Privacy Policy for Clear Skye Solutions

Privacy Policy for Clear Skye Solutions

‍

Effective Date: January 1, 2025
Last Updated: July 24, 2025

‍

1. Introduction

Clear Skye Inc. ("Clear Skye," "we," "us," or "our") is committed to protecting personal information and securing enterprise data. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our identity governance and administration solutions (the "Solutions") built natively on the ServiceNow Platform (the "Platform").

‍

2. Information Processing

Clear Skye Solutions operate natively within your ServiceNow Platform instance. Clear Skye does not receive or store your data separately - all data processing occurs within your ServiceNow environment. The types of data processed by our Solutions within your Platform include:
‍

2.1 Identity and Access Data

• Employee Information: Names, IDs, job titles, departments, employment status, reporting relationships
• Access Data: User accounts, roles, permissions, application entitlements, access requests and approvals
• Audit Data: Access reviews, certifications, policy violations, separation of duties conflicts

2.2 System and Usage Data

• Technical Data: System logs, performance metrics, usage analytics, error reports
• Integration Data: Data from connected applications, directories (Active Directory, LDAP), HR systems, and other integrated systems
• Platform Data: User profiles, workflows, and data from integrated Platform modules (ITSM, CMDB, GRC, Security Operations)

3. How Information is Used

Our Solutions process information within your ServiceNow Platform to:

• Provide Solutions Functionality: Automate user lifecycle management, process access requests, conduct access reviews, ensure compliance, etc.
• Operate Solutions: Maintain system performance, provide security monitoring, generate reports and analytics

4. Information Sharing

‍

4.1 Within Your Organization

Clear Skye Solutions may share information within your organization for identity governance operations, as configured by your organization, including with managers for approvals, auditors for compliance, HR for lifecycle management, and IT for provisioning.

‍

4.2 Platform Integration

Our Solutions integrate with other Platform modules you use (ITSM, CMDB, GRC/IRM, Security Operations, Human Resources) and share data as part of normal operations.

‍

5. Security Standards

Clear Skye Solutions are built natively on the ServiceNow Platform and meet all enterprise-grade security infrastructure and certification standards that ServiceNow maintains, including SOC 2, ISO 27001, and FedRAMP certifications.

‍

6. Data Retention

Since Clear Skye Solutions operate within your ServiceNow Platform instance and do not receive or store data separately, data retention is controlled by your organization's policies and ServiceNow Platform settings. You have the ability to set your own retention policies for all data processed by our Solutions.

‍

7. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information. Since Clear Skye Solutions operate within your ServiceNow Platform instance and do not receive or store data separately, any data subject rights requests should be directed to your organization or through your ServiceNow Platform, not to Clear Skye directly.

‍

8. Third-Party Integrations

Clear Skye Solutions integrate with various applications and services. This policy covers our practices, but not those of integrated services. We recommend reviewing the privacy policies of any directory services (such as Active Directory or LDAP), enterprise applications, and other Platform modules that you have connected to or integrated with Clear Skye Solutions.

‍

9. Data Processing Roles

Your organization acts as the data controller for all data processed within your ServiceNow Platform instance. Clear Skye Solutions provide functionality within your Platform environment but do not separately receive or process data. Any data processing agreements and compliance obligations are between your organization and ServiceNow as the Platform provider.

‍

10. Compliance

Clear Skye Solutions support compliance with various regulations and leverage ServiceNow Platform's comprehensive compliance certifications, including:

Security and Privacy Standards:

• SOC 1 Type 2 and SOC 2 Type 2 attestations
• ISO/IEC 27001:2022 (Information Security Management)
• ISO/IEC 27017:2015 (Cloud Security)
• ISO/IEC 27018:2019 (Cloud Privacy)
• EU Cloud Code of Conduct

Government and Regulatory:

• FedRAMP High Baseline (Government Community Cloud)
• DoD Impact Level 4 (IL4) and Impact Level 5 (IL5) Provisional Authorization
• MTCS Level 3 (Singapore)
• IRAP Assessment for OFFICIAL and PROTECTED data (Australia)
• ENS High Level (Spain)

Quality and Service Management:

• ISO 9001:2015 (Quality Management)
• ISO/IEC 20000-1:2018 (IT Service Management)
• ISO 22301:2019 (Business Continuity Management)

Data Protection Frameworks:

• EU-U.S. Data Privacy Framework (DPF)
• GDPR, CCPA, SOX, HIPAA compliance support

11. Policy Updates

We may update this Privacy Policy periodically. Material changes will be posted on our website and reflected in the "Last Updated" date.

‍

12. Contact Information

Clear Skye Inc.
2340 Powell Street, Suite 325
Emeryville, CA 94608
United States of America
Email: privacy@clearskye.com
Phone: +1-415-619-5001

‍

For Platform-related data processing questions, refer to the Platform's privacy documentation.

This Privacy Policy governs the use of Clear Skye Solutions.

‍