Privacy Policy

1. Definitions

For purposes of this Privacy Policy:

• “Namirasoft”, “we”, “us”, or “our” refers to Namira Software Corporation and its related Services where applicable.
• “Service” refers to Namirasoft Access, including its functionality, features, technologies, websites, applications, APIs, software packages, integrations, documentation, and related services made available through Namirasoft Access.
• “Namirasoft Services” refers to products, services, applications, websites, platforms, technologies, features, integrations, and other offerings provided or operated by Namirasoft.
• “Supported Namirasoft Services” refers to Namirasoft Services that integrate with and support access management through Namirasoft Access. Not all Namirasoft Services support access management through the Service.
• “Account Owner” refers to a Namirasoft Account holder who uses the Service to grant, manage, and revoke access to supported Namirasoft Services on behalf of other Namirasoft Account holders.
• “Authorized User” refers to a Namirasoft Account holder to whom an Account Owner has granted access to one or more supported Namirasoft Services through the Service.
• “Personal Information” refers to information relating to an identified or identifiable individual and includes information that may be considered personal information, personal data, or similar information under applicable laws.
• “Permission” refers to an authorization assignment that grants, restricts, or otherwise governs access to products, services, resources, entities, functionality, operations, or activities within Namirasoft Services.
• “Policy” refers to a collection of rules, conditions, permissions, restrictions, or access-control settings used to determine authorization outcomes within Namirasoft Services.
• “Role” refers to a collection of one or more Policies that may be assigned to users to facilitate access management and authorization activities.
• “Authorization Record” refers to a record created when an Account Owner grants an Authorized User access to supported Namirasoft Services, containing identification and account information for both the Account Owner and the Authorized User, along with configuration and timestamp data.
• “Process” or “Processing” refers to activities involving the collection, use, recording, organization, storage, access, disclosure, transfer, analysis, modification, retention, deletion, or other handling of information.

2. About This Privacy Policy

This Privacy Policy does not apply to Namirasoft Account, other Namirasoft Services, or third-party services, each of which is governed by its own applicable privacy policies, notices, and documentation. Information processed within supported Namirasoft Services by Authorized Users is subject to each respective service’s privacy policy, not this one.

Users of the Service are subject to this Privacy Policy in addition to the Namirasoft Account Privacy Policy and any other applicable Namirasoft documentation. Where a conflict exists between this Privacy Policy and other Namirasoft documentation with respect to information practices specific to the Service, this Privacy Policy controls.

Namirasoft acts as the data controller for information collected and processed by the Service. Authorization Records are created when Account Owners choose to grant access to Authorized Users. Namirasoft controls how all information associated with the Service is collected, stored, protected, and retained.

3. Namirasoft Account Requirement

Namirasoft Access requires a valid Namirasoft Account. Namirasoft Account serves as the identity, authentication, and account management system used throughout the Namirasoft ecosystem.

Registration, authentication, account verification, account security, account access, and related account functionality are governed by Namirasoft Account and its applicable terms, policies, and notices.

Information collected, used, processed, disclosed, stored, transferred, or otherwise handled through Namirasoft Account is subject to the Namirasoft Account Privacy Policy, which should be reviewed separately.

Nothing in this Privacy Policy modifies, replaces, limits, or expands the information practices governing Namirasoft Account as described in the Namirasoft Account Privacy Policy.

Age eligibility requirements applicable to the Service are established and enforced by Namirasoft Account. By using the Service, you confirm that you satisfy the minimum age requirements set forth in the Namirasoft Account Terms of Service. Namirasoft Access does not independently verify age.

4. Information We Collect

We collect information necessary to provide the Service. The categories of information we collect, and the sources from which we collect them, are described below.

Account Information

Your Namirasoft Account identifier, email address, and first and last name are provided to the Service upon authentication. This information is managed by Namirasoft Account and is not independently stored by Namirasoft Access outside of Authorization Records.

Authorization Records

When you grant another user access to a supported Namirasoft Service, the Service creates a Authorization Record containing your account identifier, email address, first name, and last name; the recipient’s Namirasoft Account identifier, email address, first name, and last name; and the creation and modification timestamps of the delegation. To create a delegation, you must provide the recipient’s email address. The recipient must hold a valid Namirasoft Account, and their name is retrieved from their Namirasoft Account profile. Authorization Records are visible to the account owner who created them and are permanently deleted when access is revoked.

