When you visit the Site, we (and our Service Providers) may automatically collect certain information, including:

• Device and connection information (for example, IP address, browser type, operating system, device identifiers, language settings, and approximate location derived from IP address).
• Site usage information (for example, pages viewed, time spent, referring/exit pages, links clicked, and the date/time of access).
• Security and diagnostic information (for example, log files and events that help us detect abuse, protect the Site, and troubleshoot issues).

The Site may use cookies or similar technologies as described in Section 6 (Cookies and Similar Technologies).

If you request or use the Services, we may collect or process additional information, including:

• Authentication and access information (for example, API credentials, scoped tokens such as JWTs, and environment identifiers for dev/stage/prod access).
• Service request metadata (for example, request timestamps, request/response sizes, success/error codes, and performance metrics such as latency and throughput).
• Operational security information (for example, rate limit events, suspected abuse signals, and access control events).
• Certification Artifacts (for example, logs, traces, and run summaries generated to support auditability, monitoring, and support).

Customer Content. As part of providing deterministic certification and compute, the Services may process Customer Content such as candidate outputs and optional intermediate steps submitted by you or your organization. Customer Content may include information about individuals if you choose to submit it. You are responsible for ensuring that you have appropriate rights and permissions to submit Customer Content and that your submission complies with applicable law.

We may receive information from third parties in connection with our business operations, such as:

• Information from your organization (for example, your name, business email, role, and authorization status) when your organization requests access to the Services.
• Information from partners or resellers (if any) in connection with referrals or introductions.
• Information from vendors that help us prevent fraud or secure the Site and Services (for example, signals about suspicious activity).

We do not intentionally request or require sensitive personal information (for example, Social Security numbers, driver’s license numbers, precise geolocation, or health information) through the Site.

The Services are designed for enterprise technical workflows. Unless we expressly agree otherwise in writing, you should not submit:

• Protected health information (PHI) or other regulated health data.
• Payment card data subject to PCI requirements.
• Government-issued identifiers (such as Social Security numbers) or precise geolocation data.
• Classified information or data subject to export controls or other heightened restrictions.

If your intended use case requires processing of regulated data, please contact us so we can evaluate the appropriate contractual, technical, and organizational safeguards for the deployment.

The Site is not directed to children under 13, and we do not knowingly collect Personal Information from children under 13.

We use the information we collect for the following purposes:

• Provide and operate the Site and Services, including enabling deterministic certification outcomes (verified or abstain) and returning applicable artifacts and reason codes.
• Respond to inquiries and requests (for example, demo requests, API access requests, and licensing inquiries).
• Onboard, administer, and support customer relationships, including provisioning environments, managing access, and providing documentation and upgrade notes.
• Maintain reliability, performance, and correctness coverage (without relaxing certification guarantees), including debugging, testing, and quality assurance.
• Monitor, secure, and improve the Site and Services, including detecting, preventing, and responding to fraud, abuse, security incidents, and operational issues.
• Generate and maintain Certification Artifacts for auditability, traceability, troubleshooting, and support.
• Communicate with you about product updates, security notices, and administrative messages. Where required by law, we will obtain your consent for marketing communications.
• Comply with legal obligations and enforce our agreements and policies.

We process Customer Content to provide the Services to you or your organization (for example, to evaluate candidate outputs under explicit Certification rules and return a verified result or an abstain outcome).

We do not use Customer Content to train foundation models. We do not use Customer Content to build or train generalized machine learning models for others.

Any use of Customer Content beyond providing the Services to your organization (for example, to improve the Services using your content) will occur only if expressly authorized by you or your organization, or as permitted by an applicable agreement, and will be limited to the scope described in that authorization or agreement.

We may use aggregated or de-identified information (including aggregated performance statistics and high-level benchmark summaries) that does not reasonably identify you to understand service performance and reliability.

We may disclose information in the following circumstances:

We may share information with vendors and Service Providers that perform services on our behalf, such as hosting, infrastructure, security monitoring, email delivery, customer relationship management, analytics, and support tooling. These providers are authorized to use information only as necessary to provide services to us and consistent with this Policy.

Certain Service Providers may process Personal Information or Customer Content on our behalf ("subprocessors"). Where appropriate for enterprise deployments, subprocessors and their roles may be described in our customer agreements or made available through documentation or other materials provided in connection with the Services.

If you use the Services on behalf of an organization, information about Service usage and administrative events may be accessible to authorized administrators at your organization consistent with your organization’s policies and agreements with us.

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality and security measures.

We may disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process; (b) respond to lawful requests by public authorities; (c) enforce our agreements and policies; (d) protect our rights, property, and safety, and the rights, property, and safety of others; or (e) detect and prevent fraud or security issues.

We may disclose information at your direction or with your consent (for example, when you ask us to share details with a partner under a nondisclosure agreement).

We may disclose aggregated or de-identified information that does not reasonably identify you, such as high-level usage statistics or benchmark summaries.

Cookies are small text files stored on your device. We may use cookies and similar technologies (such as local storage and server logs) to:

• Operate and secure the Site (for example, to protect against abuse and ensure availability).
• Remember preferences where applicable.
• Measure Site performance and understand usage patterns (for example, which pages are visited and how the Site is used).

