Global Privacy Framework

This document is provided in English, which is the authoritative version; any translation is for convenience only and the English version prevails.

This document applies to all cybersecurity software-as-a-service solutions, websites, applications, platforms, APIs, software, modules, features, documentation, support, and related services made available by Stack4Sec, LLC, a Wyoming limited liability company.

For purposes of this document, "Stack4Sec," "Company," "we," "us," and "our" mean Stack4Sec, LLC. "Customer," "you," and "your" mean the person or entity accessing or using the Services.

This document is incorporated into and forms part of the Stack4Sec Terms of Service. Product-specific terms may supplement this document for particular products, modules, services, or features.

This Global Privacy Framework describes Stack4Sec's privacy governance principles for the Services. It is designed to align Stack4Sec's privacy approach across jurisdictions, customers, products, services, vendors, and internal operations. It is not legal advice and does not replace the Stack4Sec Privacy Policy, Cookie Policy, Data Processing Addendum, or applicable agreements.

Stack4Sec's privacy framework is based on the following principles:

• lawful, fair, and transparent processing;
• purpose limitation;
• data minimization;
• accuracy;
• storage limitation;
• security and confidentiality;
• accountability;
• privacy by design and by default;
• responsible vendor management;
• respect for individual rights.

This Framework applies to Stack4Sec's processing of personal information across the Services and business operations. It is intended to support compliance with applicable privacy laws, including GDPR, LGPD, California privacy laws, Australia Privacy Act, and other relevant privacy and data protection laws.

Stack4Sec assesses whether it acts as controller, processor, business, service provider, contractor, operator, or equivalent role depending on the jurisdiction and processing activity. Role determinations may vary by context.

Customer is responsible for determining its own role and obligations for Customer Personal Data submitted to the Services.

Stack4Sec aims to maintain internal understanding of the categories of personal information it processes, the purposes of processing, systems involved, vendors involved, retention needs, security controls, and transfer mechanisms.

Stack4Sec seeks to incorporate privacy considerations into product development, system design, vendor selection, AI Feature design, security architecture, data retention, access controls, and customer-facing workflows.

Stack4Sec encourages Customers to submit only data necessary for the intended use of the Services. Customer should redact, pseudonymize, aggregate, or minimize sensitive data where feasible.

Stack4Sec may design features to support minimization, export, deletion, role-based access, and permission control where appropriate.

Stack4Sec provides public policies and contractual documents explaining how it processes information, including the Privacy Policy, Cookie Policy, Data Processing Addendum, AI Features Terms, and product-specific terms where applicable.

Stack4Sec supports privacy rights requests as required by applicable law. Where Stack4Sec acts as processor or service provider, Stack4Sec generally assists Customer in responding to requests rather than responding directly, unless required by law.

Stack4Sec may use vendors and Subprocessors to support the Services. Stack4Sec evaluates vendors based on risk and imposes contractual obligations relating to confidentiality, security, data protection, and restricted use where appropriate.

Stack4Sec is based in the United States and may process data internationally. Stack4Sec uses appropriate transfer mechanisms where required, which may include standard contractual clauses, contractual safeguards, adequacy mechanisms, or other lawful mechanisms recognized by applicable law.

Privacy and security are connected. Stack4Sec implements commercially reasonable safeguards designed to protect personal information and maintains incident response processes for suspected and confirmed security incidents.

Stack4Sec retains personal information only for as long as reasonably necessary for the relevant purposes, unless a longer retention period is required or permitted by law, security, dispute resolution, backup, compliance, or legitimate business needs.

Where AI Features process personal information, Stack4Sec seeks to apply appropriate safeguards, such as human review expectations, use limitations, data minimization, contractual restrictions, vendor review, and transparency through AI Features Terms.

AI outputs should not be used as the sole basis for legally or similarly significant decisions about individuals unless permitted by law and subject to appropriate safeguards.

Stack4Sec may provide privacy and security awareness to personnel with access to personal information or systems, appropriate to role and risk.

Stack4Sec may review and update this Framework based on changes in laws, products, operations, vendors, customer requirements, risk assessments, and industry practices.

Legal notices and inquiries may be sent to:

Stack4Sec, LLC 30 N Gould St, STE R Sheridan, WY 82801 United States Email: legal@stack4sec.com