Sterrasol Legal

Cookie Policy

https://sterrasol.ai

Sterra Solutions LLC

1. Introduction and Scope

This Cookie Policy ("Policy") sets out how Sterra Solutions LLC ("we", "us", "our") uses cookies and similar tracking technologies on https://sterrasol.ai and any associated subdomains, web applications, APIs, and mobile interfaces (collectively, the "Platform").

This Policy forms part of, and should be read alongside, the Privacy Policy published at https://sterrasol.ai/privacy-policy. In the event of inconsistency between this Policy and the Privacy Policy on matters relating to cookies, this Policy takes precedence.

This Policy applies to all visitors, registered users, clients, freelancers, and other persons who access the Platform, irrespective of jurisdiction. Where applicable law imposes specific requirements in relation to cookies including the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations (PECR), India's Digital Personal Data Protection Act 2023 (DPDPA), or US state privacy statutes those requirements apply as detailed in Section 10 of this Policy.

Consent model: Only Strictly Necessary cookies are active by default. All other categories, analytics, Functional, and Marketing are disabled until the user provides explicit, informed consent via the Cookie Consent Banner. Consent may be withdrawn at any time via the "Cookie Settings" link in the Platform footer.

2. Definitions

In this Policy, the following terms have the meanings set out below:

"Cookie" means a small text file placed on a user's device by a website, which is retrieved on subsequent visits to allow the website to recognise the device or browser.

"First-Party Cookie" means a cookie set directly by the Platform operator (i.e., by us).

"Third-Party Cookie" means a cookie set by a party other than the Platform operator, typically via a third-party service embedded in or connected to the Platform.

"Strictly Necessary Cookie" means a cookie that is essential to the functioning of the Platform and cannot be disabled without impairing core services.

"Consent" means a freely given, specific, informed, and unambiguous indication of the data subject's agreement, expressed by a clear affirmative act.

"Personal Data" has the meaning ascribed to it under the applicable privacy law of the relevant jurisdiction, including but not limited to any data that identifies or could identify a natural person.

"Tracking Technology" means any technology functionally equivalent to cookies, including web beacons, pixel tags, local storage, session storage, device fingerprinting, and mobile SDKs.

"CMP" means Consent Management Platform, the technology we use to record, manage, and honour user cookie consent choices.

3. Cookies and Similar Tracking Technologies

3.1 Cookies

Cookies are widely used by websites to operate efficiently, improve user experience, and generate reporting information. Cookies cannot execute code, deliver malicious software, or access files on your device beyond the information they were designed to store. Upon each visit to the Platform, the cookies previously set by the Platform are retrieved by your browser and sent to the Platform server.

3.2 Similar Tracking Technologies

In addition to traditional cookies, the Platform may use the following technologies that operate in a functionally similar manner:

(a) Web Beacons and Pixel Tags

Transparent single-pixel images embedded in web pages or emails that record whether a page or email has been opened, the IP address of the requesting device, the time of access, and the type of browser or email client used. Used for analytics and email engagement measurement.

(b) Local Storage and Session Storage

Browser-based storage mechanisms that hold data locally on the user's device on a persistent basis (Local Storage) or for the duration of a browsing session (Session Storage). Used for performance optimisation and preference storage where cookies are technically unsuitable.

(c) Device Fingerprinting

Collection of technical attributes of a user's device (such as browser version, installed fonts, screen resolution, time zone, and hardware configuration) to generate a pseudonymous device identifier. We use device fingerprinting strictly for fraud prevention and platform security. We do not use device fingerprinting for advertising profiling.

(d) Mobile SDK Tracking

In mobile applications, third-party software development kits (SDKs) may collect analytics and crash-reporting data in a manner functionally analogous to cookies. SDK-based data collection is governed by this Policy and our Privacy Policy.

3.3 Purposes of Use

We use cookies and similar technologies for the following purposes:

to ensure the Platform is operational, secure, and available;

to authenticate users and maintain session integrity;

to detect and prevent fraud, abuse, and unauthorised access;

to remember user preferences and personalisation settings;

to analyse aggregate user interactions with the Platform for improvement purposes;

to deliver relevant advertising to users who have provided consent to marketing cookies;

to fulfil legal obligations, including consent management and regulatory audit requirements.

4. Categories of Cookies

Consent Status: Strictly Necessary cookies are always active and do not require consent. Analytics, Functional, and Marketing cookies are disabled by default and require the user's prior consent before activation.