Usage and Operational Data

Namirasoft collects operational data generated automatically during use of the Service, including records of access management activities and configuration changes. This data is used to maintain Service integrity, monitor for unauthorized activity, and support security and compliance obligations.

Information We Do Not Collect

Namirasoft Access does not independently collect device information, IP addresses, or authentication credentials. Browser session storage used to maintain the Service interface is limited to the active authenticated session. Authentication-related cookies and session management are handled by Namirasoft Account in accordance with its Privacy Policy.

5. How We Use Your Information

We use collected information for the following purposes:

• Provide and operate the Service Store, manage, and enforce Authorization Records, Permissions, Policies, and Roles as configured by Account Owners.
• Process authorization queries Evaluate and respond to real-time authorization requests submitted by supported Namirasoft Services to determine whether an Authorized User is permitted to perform a requested action.
• Notify users Send email notifications to Authorized Users when access is granted by an Account Owner, in accordance with this Privacy Policy.
• Maintain Service security Monitor for unauthorized access, suspicious activity, and potential security incidents, and take appropriate responsive action.
• Comply with legal obligations Comply with applicable laws, respond to lawful requests from regulatory authorities, court orders, and law enforcement, and fulfill other binding legal obligations.
• Improve the Service Analyze aggregate operational data to support ongoing improvements to Service performance and reliability.

Information collected through the Service is not used for advertising, behavioral tracking, profiling, or sale to third parties. Each purpose listed above is supported by a legal basis described in Section 6.

6. Legal Basis for Processing

Namirasoft processes information associated with the Service on the following legal bases:

Contract Performance

Namirasoft processes information on the basis of contract performance to provide and operate the Service for Account Owners and Authorized Users. This includes creating, storing, evaluating, and enforcing Authorization Records, Permissions, Policies, and Roles, processing authorization queries from supported Namirasoft Services, and notifying Authorized Users when access is granted.

Legitimate Interests

Namirasoft processes information on the basis of legitimate interests to maintain Service security, prevent unauthorized access, respond to incidents, and improve Service performance and reliability using aggregate operational data.

Legal Obligations

Processing required to comply with applicable laws, regulations, court orders, governmental requests, or other binding legal requirements.

Consent

Users provide consent to the collection and use of their information in connection with the Service by accepting this Privacy Policy upon first use of Namirasoft Access.

7. Automated Authorization Decisions

When an Authorized User attempts an action within a supported Namirasoft Service, that service submits an authorization query to Namirasoft Access. The Service evaluates the configured Permissions, Policies, and Roles associated with the applicable Authorization Record and returns an authorization decision to the querying service.

These automated evaluations are a core operational function of the Service and are executed based entirely on configurations established by Account Owners. Namirasoft does not independently determine, override, or modify access control outcomes.

Account Owners are responsible for reviewing, maintaining, and updating their access configurations. Namirasoft does not assess the appropriateness, accuracy, or security implications of user-defined Permissions, Policies, or Roles.

If an Authorized User believes an access decision is incorrect, they should contact the Account Owner who configured the relevant access settings. Namirasoft does not intervene in or override individual authorization decisions.

8. Information Sharing and Disclosure

Supported Namirasoft Services

When a supported Namirasoft Service submits an authorization query, Namirasoft Access returns an authorization decision based on the account owner’s configured access settings. The decision indicates whether the delegated user is permitted to perform the requested action. Full Authorization Records are not disclosed to the querying service as part of this process.

Service Providers

Namirasoft may engage third-party service providers to support the operation, hosting, and security of the Service. These providers are permitted to access information only to the extent necessary to perform their functions and are bound by contractual confidentiality and data protection obligations consistent with applicable law.

Legal Requirements

Namirasoft may disclose information where required by applicable law, regulation, court order, governmental request, or legal process, or where necessary to protect the rights, property, or safety of Namirasoft, its users, or others.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or a portion of Namirasoft’s assets, information associated with the Service may be transferred to the relevant successor entity. Users will be notified of any such transfer and any material changes to information practices that result from it.

No Sale of Information

Namirasoft does not sell, rent, or trade information associated with the Service to third parties.

9. International Transfers of Information

Namirasoft is headquartered in Canada and operates in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Information associated with the Service may be processed, stored, or accessed in jurisdictions outside the country where it was originally collected, including Canada and other countries where Namirasoft or its service providers operate. These jurisdictions may have privacy laws that differ from those applicable in your jurisdiction.

