Privacy and Data Handling Policy

Effective Date: September 1, 2025
Last Updated: October 22, 2025

​

1. Introduction

Saydar LLC (“Saydar,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal data entrusted to us. This Privacy and Data Handling Policy explains how we collect, use, store, share, and dispose of personal and business information in the course of delivering our software and logistics services.

This policy applies to all customers, partners, employees, contractors, and third parties who interact with Saydar systems and services. It also governs all personal data processed within our enterprise resource planning (ERP) platform, integrations, and related applications.

​

2. Data We Collect

We collect only the information necessary to provide our services. This may include:

• Identity information: Full name, organisation name, and account identifiers.

• Contact information: Email addresses, telephone numbers, and physical addresses.

• Transaction information: Order details, shipping information, and delivery status.

• System usage information: Logs, metadata, and technical records generated by use of our applications.

We do not collect or process financial account numbers or payment card data.

​

3. Purpose of Processing

We process personal and business data strictly for the following purposes:

• Order fulfilment and logistics coordination.

• Generation of shipping labels and package tracking.

• Providing customer and partner support.

• Improving the performance, security, and reliability of our applications.

• Meeting legal, tax, and compliance obligations.

We never sell personal data to third parties.

​

4. Legal Basis

Our processing activities are based on:

• Contractual necessity: To fulfil orders and deliver services.

• Legitimate interest: To ensure system security, prevent fraud, and maintain business continuity.

• Legal obligations: To comply with applicable laws and regulatory requirements.

• Consent: When explicitly provided by customers or partners for optional features.
   

5. Data Storage and Security Controls

• Data is stored exclusively in Microsoft Azure data centres located in the United States.

• All data at rest is encrypted with AES-256 encryption.

• Data in transit is protected with TLS 1.2 or higher.

• Access is restricted using multi-factor authentication (MFA) and role-based access control (RBAC).

• Activity is logged and monitored through Azure Sentinel and Application Insights.
   

6. Data Retention and Disposal

• Personal data is retained only as long as necessary to fulfil its processing purpose.

• Order and shipping information is normally retained for no longer than 30 days post-fulfilment unless longer retention is required by law.

• At end of life, data is securely deleted or sanitised using industry-standard deletion methods.

• Backups are encrypted and follow the same retention and disposal schedule.
   

7. Data Sharing and Subprocessors

We share limited data with trusted third parties only where required to deliver our services. These include:

• Cloud hosting providers (Microsoft Azure).

• Logistics and shipping providers (e.g., FedEx, UPS, USPS).

All subprocessors are bound by contractual obligations to process data securely and only for the purposes specified.

​

8. Employee and Contractor Access

• Employees and contractors are individually identified and authenticated through corporate single sign-on.

• Multi-factor authentication is required for all privileged accounts.

• Access to data is granted strictly on a least-privilege, need-to-know basis.

• Access rights are reviewed quarterly and revoked immediately upon role change or termination.
   

9. Logging, Monitoring, and Incident Response

• We maintain comprehensive logs of application, infrastructure, and security events.

• Logs are immutable, centrally collected, and retained for at least 90 days.

• Automated alerts notify the security team of suspicious activity.

• Our Incident Response Plan includes: identification, containment, eradication, recovery, and notification to stakeholders and regulators if required.
   

10. Credentials and Password Management

• All user accounts must use strong passwords (minimum 12 characters with complexity).

• Passwords are rotated regularly and blocked against known compromised credentials.

• Multi-factor authentication is enforced across all systems.

• Secrets and credentials are stored in Azure Key Vault with automatic rotation and access logging.
   

11. Vulnerability and Change Management

• We perform vulnerability scans and penetration tests at least every 180 days.

• Issues are prioritised by severity and tracked to closure in a central ticketing system.

  • Critical issues: remediated within 15 days.

  • High severity issues: remediated within 30 days.

• Fixes are validated by re-scanning prior to release.

• All changes are subject to peer review, testing in a non-production environment, and formal approval.
   

12. Data Subject Rights

Individuals whose data we process have the right to:

• Request access to their personal data.

• Request correction of inaccurate or incomplete data.

• Request deletion of their data once it is no longer necessary for service provision.

• Request details about how their data is used and shared.

Requests can be submitted to privacy@oodlecloud.com and will be addressed in accordance with applicable data protection laws.
 

13. Governance and Enforcement

• This policy is reviewed at least annually and updated as needed.

• All Saydar personnel handling personal data must complete data protection and security awareness training.

• Violations of this policy are subject to disciplinary action, up to and including termination.
   

14. Contact

For any questions or requests relating to this policy, please contact:

Data Protection Officer
Saydar LLC
Email: privacy@saydarcloud.com