This Privacy Policy outlines how CMDR collects, uses, stores, and protects personal information and how users can exercise their rights under applicable data protection laws, including California and Nevada-specific regulations.

The CMDR platform is a web platform designed to help engineering leaders support their organizations. The CMDR platform is operated by CMDR Inc. (“CMDR,” “we,” “us”). We are committed to protecting the privacy of your personal information, and we have provided this policy to our users (collectively, “you,” “your”) of the types of information we collect, and the ways in which we will use and disclose it. By accessing or using the CMDR platform, you agree to the terms of this Privacy Policy. CMDR operates from the United States and its services are intended for use in the United States. We do not market our services to residents or carry out operations in regions outside of the US, including, but not limited to the European Economic Area. If you are located outside the United States, the information you provide to us is transmitted and processed in the United States, and it will be protected subject to this Privacy Policy and applicable laws, which may not be as protective as the laws in your country. By using CMDR, you agree to this

We store and maintain OAuth access tokens, refresh tokens, access token expiry, client user IDs, and reports generated using CMDR encrypted in our database. Additionally, log data is collected for 30 days and then deleted.

We use this data to:

• Authenticate users and provide access to CMDR.
• Monitor usage patterns and improve our services
• Comply with legal obligations.

When you use CMDR, our servers automatically record information sent from your browser. Log Data may include information such as your computer's Internet Protocol (IP) address, browser type, machine model, activity you engage in on our pages, the referring URL, and access times and dates. We use this information to monitor, analyze, use of, and administer CMDR, and to better tailor CMDR to your needs.

As a user of our platform, you have certain rights regarding your personal data under applicable data protection laws. These rights include:

• Right to Access
  You have the right to request a copy of the personal data we hold about you, including details about how we process your data. You can do this by contacting us directly.
• Right to Rectification
  ‍If you believe that any information we hold about you is incorrect or incomplete, you have the right to request that we correct or complete this information.
• Right to Erasure
  ‍You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
• Right to Restrict Processing
  ‍You may request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data.
• Right to Data Portability
  ‍You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, or to transfer this data directly to another service provider, where technically feasible.
• Right to Object
  ‍You may request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data.

• In compliance with the CCPA, California residents have the right to request disclosure of the specific pieces of personal information we collect about them.
• Under Nevada law (NRS 603A), residents may opt out of the sale of their personal information.

We may share your personal data with third-party subprocessors to provide and improve our services. These subprocessors may process data on our behalf in accordance with our instructions and applicable laws. The following are the subprocessors we use:

• Google Cloud Platform: We rely on Google Cloud Platform (GCP) to provide the infrastructure and services required to operate our applications, store data, and process information. GCP is a trusted third-party provider that complies with industry standards for data security and privacy, including ISO 27001, SOC 2, and GDPR compliance.
  Specifically, GCP is used for:
  Data Storage: Data is stored securely in GCP's data centers.
  Data Processing: Processing activities necessary for delivering our services.