Privacy
Policy.

Our Privacy Commitment

We adhere to the data practices described in this privacy policy. We recognize and respect the privacy interests of the individuals about whom we process information, and about whom we maintain information in our database. The purpose of this Privacy Policy is to provide information about:

• The types of information that We collect and how we collect it.
• How the information is used by Us.
• Security of the information collected.

1. Scope and Roles.

2. Information We Collect.

The types of personal information we collect depend on your relationship with us and how you interact with the Site and Services. We may collect the following categories of information:

2.1 Contact and business information

Information such as name, job title, company name, business email address, phone number, country or region, and other information you choose to provide via forms, demo requests, or correspondence.

2.2 Account and authentication information (Services users)

Information such as login credentials, role or permission level, organization affiliation, and account configuration details.

2.3 Usage and device information (Site)

Information such as IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, links clicked, and general location information (e.g., city or region) derived from your IP address.

2.4 Telemetry, log, and monitoring data (Services)

We collect telemetry, log and monitoring data, depending on the deployment and configuration chosen by the customer, this may include:

2.5 Prompt and AI Content Processing

Depending on customer configuration, the Services may process prompt text, response content, or associated metadata submitted to or generated by AI tools. SuperAlign processes such content solely for security monitoring, classification, policy evaluation, and risk detection purposes, and not for advertising or unrelated analytics. SuperAlign does not independently determine the purposes or means of monitoring deployed by the customers and processes such telemetry strictly in accordance with customer configuration and applicable contractual obligations.

2.6 Content and contextual data supplied to the Services

Any text inputs, prompts, or other content that your organization elects to send to the Services for analysis, classification, policy evaluation, or risk scoring. Customers are responsible for the nature of the content they submit.

2.7 Model outputs and risk scores

Any automatically generated alerts, classifications, risk scores, recommendations, and related metadata that derive from our detection logic, models, or rules.

2.8 Support and communications data

The information contained in emails, support tickets, in-product chat, or other communications with us, including any logs or screenshots you voluntarily provide.

2.9 Marketing and event data

Any registration details for events or webinars, marketing preferences, newsletter opt-in status, and engagement metrics (e.g., email opens and clicks).

2.10 Job applicant data

In the event, if you apply for a role, we may collect information contained in your application, resume, and interview process.

2.11 Other Information

You may otherwise choose to provide us information when you fill in a form, conduct a search, respond to surveys, post to community forums, participate in promotions, or use other features on the Website (if available and applicable).

2.12 Third-party information

We also may associate the above information with information we receive from other sources, such as other companies that compile datasets from public and private sources: this additional information includes information about consumer's demographics, IP address, interest, likely purchasing preferences, hobbies or other lifestyle data.

3. How We Collect Information.

We collect personal information in several ways, including:

3.1 Directly from you

When you fill out forms, request a demo, create an account, communicate with us, or otherwise choose to provide information.

3.2 As a Customer

When you configure and use the Services and provide us with access to certain systems, logs, or user data for monitoring and risk-detection purposes.

3.3 Geo-location Information

When you use certain features of the Website and/or the Services, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device's GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device's settings menu. The Website and the Services may also collect this information even when you are not using the Website and the Services if this connection is enabled through your settings or device permissions.

3.4 Usage Information

We collect information about your interactions with the Website and/or Services such as the pages or content you view, your searches for a product/service that is provided by Company, and other actions while you are on our Website.

3.5 Log Data and Device Information

We automatically collect log data and device information when you access and use the Website, even if you have not created an account with Company and/or the Service. That information includes, among other things: details about how you've used the Website (including if you clicked on links to third party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you've viewed or engaged with before or after using the Website.

3.6 Cookies and Similar Technologies

We use cookies and other similar technologies. We may also allow our business partners to use these tracking technologies on the Website and/or the Services or engage others to track your behavior on our behalf. Our Cookie Policy is available for your information.

3.7 Information We Collect from Third Parties

We may collect information, including information, which others provide about you when they use the Website and/or Services or reach the Website through a third-party, or obtain information from other sources and combine that with information we collect through the Website and/or the Service. We do not control, supervise or are responsible for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your information to us should be directed to such third parties.

