Valinor Streamline Privacy Policy
Date: April 28, 2026
Key Changes to the Terms of Service and Privacy Policy for Streamline
Initial Privacy Policy
Intro
Valinor Streamline provides you with access to our Foundry-native and mobile versions of the application “Streamline” (“Streamline Studio” and “Streamline Mobile”, or collectively "Streamline Apps"), subject to the terms and conditions of your enterprise license agreement.
This Privacy Policy describes what personal data the Streamline Apps collect, how it processes it, and what happens when you interact with the Streamline Apps.
When you use the Streamline Apps in a browser, iOS, or Android, certain limited personal data is processed in accordance with this Privacy Policy.
If you have any questions or comments about this Privacy Policy or the Streamline Apps, please visit contact us.
Table of Contents
- Intro
- Table of Contents
- About Us
- About You
- Sources of Data
- Lawful Bases for Processing
- Personal Data in Streamline Apps
- Data Retention
- Data Received from Third Parties
- Data Sharing with Third Parties
- Security Measures
- Data Subjects Rights
- Privacy Policy Updates
About Us
| Name | Valinor Streamline, Inc. |
| Address | 623 H St. NW, Ste 2, Washington, D.C. 20001, United States of America |
| support@ – for general inquiries; legalnotice@valinor.co – for privacy inquiries |
About You
When you access the Streamline Apps, you become our user (“User”), and we collect and process some of your personal data.
Please note that we do not knowingly process the personal data of Users under the age of 16. If you are such a User or you are a legal representative of such a User, please contact us.
Sources of Data
We collect data automatically when you access or use the Streamline Apps, which may be generated, for example, a user ID when no user ID alreayd exists.
Lawful Bases for Processing
To process your personal data, we rely on one of the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiation, conclusion, and performance of a contract with your organization;
- legal obligation — for the processing of data as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
- legitimate interest — for the processing necessary for the development, maintenance, and security of the Streamline Apps, taking into consideration your interests, rights, and expectations;
- consent — for additional processing for specific purposes.
Personal Data in Streamline Apps
We collect your personal data when you access or use the Streamline Apps. The specific information collected depends on your interactions with Streamline Apps and the features you utilize. Find more detailed information on what data we process and for what reasons below. The data retention rules are described in a separate section below.
Information About You
To use the Streamline Apps, you must either (a) have an active user account in a supported backing system (i.e., Foundry) or (b) be provided a temporary Streamline token. The Streamline Apps do not create user accounts for you but allows you to use that user account with the Streamline Apps. Your user account credentials are stored in accordance with the security policies of the supported backing system, and we cannot retrieve or access them.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| User ID | Support and application maintenance | Legitimate interest, performance of the contract |
| Device ID | Support and application maintenance | Legitimate interest, performance of the contract |
| Usage (e.g., clicks, feature use) | Support and application maintenance | Legitimate interest, performance of the contract |
Technical Data
When you use the Streamline Apps, we collect or generate certain technical data automatically.
| Data | Reasons for Processing | Lawful Basis |
|---|---|---|
| User ID | Support and application maintenance | Legitimate interest, performance of the contract |
| Device ID | Support and application maintenance | Legitimate interest, performance of the contract |
| Usage (e.g., clicks, feature use) | Support and application maintenance | Legitimate interest, performance of the contract |
| Performance (e.g., latency, load and submission times, application crashes) | Support and application maintenance | Legitimate interest, performance of the contract |
Data Retention
Once the retention period ends, your data will be deleted. It may also be anonymised for statistical and analytical purposes, so we cannot identify you further on and relate to you specific data.
User Account
Your user account is maintained and stored in accordance with the backing system (i.e., Foundry). Valinor Streamline retains information related to your user account (e.g., user ID) as long as the retention period established by the backing system.
Data
Below we list the terms of storage for your data processed via Valinor Streamline systems.
| Type of data | Term of storage |
|---|---|
| User ID | Until deletion of user account in the backing system |
| Device ID | Until deletion of user account in the backing system |
| Usage | Until deletion of user account in the backing system |
| Performance | Until deletion of user account in the backing system |
Backups
We regularly back up our databases to help ensure data integrity and availability. Backups are performed at least once per day and are typically retained for one (1) week.
We use AWS GovCloud services for backup purposes. For more information, please refer to AWS’s official documentation.
Data Received from Third Parties
We may receive some personal data from third parties. The amount of data collected, the purposes, and the lawful bases for processing are determined by the respective privacy documents of these parties.
| Third Party | Privacy Documents |
|---|---|
| Palantir | Privacy and Security |
Data Sharing with Third Parties
We may share your personal data with third parties in compliance with applicable laws.
