STELA Privacy Policy

Last updated: 10/08/2025

STELA is a product of Software Testing Bureau (“STELA”, “we”). This Policy explains how we process personal data when you visit our website and when you use the STELA platform (including RPA, Test Automation, and AI features), whether cloud or on-premise.

Key Information

  • Controller: BILESTAR S.A., Av. Gral. José María Paz 1481, Montevideo, Uruguay, contacto@stela.ai.
  • Data residency (website): Microsoft Azure East US (United States).
  • Data residency (platform): Microsoft Azure East US 2 (Virginia, United States).
  • Role with customers: typically processor for customer organization data; controller only for account and service-operation data.
  • Sub-processors: Microsoft Azure (infrastructure) and, if enabled by the customer, [[OpenAI / Azure OpenAI / other]] for AI. Current list: [[Sub-processors URL]].
  • We do not train models on your content without your express authorization.
  • Rights: access, rectification, erasure, objection, restriction, portability, and not to be subject to solely automated decisions (as applicable: GDPR/LGPD/CCPA/CPRA).

A) Website Processing

1. Data we collect on the site

  • Data you provide: contact forms, asset downloads, webinar sign-ups (name, email, company, role, phone, message).
  • Browsing data: IP address, device identifiers, pages visited, time on page, referrers.
  • Cookies and similar technologies: first/third-party for functionality, analytics, and (if you agree) marketing.

Legal bases: consent (for non-essential cookies); legitimate interests (security, aggregated metrics); pre-contractual steps (responding to inquiries).

2. Purposes (website)

  • Respond to sales/support inquiries.
  • Measure usage and improve content/UX (aggregated analytics).
  • Manage subscriptions to newsletters or event invitations (opt-out available).
  • Maintain site security (logs, anti-fraud/abuse).

3. Cookies

We use:

  • Essential: required for operation (no consent needed).
  • Analytics: traffic and performance measurement (consent where required).
  • Marketing: remarketing/ads (only with your consent).

You can manage preferences via the cookie banner or your browser. See [[Cookie Policy / Preference Center]].

4. Retention (website)

  • Forms: up to [[12]] months after last interaction or as required by law.
  • Web analytics: per provider policies (e.g., [[14 months]]).
  • Subscriptions: until you unsubscribe.

5. Sharing (website)

We may share with service providers (hosting, analytics, CRM, emailing) under contract and instructions. We do not sell your data.

6. Website location and transfers

The stela.ai website is hosted in Microsoft Azure – East US (United States). Processing related to site use (e.g., access logs, forms, telemetry) may involve international transfers to the U.S. We apply appropriate safeguards (e.g., EU Standard Contractual Clauses where applicable) and reasonable supplementary measures. This section does not change the STELA platform data residency, which remains in Azure East US 2.

B) Processing within the STELA Platform

1. Scope and roles

This block applies when you access and use STELA (cloud or on-premise).

  • For business data uploaded and defined by the customer organization (e.g., contracts, robots, test cases, evidence), STELA typically acts as a processor.
  • For account and service-operation data (users, roles, licenses, billing), STELA acts as a controller.

Contact: contacto@stela.ai.

2. Categories of data (platform)

  • Account and access: name, corporate email, role, organization, permissions, sign-in activity.
  • Operational content (customer-defined): flows/robots, scripts, prompts, input documents (e.g., contracts), results and structured outputs, attachments.
  • Metadata and evidence: execution logs, timestamps, run IDs, metrics, screenshots, images or video evidence (if enabled by the customer).
  • Integrations: data exchanged with third-party tools (Azure DevOps, Jira, Jenkins, email, databases), encrypted tokens/credentials.
  • Support and service improvement: aggregated/pseudonymized telemetry, tickets, error dumps under NDA.
  • Administration and licensing: billing data, aggregated usage, contractual information.

Note: operational content remains under the customer’s control. STELA processes it solely to perform the functions instructed by the organization.

3. Purposes (platform)

  • Provide and operate STELA (automation, testing, data extraction, evidence).
  • Manage accounts, permissions, security, and service continuity.
  • Integrate with systems configured by the customer.
  • Support and performance improvement with aggregated/pseudonymized analytics.
  • Legal compliance, audit, and security.

Legal bases: c