1.Definitions

For purposes of this Privacy Policy:

“Applicable Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data including, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK GDPR and Data Protection Act 2018, California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Personal Information Protection and Electronic Documents Act (“PIPEDA”), Brazilian Lei Geral de Proteção de Dados (“LGPD”), Australian Privacy Act 1988, and Korean Personal Information Protection Act (“PIPA”).

“Controller” means the entity that determines the purposes and means of Processing Personal Data.

“Processor” means an entity Processing Personal Data on behalf of a Controller.

“EDGE” means the software platform and related services.

“Personal Data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or deletion.

“User” means any individual using EDGE, including installers, employees, contractors, or representatives of business customers.

2. Scope and Applicability

This Privacy Policy applies to the Processing of Personal Data through EDGE worldwide, including the desktop application, related services, support systems, and associated infrastructure.

EDGE is designed for use by professional and business customers. This Privacy Policy governs Personal Data processed in connection with licensing enforcement, service functionality, support, analytics, reliability and system security.

This Policy does not apply to data processed entirely outside EDGE systems by customers independently.

3. Categories of Personal Data Collected

EDGE processes Personal Data limited to the following categories:

3.1 Device and System Information

Information used to identify devices and ensure licensing, functionality, and support, including:

• Unique hardware-based device identifier (not derived from MAC address)
• Manufacturer
• Model name
• Hostname
• Operating system type, version, and architecture
• CPU model
• Total memory
• Virtual machine status
• Local IP address
• Physical network adapter MAC addresses
• Time zone
• Logged-in username
• Application version

3.2 Usage and Access Information

Information generated during service use:

• IP address
• Time zone
• Location (country and city)
• Current service plan
• Device type
• Desktop application version

3.3 Account Information

Information obtained through authentication systems:

• First name
• Last name
• Email address
• User identifier
• Associated workspace or organization

3.4 Service Operation Data

Operational records generated during use of the software including executed commands, pattern processing actions, configuration adjustments, plotting actions, output device type, and operational parameters associated with a licensed user account.

3.5 Transaction Data

Subscription status, plan type, purchase timestamps, and transaction amounts received from payment providers for provisioning and maintaining access to the service.

3.6 Diagnostic and Error Information

Error reports, crash logs, and session traces transmitted for troubleshooting and service stability.

3.7 Local Device Storage

A fallback device identifier and recent access logs stored locally on the user’s device to prevent duplicate transmissions.

EDGE does not intentionally collect categories of Personal Data not listed above.

4. Purposes and Legal Bases for Processing

EDGE processes Personal Data solely for defined operational purposes. Where GDPR or equivalent law applies, processing is based on the following legal grounds:

4.1 Contract Performance

• Authentication of users and provision of licensed services
• Activation and maintenance of subscriptions
• Association of devices with valid licenses
• Provision of customer-requested functionality

Data used: Account Information, Device Information, Transaction Data, Service Operation Data

4.2 Legitimate Interests

• Ensuring software reliability and performance
• Detecting license abuse and preventing unauthorized use
• Debugging errors and maintaining stability
• Maintaining service security and preventing fraud
• Improving usability and technical functionality

These interests are limited to technical service operation and do not involve advertising profiling or unrelated behavioral tracking.

Data used: Usage Information, Service Operation Data, Diagnostic Information, Device Information

4.3 Legal Obligations

Compliance with tax, accounting, regulatory, and security requirements.

Data used: Transaction Data, Account Information, Security Logs

4.4 Consent (Where Required)

Certain non-essential analytics or regionally required permissions, if implemented, will rely on consent where legally mandated.

5. Cookies and Tracking Technologies

EDGE primarily operates as installed software. Network communications may involve standard technical identifiers such as IP address necessary for connection and security.

No advertising tracking technologies are intentionally deployed within the desktop application.

Where web components are accessed, technically necessary cookies may be used for authentication and session management. Such cookies cannot be disabled as the service cannot function without them.

Product Analytics and Interface Diagnostics

EDGE web components may use analytics and diagnostic technologies such as Google Tag Manager and Microsoft Clarity to understand application performance, identify usability issues, and improve interface reliability. These technologies may collect technical interaction information such as page events, navigation actions, approximate location derived from IP address, browser or device characteristics, and similar operational usage signals.

These tools are used solely for service improvement and troubleshooting and are not used for cross-context behavioral advertising or independent marketing profiling. Where required by applicable law, such technologies will operate subject to appropriate consent mechanisms.

6. Data Sharing and Third-Party Processors

Personal Data may be disclosed only to the extent necessary to operate EDGE:

• Service hosting providers and infrastructure providers
• Authentication providers
• Error monitoring and diagnostics providers
• Customer support systems
• Security and fraud prevention providers
• Legal authorities where required by law

Cloud Infrastructure Hosting

EDGE is hosted on cloud infrastructure operated by Amazon Web Services, Inc. (“AWS”). Personal Data is stored and processed on servers managed by AWS solely for the purpose of providing the EDGE service, maintaining availability, security, and performance. AWS acts as a data processor/sub-processor and processes Personal Data only under contractual instructions and confidentiality obligations.

AWS does not receive payment card information used for transactions processed by the Merchant of Record.

Payment Processing (Merchant of Record)

Payments are processed by Paddle.com Market Limited and its affiliates acting as Merchant of Record. Paddle independently collects billing and payment information including payment card details. EDGE does not collect or store full payment card numbers.

EDGE receives limited subscription and transaction metadata solely for provisioning service access, fraud prevention, and accounting. Paddle acts as an independent data controller for payment transactions.

