Privacy Policy

1.Plain-language summary

Exekra is a workflow automation platform that runs on your own infrastructure. The Hub server, Runners, and the database that stores your workflows and credentials all live in your network or on machines you control. As a result, we do not see, store, or process the content of your automations, the data they handle, or the credentials you store in the Hub.

We do collect a small amount of information about the organizations and individuals who interact with us through exekra.com, our customer portal, and our sales process. This policy explains what we collect, why, how long we keep it, and what rights you have over it.

2.Who we are

Exekra is operated from Accra, Ghana. For the purposes of applicable data-protection laws, including the Ghana Data Protection Act, 2012 (Act 843), the EU General Data Protection Regulation (GDPR), and the UK GDPR, Exekra is the data controller for personal data we collect through our marketing site, our customer portal, and our sales communications.

When customers run the Exekra Hub on their own infrastructure and use it to automate work that involves personal data, the customer is the data controller for that data and Exekra is not a processor for it. Exekra is designed so that workflow contents and customer automation data remain within infrastructure controlled by the customer.

Contact for any privacy-related question or request: [email protected].

3.What we collect and why

We collect personal data in three distinct contexts. Each is bounded.

3.1 Marketing-site interactions

• Contact and demo forms: name, business email, phone (optional), job title, company name, country, team size, area of interest, and the message you write. We use this to respond to your inquiry and to follow up about your evaluation. Legal basis: legitimate interest in conducting sales.
• Newsletter signups: your email address. We send occasional product updates and automation tips. You can unsubscribe at any time using the link in any email. Legal basis: consent, which you can withdraw at any time.
• Site analytics: page views, referrers, approximate location derived from IP, browser and device type, and time spent on pages. We use this to understand which content is useful and to improve the site. Legal basis: legitimate interest in product improvement. We do not build advertising profiles or sell this data.

3.2 Customer portal accounts

• Account information: email address, organization name, a securely hashed password, and administrative role information.
• License records: license key, capacity caps (unattended runners, Studio developer seats, attended users), expiry date, organization the license belongs to, and a non-reversible installation identifier used for license validation, derived when the Hub is first activated.
• License-download records: the timestamp and IP address each time a licensed bundle is downloaded from the portal. Used for fraud-detection and entitlement auditing.
• Audit logs: administrative actions performed in the portal (user ID, action, resource, IP address, timestamp). Used to investigate security incidents and account misuse.
• License validation pings: your Hub sends periodic license validation requests to our portal containing the license key and the installation identifier to confirm the license is still active. The portal verifies the request and responds; under normal operation these requests are not used to collect workflow content, runner activity, or customer business data, and we do not intentionally retain per-ping records.

Legal basis for portal data: performance of the contract to provide you with a licensed copy of Exekra. Where the same data is used to detect license abuse or unauthorized duplication, the basis is our legitimate interest in protecting the product and our paying customers.

3.3 Support, sales, and docs feedback

When you email support or sales, we retain the contents of the exchange in our email system. When you open a ticket inside the customer portal, we store the ticket subject, message body, ratings, and any files you attach on the portal server. Legal basis: legitimate interest in operating customer support and sales.

When you vote on a documentation page, we store the page slug, your vote, an optional comment, and a one-way cryptographic hash of your IP address and user-agent. The hash lets a visitor change their vote on a page without letting us re-identify them; we do not store the raw IP or user-agent. Legal basis: legitimate interest in improving documentation.

4.What we deliberately do not collect

Because Exekra is on-premise, the platform is designed so that the following do not reach Exekra under normal operation:

• The contents of your workflows, including activity definitions, conditions, schedules, and inputs
• The credentials, secrets, API keys, or connection strings you store in the Hub
• Files, documents, screenshots, or browser data your Runners process
• The contents of your PostgreSQL database, including execution logs, audit trails, and run history
• The contents of any third-party system your automations connect to

If you choose to share specific information with us during support (a screenshot, a workflow export, a log excerpt), we will treat it as support correspondence under section 3.3.

5.Cookies

exekra.com uses a small number of first-party cookies for essential functionality (signed-in session, form CSRF protection) and aggregated analytics. We do not use third-party advertising or cross-site tracking cookies.

You can disable cookies in your browser; doing so will sign you out of the customer portal and may break parts of the site that rely on session state.

6.Sub-processors

We use a small set of vetted vendors to operate exekra.com and the customer portal. Each receives only the data it needs to perform its function:

Certain providers may process data in the United States or other jurisdictions where they operate infrastructure.

We may update this list from time to time and will provide reasonable notice of material changes where required by applicable law or contract.

To receive notifications about sub-processor changes, ask during procurement or email [email protected] and we will add you to the notification list.

7.International data transfers

Some of our sub-processors are based in the United States. For personal data originating in the European Economic Area, the United Kingdom, or jurisdictions with similar transfer rules, we execute Standard Contractual Clauses (Module 2, Controller-to-Processor) with each affected sub-processor and conduct a transfer impact assessment before onboarding them.

Customers running the Hub on-premise control where their own data resides, and Exekra is not designed to receive or transfer that data under normal operation.

8.How long we keep data

• Contact and demo inquiries: up to 24 months after our last meaningful exchange, then deleted unless you have become a customer.
• Newsletter subscriptions: until you unsubscribe.
• Customer accounts and licenses: for the duration of the contract plus 6 years for tax and audit purposes (Revenue Administration Act, 2016, Act 915, s. 27).
• License validation pings: under normal operation, the portal verifies and discards each request without retaining per-ping records.
• Audit logs and license-download records: 24 months, then deleted or anonymized.
• Docs feedback votes: 12 months in raw form (with the voter hash, never the raw IP); aggregated counts retained indefinitely.
• Site analytics: 14 months in aggregated form.
• Support correspondence: up to 36 months after the issue is closed.

9.Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct data that is inaccurate or incomplete
• Have your data deleted, subject to legal retention obligations
• Object to or restrict our processing
• Receive your data in a portable format
• Withdraw consent at any time without affecting prior processing
• Lodge a complaint with a data protection authority. Ghanaian residents may contact the Ghana Data Protection Commission. EU and UK residents may contact their national supervisory authority.

To exercise any of these rights, email [email protected]. We aim to respond within 30 days. We may need to verify your identity before fulfilling certain requests.

10.Security

We use industry-standard technical and organizational safeguards designed to protect the personal data we hold, including encryption in transit, access controls, authentication protections, logging, backup and recovery procedures, and least-privilege administrative access.

The self-hosted Exekra Hub and Runners are designed so that they do not transmit workflow telemetry, execution data, crash reports, or product usage analytics to Exekra except for the limited license validation requests described in section 3.2.

Additional technical detail about our security architecture is available in our security overview and, for enterprise customers under appropriate agreements, through our security review process. Despite these measures, no system is completely secure. If you believe your account has been compromised, contact [email protected] immediately.

11.Children

Exekra is a business product. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently received such data, contact us and we will delete it.

12.Changes to this policy

We may update this policy as our product and the legal landscape evolve. The effective date at the top of the page reflects the most recent change. For material changes affecting active customers we will provide reasonable advance notice by email or in-product notification.

13.Contact

Questions, concerns, or requests under this policy: [email protected].