Privacy Policy

Exostar Privacy Policy

For the convenience of Exostar subscribers and visitors to the Exostar site, we may provide translations of the following in languages other than English at a later time. In such case, we will use reasonable efforts to provide accurate translations; however, Exostar does not guarantee the accuracy of any translation from the English and under no circumstance should any translation be relied upon without independent verification. Only the English language version is binding.


Issued May 1, 2016; updated May 3, 2018

Exostar LLC and its affiliated companies (“Exostar” or “we”) respect the privacy of personally-identifiable information (“Personal Information”) collected from users of our services.  This Privacy Policy (“Policy”) explains how Exostar collects, uses, shares and discloses Personal Information, including via our websites and online portals (the “Exostar Sites”).

This Policy does not apply to, and Exostar is not responsible for: (i) the practices of any other companies or individuals, or (ii) any third-party websites, platforms, devices, applications or services that you access via links from Exostar’s website or web applications (“Third Party Services”).  We encourage you to review the privacy policies of any Third Party Services that you access.


We collect and use Personal Information in various ways across Exostar’s suite of supply chain management, secure collaboration, and risk and identity management services.

A. Registration Information.
We collect information when users register on Exostar Sites, including name, telephone numbers, email addresses, business address, and other attributes for particular applications (e.g. user role for application, start date of application trial, etc.) (“Registration Information”). We may collect Registration Information directly from a user, or from the user’s company.

Exostar uses Registration Information for administrative, billing and recordkeeping purposes, and to communicate with users about service updates, service adoption by their community and service maintenance. In order to promote community membership and increased adoption of our services, Exostar may disclose the name of the user’s company (without identifying the user) to other users and to potential community members. Exostar may also include the Registration Information in a User Directory for distribution to other users (please see section 3 below for details on how to opt out of the User Directory). Except as provided in this Privacy Policy or with the consent of the applicable user, Exostar will not disclose Registration Information to third parties.

B. User Information.
Users communicate, collaborate and exchange information with Exostar and other users (“User Information”). User Information includes, among other things, information submitted to Exostar Sites, or to other companies via Exostar Sites.

Exostar uses User Information primarily to provide the services on Exostar Sites, by making the User Information available on Exostar Sites as specified by users. Certain Exostar employees may also have access to User Information for administrative or security purposes. Except as provided in this Privacy Policy or with the consent of the applicable user, Exostar will not disclose User Information to third parties or to Exostar users other than ones to which the User Information was communicated.

C. Tracking Information.
When a user accesses Exostar Sites, Exostar Sites record and retain general data about the user’s use of Exostar Sites including the user’s domain name, the web page(s) from which the user entered Exostar Sites, the web page(s) which the user visited on Exostar Sites, and the amount of time the user spent on each web page of Exostar Sites (“Tracking Information”). Exostar may use third-party analytics tools to generate Tracking Information; third parties providing such tools are permitted to transfer Tracking Information only to Exostar.

Exostar uses Tracking Information to determine the attributes of users, and statistics and general information about usage of Exostar Sites, for both internal and external use. Except as provided in this Privacy Policy, Exostar will not disclose Tracking Information to third parties in a manner that reasonably permits such information to be identified with an individual user or specific user transaction (see section 2.B below regarding disclosure of Aggregated Data).

D. Identity Information
For our services providing identity proofing (i.e. verification) and credentialing, we collect various information associated with the individuals whose identities are being checked (“Identity Information”). Identify Information differs depending upon the type and level of proofing, and may include Registration Information, Tracking Information, user ID numbers associated with proofing, government-issued ID documents (e.g. passport, driver’s license), other legal documents (e.g. birth certificate, marriage license), documents regarding employment, credit history, details of physical and electronic credentials and tokens, nationality, citizenship, physical location and time zone, proofing appointment information, and proofing outcome information. Identity Information is collected in person, over video interfaces and via other forms of electronic communication.

Exostar uses Identity Information solely to provide proofing, credentialing and access services, to confirm credentials that have been issued, and to maintain the integrity of the proofing and credentialing process. We do not share Identity Information with the third parties, except as specified in section 2.C of this Policy or with the consent of the user to which the Identify Information relates.

E. Cookies.
Exostar uses “cookies”—small files stored in user web browsers—to improve the functions of Exostar Sites, including optimizing presentation of information, streamlining the log-in process, and recording user preferences. Cookies may store Personal Information including browser information, IP address and username. Please see regarding how to disable cookies. However, if a user disables cookies, he/she may not be able to log into or use certain features of Exostar Sites.

F. Other Information.
A user may choose to send Exostar a question via e-mail, register for a special service or otherwise communicate with Exostar. Exostar uses such information to communicate with users and to enhance Exostar Sites to better meet the needs of users. Except as provided in this Privacy Policy, Exostar will not disclose such information in a manner that reasonably permits such information to be identified with an individual user or specific user transaction.