4.1 Strictly Necessary Cookies

Strictly necessary cookies are essential to the provision of services requested by the user on the Platform. Without these cookies, core functions including user authentication, account management, payment processing, and security mechanisms cannot operate. These cookies do not track users for marketing purposes and do not collect information about users for any purpose beyond enabling the requested service.

These cookies are exempt from the consent requirement under the EU ePrivacy Directive, the UK PECR, and equivalent national implementing legislation, on the basis that they are strictly necessary to deliver a service expressly requested by the user. Under India's DPDPA 2023, their processing falls within Legitimate Uses as defined in Section 7 of that Act. They cannot be disabled without rendering the Platform non-functional.

Cookie / Technology

Provider

Purpose

Classification

Retention

Opt-Out

session_id

First-party

Maintains authenticated session state across page requests. Deleted on browser close.

Strictly Necessary

Session

Not applicable

csrf_token

First-party

Prevents Cross-Site Request Forgery attacks on all form submissions.

Strictly Necessary

Session

Not applicable

auth_token

First-party

Keeps the user securely authenticated across requests without repeated credential entry.

Strictly Necessary

30 days

Not applicable

cookie_consent

First-party

Records consent choices to avoid re-prompting and to demonstrate regulatory compliance.

Strictly Necessary

12 months

Not applicable

load_balancer

First-party

Routes requests consistently to the correct server for session continuity.

Strictly Necessary

Session

Not applicable

Secure-2PSID

First-party

Security cookie for authenticated account sessions (Secure and HttpOnly flags set).

Strictly Necessary

2 years

Not applicable

4.2 Analytics and Performance Cookies

Analytics cookies collect information about how users interact with the Platform, for example, which pages are visited most frequently, where users leave the Platform, and whether error messages are encountered. This information is collected in aggregate and is not linked to any individual user. Its purpose is to enable us to understand usage patterns, diagnose technical problems, and improve Platform performance and usability.

Where third-party analytics providers are used, we have: (i) enabled IP address anonymisation; (ii) disabled advertising features and data sharing with advertising products; (iii) entered into a Data Processing Agreement (DPA) with each provider; and (iv) configured data retention to the minimum period operationally necessary.

These cookies require your prior consent before activation.

Cookie / Technology

Provider

Purpose

Classification

Retention

Opt-Out

_ga

Google Analytics 4

Assigns anonymous ID to distinguish users for aggregate usage analytics. IP anonymisation enabled.

Analytics

2 years

Yes, see Section 5

_ga_[ID]

Google Analytics 4

Maintains GA4 session state and event tracking for the configured property.

Analytics

2 years

Yes, see Section 5

_gid

Google Analytics 4

Distinguishes users within a 24-hour analytics session.

Analytics

24 hours

Yes, see Section 5

_gat_gtag_[ID]

Google Tag Manager

Throttles analytics request rate to prevent data flooding.

Analytics

1 minute

Yes, see Section 5

mp_[token]

Mixpanel

Tracks product interaction events and user funnels (anonymised data only).

Analytics

1 year

Yes, see Section 5

_hjSessionUser

Hotjar

Assigns anonymous ID for session recording and heatmap analysis to identify usability issues (if deployed).

Analytics

1 year

Yes, see Section 5

4.3 Functional and Preference Cookies

Functional cookies enable the Platform to remember choices made by the user and to provide enhanced or personalised features. Examples include the user's selected language, timezone, interface theme, and notification preferences. These cookies do not track user activity across third-party websites.

If functional cookies are disabled, certain features may not operate as intended, for example, language preferences may not persist between sessions, and settings may need to be reconfigured on each visit.

These cookies require your prior consent before activation.

Cookie / Technology

Provider

Purpose

Classification

Retention

Opt-Out

lang_pref

First-party

Stores selected language preference across sessions.

Functional

12 months

Yes, see Section 5

tz_offset

First-party

Stores timezone setting so timestamps display in the user's local time.

Functional

12 months

Yes, see Section 5

ui_theme

First-party

Stores light/dark mode or custom theme preference.

Functional

12 months

Yes, see Section 5

notif_prefs

First-party

Stores notification delivery preferences set in Account Settings.

Functional

6 months

Yes, see Section 5

recently_viewed

First-party

Caches recently viewed profiles or project listings to improve navigation.

Functional

30 days

Yes, see Section 5

sidebar_state

First-party

Remembers whether the navigation sidebar is collapsed or expanded.

