Privacy Policy

Callisto ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

By accessing or using Callisto, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

1. Information We Collect

Information you provide directly

• Account information: name, email address, organisation name, and password when you register.
• Profile data: role, preferences, and any additional information you choose to add.
• Workspace content: projects, accounts, notes, tasks, action items, time entries, and any other data you create or import within the platform.
• Communications: messages or enquiries you send to our support team.

Information collected automatically

• Usage data: pages visited, features used, session duration, and interaction events.
• Device and browser data: IP address, browser type and version, operating system, and device identifiers.
• Cookies and local storage: session tokens and preference data to maintain your logged-in state and personalise your experience.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Callisto platform.
• Authenticate your identity and manage your account securely.
• Synchronise your data in real time across devices and team members.
• Send transactional emails (e.g. account confirmation, password reset).
• Respond to support requests and improve the service based on your feedback.
• Analyse aggregate usage patterns to improve product features and performance.
• Comply with applicable legal obligations.

We do not sell your personal data to third parties, nor do we use your workspace content for advertising purposes.

3. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security audits.

While we take reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords and enable two-factor authentication where available.

4. Data Sharing and Disclosure

We do not share your personal information with third parties except in the following limited circumstances:

• Service providers: trusted third-party vendors who assist in operating the platform (e.g. cloud hosting, email delivery) under strict confidentiality agreements.
• Legal requirements: when required by law, regulation, court order, or to protect the rights and safety of Callisto, its users, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

5. Team and Workspace Data

When you use Callisto as part of an organisation or team workspace, your administrator may have access to your activity and the content you create within that workspace. Organisation-level data governance is the responsibility of the account administrator.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. You may request deletion of your account and associated data at any time by contacting us. Upon deletion, your data will be removed from active systems within 30 days, with backups purged within 90 days.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data ("right to be forgotten").
• Portability: request your data in a structured, machine-readable format.
• Objection: object to certain processing of your data.

To exercise any of these rights, contact us at privacy@callisto.app. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to maintain your session and authentication state. We do not use third-party advertising or tracking cookies. You can configure your browser to refuse cookies, though some features of the platform may not function correctly without them.

9. Children's Privacy

Callisto is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-app notification. Continued use of the platform after updates constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: privacy@callisto.app