Skip links

Customer Data Protection

Thank you for visiting spearhead.cloud, an online service managed by Spearhead Systems S.R.L.. We respect and protect the privacy of our users. This data protection policy tells you how and why we may collect and use personal information. The term “Personal Information” in this privacy policy means any information from which your identity is apparent or can be reasonably ascertained.

Scope

The purpose of this online service is to provide you with trusted, professional and high performance IT services such as technical support or public cloud computing resources.

What we collect

In order to deliver some of our services to you or to protect our systems we may collect personal data such as username, IP address, HTTP Referer, requested pages/URI’s.

When we collect

Website

To improve your experience on our site, we may use ‘cookies’. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website or other Spearhead services.

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.

Spearhead may use interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or “share” information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other Personal Information

Use of Google Analytics

Our website(s) uses Google Analytics to evaluate your use of the website, compile reports on website activity, and to help us better deliver our services through our website and online platforms.  We have enabled IP anonymization on this website therefore your IP address is hidden from Google and your identity cannot be tracked directly to you.
The IP address transmitted by your browser as part of the Google Analytics will not be merged with other data from Google.
You may block cookies from being stored by adjusting the settings in your browser software; in this case, you may not be able to use all of the features on this website to their full extent.
You can also block the collection of the data generated by the cookie and the data related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google, by downloading and installing a browser plugin available from the following link: Browser-Plugin. For mobile devices, please click this link
The use of Google Analytics is carried out in accordance with the conditions to which the EU data protection authorities have agreed on with Google. Information about Google Dublin: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Visitors that sign up for our service

IP address, HTTP referrer information and requested pages are logged in addition to our customers “username”, email address, URL, billing and mailing addresses for contractual obligations such as invoicing and fiscal reporting.

Customers that log-in to our services

IP addresses, reverse DNS information, API calls, HTTP Referer, requested pages/URI’s may be logged in order to provide the service as well as for security purposes.

In some situation we may record via specific auditing methods user, script names and binaries for security purposes.

Personal information

If you contact us we will collect the email address you nominate and any other identifying information you provide, such as your name, your company or phone number. Please do not give us other personal or sensitive information. Other than circumstances such as unlawful activity or via court order we do not share Personal Information with any other agency (government or private) unless it is absolutely required to fullfill your request.

We may share personal data with third parties when it is necessay to fullfill your request for a product or service that requires input from our partners, sub-contractors, etc.

How we deal with complaints and requests

You may request access to Personal Information about you that we hold and you may ask us to correct your Personal Information if you find that it is not accurate, up-to-date or complete. You may also make a complaint about our handling of your Personal Information. These services are free of charge within reasonable limits. To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it. You can contact us by email at help@spearhead.systems. We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.

How we protect your Personal Information

This online service is hosted in Romania in a secure, TIER III accredited datacentre. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Access to your Personal Information is restricted to employees who need it to provide benefits or services to you.

Retention of Personal Information

Web access logs are retained for 24 hours after which they are anonymized and stripped of any personally identifiable data. Email communication logs are retained for up to 36 months. Personal, financial and billing information is retained for up to 50 years (financial documents such as invoices, contracts, etc.). Our sales history (visibile through our CRM/ERP systems) as well as support emails and logs are retained for up to 20 years.

We do not share your information with third parties without your explicit permissions.

Access to Personal Information

Access to customer data by Spearhead operations and support personnel is denied by default. When access to customer data is granted, management approval is required and then access is carefully managed and logged.

Spearhead personnel are assigned unique ID’s and cryptographic access keys to use for access to our underlying physical servers. Remote access is restricted only from our secure locations.

Data Protection

Spearhead provides customers with strong data security as a default and by additional service options. spearhead.cloud is a multi-tenant service, which means multiple customers (workloads, virtual servers, containers, etc.) are stored on the same physical hardware.  spearhead.cloud uses logical isolation to segregate each customer’s data from the data of others. Segregation using our best-of-breed technology allows for the scale and economic benefits of cloud computing service while providing rigorous access controls to prevent customers accessing one another’s data.

Customer’s are responsible for ensuring that data stored in spearhead.cloud is encrypted in accordance with their standards.

Protection for in-transit data is enabled by default for the customer portal, our websites, as well as the API and CLI tools. Customers can enable encryption for traffic between their own VM’s as required by configured tunnels, vpn’s or whatever may be required. spearhead.cloud protects data in transit to or from outside the components and data in transit internally using industry standard Transport Layer Security (TLS) 1.2 or later with 2,048-bit encryption keys. spearhead.cloud encrypts all data communication between

  • the customer and spearhead.cloud
  • between internal components (such as between two datacenter or availability zones or between our compute service and our object storage service)

Encryption of data in storage and in transit can be deployed by customers as a best practice for ensuring confidentiality and integrity. All cloud services can be configured by the customer to use SSL to protect communications to or from the Internet and even between individual spearhead.cloud VM’S.

spearhead.cloud currently operates in a single availability zone within a TIER3 datacenter located in Bucharest, Romania. We expect to launch a second availability zone in 2020 and from there to expand regionally with new datacenter locations. Data redundancy for virtual machines is offered locally, per physical server or via clustering technology configured by us or the customer. Data redundancy for our existing MANTA object store is located in US-East Virginia and data is saved in two copies in two separate datacenter. Once this service is migrated to the EEA, it will provide the same level of redundancy: two copies of the data per default; initially in a single availability zone and in the future in two availability zones.

When customers leave spearhead.cloud or at their request, data is completely erased (scrubbing). When physical hardware is decommissioned, Spearhead executes a complete deletion of data.

Data Ownership

Spearhead does not inspect or monitor applications or systems that customers deploy to spearhead.cloud unless specifically granted by the customer. Spearhead does not know what kind of data customers store within spearhead.cloud and makes no claim to ownership of customer data.

Records Management

For records stored in spearhead.cloud, customers are responsible for maintaining and extracting their data according to their own requirements. Spearhead can provide support to customers in regards to managing their own records based on their requirements.

Signup for a free trial