Functional

30 days

Yes, see Section 5

4.4 Marketing and Advertising Cookies

Marketing and advertising cookies are used to build a profile of the user's interests and deliver targeted advertising on the Platform and on third-party websites. They record which pages and content a user has interacted with, and this information may be shared with advertising networks to serve relevant advertisements.

We will not activate marketing cookies without the user's explicit, affirmative consent. We do not rely on pre-ticked boxes, bundled consent, or implied consent by continued use of the Platform. Withdrawal of consent for marketing cookies does not affect the number of advertisements displayed; it affects only the degree to which those advertisements are tailored to the user's interests.

We do not sell personal data to third parties for monetary consideration. However, the operation of advertising cookies may constitute the "sharing" of personal data for cross-context behavioural advertising within the meaning of the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). Users may exercise their opt-out rights as described in Section 10 below.

These cookies require your explicit prior consent before activation.

Cookie / Technology

Provider

Purpose

Classification

Retention

Opt-Out

_fbp

Meta Platforms, Inc.

Identifies browsers for ad delivery and conversion tracking across Meta platforms.

Marketing

90 days

Yes, see Section 5

_fbc

Meta Platforms, Inc.

Tracks click-through attribution from Facebook and Instagram ad campaigns.

Marketing

90 days

Yes, see Section 5

_gcl_au

Google LLC

Stores ad conversion data from Google Ads campaigns for attribution reporting.

Marketing

90 days

Yes, see Section 5

li_sugr

LinkedIn Corporation

Tracks conversions and enables retargeting audiences on LinkedIn.

Marketing

90 days

Yes, see Section 5

UserMatchHistory

LinkedIn Corporation

Syncs LinkedIn ad audience IDs for cross-device audience matching.

Marketing

30 days

Yes, see Section 5

_ttp

TikTok Inc.

Tracks behavioural data for TikTok ad targeting and conversion measurement.

Marketing

13 months

Yes, see Section 5

IDE

Google DoubleClick

Registers and reports ad interactions for frequency capping and attribution.

Marketing

1 year

Yes, see Section 5

The cookie register above is reviewed on a quarterly basis. New third-party cookies introduced between scheduled reviews are disclosed in the live cookie scanner accessible via "Cookie Settings" in the Platform footer. Where a new marketing or advertising cookie deployment materially changes the purposes of processing, we will update this Policy and re-obtain consent as required.

5. Third-Party Cookies and Service Providers

Certain cookies on the Platform are set by third-party service providers whose technologies we have integrated. We do not directly control the content of third-party cookies once set by those providers. We nevertheless take the following steps to protect users in respect of third-party cookies:

We conduct a privacy and security assessment of all third-party providers prior to deploying their technologies on the Platform;

All third-party data processors operating on our behalf are required to execute a Data Processing Agreement containing adequate contractual safeguards;

All non-essential third-party cookies are disabled by default and activated only upon receipt of the user's explicit consent;

We maintain a register of all third-party cookies active on the Platform, accessible via the Cookie Settings scanner;

We will not integrate new third-party cookie technologies that materially alter the purposes of processing without first updating this Policy and re-obtaining consent where required.

Third-party service providers whose cookies or tracking technologies may operate on the Platform (subject to the user's consent choices) currently include:

Google LLC: Google Analytics 4; Google Ads; Google Tag Manager; reCAPTCHA. Privacy Policy: policies.google.com/privacy

Meta Platforms, Inc.: Meta Pixel; Facebook Ads conversion tracking. Privacy Policy: facebook.com/privacy/explanation

LinkedIn Corporation: LinkedIn Insight Tag; audience analytics and retargeting. Privacy Policy: linkedin.com/legal/privacy-policy

Mixpanel, Inc.: Product analytics and user behaviour tracking (if deployed). Privacy Policy: mixpanel.com/legal/privacy-policy

Hotjar Ltd.: Session recording; heatmap analysis (if deployed). Privacy Policy: hotjar.com/legal/privacy-policy

TikTok Inc.: TikTok Pixel; conversion measurement (if deployed). Privacy Policy: tiktok.com/legal/privacy-policy

Since third-party providers may in turn share cookie data with their own sub-processors, users are encouraged to review the privacy and cookie policies of each provider listed above. Links are provided as a convenience; we are not responsible for the content of third-party privacy policies or for changes to those policies after the date of publication of this Policy.