3.8 Do Not Track Disclosure

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.

3.9 Social Media

Information collected from the use of our Website may be hashed and shared with social media platforms such as Facebook or Google for marketing and promotional activities. This processing is based on SuperAlign's legitimate interest in offering its Services that may align with your preferences. It's crucial to understand that we do not supervise or control the data processing by social media platform providers.

3.10 Direct Marketing and Profiling

We do not sell your personal information for processing by direct marketing agencies. We may however use your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing by us, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims. Please note that you may, at any time ask the Company to cease processing your data for these direct marketing purposes by sending an e-mail to sales@superalign.ai.

4. How We Use Information (Purposes of Processing).

We use personal information for the following purposes:

4.1 To provide and operate the Website and Services

We may process your information so you can create and log in to your account, as well as keep your account in working order, to manage accounts, authenticate users, deliver features, process transactions, and provide customer support.

4.2 AI risk detection, monitoring, and security operations

We may process your information to ingest logs and telemetry, compute risk scores, generate alerts, perform security and policy evaluations, investigate incidents, and support customers' internal governance, risk, and compliance programs.

4.3 Service improvement and research

We may use your information to maintain, tune, and improve the performance, accuracy, and reliability of the Services, including detection logic, risk-scoring models, and threat intelligence, using aggregated and de-identified data where feasible.

4.4 To evaluate and improve our Services, marketing, and your experience

We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, marketing, and your experience.

4.5 To identify usage trends

We may process information about how you use our Services to better understand how they are being used so we can improve them.

4.6 To comply with our legal obligations

We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

4.7 To promote our Services

Other member content may be displayed on other websites, in applications, within emails, and in online and offline advertisements.

4.8 To facilitate payments

We may collect data necessary to process your payment, such as your payment instrument number, and the security code associated with your payment instrument. In that case, we may use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your information is governed by their Privacy Policy.

4.9 Review and analysis of communications

We may review, scan, or analyze your communications on the Services for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes. In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings. We will not review, scan, or analyze your communications to send third party marketing messages to you.

4.10 To analyze and process aggregated data

To improve the accuracy of our AI-powered recommendations and insights and to understand how the Site and Services are used, diagnose technical issues, and optimize user experience.

4.11 To send relevant communications

To send you relevant communications, offers, and product recommendations, features, events, or updates, to manage marketing campaigns, and to personalize content and communications unless you opt out.

4.12 Security, fraud prevention, and abuse detection

To protect the Site, Services, our customers, and our business from malicious, fraudulent, or illegal activity and to enforce our terms and policies.

4.13 Other purposes with your consent

Where we have obtained your consent for a specific use that is not otherwise covered by this Privacy Policy.

We process personal information in a manner that is proportionate and limited to what is necessary in relation to the purposes for which it is collected. SuperAlign does not use Customer Data or personal information processed through the Services to train publicly available artificial intelligence models or models operated by unrelated third parties.

5. Legal Bases for Processing (EEA/UK/Similar Jurisdictions).

Where applicable data protection laws (such as the GDPR or UK GDPR) apply, we process personal information under the following legal bases:

5.1 Contractual necessity

To provide the Site or Services to you or to our customer under an applicable contract, including operating the Services, providing support, and processing related communications.

5.2 Legitimate interests

To operate, secure, and improve our Site and Services; to conduct analytics; to prevent fraud and abuse; to develop new features; and to market our Services to business contacts, provided that our interests are not overridden by your data protection rights and interests.

5.3 Consent

Where required for specific activities, such as the use of certain cookies or sending certain marketing communications. You may withdraw your consent at any time as described in this Policy.

5.4 Legal obligation

To comply with applicable laws, regulations, and legal processes.

6. Employee and Endpoint Monitoring; Customer Responsibility.

Our Services may be used by customers to monitor, log, and analyze activity related to the use of AI tools and other systems by their employees, contractors, or other authorized users. This may include collection and analysis of telemetry, prompts, responses metadata, and related contextual data as configured by the customer. Customers are solely responsible for ensuring that their deployment and use of the Services, including any endpoint software, browser extensions, monitoring tools, or log collection mechanisms, comply with applicable employment, privacy, surveillance, and data protection laws. Customers are responsible for providing appropriate notice to, and obtaining any required consents from, affected individuals prior to enabling such monitoring in accordance with our agreements and applicable law.

