Feature 112 3840X1200

Privacy Policy


Last updated
31st January

Pirean respects the privacy of personally-identifiable information (“Personal Information”). This Privacy Policy (“Policy”) applies to Pirean Ltd, a company incorporated in England and Wales (Registration Number 4453109) and its subsidiaries, including Pirean Software Limited (incorporated in England and Wales, Registration Number 08551735) and Pirean Pty Ltd (Australia, ABN 25163771364) (“Pirean” or “we”). The Policy explains how Pirean collects, uses, shares and discloses Personal Information for our suite of identity and access management services (“Services”).

This Policy does not apply to Pirean’s parent company Exostar LLC and its affiliated companies (“Exostar”). Pirean and Exostar are in the process of integrating their operations following the acquisition of Pirean by Exostar, and we anticipate that the two companies will eventually operate under a single privacy policy.

This Policy also does not apply to, and Pirean is not responsible for: (i) the practices of any other companies or individuals, or (ii) any third-party websites, platforms, devices, applications or services that you access via links from Pirean’s services. We encourage you to review the privacy policies of any such services that you access.

  2. Identity Information

Delivery of the Services (in particular as a software-as-a-service offering hosted by Pirean) requires collection of identify and access control information on behalf of our customers (“Identity Information”). Identity Information differs depending upon the specific Service, and may include:

  • name;
  • emails and telephone numbers;
  • physical addresses and location (including time zone);
  • job title;
  • user ID numbers and details of physical and electronic credentials and tokens;
  • age and date of birth;
  • government-issued ID documents (e.g. passport, driver’s license) and other legal documents (e.g. birth certificate, marriage license);
  • documents regarding employment and credit history;
  • nationality and citizenship;
  • device ID, device type, geo-location information, computer and connection information, IP address;
  • web log information including statistics on page and advertising views, and details of the products and services provided to you or that you have enquired about; and
  • various other identifying information applicable in particular cases.

Identity Information may be provided to Pirean by our customers (e.g. your employer), or may be collected from you directly, including in person, over audio or video interfaces and via other forms of electronic communication.

Pirean uses Identity Information solely to provide the Services.

  1. Customer Information

We collect information regarding responsible employees and contractors of our customers and prospective customers, including name, telephone numbers, email addresses, business address, job title and sometimes other information (“Customer Information”). We may collect Customer Information directly from a user (including when you visit our website, or interact with our representatives such as by providing a business card), or from the user’s company in the course of providing and supporting Services.

We process Customer Information to enter into and perform contracts with our customers; for associated administrative, billing and recordkeeping purposes; and to communicate with customers about Services, including updates and maintenance. With appropriate consent of prospective customers, we may process their Customer Information for marketing purposes (see paragraph 3 below).

  1. Cookies

Pirean’s website uses “cookies” (i.e. small files stored in user web browsers, which allow a user to be recognised different websites, services, devices and/or browsing sessions). Cookies may store Personal Information including but not limited to browser information, IP address and username, and this information may be associated with other Personal Information about you that we hold.

Some cookies are necessary to the functions of the Pirean website, including optimizing presentation of information, streamlining the log-in process, and recording user preferences.

In addition, we use the following cookies for analytics and understanding user needs:

  • Google Analytics cookies allow us to assess the performance of web pages, including to design and measure marketing campaigns. These cookies capture your (a) browsing behaviour (e.g. pages visited during a session and duration on each page), (b) device / platform type, (c) browser type and version and (d) location (country, state, town). The information generated by these cookies is transferred to and stored by Google in accordance with the Google privacy policy (https://policies.google.com/privacy).

You must give your consent to have Google Analytics cookies activated, via our cookie management tool. You can also disable cookies via your device. Please see https://www.wikihow.com/Disable-Cookies for information on how to disable cookies. However, if you disable all cookies, you may not be able to use certain features of the Pirean website. You can prevent your browser from providing information to Google Analytics by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).


Pirean shares Personal Information with third parties only in the circumstances described below, or with appropriate consent.

  1. Subcontractors. Pirean may disclose Personal Information to third parties who support Pirean services (e.g. IT providers, financial service providers, professional advisors), with appropriate agreements to ensure the information is used only for such service support and in accordance with this Policy. Identity Information is transferred to subcontractors providing cloud storage only in encrypted form that does not allow the subcontractor to access such information (see section 6 below).
  2. Aggregated Data. Pirean may process and disclose information in aggregated form (based on Personal Information held by Pirean) that does not reasonably identify an individual user or specific user transaction (“Aggregated Data”).
  3. Disclosure Under Law. Pirean may disclose Personal Information if we are required to make such a disclosure under applicable laws, or to report a violation or suspected violation of applicable laws to appropriate governmental authorities.
  4. Sale of Company. In the unlikely event of a sale of Pirean or its assets, Pirean is likely to disclose Personal Information to the new owners, subject to a requirement that such information be used only in accordance with this Privacy Policy and other contractual commitments to users.

We send marketing communications only with opt-in consent from recipients. You may opt out of marketing communications at any time by using the “unsubscribe” link in our emails, or by contacting us at privacy@pirean.com.


Pirean applies the following policies on retention of Personal Information:

  • Identity Information is retained for the periods agreed with each customer to which we provide Services;
  • Customer Information is retained for up to one year following the end of our engagement with a customer, or last interaction with a prospective customer;
  • Cookies are stored on user devices and may not have a definite expiration period (please see information in section 1.C on disabling cookies).

When data is deleted from Pirean systems, it may remain in our back-up storage for a period of consistent with the retention periods described above, or in some cases a longer period that is required for Pirean compliance with applicable law.


Users may request access to, correction or deletion of your Personal Information held by Pirean. You also have certain rights to restriction of our processing of your Personal Data, and portability of your Personal Data to other service providers. Users may exercise any of these rights by writing to privacy@pirean.com.

These rights are subject to certain limitations, including where compliance with your request may affect the rights of other Pirean customers or users, or the integrity of Pirean services. If Pirean’s customer is the data controller (which is generally the case for Identity Information), we will assist the data controller to respond to your request.


Pirean uses extensive technological and organizational measures to protect Personal Information and other data from unauthorized disclosure, alteration, or destruction. We aim to comply with all relevant information security standards (including ISO 27001) and privacy legislation in each country where we operate. Data in storage is encrypted. The Services run on IBM Cloud, which also operates robust security measures.

However, data security presents many risks, and Pirean cannot guarantee that information will be 100% secure. Pirean relies on customers to select secure passwords, to protect those passwords, and to use appropriate security software on their devices. Please contact Pirean with any information regarding unauthorized use of the Services.


Pirean operates primarily from the United Kingdom, and we do not transfer Personal Data of our United Kingdom and EU customers outside the EU. For Services to non-EU customers (including services from our Australia office), we comply with applicable privacy laws.


From time to time, Pirean may update this Policy to reflect changes in the law, changes in Pirean’s services, or for other reasons. Updated versions of this Policy will be posted on the website. If Pirean makes material changes to the Policy, we will send a copy of the updated Policy to customers who have provided us with their contact information.


If you have inquiries or complaints about this Policy or your Personal Information, you should first contact the Pirean data protection officer at privacy@pirean.com (additional contact information is below). Please include your name, email address and/or telephone number and clearly describe your issue or complaint. If Pirean receives a written complaint, we will contact the person who made the complaint to follow up.

Pirean works with the appropriate regulatory authorities to resolve any complaints regarding Personal Information that we cannot resolve with our customers and users directly. You also have the right to complain directly to the data protection authorities in your country.