Back to home

Privacy Policy

Last updated: June 2026

This privacy policy explains how Sterfive SAS (“we”, “us”, “our”) collects, uses, and protects personal data when you use the node-i3x Portal available at i3x-portal.sterfive.io.

01.Data Controller

The data controller responsible for processing your personal data is:

Sterfive SAS
30, rue de la Saussaye
45750 Saint Pryvé Saint Mesmin, France
Email: contact@sterfive.com

02.Data We Collect

We collect the following categories of data:

Via Google OAuth Authentication

  • Email address
  • Display name
  • Profile picture (avatar URL)

Via User Input

  • OPC UA server endpoint URLs
  • OPC UA authentication credentials (username and password)

Collected Automatically

  • Session cookie (next-auth JWT token, essential for authentication)
  • Theme preference (stored in your browser's localStorage)

Via Lead Capture Form

  • Email address
  • First name
  • Company name (optional)

Via Analytics (when consented)

  • Anonymized usage data: pages visited, interactions, browser type, approximate location (country/region)

03.Purpose and Legal Basis

PurposeLegal Basis (GDPR)
User authentication via Google OAuthContractual necessity (Art. 6(1)(b))
Provision of the i3X REST API bridge serviceContractual necessity (Art. 6(1)(b))
Session management and securityLegitimate interest (Art. 6(1)(f))
UI theme customizationConsent via user action (Art. 6(1)(a))
Email marketing communicationsConsent (Art. 6(1)(a))
Website analytics and usage understandingConsent (Art. 6(1)(a))

04.Data Storage and Retention

  • In-memory only: All user data (authentication tokens, OPC UA credentials, session data) is stored exclusively in server RAM. We do not use a persistent database.
  • OPC UA credentials: Passed to child processes for connecting to your OPC UA server. They are never written to disk or logged.
  • Session lifecycle: All session data is automatically cleared when the server restarts. Instances are also auto-terminated after a configurable timeout period.
  • No long-term retention: We do not retain personal data beyond the active session. There is no archival, backup, or historical storage of user data.

05.Third-Party Processors

We use the following third-party services to operate this portal:

ProviderPurposeData Shared
GoogleOAuth authenticationEmail, name, avatar (received from Google)
OVH (SAS, Roubaix, France)Server hostingNetwork traffic (as hosting provider)
Google LLCWebsite analytics (Google Analytics 4)Anonymized page views, events, browser info
Resend Inc. (San Francisco, USA)Transactional email deliveryEmail address, name (for email sending)
HubSpot Inc. (Cambridge, MA, USA)Customer relationship management (CRM)Email, name, company (for lead management)

We do not share your personal data with advertisers or data brokers. All processors listed above are used solely for the purposes described.

06.Cookies and Local Storage

NameTypePurposeDuration
next-auth.session-tokenEssential cookieJWT-based session authenticationSession
themelocalStorageStores your light/dark theme preferencePersistent
_ga, _ga_*Analytics cookieGoogle Analytics — distinguishes unique users2 years
cookie-consentlocalStorageStores your cookie consent preferencesPersistent

Analytics cookies (Google Analytics) are only set after you give explicit consent via the cookie banner. We do not use advertising cookies or third-party marketing scripts.

07.Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right to information (Art. 13–14) — to know what data we collect and why
  • Right of access (Art. 15) — to obtain a copy of your personal data
  • Right to rectification (Art. 16) — to correct inaccurate data
  • Right to erasure (Art. 17) — to request deletion of your data
  • Right to restrict processing (Art. 18) — to limit how we use your data
  • Right to data portability (Art. 20) — to receive your data in a structured format
  • Right to object (Art. 21) — to object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) — at any time, without affecting prior processing

To exercise any of these rights, contact us at contact@sterfive.com. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority: CNIL (Commission Nationale de l'Informatique et des Libertés), 3 Place de Fontenoy – TSA 80715, 75334 Paris Cedex 07, France.

08.Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • All communications are encrypted via HTTPS (TLS)
  • User data is stored in-memory only — no persistent database reduces the attack surface
  • OPC UA credentials are never written to disk or included in logs
  • Sessions are automatically terminated after a configurable timeout

09.Children's Privacy

This service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at contact@sterfive.com and we will promptly delete the information.

10.Changes to This Policy

We reserve the right to update this privacy policy at any time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

11.Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Sterfive SAS
30, rue de la Saussaye
45750 Saint Pryvé Saint Mesmin, France
Email: contact@sterfive.com
Website: sterfive.com
← Back to home