7. Automated Decision-Making, Profiling, and Risk Scoring.

8. Cookies and Similar Technologies.

8.1 Cookies and How We Use Them

We use certain industry-standard technologies, including cookies and similarly functional technologies, which we describe below. We use these technologies on the Websites listed here, for instance, and our partners, data sources and customers may use these technologies to market to you.

We may work with third parties to provide or enhance our Website and/or our Services (e.g. for purposes of tailoring ads, or placing browser cookies), or to offer marketers ways to access or use our information, often in de-identified form. These partners may set and access their own cookies, pixel tags and similar technologies on your device, which may have cookies with varying expiration periods. Those partners may likewise use cookies to collect various types of information about your browser, device, or browsing activities.

We may use cookies to, among other things, “remember” you, determine visitor patterns and trends, collect information about your activities on our clients' sites, or interact with the advertising you see. Cookies are used in this way to provide relevant content to you and ads that better match your interests.

8.2 Types Of Cookies Used By SuperAlign

SuperAlign uses the following types of cookies:

We may continue to update the category based cookies; you may review the list of cookies along with their usage.

8.3 Web Beacons and Similar Technologies

Cookies are not the only way to recognize or track visitors on a website. We may use other similar technologies from time to time, like web beacons (sometimes called “tracking pixels” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our websites or opened an e-mail including these. In many instances, these technologies are reliant on cookies to function properly, and hence, declining cookies will impair their functioning.

8.4 Disabling Cookies

Most web browsers are set up to accept cookies. You may be able to set your browser to warn you before accepting certain cookies or to refuse certain cookies. However, if you disable the use of cookies in your web browser, some features of our Website and other services may be difficult to use or become inoperable. You may select the applicable cookies from our cookie banner.

9. Sharing and Disclosure.

We may share personal information with the following categories of recipients:

9.1 Service providers and subprocessors

We engage various third-party service providers to aid in delivering Website-related services and Services. These providers assist in the development, maintenance, debugging, and other supportive roles, limiting access to information and ensuring its protection in line with this Policy. You can find the list of sub-processors HERE and they shall be governed by the privacy policies and terms of use as are available. By using the Website and the Services, you consent to the use of the sub-processors. In the event of any changes to the sub-processors, we will intimate you about the same. If you would like to get intimated of any changes in our sub-processors, please register by e-mailing sales@superalign.ai. In the event you have an objection to the use of such sub-processor, please send the same within 15 (fifteen) days of intimation, failing which, it shall be assumed that you have agreed to the engagement with such sub-processors. You may send your objections to sales@superalign.ai.

9.2 Business partners

We share information with our partners with whom we may jointly offer products or services, or who refer customers to us, where permitted by law and subject to appropriate agreements.

9.3 Customer organizations

If you use the Services under a customer's account (for example, as an employee of a customer), information about your use of the Services, including certain activity logs and alerts, may be made available to that customer and its administrators in accordance with our agreement with the customer.

9.4 Professional advisors

We may share your information with legal, accounting, security, or other advisors who need access to such information to provide services to us.

9.5 Corporate transactions

Your information will be shared with actual or potential acquirers, successors, or assignees in connection with any merger, acquisition, financing, or sale of all or a portion of our business, subject to appropriate confidentiality protections.

9.6 Notification of Legal Requests

Unless restricted by law, court order, or for reasons such as creating risk or harm, we may notify you about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon SuperAlign. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that guest about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.

9.7 Fraud prevention and safety

To investigate, prevent, or act regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person or to prevent financial loss to any person or entity, including SuperAlign, its customers, clients, and other parties.

10. International Data Transfers.

Superalign is headquartered in the United States and may process personal information in the United States and other countries that may have data protection laws different from those in your jurisdiction. Where required by law, we implement appropriate safeguards for international data transfers, which may include standard contractual clauses or other transfer mechanisms recognized under applicable data protection laws.

