Privacy Policy

1. Definitions

For purposes of this Privacy Policy:

• “Namirasoft”, “we”, “us”, or “our” refers to Namira Software Corporation and its related Services where applicable.
• “Service” refers to Namirasoft Access, including its functionality, features, technologies, websites, applications, APIs, software packages, integrations, documentation, and related services made available through Namirasoft Access.
• “Namirasoft Services” refers to products, services, applications, websites, platforms, technologies, features, integrations, and other offerings provided or operated by Namirasoft.
• “Supported Namirasoft Services” refers to Namirasoft Services that integrate with and support access management through Namirasoft Access. Not all Namirasoft Services support access management through the Service.
• “Account Owner” refers to a Namirasoft Account holder who uses the Service to grant, manage, and revoke access to supported Namirasoft Services on behalf of other Namirasoft Account holders.
• “Authorized User” refers to a Namirasoft Account holder to whom an Account Owner has granted access to one or more supported Namirasoft Services through the Service.
• “Personal Information” refers to information relating to an identified or identifiable individual and includes information that may be considered personal information, personal data, or similar information under applicable laws.
• “Permission” refers to an authorization assignment that grants, restricts, or otherwise governs access to products, services, resources, entities, functionality, operations, or activities within Namirasoft Services.
• “Policy” refers to a collection of rules, conditions, permissions, restrictions, or access-control settings used to determine authorization outcomes within Namirasoft Services.
• “Role” refers to a collection of one or more Policies that may be assigned to users to facilitate access management and authorization activities.
• “Authorization Record” refers to a record created when an Account Owner grants an Authorized User access to supported Namirasoft Services, containing identification and account information for both the Account Owner and the Authorized User, along with configuration and timestamp data.
• “Process” or “Processing” refers to activities involving the collection, use, recording, organization, storage, access, disclosure, transfer, analysis, modification, retention, deletion, or other handling of information.

2. About This Privacy Policy

This Privacy Policy does not apply to Namirasoft Account, other Namirasoft Services, or third-party services, each of which is governed by its own applicable privacy policies, notices, and documentation. Information processed within supported Namirasoft Services by Authorized Users is subject to each respective service’s privacy policy, not this one.

Users of the Service are subject to this Privacy Policy in addition to the Namirasoft Account Privacy Policy and any other applicable Namirasoft documentation. Where a conflict exists between this Privacy Policy and other Namirasoft documentation with respect to information practices specific to the Service, this Privacy Policy controls.

Namirasoft acts as the data controller for information collected and processed by the Service. Authorization Records are created when Account Owners choose to grant access to Authorized Users. Namirasoft controls how all information associated with the Service is collected, stored, protected, and retained.

3. Namirasoft Account Requirement

Namirasoft Access requires a valid Namirasoft Account. Namirasoft Account serves as the identity, authentication, and account management system used throughout the Namirasoft ecosystem.

Registration, authentication, account verification, account security, account access, and related account functionality are governed by Namirasoft Account and its applicable terms, policies, and notices.

Information collected, used, processed, disclosed, stored, transferred, or otherwise handled through Namirasoft Account is subject to the Namirasoft Account Privacy Policy, which should be reviewed separately.

Nothing in this Privacy Policy modifies, replaces, limits, or expands the information practices governing Namirasoft Account as described in the Namirasoft Account Privacy Policy.

Age eligibility requirements applicable to the Service are established and enforced by Namirasoft Account. By using the Service, you confirm that you satisfy the minimum age requirements set forth in the Namirasoft Account Terms of Service. Namirasoft Access does not independently verify age.

4. Information We Collect

We collect information necessary to provide the Service. Information may be obtained directly from users, from Namirasoft Account, from Account Owners who initiate authorizations, and from operational activities associated with use of the Service. The categories of information we collect are described below.

Account Information

Your Namirasoft Account identifier, email address, and first and last name are provided to the Service upon authentication. This information is obtained from Namirasoft Account and is primarily used in connection with Authorization Records and operation of the Service.

Authorization Records

When you grant another user access to a supported Namirasoft Service, the Service creates an Authorization Record containing your account identifier, email address, first name, and last name; the recipient’s Namirasoft Account identifier, email address, first name, and last name; and the creation and modification timestamps of the record. To grant access, you must provide the recipient’s email address. The recipient must hold a valid Namirasoft Account, and their name is retrieved from their Namirasoft Account profile. Authorization Records are visible to the Account Owner who created them. When access is revoked, Authorization Records are removed from user-facing interfaces in accordance with Section 11 of this Privacy Policy.

Usage and Operational Data

Namirasoft collects operational data generated automatically during use of the Service, including records of access management activities and configuration changes. This data is used to maintain Service integrity, monitor for unauthorized activity, and support security and compliance obligations.

Information We Do Not Collect

Namirasoft Access does not independently collect device information, IP addresses, or authentication credentials. Browser session storage used to maintain the Service interface is limited to the active authenticated session. Authentication-related cookies and session management are handled by Namirasoft Account in accordance with its Privacy Policy.