Customer Support Platform

EDGE uses a third-party customer support and ticket management system (such as Freshdesk) to receive and respond to support requests. When a user submits a support request, relevant account information, contact details, and the contents of the support communication, including any attachments or diagnostic information voluntarily provided, may be processed within this system solely for troubleshooting, service assistance, and issue resolution.

The support provider processes Personal Data only under contractual confidentiality and data protection obligations and does not use the information for independent purposes.

Transactional Email Delivery

EDGE uses third-party email delivery providers (such as Postmark or Brevo) to send service-related communications including account verification, security notifications, system alerts, licensing status, billing notices, and support responses. In order to deliver these messages, the provider processes the recipient’s email address, message content, and technical delivery metadata.

The email delivery provider processes Personal Data solely for the purpose of transmitting communications on behalf of EDGE and is contractually prohibited from using the information for independent marketing purposes.

Error Monitoring

Diagnostic data may be transmitted to monitoring providers (such as Sentry) to identify software faults, maintain reliability, and ensure security. This may include device environment details and limited account identifiers necessary to reproduce issues.

Infrastructure and Security Providers

Hosting providers, authentication providers, and security providers process Personal Data strictly to operate the service.

Legal Disclosure

Personal Data may be disclosed to authorities where required by law or to protect legal rights.

EDGE does not sell Personal Data.

The categories of Personal Data disclosed to each recipient are limited to those reasonably necessary for the specific processing purpose described above.

7. International Data Transfers and Safeguards

Personal Data may be stored and processed on cloud infrastructure operated by service providers, including Amazon Web Services, Inc., in jurisdictions outside the user’s country of residence.

EDGE operates globally and Personal Data may be transferred across jurisdictions.

Transfers may occur to infrastructure providers, monitoring providers, and payment service providers located outside the user’s country.

Where required by law, EDGE implements safeguards including Standard Contractual Clauses, equivalent UK mechanisms, and contractual confidentiality obligations with processors.

Personal Data transferred internationally may include account identifiers, device and system information, usage records, and diagnostic information necessary to operate, secure, and maintain the service. Such transfers occur solely to provide the EDGE service, ensure reliability, prevent unauthorized use, and maintain system integrity.

8. Data Retention

Personal Data is retained according to operational necessity:

• Account and license data — retained while the account remains active and for contractual recordkeeping periods
• Transaction data — retained for legally required financial and tax retention periods
• Security and diagnostic logs — retained for a limited period necessary for fraud prevention and troubleshooting
• Support records — retained until resolution and reasonable follow-up period

Local device storage remains under user control and may be removed by uninstalling the application.

Personal Data may be retained for longer periods where necessary to establish, exercise, or defend legal claims or to comply with legal obligations.

9. Security Measures

EDGE implements technical and organizational security measures including:

• Access controls and authentication requirements
• Encryption of data in transit
• System monitoring and logging
• Least-privilege access policies
• Segregation of environments
• Secure software development practices

No system can guarantee absolute security. Users are responsible for maintaining the security of their own devices.

10. User Rights by Jurisdiction

10.1 EEA and UK

Individuals may have the right to access Personal Data, rectify inaccurate data, erase Personal Data, restrict processing, object to processing based on legitimate interests, data portability, withdraw consent where applicable, and lodge a complaint with a supervisory authority.

10.2 California and Other U.S. States

Residents may have rights to know categories and specific pieces of Personal Data collected, request deletion, correct inaccurate Personal Data, opt-out of sale or sharing (EDGE does not sell Personal Data), limit use of sensitive personal information where applicable, and non-discrimination for exercising rights.

10.3 Canada, Brazil, Australia, Korea and Other Regions

Individuals may have similar rights under local law including access, correction, deletion, and complaint rights with regulators. Requests may be submitted using the contact information below.

11. Children’s Data

EDGE is intended for professional and business use and is not directed to children. EDGE does not knowingly collect Personal Data from minors under the age required by applicable law. If such data is identified, it will be deleted.

12. Automated Decision-Making and Profiling

EDGE performs automated technical checks to validate licensing and service access. These checks do not involve profiling, behavioral evaluation, or decisions producing legal or similarly significant personal effects beyond enabling or disabling software functionality under a license agreement.

EDGE does not perform behavioral profiling, scoring, or evaluation of individuals beyond technical validation of licensing and service access.

13. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred to the successor entity subject to confidentiality obligations and applicable law.

14. Do Not Sell or Share (CPRA)

EDGE does not sell Personal Data and does not share Personal Data for cross-context behavioral advertising as defined under CPRA.

15. Sensitive Personal Information

EDGE is not designed to collect sensitive categories of Personal Data such as financial information, biometric identifiers, government identification numbers, or precise geolocation beyond approximate country/city level necessary for service functionality.

16. Controller and Processor Roles

Customer organizations typically act as Controllers for their users’ use of the service. The operator of EDGE acts as Processor when providing the platform to customers.

For service security, licensing enforcement, and platform reliability analytics, the EDGE operator acts as an independent Controller.

Processors engaged by EDGE may use subprocessors subject to contractual data protection obligations. Where required by applicable law or contractual commitments, the EDGE operator will provide advance notice of material changes to subprocessors and will ensure that any subprocessors are bound by data protection obligations consistent with this Privacy Policy.

17. Contact and Data Protection Officer

Data Controller: The Base Solution Co.. Ltd.
Address: Seoul, South Korea
Email: support@stekedge.com

18. Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect legal, technical, or operational changes. The current version will always be available through official EDGE distribution channels. Continued use of EDGE after updates constitutes acknowledgment of the revised Policy.