Privacy Policy Last updated: May 31, 2026

Protecting Your Privacy

We are committed to the highest standards of privacy and data protection for all users of the Stodacom Desktop platform.

GDPR Compliant
Google API Limited Use
No Data Selling
Stodacom Desktop ("we", "our", "us") operates the platform at https://stodacomdesktop.com. This Privacy Policy explains how we collect, use, store, share, and protect both general user data and Google user data obtained through OAuth. We encourage you to read this policy in full.
1. Information We Collect
The types of personal information we collect and how.
AGoogle User Data (via OAuth)
Limited Scope Access
When you sign in with Google, we may access only the following:
Your Google account email address
Your full name
Your Google profile image URL
Your Google account unique identifier
We do NOT access Gmail content, Google Drive files, Google Calendar, contacts, or any sensitive Google API data beyond what is listed above.
BAccount & Profile Information
Basic Information
Your name, email address, and username
Security Information
4-digit PIN stored as bcrypt hash — never in plaintext
Subscription Data
Plan type, status, and billing period
CUsage Data
IP Address
For security and fraud detection
Device Info
Browser type and operating system
Usage Analytics
Anonymized feature usage and page views
Error Logs
System errors to support platform stability
DCookies

We use secure cookies for essential platform functions only:

Authentication
Secure login sessions
Session Management
Maintain user preferences
CSRF Security
Protect against forgery attacks

For full details, see our Cookie Policy.

2. How We Use Your Information
The purposes for which we process your personal data.
Account Management
Create and manage your user account, authenticate via Google OAuth or PIN
Service Delivery
Provide risk reports, dashboards, notifications, and platform features
Security & Fraud Prevention
Detect and prevent unauthorized access and security threats
Communication
Send service updates, security alerts, and required account messages
Platform Improvement
Analyse anonymized usage patterns to improve features and performance
Legal Compliance
Meet obligations under applicable data protection law
Our Commitment
We NEVER sell your data or use it for advertising. Your data is used solely to provide and improve our services.
3. How We Share Data
We do not sell or rent personal data. Limited sharing only.
Trusted Service Providers
Only for the specific service purpose, never beyond
Hosting
Infrastructure and server hosting
Email Delivery
Transactional email services
Notifications
Push notification delivery
Error Logging
Platform stability monitoring

Partners may only use data as instructed and are bound by strict contractual data protection obligations.

Legal Disclosure: We may disclose data only when legally required:

To comply with applicable laws or regulations
In response to lawful court orders or government requests
To prevent fraud, abuse, or threats to user safety
4. Data Storage & Security
How we protect your information.

All data is stored on secure servers within controlled environments. We implement industry-standard security measures including:

TLS Encryption
All data transmitted over HTTPS/TLS 1.2+
Encrypted Storage
Sensitive fields encrypted at rest
Access Controls
Role-based access to user data
Audit Logging
Full audit trail for data access

While we employ best practices, no digital system is 100% secure. In the event of a data breach, we will notify affected users in accordance with applicable data protection law.

5. Data Retention
How long we keep your information.

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. Our default retention periods are:

Account Data
Retained for the lifetime of your account plus 90 days after deletion
Usage Logs
Retained for up to 90 days, then automatically purged
Audit Logs
Retained for up to 2 years for compliance and security purposes
Legal Records
Retained as required by applicable Ugandan and international law

You may request earlier deletion of your data at any time. See Section 6 below.

6. Data Deletion Requests
Your right to erasure under GDPR.

You have the right to request deletion of your personal data at any time. To submit a deletion request:

Submit a request through the Privacy Request page in your account settings
Email privacy@stodacom.com with the subject "Data Deletion Request"
We will process your request within 30 days and confirm completion by email

Some data may be retained beyond your deletion request where required by law or for legitimate fraud-prevention purposes. We will inform you of any such exceptions.

7. Google OAuth Compliance
Our commitment to Google's Limited Use requirements.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

We only request the minimum scopes necessary (email, profile, openid)
Google data is used only to authenticate users and populate their profile
We do not transfer Google user data to third parties for advertising
We do not use Google data to build user profiles beyond the platform
Humans at Stodacom Africa do not read your Google data unless you explicitly consent or for security purposes
8. Your Rights
Your rights under GDPR and applicable data protection law.
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data
Right to Restrict
Limit how we process your data in certain circumstances
Right to Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@stodacom.com or use the Privacy Request page. We will respond within 30 days.

9. Changes to This Policy
How we handle updates to this document.

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users via the platform and update the "Last updated" date at the top of this document. We encourage you to review this policy periodically.

Continued use of the platform after changes are published constitutes your acceptance of the updated policy. If you do not agree with the changes, you may request deletion of your account and data.

10. Contact Information
How to reach us with privacy-related questions.
Stodacom Desktop
Plot 1 Pilington Road
Workers House, Kampala, Uganda
General Inquiries
info@stodacom.com
+256 393 289 208
Data Protection Officer
privacy@stodacom.com
Response within 30 days