11. Data Security.

We implement commercially reasonable technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include access controls, encryption in transit and at rest (where appropriate), logging and monitoring, vulnerability management, and regular security reviews. SuperAlign maintains an internal information security program designed to align with industry standards applicable to enterprise SaaS providers.

However, no system can guarantee the prevention, detection, or elimination of all threats or security incidents. No security program or platform can guarantee the prevention, detection, or elimination of all threats, vulnerabilities, data leaks, or malicious activities. As described in our Website and SaaS Terms of Use, Superalign does not guarantee that the Services or any security controls will prevent all security incidents or that your systems will be free from compromise. In the event of a confirmed security incident affecting personal information processed by SuperAlign as a processor, we will notify the relevant customer in accordance with our contractual obligations and applicable law.

12. Data Retention.

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including for the duration of any applicable contract, for as long as we have an ongoing legitimate business need to do so, or as required or permitted by law (such as tax, accounting, or legal retention obligations).

For data processed on behalf of customers as a processor/service provider, we retain such data in accordance with our agreement with the relevant customer and our internal retention policies. Upon termination or expiration of the applicable agreement, we will delete or return personal information as specified in that agreement, subject to any legal obligations to retain certain data. Telemetry and log data may be retained for a defined period consistent with security, operational, and contractual requirements, after which such data is deleted or anonymized in accordance with our retention policies.

13. Your Privacy Rights.

To exercise your data protection rights, you can make certain requests and ask us:

13.1 Data Controller

If you are a visitor to the Website, you should know that the entities listed on the Website is the controller of your personal data.

13.2 Bases for using your information

We have a lawful basis to process your personal data; the purposes for processing personal data are described in this Privacy Policy. You shall be required to determine the applicability based on whether you are a visitor or a user. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person. We may disclose the following categories of personal data to third parties: identifiers/contact information, demographic information (such as gender and age), commercial information, internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. We share each category with third-party business partners and service providers, third-party sites or platforms such as social networking sites, and other third parties as described in the “Sharing and Disclosure” section of this Privacy Policy.

13.3 Your information protection rights

We respect the various rights available to you, as a user of our Platform. The rights provided to you are as listed below. To exercise these rights, please contact us at the following e-mail id: sales@superalign.ai, however, if we process your personal information as a processor/service provider on behalf of a customer, we may be required to refer your request to the relevant customer, who is responsible for handling your request in accordance with applicable law.

14. Marketing Communications.

We may send you marketing communications about Superalign and our Services if you request information from us, sign up for our communications, or where otherwise permitted by law. You can opt out of marketing emails at any time by clicking the “unsubscribe” link in the email or by contacting us on the following e-mail id: sales@superalign.ai. Even if you opt out of marketing communications, we may still send you non-marketing messages relating to your account or our ongoing business relationship.

15. Links.

The Website may provide links to other websites (or we may otherwise provide information about companies or events) that we think users will find interesting or useful. We are not responsible for the privacy practices of these other sites or companies.

16. Regulatory Positioning and Compliance Disclaimer.

Regulatory frameworks governing artificial intelligence, cybersecurity, privacy, monitoring, and related technologies are evolving and may vary by jurisdiction. While our Services are designed to support customers' governance, risk management, and compliance efforts, Superalign does not represent or warrant that the Site or Services will ensure your compliance with any particular law, regulation, or regulatory regime (including, without limitation, the EU AI Act, GDPR, CCPA/CPRA, or sector-specific regulations). Customers are responsible for assessing their own regulatory obligations and configuring and using the Services in a manner that complies with applicable laws.

17. Children's Privacy.

Our Website and/or Services are not directed at children. We do not knowingly collect data from children under 18 years of age. By using the Services you represent that you are at least 18. If we learn that information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us using the details provided in Section 19 and we will take steps to delete their data.

18. Changes to This Privacy Policy.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

19. Contact Us.

If you have any questions about this Privacy Policy, our privacy practices, or your rights, or if you wish to exercise your privacy rights, you may contact us at: