Privacy Policy
Effective Date: December 23, 2025
1. Information We Collect
1.1 Customer and Account Information
Celestify collects essential details for account establishment and administration, including names, email addresses, organizational affiliations, authentication credentials, and billing information. Data collection remains limited to what's operationally necessary.
1.2 Customer Data from Connected Services
When users authorize third-party integrations, Celestify processes data strictly within the scope of permissions granted by you. This encompasses user-created materials, shared third-party content, metadata, and activity records received through APIs or webhooks, without accessing information beyond configured permissions.
1.3 Log, Usage, and Technical Data
System-generated information is gathered, including access logs, timestamps, authentication events, IP addresses, device identifiers, and browser information for operational purposes only. Performance metrics and diagnostic data support security monitoring and incident response.
2. Purpose Limitation and Data Use
Processing occurs exclusively for service provision, workflow execution, automated analysis, system security, incident detection, and legal compliance. We do not sell customer data or employ it for advertising purposes.
3. Automated Processing and Processing Integrity
Celestify implements automated systems, including machine learning and rules-based logic. Controls ensure processing aligns with customer configurations, with monitoring for system anomalies and unauthorized activity. Automated outputs may be probabilistic and customers bear responsibility for validation.
4. Model Training and Data Minimization
Customer data does not train generalized machine learning models by default. Explicit opt-in permits account-specific personalization for communication style adaptation, confined to individual customer environments and disabled initially. Other customers' data remains excluded from this processing.
5. Confidentiality and Data Sharing
Confidentiality controls meet SOC 2 requirements. Data disclosure occurs only to authorized subprocessors under written protections, explicitly connected third parties, lawful requests, regulatory compliance, or corporate transactions with continued safeguards. All access is role-based and logged.
6. Subprocessors and Third Parties
Celestify may engage subprocessors evaluated for security practices and contractually obligated to protect data. Third-party services connected by users operate under their independent terms; Celestify assumes no responsibility for their data handling practices.
7. Security Safeguards
Administrative, technical, and organizational protections are implemented, including role-based access controls, encryption for data in transit and at rest, monitoring, logging, and incident response procedures. No system guarantees absolute security; customers bear final responsibility for access configuration.
8. Availability and Resilience
Controls support system availability through infrastructure monitoring, redundancy, and backup procedures appropriate to the service. Uninterrupted availability is not guaranteed.
9. Data Retention and Disposal
Data retention extends only as long as necessary for service provision, contractual obligations, legal requirements, and security or audit support. Disposal processes prevent unauthorized post-deletion access, subject to retention obligations.
10. Privacy Rights and Requests
Individuals may request access, correction, or deletion of personal information or object to processing activities where legally required, submitting requests through the service or direct contact.
11. International Data Transfers
Customer data may be processed in jurisdictions where Celestify or subprocessors operate. Appropriate safeguards support lawful international transfers.
12. Policy Updates
This policy may be updated periodically, with material changes communicated per contractual or legal requirements. Continued service use implies acceptance of updated terms.
13. Contact Information
For privacy and security inquiries: