have the same meaning when used in this Article.

Categories of Personal Information Collected. In the preceding twelve (12) months, Shaleio has collected the following categories of personal information from California residents:

Identifiers: Name, email address, postal address, IP address, company name, job title, and online identifiers.

Internet or Other Network Activity Information: Browser type, device type, pages viewed, referring and exit pages, clickstream data, and website usage patterns.

Professional or Employment-Related Information: Job title, company or organization name, and business contact details.

Inferences: We may derive limited inferences from the information above, such as general product interests or usage patterns, to improve our services.

Sources of Personal Information. We collect the categories of personal information described above directly from California residents (e.g., through website forms, emails, and licensing sign-ups) and automatically through website technology (e.g., cookies, server logs).

Purposes of Use. We use the categories of personal information identified above for the business and commercial purposes described in Article 3, including:

Providing, maintaining, and improving our website and licensing services.

Responding to inquiries and providing support.

Administering licenses and verifying entitlement.

Sending transactional, administrative, and, where permitted, marketing communications.

Detecting, preventing, and addressing security incidents, fraud, and abuse.

Complying with legal obligations and enforcing our agreements.

Categories of Third Parties to Whom Personal Information is Disclosed. We disclose the categories of personal information described above to the following categories of third parties for business purposes:

Service Providers: Website hosting and infrastructure providers, cloud computing services, email platforms, customer support tools, and payment processors (where applicable).

Legal and Regulatory Authorities: Government agencies, law enforcement, and courts when required by law or legal process.

Professional Advisors: Attorneys, accountants, auditors, and consultants who assist with business operations and compliance.

Business Transferees: Potential or actual acquirers, investors, or successors in connection with a corporate transaction.

Sale and Sharing of Personal Information.

No Sale: Shaleio does not sell personal information as that term is defined under the CCPA/CPRA. We have not sold personal information of California residents in the preceding twelve (12) months.

No Sharing for Cross-Context Behavioral Advertising: Shaleio does not share personal information for cross-context behavioral advertising as that term is defined under the CPRA. We have not shared personal information of California residents for such purposes in the preceding twelve (12) months.

Future Practices: If our practices change such that we engage in activities that constitute sale or sharing under the CCPA/CPRA, we will update this policy and provide California residents with the required opt-out mechanisms, including a “Do Not Sell or Share My Personal Information” link.

Sensitive Personal Information.

Collection: Shaleio does not collect sensitive personal information as defined under the CPRA (e.g., Social Security numbers, financial account numbers, precise geolocation, health data, biometric data for identification, personal information of children, or contents of mail, email, or text messages unless we are the intended recipient).

No Right to Limit Use: Because we do not collect or use sensitive personal information for purposes beyond those necessary to provide our services or as otherwise permitted under CPRA Section 7027(m), we do not provide a “Limit the Use of My Sensitive Personal Information” mechanism.

California Consumer Rights. California residents have the following specific rights under the CCPA/CPRA:

Right to Know: You may request disclosure of:

The categories of personal information we collected about you.

The categories of sources from which the information was collected.

The business or commercial purpose for collecting, selling, or sharing personal information.

The categories of third parties to whom we disclose personal information.

The specific pieces of personal information we have collected about you.

Right to Delete: You may request deletion of personal information we collected from you, subject to certain exceptions under the CCPA/CPRA.

Right to Correct: You may request correction of inaccurate personal information we maintain about you.

Right to Opt-Out: You may opt out of the sale or sharing of personal information. As stated above, we do not currently sell or share personal information.

Right to Limit Use of Sensitive Personal Information: As stated above, we do not collect or use sensitive personal information in a manner that requires this right.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices or rates, provide a different level or quality of service, or suggest that you will receive such differential treatment for exercising your rights.

Exercising California Rights.

Submission Methods: California residents may exercise the rights described above by emailing info@shaleio.com with the subject line “California Privacy Rights Request.”

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We will require proof of authorization and may also require you to verify your identity directly with us.

Article 10 – Children’S Privacy

Age Restriction.

Not Directed to Children: The Shaleio website and our products and services are intended for use by businesses and are not directed to children under the age of thirteen (13) (or sixteen (16) in jurisdictions where a higher age applies under applicable law).

No Knowing Collection: We do not knowingly collect personal information from children under the age of thirteen (13), or sixteen (16) where applicable. If we become aware that we have inadvertently collected personal information from a child under the applicable age without parental consent as required by the Children’s Online Privacy Protection Act (COPPA) or other applicable laws, we will take steps to delete that information as soon as practicable.

Parental Rights.

Notice to Parents and Guardians: If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at info@shaleio.com with the subject line “Child Privacy Inquiry.”

Deletion Request: Upon verification, we will delete the child’s personal information from our records and, where applicable, direct our service providers to do the same.

Article 11 – Changes To This Privacy Policy

Right to Amend. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

Notice of Changes.

Effective Date: Any revised Privacy Policy will be posted on this page with a new “Effective Date” at the top of the document.

Material Changes: If we make material changes to this Privacy Policy that expand the ways in which we use or share personal information, we will provide additional notice through one or more of the following means, where appropriate and as required by law:

A prominent notice on the homepage of our website.

An email notification to the address associated with your account or licensing contact (where we have such an address).

An in-product notification or alert.

Immaterial Changes: Minor or administrative changes, such as updates to contact information, clarifications, or formatting improvements, may be made without additional notice beyond updating the Effective Date.

Continued Use. By continuing to use the Shaleio website or licensing services after the effective date of a revised Privacy Policy, you acknowledge and, where required by law, consent to the updated terms. If you do not agree to the changes, you should discontinue use of our services and contact us to exercise your rights as described in Article 8.

Article 12 – Third-Party Links And Services

Third-Party Websites. The Shaleio website may contain links to third-party websites, platforms, or services that are not owned or controlled by Shaleio. These links are provided for your convenience and do not signify our endorsement of such third parties or their content.

Independent Privacy Practices. Third-party websites and services have their own privacy policies and terms of use. We are not responsible for the privacy practices, content, or security of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit.

Integrated Services. If you use third-party services that integrate with StrataBI or our website (such as cloud platforms, authentication providers, or data sources), those third parties may collect and process personal information according to their own policies. Please review their privacy practices independently.

Article 13 – Dispute Resolution And Governing Law

Governing Law for Privacy Disputes. Any disputes relating to this Privacy Policy, our data practices, or your rights under applicable privacy laws are governed by the same governing law and dispute resolution provisions set forth in the Shaleio Terms of Service, available at shaleio.com/terms.

Incorporation by Reference. The dispute resolution framework, choice of law, venue, and arbitration provisions (if any) contained in the Terms of Service are incorporated into this Privacy Policy by reference and apply to privacy-related disputes.

Article 14 – Contact Information And Complaints

Questions, concerns, or requests regarding this Privacy Policy or our data practices should be directed to:

Shaleio LLC Email: info@shaleio.com Subject Line: Privacy Inquiry Postal Address: 3564 Avalon Park E Blvd, Ste 1-A976, Orlando, FL 32828