To share your data, we rely on the lawful bases such as consent, compliance with the law, and performance of a contract, depending on the specific circumstances.
| Third Party | Description |
|---|---|
| Backing system | In order to enable functionality with a backing data store, including support and maintenance of the Streamline Apps, certain collected information may be shared with the backing system company (i.e., Palantir for Foundry). |
| Cloudflare | The Streamline Apps use Cloudflare to transmit and temporarily process data when using Streamline Mobile or Streamline Studio outside of the backing system native interface; such data is not stored in Cloudflare or accessible to Cloudflare or its personnel |
Security Measures
To protect your personal data, we employ HTTPS and encryption, establish segmented group and individual access (as necessary), utilize an alarm system, implement a corporate VPN, and adhere to formally approved internal policies, including those for password management and physical access. We also routinely conduct Data Protection Impact Assessments to guarantee the implementation of adequate technical and organizational measures.
Furthermore, we consistently monitor the state of the art of our technologies and diligently maintain backups. Additionally, all our contractors are bound by contractual obligations that comply with applicable privacy legislation requirements.
| Physical Measures | |
|---|---|
| Limited Access to Premises and Controls | |
| Organizational Measures | |
| Policies and Instructions 1. Password policy 2. Monitoring and physical access policy 3. Contractual obligations and corporate VPN 4. Internal security policy 5. Access control policy | Transfer Protection 1. Data Transfer Agreements 2. Standard Contractual Clauses 3. Data Privacy Framework 4. Transfer Impact Assessments |
| Contractor and Staff Training | Agreements 1. Non-disclosure Agreements 2. Data Processing Agreements |
| Regular Access and Policy Review | Privacy Protection 1. Privacy by design and by default 2. Internal procedures for GDPR compliance |
| Code Review | |
| Technical Measures | |
| Encryption Technologies 1. Encryption in transit and at rest 2. Backup encryption | Backup 1. Regular backup of the entire system 2. Redundant operation of the critical services in multiple data centers controlled by a high-availability system |
| Two-factor Authentication | Stress-tests |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
Data Subjects Rights
As a data subject, you have the right to access, manage, and control your data directly or by submitting a request to us. This section outlines these rights and explains how you can exercise them based on your place of residence.
European Economic Area and United Kingdom Residents
The Streamline Apps are not intended for users outside the jurisdiction of the United States of America, such as the EEA or UK.
United States Residents
Your rights may vary depending on the state of your residency, as indicated below.
| Right | Description | Area |
|---|---|---|
| Right to access | You can request an explanation of the processing of your personal data. | California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. |
| Right to correct (rectification) | You can change the data if it is inaccurate or incomplete. | California, Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia. |
| Right to delete | You can send us a request to delete your personal data from our systems. | California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. |
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. | California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. |
| Right to withdraw consent | You can withdraw consent to the processing of your data. | Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon. |
| Right to designate a representative | You can designate a representative to act on your behalf to opt out of personal data on processing. | California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Texas. |
| Right to opt out of sales | You can deny the sale of personal data to third-party services. | California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. |
| Right to opt out of targeted advertising | You can opt out of targeted advertising, including cross-context behavioral advertising (for California). | California, Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia. |
| Right to opt in for sensitive data processing | You can opt in for the processing of sensitive data before the processing begins. | Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia. |
| You can limit processing of sensitive data | The right to limit the processing of sensitive data. | California. |
| Right against automated decision-making, including profiling | You have the right not to be subject to business decisions made solely by an automated process without human involvement. | California, Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia. |
| Private right of action | You can seek civil damages from a controller for violations of a statute. | California. |
To exercise your rights, contact us.
We will answer your request within thirty (30) to (60) days, depending on the state and legislative requirements. If your request is not satisfied, you can submit a complaint with the Federal Trade Commission.
Please note: Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.
Do Not Sell My Personal Information
Under the California Consumer Privacy Act (CCPA), California residents possess the right to opt out of the “sale” of their personal information by entities governed by the CCPA.
We do not sell your personal information to anyone, and we do not use your data as a business model. Ensuring your privacy is our top priority.
Do-Not-Track Requests
California residents using the Streamline Apps have the option to request that we do not automatically collect and track information related to their online browsing activities across the Internet.
These requests can usually be made via web browser settings that manage signals or other mechanisms, enabling consumers to express their preferences concerning collecting personal data about their online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. However, we may update this Privacy Policy as our capabilities evolve.
Canada Residents
The Streamline Apps are not intended for users outside the jurisdiction of the United States of America, including Canada.
Privacy Policy Updates
The Privacy Policy and the relationships falling under its effect are regulated by the General Data Protection Regulation. Please note that laws and requirements for processing personal data can evolve. In the event of changes, we will release an updated version of the Privacy Policy to reflect these modifications.
If we make substantial changes to the Privacy Policy or the App that affect your data privacy rights, we will notify you by email or display information on the website or in the App and ask you to read it. If you continue to use the App after these changes take effect, you will be considered to have consented to and accepted the revised Privacy Policy.