6. Consent Management

6.1 Obtaining Consent

Upon the user's first visit to the Platform, a Cookie Consent Banner is displayed before any non-essential cookies are activated. The banner provides three distinct options: (i) Accept All; (ii) Reject All Non-Essential; and (iii) Manage Preferences. The banner:

clearly describes each category of cookies and their purposes in plain language;

does not employ dark patterns, including pre-ticked boxes, misleading prominence of the acceptance option, or confusing toggle mechanisms;

makes refusal of consent as easy as giving it;

does not condition access to the Platform on consent to non-essential cookies (no consent wall);

records the user's choice together with a timestamp, the version of the Policy in force at the time, and the categories consented to.

Consent choices are stored in the strictly necessary "cookie_consent" cookie for a period of twelve months, following which users are re-prompted. A server-side record of consent is also maintained for auditability.

6.2 Granular Consent by Category

Via the "Manage Preferences" option in the consent banner, or via the "Cookie Settings" panel accessible at any time from the Platform footer, users may selectively enable or disable individual cookie categories as follows:

Strictly Necessary: always enabled; cannot be disabled;

Analytics / Performance: disabled by default; enables aggregate usage tracking;

Functional / Preference: disabled by default; enables persistence of personalisation settings;

Marketing / Advertising: disabled by default; enables personalised advertising.

6.3 Withdrawing or Amending Consent

Users may withdraw or amend their consent at any time without detriment. Withdrawal does not affect the lawfulness of processing that occurred prior to withdrawal. The following mechanisms are available:

Cookie Settings Panel: accessible via the "Cookie Settings" or "Manage Cookies" link in the footer of any page on the Platform.

Account Settings: registered users may navigate to Account > Privacy > Cookie Preferences.

Browser Controls: see Section 6.4 below.

Industry Opt-Out Tools: Digital Advertising Alliance (optout.aboutads.info); Network Advertising Initiative (optout.networkadvertising.org); European Interactive Digital Advertising Alliance (youronlinechoices.eu).

Withdrawal of consent takes effect within one browsing session. Manual deletion of cookies via browser settings will also reset the consent record; the consent banner will be displayed again on the next visit to the Platform.

6.4 Browser-Level Cookie Controls

All major browsers provide mechanisms for controlling cookie settings independently of our CMP. Instructions for commonly used browsers are as follows:

Google Chrome: Settings > Privacy and Security > Cookies and other site data.

Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data.

Apple Safari: Preferences > Privacy > Manage Website Data.

Microsoft Edge: Settings > Cookies and site permissions > Cookies and site data.

Opera: Settings > Advanced > Privacy & Security > Site Settings > Cookies.

Where the Platform is accessed from multiple devices or browsers, cookie preferences must be configured on each device and browser separately. Clearing browser cookies resets all stored preferences, including consent choices.

Blocking all cookies at the browser level, including Strictly Necessary cookies, will prevent access to authenticated Platform features such as user login and payment processing. We recommend using the Cookie Settings panel to manage individual cookie categories rather than blocking all cookies indiscriminately

6.5 Global Privacy Control (GPC)

The Global Privacy Control (GPC) is a browser-based signal communicating a user's preference to opt out of the sale or sharing of personal data. Our Platform is configured to detect GPC signals. Where a valid GPC signal is received from a user in a jurisdiction in which GPC is legally recognised as a valid opt-out mechanism, including California under CCPA/CPRA, the Platform will treat it as a "Do Not Sell or Share My Personal Information" instruction and will disable marketing and advertising cookies accordingly.

6.6 Do Not Track

There is currently no universally accepted technical or legal standard for the Do Not Track (DNT) browser signal. Our Platform does not respond to DNT signals uniformly. Equivalent privacy protection may be achieved by disabling Analytics and Marketing cookies via the Cookie Settings panel. We will reassess our DNT practices if a recognised standard is formally adopted.

7. Retention Periods

Cookies operate on one of two retention models:

Session Cookies: exist only for the duration of the user's browser session and are deleted automatically upon closure of the browser. Used for authentication, CSRF protection, and load balancing.

Persistent Cookies: remain on the user's device for a defined period as specified in the cookie register in Section 4, or until manually deleted. Used for preference storage, analytics, and advertising purposes.

Specific retention periods for individual cookies are set out in the register at Section 4. Where a third-party provider controls retention, the period stated reflects our contractual specification with that provider; actual retention at the provider's end is governed by the provider's own data retention policy.