5. How We Use Your Information

We use collected information for the following purposes:

• Provide and Operate the Service To create, store, manage, evaluate, and enforce Authorization Records, Permissions, Policies, and Roles as configured by Account Owners.
• Process Authorization Queries To evaluate and respond to real-time authorization requests submitted by supported Namirasoft Services and determine whether an Authorized User is permitted to perform a requested action.
• Notify Users To send email notifications to Authorized Users when access is granted by an Account Owner, in accordance with this Privacy Policy.
• Maintain Service Security To monitor for unauthorized access, suspicious activity, and potential security incidents, and take appropriate responsive action.
• Comply with Legal Obligations To comply with applicable laws, respond to lawful requests from regulatory authorities, court orders, and law enforcement, and fulfill other binding legal obligations.
• Improve the Service To analyze aggregate operational data to support ongoing improvements to Service performance and reliability.

Information collected through the Service is not used for advertising, behavioral tracking, profiling, or sale to third parties. Each purpose listed above is supported by a legal basis described in Section 6.

6. Legal Basis for Processing

Namirasoft processes information associated with the Service on the following legal bases:

Contract Performance

Namirasoft processes information on the basis of contract performance to provide and operate the Service for Account Owners and Authorized Users. This includes creating, storing, evaluating, and enforcing Authorization Records, Permissions, Policies, and Roles, processing authorization queries from supported Namirasoft Services, and notifying Authorized Users when access is granted.

Legitimate Interests

Namirasoft processes information on the basis of legitimate interests to maintain Service security, prevent unauthorized access, respond to incidents, and improve Service performance and reliability using aggregate operational data.

Legal Obligations

Processing required to comply with applicable laws, regulations, court orders, governmental requests, or other binding legal requirements.

Consent

Where required by applicable law, Namirasoft may request or rely on consent for specific processing activities where consent serves as the applicable legal basis.

7. Automated Authorization Decisions

When an Authorized User attempts an action within a supported Namirasoft Service, that service submits an authorization query to Namirasoft Access. The Service evaluates the configured Permissions, Policies, and Roles associated with the applicable Authorization Record and returns an authorization decision to the querying service.

These automated evaluations are a core operational function of the Service and are executed based entirely on configurations established by Account Owners. Namirasoft does not independently determine, override, or modify access control outcomes.

Account Owners are responsible for reviewing, maintaining, and updating their access configurations. Namirasoft does not assess the appropriateness, accuracy, or security implications of user-defined Permissions, Policies, or Roles.

If an Authorized User believes an access decision is incorrect, they should contact the Account Owner who configured the relevant access settings. Except where required by applicable law, court order, security requirements, fraud or abuse prevention, or protection of the integrity of the Service, Namirasoft does not intervene in or override individual authorization decisions.

The automated authorization evaluations performed by the Service are intended solely to determine whether a requested action is permitted under access configurations established by an Account Owner. These evaluations are not designed to produce legal effects or similarly significant effects concerning individuals within the meaning of applicable data protection laws.

8. Information Sharing and Disclosure

Supported Namirasoft Services

When a supported Namirasoft Service submits an authorization query, Namirasoft Access returns an authorization decision based on the Account Owner’s configured access settings. The decision indicates whether the Authorized User is permitted to perform the requested action. Full Authorization Records are not disclosed to the querying service as part of this process.

Service Providers

Namirasoft may engage third-party service providers to support the operation, hosting, and security of the Service. These providers are permitted to access information only to the extent necessary to perform their functions and are bound by contractual confidentiality and data protection obligations consistent with applicable law. Namirasoft is not responsible for the independent actions or omissions of service providers that fall outside the scope of their contractual obligations to Namirasoft.

Legal Requirements

Namirasoft may disclose information where required or permitted by applicable law, regulation, court order, governmental request, or legal process, or where Namirasoft determines in good faith that such disclosure is reasonably necessary to protect the rights, property, or safety of Namirasoft, its users, or others. Such disclosures may occur without prior notice where permitted or required by applicable law. Namirasoft may be prohibited from notifying users of such disclosures and is under no obligation to do so where restricted by applicable law or legal order.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or a portion of Namirasoft’s assets, information associated with the Service may be transferred to the relevant successor entity. Notice of any such transfer will be provided where required by applicable law and to the extent reasonably practicable.

No Sale of Information

Namirasoft does not sell, rent, or trade information associated with the Service to third parties for commercial purposes.

Professional Advisors

Namirasoft may share information with its legal counsel, auditors, accountants, and other professional advisors, subject to applicable professional confidentiality obligations, in connection with the operation, legal compliance, or security of the Service.

9. International Transfers of Information

Namirasoft is headquartered in Canada and operates in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

Information associated with the Service may be processed, stored, or accessed in jurisdictions outside the country where it was originally collected, including within Canada and in other countries where Namirasoft or its service providers operate. These jurisdictions may have privacy laws that differ from those applicable in your jurisdiction. By using the Service, you acknowledge that your information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your country of residence.