You can control cookies through your browser settings. If you disable cookies, certain features of the Site may not function properly. If we use third-party analytics tools, those providers may set or read cookies and may collect information about your use of the Site subject to their own privacy policies.

Some browsers offer a “Do Not Track” (“DNT”) signal. Because there is no consistent industry standard for recognizing DNT signals, the Site does not currently respond to DNT signals.

We retain information only for as long as reasonably necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Retention depends on the category of information and the context in which it is collected:

• Inquiries and communications: retained for as long as needed to respond, maintain business records, and follow up on legitimate business needs.
• Customer relationship information: retained for the duration of the customer relationship and as needed thereafter for audit, compliance, dispute resolution, and recordkeeping purposes.
• Service operational data and Certification Artifacts: may be retained to support monitoring, security, auditability, and support. Retention periods may vary based on the nature of the artifacts, contractual commitments, and operational requirements.
• Customer Content: processed to provide the Services. Any storage of Customer Content (for example, within Certification Artifacts) depends on customer configuration and contractual terms. Customers should avoid submitting unnecessary Personal Information.
• Backups: Information may persist in backups for a limited time, subject to our backup retention and security controls.

Where feasible, we may delete or de-identify information when it is no longer needed. For enterprise customers, deletion, retention configurations, and post-termination handling may be addressed in applicable agreements.

We implement reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. Security measures may include access controls, credential scoping, authenticated access mechanisms, rate limiting, encryption in transit where appropriate, monitoring, and incident response procedures. However, no security method is perfect, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of any credentials and for ensuring that you transmit Customer Content to the Services in a lawful and appropriate manner. If you believe your credentials have been compromised, contact us promptly.

If we become aware of a security incident that materially affects the confidentiality, integrity, or availability of Customer Content or Personal Information processed through the Services, we will address the incident consistent with our incident response procedures and applicable contractual commitments.

The Services are designed for enterprise and technical workflows. If you or your organization submits Customer Content to the Services, that Customer Content may be processed to perform deterministic certification and compute and to generate Certification Artifacts.

Where applicable, we may process Customer Content on behalf of our customers as a service provider under an agreement. Customers are responsible for determining what Customer Content they submit and for providing any required notices to, and obtaining any required consents from, individuals whose Personal Information may be included in Customer Content.

If you are an individual end user interacting with the Services through a customer’s deployment, please direct privacy requests regarding Customer Content to the customer that made the Service available to you.

You may opt out of receiving promotional emails from us by following the unsubscribe instructions in those messages (if provided) or by contacting us using the method in Section 15. We may still send you non-promotional administrative messages, such as service notices and security updates.

You can manage cookies through your browser settings as described in Section 6.

You may request access to, correction of, or deletion of Personal Information we hold about you, subject to applicable law. For example, you may request that we delete information you submitted through the Site’s contact form. We may need to verify your request and may retain certain information as required by law or for legitimate business purposes such as security and recordkeeping.

Depending on your state of residence and our activities, certain U.S. state privacy laws may provide additional rights. This section provides disclosures intended to support those laws when applicable.

In the last 12 months, we may have collected the following categories of Personal Information:

• Identifiers (for example, name, email address, IP address, and online identifiers).
• Professional or employment-related information (for example, company/organization name, role or title if provided).
• Internet or other electronic network activity information (for example, Site usage information and certain Service usage metadata).
• Commercial information related to licensing inquiries (for example, requested environments or support tier).
• Inferences drawn from the above to understand usage patterns and improve performance (for example, aggregated metrics).

We collect and use Personal Information for the business and commercial purposes described in Section 4.

We may disclose Personal Information to the categories of recipients described in Section 5, including Service Providers and vendors that help operate the Site and Services.

We do not sell Personal Information. We do not knowingly share Personal Information for cross-context behavioral advertising. If our practices change, we will update this Policy accordingly.

Where applicable law provides, you may have the right to:

• Request to know/access the Personal Information we collected about you.
• Request deletion of your Personal Information.
• Request correction of inaccurate Personal Information.
• Opt out of certain processing (for example, targeted advertising, sale, or certain profiling) where applicable.
• Not be discriminated against for exercising your privacy rights.

To exercise these rights, contact us using the method in Section 15. We will respond as required by law and may need to verify your identity before completing your request.

Where applicable, you may designate an authorized agent to submit requests on your behalf. We may require proof of the agent’s authorization and may also require you to verify your identity directly. Where applicable law provides an appeal right, you may request an appeal of our decision by replying to our response and stating that you are appealing the decision.

California Civil Code Section 1798.83 (“Shine the Light”) permits California residents to request information about certain disclosures of personal information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their own direct marketing purposes.

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on the Site and update the “Last Updated” date above. Your continued use of the Site or Services after the effective date of an updated Policy constitutes your acceptance of the updated Policy to the extent permitted by law.

If you have questions about this Privacy Policy or our privacy practices, or if you want to submit a privacy request, please contact us via our contact page at: https://www.consistencysystems.com/contact.