Privacy Policy

[Last Update: 9.11.2023]

Introduction

Thank you for visiting spearhead.systems, an online service managed by Spearhead Systems S.R.L. We respect and protect the privacy of our users. This privacy policy tells you how and why we may collect and use personal information. The term “Personal Information” in this privacy policy means any information from which your identity is apparent or can be reasonably ascertained.

We do not collect Personal Information about you when you visit our websites! We do not share your information with third parties without your explicit permission.

Furthermore, we make an effort to not collect any personally identifiable data unless absolutely required to deliver our services to you.

Scope

The purpose of this online service is to provide you with trusted, professional and high performance IT services such as technical support or public cloud computing resources.

When we collect data

Website

To improve your experience on our site, we may use ‘cookies’. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website or other Spearhead services.

The cookies we use do not contain personally identifiable information and are used only to keep track of preferences.

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.

Spearhead may use interfaces with social media sites such as Facebook, LinkedIn, Twitter, Google and others. If you choose to “like” or “share” information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other Personal Information.

This website uses Google Analytics to track user visits across our website (not across the use of other services such as spearhead.cloud or functioneaza.ro). As a result, IP addresses are processed in such a way that they cannot be tracked back to you. For more details please visit google support forums.

Visitors that sign up for our service

IP address, HTTP referrer information and requested pages are logged in addition to our customers “username”, email address, URL, billing, company details and mailing addresses for contractual obligations such as invoicing and fiscal reporting. This data is strictly protected and used for security purposes. It is never shared.

Customers that log-in to our services

IP addresses, reverse DNS information, API calls, HTTP Referer, requested pages/URI’s may be logged in order to provide the service as well as for security purposes.

In some situation we may record via specific auditing methods user, script names and binaries for security purposes.

Personal Information

If you contact us we will collect the email address you nominate and any other identifying information you provide, such as your name, your company or phone number.

Please do not give us other personal or sensitive information.

Other than circumstances such as unlawful activity or via court order we do not share Personal Information with any other agency (government or private) unless it is absolutely required to fulfil your request in which case you will be notified before doing so.

How we deal with complaints and requests

You may request access to Personal Information about you that we hold and you may ask us to correct your Personal Information if you find that it is not accurate, up-to-date or complete. You may also make a complaint about our handling of your Personal Information.

These services are free of charge within reasonable limits.

To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.

You can contact us by email at dpo@spearhead.systems. We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.

How we protect your Personal Information

This online service is hosted in Romania in a secure, TIER III accredited datacentre. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis.

We train our employees about the importance of confidentiality and maintaining the privacy and security of your information. Access to your Personal Information is restricted to employees who need it to provide benefits or services to you.

Retention of Personal Information

Web access logs are retained for 24 hours after which they are anonymised and stripped of any personally identifiable data. Email communication logs are retained for up to 36 months. Personal, financial and billing information is retained for up to 50 years (financial documents such as invoices, contracts, etc.). Our sales history (visible through our CRM/ERP systems) as well as support emails and logs are retained for up to 20 years.

Access to Personal Information

Access to customer data by Spearhead operations and support personnel is denied by default. When access to customer data is granted, management approval is required and then access is carefully managed and logged.

Data Protection

Spearhead provides customers with strong data security as a default and by additional service options. spearhead.cloud is a multi-tenant service, which means multiple customers (workloads, virtual servers, containers, etc.) are stored on the same physical hardware.  spearhead.cloud uses logical isolation to segregate each customer’s data from the data of others. Segregation using our best-of-breed technology allows for the scale and economic benefits of cloud computing service while providing rigorous access controls to prevent customers accessing one another’s data.

Customer’s are responsible for ensuring that data stored in spearhead.cloud is encrypted in accordance with their standards.

Protection for in-transit data is enabled by default for the customer portal, our websites, as well as the API and CLI tools. Customers can enable encryption for traffic between their own VM’s as required by configured tunnels, vpn’s or whatever may be required. spearhead.cloud protects data in transit to or from outside the components and data in transit internally using industry standard Transport Layer Security (TLS) 1.2 or later with 2,048-bit encryption keys. spearhead.cloud encrypts all data communication between

the customer and spearhead.cloud

between internal components (such as between two datacenter or availability zones or between our compute service and our object storage service)

Encryption of data in storage and in transit can be deployed by customers as a best practice for ensuring confidentiality and integrity. All cloud services can be configured by the customer to use SSL to protect communications to or from the Internet and even between individual spearhead.cloud VM’S.

spearhead.cloud currently operates in a single availability zone within a TIER3 datacenter located in Bucharest, Romania. We expect to launch a second availability zone in 2020 and from there to expand regionally with new datacenter locations. Data redundancy for virtual machines is offered locally, per physical server or via clustering technology configured by us or the customer. Data redundancy for our existing MANTA object store is located in US-East Virginia and data is saved in two copies in two separate datacenters. Once this service is migrated to the EEA, it will provide the same level of redundancy: two copies of the data per default; initially in a single availability zone and in the future in two availability zones.

When customers leave spearhead.cloud or at their request, data is completely erased (scrubbing). When physical hardware is decommissioned, Spearhead executes a complete deletion of data.

Data ownership

Spearhead does not inspect or monitor applications or systems that customers deploy to spearhead.cloud unless specifically granted by the customer. Spearhead does not know what kind of data customers store within spearhead.cloud and makes no claim to ownership of customer data.

Records Management

For records stored in spearhead.cloud, customers are responsible for maintaining and extracting their data according to their own requirements. Spearhead can provide support to customers in regards to managing their own records based on their requirements.