Where information is transferred internationally, Namirasoft implements reasonable contractual and technical safeguards consistent with applicable legal requirements. Namirasoft does not warrant that information processed in other jurisdictions will be subject to privacy protections equivalent to those in your country of residence.

10. Data Security

Namirasoft implements technical and organizational measures to protect information associated with the Service against unauthorized access, disclosure, alteration, and loss. These measures may include encryption of data in transit using industry-standard protocols, encryption of data at rest, and other technical and organizational safeguards.

Access to Service infrastructure and stored information is restricted to authorized personnel and governed by internal access control policies. Security monitoring is maintained to detect and respond to potential security incidents.

Authorization queries submitted by supported Namirasoft Services are processed without exposing full Authorization Records to the querying service. Only the authorization decision relevant to the specific query is returned.

You are responsible for maintaining the confidentiality of your Namirasoft Account credentials and for the accuracy and appropriateness of the access configurations you establish through the Service. Namirasoft is not liable for unauthorized access resulting from compromised credentials or misconfigured access settings.

No method of electronic transmission or storage is completely secure. While Namirasoft takes reasonable steps to protect information associated with the Service, Namirasoft cannot guarantee absolute security. Namirasoft’s liability in connection with any security incident is limited to the extent permitted by applicable law.

11. Information Retention

Namirasoft retains information associated with the Service for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, and comply with applicable legal obligations. Retention periods may vary depending on the nature of the information, applicable legal obligations, security requirements, dispute resolution needs, fraud prevention requirements, auditing obligations, and other legitimate operational or business purposes.

Authorization Records

Authorization Records remain active for as long as the associated authorization is in effect. Where an authorization query is submitted for an email address that does not correspond to a registered Namirasoft Account, no Authorization Record is created and no user-facing authorization data is retained in connection with that query.

When access is revoked by the Account Owner, the Authorization Record is removed from user-facing interfaces and is no longer accessible through the Service. Namirasoft may retain records of prior authorizations for operational, security, and legal compliance purposes for such period as Namirasoft determines to be necessary.

Usage and Operational Data

Operational data generated by the Service, including authorization event records, is retained for security monitoring, incident response, and compliance purposes. Retention periods for this data are determined by operational and legal requirements.

Account Deletion

Following the deletion of a Namirasoft Account, information associated with that account in the Service may be retained for a period required to fulfill legal obligations, resolve disputes, or address security incidents, before being deleted or de-identified. Active Authorization Records associated with a deleted account are removed in accordance with applicable account termination procedures.

12. Data Integrity and Responsibility

The Service evaluates and enforces access configurations based on the Permissions, Policies, and Roles configured by the Account Owner. Account Owners are responsible for the accuracy, appropriateness, and security of the configurations they establish, including ensuring that access is granted only to intended and authorized recipients.

Namirasoft does not review, validate, or modify user-defined access configurations and cannot be held liable for issues arising from misconfigured authorizations, incorrect recipient identification, or inappropriate access assignments.

When granting access, Account Owners are responsible for verifying that the email address used to identify the recipient corresponds to the intended person and that the scope of access is appropriate for the recipient’s role and responsibilities.

Nothing in this section limits Namirasoft’s responsibilities with respect to information collected, processed, retained, protected, or otherwise handled through the Service.

13. Aggregated and De-Identified Information

Namirasoft may use, disclose, and retain aggregated, anonymized, or de-identified information derived from Service data for purposes including service improvement, operational analysis, research, and reporting. This information does not identify individual users and is not subject to this Privacy Policy.

Where Namirasoft de-identifies information, Namirasoft takes reasonable technical and organizational measures to maintain the de-identified status of that information and does not attempt to re-identify it.

14. Your Rights and Controls

Account Owners

Account Owners may create, modify, and revoke Authorization Records at any time through the Service. When access is revoked, the Authorization Record is removed from user-facing interfaces. Account Owners are responsible for regularly reviewing their active authorizations and taking appropriate action to manage access effectively.

Authorized Users

Authorized Users may view their active access assignments through the Service. Where functionality is available, Authorized Users may remove or decline access assignments associated with their account. Authorized Users may also contact the applicable Account Owner or Namirasoft regarding access-related concerns.

Applicable Rights

Depending on applicable laws, users may have certain rights regarding their personal information, including rights relating to access, correction, deletion, or other rights provided under applicable privacy laws.

To exercise available rights or submit a privacy-related request, users may contact Namirasoft using the information provided in the Contact Us section. Namirasoft may request information reasonably necessary to verify identity before responding to a request.

Namirasoft will review and respond to requests in accordance with applicable laws, security requirements, and operational considerations associated with the Service.

Users may contact applicable privacy regulators if they have unresolved concerns about Namirasoft’s information practices.

15. Changes to This Privacy Policy

Namirasoft may update this Privacy Policy at any time to reflect changes in the Service, legal requirements, or security practices. When material changes occur, Namirasoft may notify users through email and/or announcements through the Service or its website, where appropriate or as required by applicable law. Your continued use of Namirasoft Access after updates are posted constitutes acceptance of the revised Policy. If you do not agree with the updated Policy, you must stop using the Service.