Privacy Policy

1. Plain-language summary

Exekra is a workflow automation platform that runs on your own infrastructure. The Hub server, Runners, and the database that stores your workflows and credentials all live in your network or on machines you control. As a result, we do not see, store, or process the content of your automations, the data they handle, or the credentials you store in the Hub.

We do collect a small amount of information about the organizations and individuals who interact with us through exekra.com, our license portal, and our sales process. This policy explains what we collect, why, how long we keep it, and what rights you have over it.

2. Who we are

Exekra is operated from Accra, Ghana. For the purposes of applicable data-protection laws, including the Ghana Data Protection Act, 2012 (Act 843), the EU General Data Protection Regulation (GDPR), and the UK GDPR, Exekra is the data controller for personal data we collect through our marketing site, our license portal, and our sales communications.

When customers run the Exekra Hub on their own infrastructure and use it to automate work that involves personal data, the customer is the data controller for that data and Exekra is not a processor for it. We never receive a copy of it.

Contact for any privacy-related question or request: [email protected].

3. What we collect and why

We collect personal data in three distinct contexts. Each is bounded.

3.1 Marketing-site interactions

• Contact and demo forms: name, business email, phone (optional), job title, company name, country, team size, area of interest, and the message you write. We use this to respond to your inquiry and to follow up about your evaluation. Legal basis: legitimate interest in conducting sales.
• Newsletter signups: your email address. We send occasional product updates and automation tips. You can unsubscribe at any time using the link in any email. Legal basis: consent, which you can withdraw at any time.
• Site analytics: page views, referrers, approximate location derived from IP, browser and device type, and time spent on pages. We use this to understand which content is useful and to improve the site. Legal basis: legitimate interest in product improvement. We do not build advertising profiles or sell this data.

3.2 License portal accounts

• Account information: name, email address, organization name, hashed password, and role (super-admin or organization-admin).
• License records: license key, runner limit, expiry date, organization the license belongs to, and a hub fingerprint computed from your server when the Hub is first activated.
• License validation pings: once per hour your Hub sends our portal the license key and the hub fingerprint to confirm the license is still active. We store the timestamp of the most recent validation. We do not log workflow content, runner activity, or any business data with this ping.

Legal basis for portal data: performance of the contract to provide you with a licensed copy of Exekra and to enforce its terms.

3.3 Support and sales communications

When you email support or sales, we retain the contents of the exchange in our email system and our sales tooling. Legal basis: legitimate interest in operating customer support and sales.

4. What we deliberately do not collect

Because Exekra is on-premise, the following never reach us under normal operation:

• The contents of your workflows, including activity definitions, conditions, schedules, and inputs
• The credentials, secrets, API keys, or connection strings you store in the Hub
• Files, documents, screenshots, or browser data your Runners process
• The contents of your PostgreSQL database, including execution logs, audit trails, and run history
• The contents of any third-party system your automations connect to

If you choose to share specific information with us during support (a screenshot, a workflow export, a log excerpt), we will treat it as support correspondence under section 3.3.

5. Cookies

exekra.com uses a small number of first-party cookies for essential functionality (signed-in session, form CSRF protection) and aggregated analytics. We do not use third-party advertising or cross-site tracking cookies.

You can disable cookies in your browser; doing so will sign you out of the license portal and may break parts of the site that rely on session state.

6. Sub-processors

We use a small set of vetted vendors to operate exekra.com and the license portal. Each receives only the data it needs to perform its function:

We will provide customers with at least 30 days' prior notice of any material change to this list, including the addition of a new sub-processor or a meaningful change in the categories of personal data a sub-processor handles. Customers may object to a proposed change during the notice period; if a reasonable alternative cannot be agreed, the customer may terminate the affected service for the remainder of the term.

To receive these notifications, ask during procurement or email [email protected] and we will add you to the notification list.

7. International data transfers

Exekra is operated from Ghana. Some of our sub-processors are based in the United States. For personal data originating in the European Economic Area, the United Kingdom, or jurisdictions with similar transfer rules, we rely on Standard Contractual Clauses or equivalent safeguards published by our sub-processors.

Customers running the Hub on-premise control where their own data resides. We do not transfer it.

8. How long we keep data

• Contact and demo inquiries: up to 24 months after our last meaningful exchange, then deleted unless you have become a customer.
• Newsletter subscriptions: until you unsubscribe.
• Customer accounts and licenses: for the duration of the contract plus 7 years for tax and audit purposes (Ghana Internal Revenue Act).
• License validation pings: rolling 90 days, then aggregated to monthly counts.
• Site analytics: 14 months in aggregated form.
• Support correspondence: up to 36 months after the issue is closed.

9. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct data that is inaccurate or incomplete
• Have your data deleted, subject to legal retention obligations
• Object to or restrict our processing
• Receive your data in a portable format
• Withdraw consent at any time without affecting prior processing
• Lodge a complaint with your data protection authority

To exercise any of these rights, email [email protected]. We aim to respond within 30 days. We may need to verify your identity before fulfilling certain requests.

10. Security

We protect the data we hold using a layered set of technical and organizational measures:

• TLS encryption for all traffic between your browser, our portal, and your Hub
• Cryptographic signing of license files
• HMAC-protected license cache on each Runner, keyed against the operating system's protected storage
• V8 bytecode compilation of the Hub backend, Runner main process, and installer scripts to reduce tampering surface
• Per-environment, scoped API keys with rotation
• Principle-of-least-privilege access for the small team that operates the portal
• Encrypted backups with off-site replication

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact [email protected] immediately.

11. Children

Exekra is a business product. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently received such data, contact us and we will delete it.

12. Changes to this policy

We may update this policy as our product and the legal landscape evolve. The effective date at the top of the page reflects the most recent change. For material changes affecting active customers we will provide reasonable advance notice by email or in-product notification.

13. Contact

Questions, concerns, or requests under this policy: [email protected].

Postal address available on request to [email protected] for matters that require it.