Privacy Policy

🛡️ Overview & Our Commitment

At ISO8583Studio, we are committed to protecting your privacy and ensuring the security of your personal information. As a professional desktop application for financial transaction processing, we understand the critical importance of data protection in the financial technology sector.

This Privacy Policy applies to:

• ISO8583Studio Desktop Application - Our primary software product
• Official Website - https://iso8583.studio
• Support Services - Customer support and technical assistance
• Documentation & Resources - Online guides and documentation

📊 Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when using our services:

• Account Information: Name, email address, company name, and contact details when you create an account or request support
• License Information: License key details, activation information, and subscription data
• Feedback & Surveys: Your responses to surveys, feedback forms, and product improvement requests

Information Collected Automatically

Our application and website may automatically collect certain technical information:

• Application Usage Data: Feature usage statistics, performance metrics, and crash reports (anonymized)
• System Information: Operating system version, hardware specifications, and software environment details
• Website Analytics: IP address, browser type, pages visited, and interaction patterns
• Log Data: Application logs, error reports, and diagnostic information

Financial & Transaction Data

Important clarifications regarding sensitive financial data:

• Local Processing: Transaction data processed through ISO8583Studio remains on your local system by default
• No Data Collection: We do not collect, store, or transmit your actual financial transaction data
• Configuration Data: Gateway configurations and message templates are stored locally unless you use cloud sync features
• Support Cases: If you share configuration or log files for support purposes, we handle them with strict confidentiality

⚙️ How We Use Your Data

We use collected information for the following purposes:

Service Provision & Improvement

• License Management: Verify licenses, manage subscriptions, and prevent unauthorized use
• Technical Support: Provide customer support, troubleshoot issues, and resolve technical problems
• Product Development: Improve our software, develop new features, and enhance user experience
• Performance Optimization: Analyze usage patterns to optimize application performance and stability

Communication & Updates

• Product Updates: Notify you about software updates, security patches, and new releases
• Support Communications: Respond to your support requests and provide technical assistance
• Educational Content: Share documentation, tutorials, and best practices (with your consent)
• Important Notices: Communicate critical security updates or service changes

Legal & Compliance

• Legal Obligations: Comply with applicable laws, regulations, and legal processes
• Security Protection: Detect and prevent fraud, unauthorized access, and security threats
• Terms Enforcement: Enforce our Terms of Service and protect our rights and property

🤝 Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information only in the following limited circumstances:

Service Providers

We may share data with trusted third-party service providers who help us operate our business:

• Cloud Infrastructure: Hosting services for our website and support systems
• Analytics Services: Website analytics and application performance monitoring
• Support Tools: Customer support and ticketing systems
• Payment Processing: Payment processors for license purchases (they handle payment data independently)

Legal Requirements

We may disclose information when required by law or to protect our rights:

• In response to valid legal processes (subpoenas, court orders, etc.)
• To comply with applicable laws and regulations
• To protect our rights, property, or safety, or that of our users
• To investigate potential violations of our Terms of Service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and the choices you may have.

🔒 Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

• Encryption: Data in transit is protected using TLS/SSL encryption
• Access Controls: Strict access controls and authentication for our systems
• Secure Infrastructure: Industry-standard security practices for our servers and databases
• Regular Updates: Timely security patches and software updates

Operational Safeguards

• Employee Training: Regular security awareness training for all employees
• Background Checks: Comprehensive background checks for personnel with data access
• Incident Response: Established procedures for security incident detection and response
• Regular Audits: Periodic security assessments and vulnerability testing

Application Security

• Local Data Protection: Your local data remains on your system with standard OS protections
• Secure Communications: All network communications use encrypted channels
• Code Signing: Our application is digitally signed to ensure authenticity and integrity
• Regular Security Reviews: Continuous security assessment of our codebase and infrastructure

🗄️ Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

Account Information

• Active Accounts: Retained while your account is active and for service provision
• Inactive Accounts: Deleted after 2 years of inactivity, unless legal obligations require longer retention
• Support Records: Support tickets and communications retained for 3 years for quality and legal purposes

Technical Data

• Usage Analytics: Aggregated and anonymized usage data retained for 24 months
• Log Files: Server logs retained for 90 days for security and operational purposes
• Crash Reports: Anonymous crash reports retained for 12 months for product improvement

Legal & Compliance Data

• Financial Records: License and payment records retained for 7 years for tax and accounting purposes
• Legal Holds: Data subject to legal proceedings retained until resolution
• Regulatory Requirements: Data retained as required by applicable financial services regulations

👤 Your Rights

You have several rights regarding your personal information. The specific rights available to you may depend on your location and applicable laws:

Access & Portability Rights

• Access: Request a copy of the personal information we hold about you
• Portability: Receive your data in a structured, machine-readable format
• Information: Learn about how we process your data and with whom we share it

Control & Correction Rights

• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Restriction: Limit how we process your information in certain circumstances
• Objection: Object to processing based on legitimate interests

Communication Preferences

• Marketing Opt-out: Unsubscribe from marketing communications at any time
• Communication Settings: Choose how and when we contact you
• Notification Preferences: Control which product updates and announcements you receive

🍪 Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve your experience and understand how our services are used:

Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: Help us understand website usage and improve performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising (with your consent)

Third-Party Cookies

We may use third-party services that set their own cookies:

• Google Analytics: Website traffic analysis and user behavior insights
• Support Chat: Customer support chat functionality
• CDN Services: Content delivery and website performance optimization

Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may affect website functionality)
• Block third-party cookies only
• Delete existing cookies
• Set preferences for future cookies

🌐 International Data Transfers

ISO8583Studio operates globally, and your information may be transferred to and processed in countries other than your own:

Legal Basis for Transfers

• Adequacy Decisions: Transfers to countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contracts ensuring data protection
• Your Consent: Explicit consent for specific transfers when required
• Necessity: Transfers necessary for service provision or legal compliance

Safeguards for International Transfers

• Encryption: All data transfers use strong encryption
• Access Controls: Strict limits on who can access transferred data
• Contractual Protections: Legal agreements requiring equivalent protection
• Regular Reviews: Ongoing assessment of transfer arrangements and protections

👶 Children's Privacy

ISO8583Studio is designed for professional use in financial services and is not intended for children under 16. We do not knowingly collect personal information from children.

If we become aware that we have collected information from a child under 16 without parental consent, we will take steps to delete that information promptly.

📝 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

• Website Notice: Prominent notice on our website for 30 days
• Email Notification: Email to registered users for material changes
• In-App Notification: Notification within the desktop application
• Version Dating: Clear dating of policy versions for transparency

Types of Changes

• Minor Changes: Clarifications, formatting, or contact information updates
• Material Changes: Changes to data collection, use, or sharing practices
• Legal Changes: Updates required by new laws or regulations

⚖️ Legal Compliance & Frameworks

ISO8583Studio complies with major data protection frameworks and regulations:

Regulatory Compliance

• GDPR: European General Data Protection Regulation compliance
• CCPA: California Consumer Privacy Act protections
• PIPEDA: Canadian Personal Information Protection Act compliance
• Financial Regulations: Relevant financial services data protection requirements

Industry Standards

• ISO 27001: Information security management best practices
• PCI DSS Guidelines: Payment card industry security standards
• SOC 2: Security, availability, and confidentiality controls
• Financial Industry Standards: Sector-specific security and privacy requirements