Users may delete all cookies at any time via their browser settings. Deletion of cookies will also delete stored consent choices and personalisation preferences, which will need to be reconfigured upon the next visit to the Platform.

8. Personal Data Processed via Cookies

Depending on the type and category of cookie, the following categories of personal data may be processed:

Unique Identifiers: pseudonymous identifiers (random alphanumeric strings) assigned to the user's device or browser session, not directly linked to name or contact details without additional processing.

Technical Device Data: IP address (anonymised or truncated for analytics purposes), browser type and version, device type and operating system, screen resolution, time zone.

Usage and Behavioural Data: pages visited, features used, buttons clicked, scroll depth, time spent on pages, search queries submitted, and error events encountered on the Platform.

Cross-Site Behavioural Data (Marketing cookies only): pages and content interacted with on third-party websites that use the same advertising or analytics service, used to build interest profiles for targeted advertising.

Preference Data: language, timezone, theme, and notification settings stored in functional cookies on the user's device.

Ad Interaction Data (Marketing cookies only): records of whether a user has seen or clicked a particular advertisement and whether a conversion followed, used for frequency capping and attribution.

Cookie-based personal data is processed in accordance with the Privacy Policy. All data subject rights described in the Privacy Policy, including rights of access, rectification, erasure, restriction, portability, and objection, apply equally to personal data collected through cookies.

9. Cookie Security Measures

We apply the following technical security measures to first-party cookies:

Secure Flag: all authentication and session cookies are flagged as Secure, meaning they are transmitted exclusively over HTTPS encrypted connections and cannot be intercepted over unencrypted HTTP.

HttpOnly Flag: session and authentication cookies are flagged as HttpOnly, preventing client-side JavaScript from accessing them and defending against Cross-Site Scripting (XSS) attacks.

SameSite Attribute: first-party cookies are configured with SameSite=Lax or SameSite=Strict to prevent Cross-Site Request Forgery (CSRF) and unauthorised cross-origin transmission.

Cookie Name Prefixes: where supported by the browser, we use the __Secure- or __Host- prefix on sensitive cookies to enforce additional browser-level security guarantees.

Data Minimisation: cookies are designed to contain the minimum data necessary for their stated purpose. Sensitive personal data, including payment card numbers, government identification numbers, and passwords, is never stored in cookies.

We are unable to guarantee the security of third-party cookies set by external providers. Users are encouraged to review the security practices of third-party providers whose cookies may operate on the Platform, as listed in Section 5.

10. Cross-Border Transfers of Cookie Data

Cookie data may be transferred to and processed in countries other than the country in which the user is located, including countries whose data protection laws may differ from those of the user's jurisdiction. This occurs principally where analytics and advertising cookies transmit data to third-party providers based in the United States.

We ensure that all such cross-border transfers are subject to appropriate safeguards:

European Union / EEA (GDPR): transfers to countries without an adequacy decision are governed by Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards.

United Kingdom: transfers are subject to the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs.

All Jurisdictions: we conduct transfer impact assessments for transfers to high-risk jurisdictions and contractually require equivalent data protection standards from all third-party processors, including cookie technology providers.

11. Jurisdiction-Specific Rights and Obligations

11.1 European Union and European Economic Area

Our cookie consent practices comply with the EU ePrivacy Directive (2002/58/EC as amended) as implemented in member state legislation, and with the EU General Data Protection Regulation (GDPR). We obtain prior explicit opt-in consent before placing any non-essential cookies. Our consent banner has been designed in accordance with guidance issued by the European Data Protection Board (EDPB), including requirements to avoid dark patterns in consent interfaces. Users may lodge a complaint with their national data protection supervisory authority. A directory of EU supervisory authorities is available at edpb.europa.eu.

11.2 United Kingdom

Our cookie practices comply with the UK Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR. The consent standard applied is equivalent to that required under EU law. Complaints may be directed to the Information Commissioner's Office (ICO) at ico.org.uk.

11.3 United States - California

For California residents, marketing and advertising cookies that involve the sharing of personal data for cross-context behavioural advertising are subject to opt-out rights under the CCPA/CPRA. Users may exercise this right via: (i) the Cookie Settings panel; (ii) the "Do Not Sell or Share My Personal Information" link in the Platform footer; or (iii) a valid GPC browser signal as described in Section 6.5. We do not sell personal data for monetary consideration.

11.4 United States - Other States

We extend equivalent targeted advertising opt-out rights to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other US states with enacted comprehensive privacy legislation. Requests may be submitted to kiran@lyseis.in.

