Last Updated Oct 18th 2023
These Data privacy FAQ apply to all Savazar Solutions/Offerings offered through Savazar.com, Digihubpro.com, Digihubevents.com, Digihubtraining.com and Fossone.com.
At Savazar, customer trust is our top priority. Savazar continually monitors the evolving privacy regulatory and legislative landscape to identify changes and determine what tools our customers might need to meet their compliance needs. Maintaining customer trust is an ongoing commitment. We strive to inform you of the privacy and data security policies, practices, and technologies we’ve put in place. Our commitments include:
Access:
As a customer, you maintain full control of your content that you upload or provide to the Savazar services under your Savazar account, and responsibility for configuring access to Savazar services and resources. We provide an advanced set of access, encryption, and logging features to help you do this effectively. We do not access or use your content for any purpose without your agreement. We never use your content or derive information from it for marketing or advertising purposes.
Storage:
By default all our solutions/offerings are hosted in US / India. For Customers who need to have their storage in other regions, you will have option to choose the region in which your content is stored. You can replicate and back up your content in more than one Savazar Region. We will not move or replicate your content outside of your chosen Savazar Region(s) except as agreed with you.
Security:
You choose how your content is secured. We offer you industry-leading encryption features to protect your content in transit and at rest, and we provide you with the option to manage your own encryption keys. These data protection features include:
Data encryption capabilities available all of the Savazar services where it is required or applicable.
Flexible key management options using Key Management Service as per the hosting/services provider, allowing customers to choose whether to have Savazar manage their encryption keys or enabling customers to keep complete control over their keys.
Disclosure of customer content:
We will not disclose customer content unless we’re required to do so to comply with the law or a binding order of a government body. If a governmental body sends Savazar a demand for your customer content, we will attempt to redirect the governmental body to request that data directly from you. If compelled to disclose your customer content to a government body, we will give you reasonable notice of the demand to allow the customer to seek a protective order or other appropriate remedy unless Savazar is legally prohibited from doing so.
Security Assurance:
We have a security assurance program that uses best practices for global privacy and data protection to help you operate securely within Savazar, and to make the best use of our security control environment. These security protections and control processes are independently validated by multiple third-party independent assessments.
What is Customer Content ?
We define customer content as software (including machine images, virtual machines, containers, ), data, text, audio, video, or images that a customer or any end user transfers to us for processing, storage, or hosting by Savazar services in connection with a customer’s account, and any computational results that a customer or their end user derives from the foregoing through their use of services. For example, customer content includes content that a customer or their end user stores in the websites, apps, media and other applications/portals etc.,). Customer content does not include account information, which we describe below. Customer content also does not include information included in resource identifiers, metadata tags, usage policies, permissions, and similar items related to the management of Savazar resources. The terms of the Savazar Customer Agreement and the Savazar Service Terms apply to your customer content.
What is account information ?
We define account information as information about a customer that a customer provides to us in connection with the creation or administration of a customer account. For example, account information includes names, usernames, phone numbers, email addresses, and billing information associated with a customer account. The information practices described in the Savazar Privacy Notice apply to account information.
Who owns Customer Content ?
As a customer, you own your customer content, and you select which Savazar services can process, store, and host your customer content. We do not access or use your customer content for any purpose without your agreement. We do not use customer content or derive information from it for marketing or advertising.
How do you use my account information ?
The Savazar Privacy Notice describes how we collect and use account information. We know that you care how account information is used, and we appreciate your trust that we will do so carefully and sensibly.
What happens when Savazar receives a legal request for customer content ?
We are vigilant about our customers’ privacy. We will not disclose customer content unless we’re required to do so to comply with the law or a binding order of a governmental body. If a governmental body sends Savazar a demand for customer content, we will attempt to redirect the governmental body to request that data directly from the customer. Governmental and regulatory bodies need to follow the applicable legal process to obtain valid and binding orders. We review all orders and object to overbroad or otherwise inappropriate ones. If compelled to disclose customer content to a government body, we will give customers reasonable notice of the demand to allow the customer to seek a protective order or other appropriate remedy unless Savazar is legally prohibited from doing so. It is also important to point out that our customers can encrypt their customer content, and we provide customers with the option to manage their own encryption keys.
Where is the customer content stored ?
Savazar gives you the flexibility of choosing how and where you want to store your content and Savazar services. If you would like to run your applications globally you can choose from any of the available Savazar regions. As a customer, you choose the region in which your customer content is stored, allowing you to deploy Savazar services in the location(s) of your choice, in accordance with your specific geographic requirements.
You can replicate and back up your customer content in more than one region. We will not move or replicate your content outside of your chosen region(s) without your agreement, except in each case as necessary to comply with the law or a binding order of a governmental body. However, it is important to note that all Savazar services may not be available in all regions.
What is my role in securing my content ?
When evaluating the security of the solution/offering, it is important for you to understand and distinguish between the security of the Savazar hosting where your solution/offering/service is hosted/provided and your security in the context of where your data is hosted.
Security of the Savazar hosting/support encompasses the security measures that Savazar implements and operates.
Security in the cloud (hosting) encompasses the security measures that you implement and operate, related to the Savazar services you use. You are responsible for your security in the cloud (private/public/hybrid) for the content, data and services that you are using or offering to your customer.
What steps does Savazar take to protect my privacy ?
At Savazar, our highest priority is securing our customers’ data, and we implement rigorous contractual, technical and organizational measures to protect its confidentiality, integrity, and availability.
Savazar solutions/offerings and the Third party providers providing the hosting and support services are aligned to comply with standards like ISO 27018, a code of practice that focuses on protection of personal data in the cloud. It extends ISO information security standard 27001 to cover the regulatory requirements for the protection of personally identifiable information (PII) or personal data for the public cloud computing environment and specifies implementation guidance based on ISO 27002 controls that is applicable to PII processed by public cloud service providers.