Privacy Policy
SmiKar Software Pty Ltd (“SmiKar”, “we”, “our”, or “us”) is a global provider of enterprise SaaS solutions, including Squirrel (SharePoint Online archiving), Chipmunk (departed user archiving), Nutshell (AI summarisation add-on), and a suite of Azure and VMware management tools. We are committed to safeguarding personal information and ensuring that customer content remains under customer control.
This Privacy Policy describes the types of information we collect, how we use and share that information, the measures we apply to protect it, and the rights available to individuals under applicable privacy laws. Our practices are aligned with international standards, including the General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Australian Privacy Principles (APPs).
Information We Collect
We collect personal information in order to deliver, support, and improve our services. Information is gathered both directly from customers and automatically when our services are used.
Information you provide directly may include your name, email address, phone number, company details, job title, usernames and login credentials, subscription preferences, billing details, and licensing information such as product keys or entitlement data.
We also collect information automatically through product usage and our websites. This may include telemetry data, such as error logs and performance statistics, IP address (region only), browser and device type, and anonymised crash reports.
When you use our products within your IT environment, certain metadata is processed to provide core functionality. For example, Squirrel processes SharePoint metadata and file structures, Chipmunk processes Microsoft 365 account and storage metadata, Nutshell generates summaries of archived documents (without storing the original content), and our Azure/VMware tools access virtual machine configuration and resource identifiers.
We do not knowingly collect sensitive categories of personal data such as health, biometric, or financial information. Customer content always remains under the control of the customer.
How We Use Information
We use personal information only for legitimate business purposes and in compliance with applicable law. Our primary purpose is to deliver and support our products and services. This includes operating our archiving and management tools, providing technical support, processing billing, and managing customer accounts.
We also use information to improve our offerings by analysing usage trends, resolving technical issues, and developing new features. Information may also be used to ensure compliance with licensing terms, prevent misuse, and maintain the security of our services.
In addition, we may use contact details to send important service announcements, renewal reminders, and updates. Marketing communications are only sent where consent has been obtained or where permitted under applicable law, and you may opt out at any time.
Sharing and Disclosure
SmiKar does not sell personal information. We only share personal data in limited circumstances where it is necessary to provide our services, where we have a legal obligation, or where you have given consent.
We may share information with trusted service providers, including Microsoft Azure for hosting and archiving, payment processors for license purchases, support and ticketing platforms, and communication providers used for product updates. Integration partners such as resellers or consultants may also receive information where they are directly involved in service delivery.
We may disclose information to government authorities if required by law or to protect the rights, property, or safety of SmiKar, our customers, or others. In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction.
Data Security
Protecting customer data is a fundamental part of our operations. We employ enterprise-grade security measures that include encryption of data in transit using TLS 1.2 or higher, and encryption of data at rest using AES-256 standards. Access to data is restricted by role-based access controls that enforce the principle of least privilege.
We monitor our systems for security threats and maintain incident response procedures to address potential issues. Our employees receive security awareness training, and third-party providers are subject to due diligence and contractual obligations to ensure adequate protection. Importantly, SmiKar products do not persistently store customer infrastructure credentials, and customer content archived with our products remains in customer-controlled Azure tenants.
For more information about our technical and organisational security measures, please refer to our Data Protection and Information Security Standards.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy or to meet legal, tax, or regulatory requirements. Customer account information is typically kept for the duration of the business relationship plus seven years, in line with financial and compliance obligations.
Support tickets are retained for two years after resolution to assist with continuity of service. Telemetry logs are retained for up to 90 days, with anonymisation occurring after 30 days. Marketing preference data is retained until you unsubscribe or request deletion.
Archived content managed by Squirrel, Chipmunk, or related tools is retained according to customer configuration and remains entirely under the customer’s control within their Azure tenant.
Your Rights
Depending on your location, you may have rights under applicable privacy laws to access, correct, or delete personal information held by SmiKar. You may also have the right to restrict processing, object to certain uses of your data, request portability of your information, or withdraw consent to marketing communications.
We are committed to honouring these rights to the extent required by law. Requests may be submitted to support@smikar.com, and we may ask for identity verification before fulfilling such requests.
Cookies and Tracking
Our websites use cookies and similar technologies to provide essential functionality, enhance user experience, and analyse performance. Essential cookies support features such as secure logins and session management. Analytics cookies, including those provided by Google Analytics and Azure Insights, help us understand website usage and improve performance. Preference cookies may be used to remember user settings.
You can manage or disable cookies through your browser settings; however, some features of our websites may not function properly without them.
Children’s Privacy
Our products and services are intended for business and enterprise use. We do not knowingly collect personal information from children under the age of 16. If we become aware that such information has been collected, we will delete it promptly.
Third-Party Links
Our websites and products may contain links to third-party services, such as Microsoft or VMware portals. These external sites are not operated or controlled by SmiKar, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our products, legal requirements, or business practices. When changes are made, we will update the “Last Reviewed” date at the top of this page. Where changes are material, we may also notify customers directly, such as via email or in-product alerts.
Regional Privacy Disclosures
European Union & United Kingdom (GDPR/UK GDPR)
If you are based in the EU or UK, you are entitled to specific rights under the GDPR and UK GDPR. These include the right to access, rectify, and delete personal data, to request data portability, to restrict or object to processing, and to withdraw consent at any time. Our legal bases for processing include consent, performance of a contract, legal obligations, and legitimate interests. You also have the right to lodge a complaint with your supervisory authority. Our Data Protection Officer can be contacted at support@smikar.com.
United States – California (CCPA/CPRA)
If you are a California resident, you have rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to request deletion of that information, the right to opt out of its sale or sharing (SmiKar does not sell personal information), and the right to be free from discrimination for exercising your privacy rights.
Australia (Privacy Act 1988 & APPs)
As an Australian company, we also comply with the Privacy Act 1988 and the Australian Privacy Principles. Australian residents may request access to their personal information, request corrections, and lodge complaints regarding our handling of data by contacting support@smikar.com.
Other Jurisdictions
We will comply with privacy laws in other regions where we operate and will apply contractual and technical safeguards where required for cross-border transfers.
Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us using the details below:
SmiKar Software Pty Ltd
Email: support@smikar.com
Website: www.smikar.com
Address: 470 StKilda Road, Melbourne, Victoria, Australia 3004
Consent
By using SmiKar products and services, you acknowledge and agree to this Privacy Policy, except where prohibited or restricted by law.