Exostar shares Personal Information with certain third parties as described below, and takes responsibility for such sharing as provided in this Policy and applicable law.

A. Exostar Services.
The Exostar Portal and Exostar collaboration services are designed to be used for sharing information (including Personal Information) with third parties. Exostar enables such sharing to the extent authorized by each user and/or their company.

B. Aggregated Data.
Exostar may process and disclose information in aggregated form (based on Personal Information held by Exostar) that does not reasonably identify, the Subscriber, an individual user, or specific user transaction on Exostar Sites (“Aggregated Data”), including: (i) providing information regarding trends, purchasing patterns and retail intelligence and research; (ii) performing its obligations under agreements with third party licensors or other users; (iii) internal record keeping and reporting by Exostar; (iv) measuring the performance of third-party licensors and service providers; and (v) reporting performance and other statistical information concerning Exostar Sites.

C. Subcontractors.
Exostar may disclose Personal Information to third parties who support Exostar services, with appropriate agreements to ensure the information is used only for such service support and in accordance with this Policy.

D. Disclosure Under Law.
Exostar may disclose Personal Information if Exostar is required to make such a disclosure under applicable laws, or to report a violation or suspected violation of applicable laws to appropriate governmental authorities.

E. Sale of Company.
In the unlikely event of a sale of Exostar or its assets, Exostar is likely to disclose Personal Information to the new owners, subject to a requirement that such information be used only in accordance with this Privacy Policy and other contractual commitments to users.


Participation in Exostar Sites is voluntary. To opt out of processing of personal data pursuant to this Privacy Policy, a user should notify Exostar through as follows:

  • To opt out of the User Directory, the case subject line should state “Opt Out Directory” and the message to support field shall include the Exostar-issued ID number;
  • To opt out of receiving marketing communications from Exostar, the case subject line should state “Opt Out Communications” and the message to support field shall include the Exostar-issued ID number (if applicable); and
  • To opt out of both of the above, the case subject line should state “Opt Out All” and the message to support field shall include the Exostar-issued ID number (if applicable).

Notwithstanding any such opt-out request, Exostar reserves the right to continue to process user data for purposes related to Aggregated Data as set out in section 2.B. If an opt out would impair the user’s ability to use Exostar services or the integrity of Exostar services, Exostar may contact the user or the user’s employer to discuss and possibly limit the scope of the opt out.


Exostar applies the following policies on retention of Personal Information:

  • Registration Information, User Information, Tracking Information and Other Information associated with a user account may be retained for up to 3 years from account deletion. Some such information (including payment information, recently accessed sites and certain access credentials) is deleted immediately upon account deletion. If Personal Information of one user is associated with or stored on the account of a second user, the retention periods will be those for the account of the second user.
  • Identity Information used for proofing is retained for 7.5 years after the credential to which the proofing relates is revoked or expires.
  • Cookies are stored on user computers, and may be deleted at any time by the user (see section 1.E above).
  • Digital certificates and any data that contains Personal Information that is not included in any other format listed in this Policy are retained for no longer than two years.

When data is deleted from Exostar operating systems, it may remain in our back-up storage for a period of 11 years.


Users may request access to, correction or deletion of your Personal Information held by Exostar. Exostar may choose not to delete Personal Information where the data is necessary to the integrity of Exostar services or to the operation of services provided by Exostar to other users. EU customers of Exostar have certain rights to restriction of data processing and data portability to other service providers. Users may exercise any of these rights by following the process set forth at


Exostar uses extensive technological and organizational measures to protect Personal Information and other data from unauthorized disclosure, alteration, or destruction. However, data security presents many risks, and Exostar cannot guarantee that information will be 100% secure. Exostar relies on customers to select secure passwords, to protect those passwords, and to use appropriate security software on their devices. Please contact Exostar with any information regarding unauthorized use of Exostar Sites or other Exostar services.


Exostar is based in the United States, and information collected by Exostar is usually transferred to, processed, and/or stored in the United States. These transfers are authorized as follows:

Exostar complies with the EU General Data Protection Regulation with respect to our activities in the EU and European Economic Area.


From time to time, Exostar may update this Policy to reflect changes in the law, changes in Exostar’s services, or for other reasons. If Exostar makes material changes to the Policy, Exostar will notify its users of the updated Policy by posting it on and via


If you have inquiries or complaints about this Policy or your Personal Information, you should first contact the office of the Exostar chief privacy officer. If Exostar receives a written complaint, we will contact the person who made the complaint to follow up. Further contact information for our US and UK offices is available at

Exostar works with the appropriate regulatory authorities to resolve any complaints regarding Personal Information that we cannot resolve with our customers and users directly. If you are a EU/EEA customer of Exostar, you may also have the right to complain to the data protection authorities in your country, and, under certain conditions, to invoke binding arbitration.