11.5 Canada

For Canadian users, non-essential cookies require express or implied consent under the Personal Information Protection and Electronic Documents Act (PIPEDA). We obtain express opt-in consent via the Cookie Consent Banner. Enhanced disclosure and consent obligations under Quebec Law 25 are addressed by this Policy and our consent infrastructure. Enquiries may be directed to kiran@lyseis.in.

11.6 Australia

For Australian users, our cookie practices comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

11.7 Singapore

For Singapore users, our cookie practices comply with the Personal Data Protection Act 2012 (PDPA) as amended. Complaints may be directed to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

12. Amendments to This Policy

We review and update this Policy at least once every twelve months, and additionally upon any material change to the cookie technologies deployed, our consent management approach, or applicable law.

Upon a material amendment, we will:

update the "Last Updated" date on this Policy;

display a notification on the Platform prompting users to review and, where required, renew their consent;

re-obtain consent for any category of cookies where the purpose of processing has materially changed;

Previous versions of this Policy are available upon written request. Non-material amendments, such as typographical corrections or updates to third-party provider links do not trigger a re-consent requirement.

13. Contact Details and Complaints

All enquiries, complaints, and requests relating to this Policy or to cookie-based data processing should be directed to the following:

Entity: Sterra Solutions LLC

Platform: https://sterrasol.ai

Registered Address: 609 S Volusia Ave, Orange City, FL 32763-6503, United States

Privacy / Cookie Enquiries: accounts@sterrasol.ai

Data Protection Officer: Namratha Reddy Swarna, Sterra Solutions LLC

DPO Email: accounts@sterrasol.ai

We will respond to all cookie-related enquiries within 30 calendar days of receipt. For complex requests, we will acknowledge receipt within 30 calendar days and, if additional time is required, advise the user accordingly. The maximum total response period is 90 calendar days from the date of the original request.

14. Website Disclaimer

Sterra Solutions LLC makes reasonable efforts to ensure that the content published on https://sterrasol.ai is accurate, complete, and current. However, we make no warranty, express or implied, that the content is free from error or that it reflects the most recent legal, regulatory, or factual developments at all times.

If any content on the Platform is believed to be inaccurate, outdated, or misleading, we invite users to notify us by email to accounts@sterrasol.ai, specifying the URL of the relevant page and the nature of the identified error. We will investigate the matter and provide a response within 30 calendar days.

To the fullest extent permitted by applicable law, we disclaim liability for:

any loss or damage arising from inaccuracies, errors, or outdated information on the Platform;

any loss arising from interruptions, delays, or failures in internet or network transmission;

any loss resulting from reliance on advice, data, recommendations, or ideas provided on the Platform;

any loss or damage arising from third-party unauthorised access to or misuse of our systems, provided we have implemented reasonable and proportionate technical and organisational security measures;

the content, privacy practices, or security of third-party websites or services linked from or integrated into the Platform.

Use of the Platform, including any forums, web forms, interactive features, or communication tools is subject to our Terms of Service, available at https://sterrasol.ai/terms-of-service. Access to and use of the Platform constitutes acceptance of those terms.

Enquiries submitted via email or web form will be acknowledged and addressed in writing. Standard queries will receive a substantive response within 30 calendar days. Complex or legally sensitive requests will be acknowledged within 30 calendar days, with a final response provided within a maximum of 90 calendar days from the date of original submission. Personal data provided in the course of submitting an enquiry will be processed in accordance with our Privacy Policy.

We implement appropriate technical and organisational security measures, including encryption in transit and at rest, role-based access controls, vulnerability monitoring, penetration testing, and incident response procedures, to protect Platform systems from unauthorised access and misuse. These measures are reviewed and updated on a regular basis. Notwithstanding the foregoing, no internet-based system is entirely immune to security risk, and we accept no liability for loss or damage arising from third-party attacks or system failures where we have fulfilled our reasonable security obligations.

This Platform has been designed and developed with reference to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. We are committed to ongoing accessibility improvement, in particular for users with disabilities who rely on assistive technologies. Users who experience accessibility difficulties are invited to contact us at accounts@sterrasol.ai.

All intellectual property rights in the content of this Platform, including text, graphics, logos, software, databases, and data compilations, vest in Sterra Solutions LLC or are used under licence. No content may be reproduced, copied, distributed, adapted, publicly displayed, or used to create derivative works without our prior written consent, save as expressly permitted by applicable law.