Where information is transferred internationally, Namirasoft takes steps to ensure that appropriate protections are in place consistent with applicable legal requirements, including the use of contractual safeguards with service providers where required.

10. Data Security

Namirasoft implements technical and organizational measures to protect information associated with the Service against unauthorized access, disclosure, alteration, and loss. These measures include encryption of data in transit using industry-standard protocols and encryption of data at rest.

Access to Service infrastructure and stored information is restricted to authorized personnel and governed by internal access control policies. Security monitoring is maintained to detect and respond to potential security incidents.

Authorization queries submitted by supported Namirasoft Services are processed without exposing full Authorization Records to the querying service. Only the authorization decision relevant to the specific query is returned.

You are responsible for maintaining the confidentiality of your Namirasoft Account credentials and for the accuracy and appropriateness of the access configurations you establish through the Service. Namirasoft is not liable for unauthorized access resulting from compromised credentials or misconfigured access settings.

No method of electronic transmission or storage is completely secure. While Namirasoft takes reasonable steps to protect information associated with the Service, Namirasoft cannot guarantee absolute security.

11. Information Retention

Namirasoft retains information associated with the Service for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, and comply with applicable legal obligations.

Authorization Records

Authorization Records are retained for as long as the associated authorization remains active. When access is revoked by the account owner, the Authorization Record is permanently deleted. Namirasoft does not retain a history of revoked authorizations.

Usage and Operational Data

Operational data generated by the Service, including authorization event records, is retained for security monitoring, incident response, and compliance purposes. Retention periods for this data are determined by operational and legal requirements.

Account Deletion

Following the deletion of a Namirasoft Account, information associated with that account in the Service may be retained for a period required to fulfill legal obligations, resolve disputes, or address security incidents, before being deleted or de-identified. Active Authorization Records associated with a deleted account are removed in accordance with applicable account termination procedures.

12. Data Integrity and Responsibility

The Service evaluates and enforces access configurations exactly as defined by the account owner. Account owners are solely responsible for the accuracy, appropriateness, and security of the Permissions, Policies, and Roles they configure, including ensuring that delegated access is granted only to intended and authorized recipients.

Namirasoft does not review, validate, or modify user-defined access configurations and cannot be held liable for issues arising from misconfigured authorizations, incorrect recipient identification, or inappropriate access assignments.

When granting access, account owners are responsible for verifying that the email address used to identify the recipient corresponds to the intended person and that the scope of delegated access is appropriate for the recipient’s role and responsibilities.

13. Aggregated and De-Identified Information

Namirasoft may use, disclose, and retain aggregated, anonymized, or de-identified information derived from Service data for purposes including service improvement, operational analysis, research, and reporting. This information does not identify individual users and is not subject to this Privacy Policy.

Where Namirasoft de-identifies information, Namirasoft takes reasonable technical and organizational measures to maintain the de-identified status of that information and does not attempt to re-identify it.

14. Your Rights and Controls

Account Owners

Account owners may create, modify, and revoke Authorization Records at any time through the Service. Revoking an authorization permanently deletes the associated Authorization Record. Account owners are responsible for regularly reviewing their active delegations and taking appropriate action to manage access effectively.

Delegated Users

Authorized Users may view their active access assignments within the Service. An Authorized User who wishes to have their access removed may request that the Account Owner revoke their access, or may contact Namirasoft using the information provided in the Contact Us section.

Applicable Rights

Depending on your jurisdiction, you may have rights with respect to your personal information, including the right to access, correct, delete, or restrict the processing of your information, the right to data portability, and the right to object to processing based on legitimate interests. Residents of the European Economic Area, United Kingdom, and Canada may exercise these rights in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

To exercise any of these rights, please contact Namirasoft using the information provided in the Contact Us section. Namirasoft will respond to requests in accordance with applicable law and within the timeframes required by the relevant jurisdiction.

15. Changes to This Privacy Policy

Namirasoft may update this Privacy Policy at any time to reflect changes in the Service, legal requirements, or security practices. When changes occur, we will notify users through email and/or announcements on the website. Your continued use of Namirasoft Access after updates are posted constitutes acceptance of the revised Policy. If you do not agree with the updated Policy, you must stop using the Service.