Privacy

Cerebri AI Privacy Policy

Effective Date: June 2018
Last revised: 13 October 2023 • Revision 3.1

Cerebri AI is dedicated to protecting your privacy whether you are a visitor to our Cerebri AI website (“Website”) or a user of our software-as-a-service (“Service”) under an agreement with our Cerebri AI group of companies, including Cerebri AI Inc., incorporated under the laws of Delaware, and Cerebri AI Limited, incorporated under the laws of Ontario, Canada. Visitors to our Website and users of our software-as-a-service are herein referred to collectively as “Interested Parties” and individually as an “Interested Party.” Our privacy policy, as outlined below, is herein referred to as our “Privacy Policy” and sets forth Cerebri AI’s policy with respect to personally identifiable information (“Personal Data”) and other information collected from Interested Parties. For purposes of providing our Service, please note that Personal Data may include both personally identifiable “human resources” data (“HR Data”) and/or personally identifiable “personal data other than H.R. Data” (“Non-HR Data”)

We may update our Privacy Policy from time to time, and as a result, we encourage Interested Parties to check with us for updates by checking the date of the last revision shown above. To the best of our ability, we have tried to use common sense English in describing our privacy policies as outlined herein; however, if you have any questions or concerns regarding our Privacy Policy, please feel free to contact us at privacy@cerebriai.com.

Our privacy policy outlined below describes the information we receive and how it is used. We only use Personal Data and other information we collect for (i) improving our Website and Service, (iii) engaging with Interested Parties about our Service, (iv) helping us provide our Service to Interested Parties and others, and (v) helping us provide support for the Service to you and others.

We will not sell Personal Data, and if you visit our Website or use our Service, you accept and consent to this Privacy Policy. When an Interested Party registers with us or contacts us, we collect Personal Data and other information to fulfill their requests. When an Interested Party interacts with our Website, their browsers may send us log data, including their I.P. address, browser type/version, pages visited, time and date of visit, etc. In addition, when an Interested Party licenses our Service, we collect usage information relating to our Service. If an Interested Party subscribes to content from our Website or other Cerebri AI sources and wishes to stop receiving any of our content, they can follow our unsubscribe instructions, or they can contact us at privacy@cerebriai.com.

For marketing purposes, an Interested Party consents to Cerebri AI sharing with sponsoring partners their contact information and sponsor interaction activity when attending any Cerebri AI conference. In addition, we may collect Personal Data with consent at conferences using lead scanners. If an Interested Party uses a third party to communicate with us, we encourage them to review and become familiar with the privacy policies of these third parties.

It should be noted that if an Interested Party sends Personal Data to Cerebri AI, we will use it for the specific purposes outlined in this Privacy Policy or as otherwise directed by them. Any incidental transmission of Personal Data to us is at the Interested Party’s own risk. If an Interested Party provides us credit card information, it is collected and processed by our third-party payment processor pursuant to their privacy policy and practices.

Pursuant to our Privacy Policy, we will not intentionally collect or maintain, do not want Interested Parties to provide, and will never ask Interested Parties for any information regarding medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or any other sensitive information.

We use Personal Data and other information we collect to help us provide and manage our Website and Service. We need to verify accounts and activity, and we need to promote security on our Website and Service, including violations of any of our terms or policies or agreements entered into with us.   We use Personal Data and other information we collect when we provide Interested Parties with (i) information about our Service, (ii) information in licensing to use our Service, (iii) customer support, and (iv) surveys targeting improving our Service.

We also use Personal Data and other information we collect to: (i) allow candidates to apply for positions at Cerebri AI, (ii) customize our communications and our Website according to Interested Party preferences (allowing them to request specific information about our products and services, etc.), (iii) provide the opportunity for Interested Parties to download our product documentation or any other communications available on our Website from Cerebri AI and/or third-party partners (for example: white papers, etc.), (iv) allow Interested Parties to make requests for demos of our Service, (v) enable Interested Parties to register for events organized by us and/or in collaboration with others, (vi) allow us to carry out obligations relating to any agreements entered into with Interested Parties and/or their companies, (vii) allow us to collect usage statistics for internal analytics relating to our Service in order to improve the Service and provide better support, (viii) notify Interested Parties of changes to our Service and Website, and if applicable, (ix) allow Interested Parties to transfer information to a third-party,

We process Personal Data and other information to (i) perform our obligations under contracts with Interested Parties, (ii) perform our legal obligations to which we are subject, which may include specific legal or regulatory requirements, and (iii)  pursue improving and managing our Website and Services and those of third parties that will apply where we consider that it is not outweighed by an individual’s interests or rights which require protection of their Personal Data.

We may also analyze information collected from Interested Parties to create a profile of their interests and preferences so we can tailor how we contact them or send them information about our Service that is more relevant to them. If additional information about an Interested Party is available from external sources, we may use it to assist with this. Interested Party information may also be used to help us identify general trends.

When an Interested Party does not provide Personal Data required, for example, to use our Service, we will not be able to provide our Service or may not be able to comply with a legal obligation on us. We will make it clear if and when this situation arises and what the consequences of not providing the Personal Data will be.

We may work with third-party companies who are partner organizations working on our behalf or processors who help us complete tasks (such as qualifying leads) and provide services to Interested Parties. If we share any information with these partner organizations, we only disclose Personal Data and other information to the minimum extent necessary to support our business and provide our Service, including providing technical infrastructure services, analyzing how our Service is used, providing customer service, or conducting research and surveys. These processors adhere to strict data processing obligations consistent with our Service, this Privacy Policy, applicable legislation, and the respective agreement(s) we enter into with them.

We will not make Interested Party information, including Personal Data, available to any other parties except as provided in this Privacy Policy or only with Interested Party consent. We will not sell, rent, exchange, or share any Interested Party information, including Personal Data, with any third parties, without their prior permission, for any other purpose than the ones they requested or signed up for.

If we are ever involved in a merger, acquisition, or sale of all or a portion of our assets, Interested Party information, including Personal Data, may be transferred to an acquiring entity. Interested Parties will be notified of any impact of such transfers with respect to Personal Data and other information, as well as any choices they may have regarding such changes.

We may also share Interested Party information within our Cerebri AI companies, but only to the extent required to provide our Service or respond to Interested Party requests and needs. All entities making up Cerebri AI will process any information and Personal Data received under all applicable laws.

We will retain information, including Personal Data of Interested Parties, for as long as needed to provide our Service or respond to requests. We only retain and use Personal Data and other information as necessary to comply with our agreements, legal obligations, and the resolution of any disputes.

If Interested Parties want to access, correct, delete, or transfer any information they have provided, they may send a request to Cerebri AI at privacy@cerebriai.com, and we will respond and address their request within 30 days. This also applies to their right: (i) to be informed, (ii) of access, (iii) to rectification, (iv) to erasure, (v) to restrict processing, (vi) to data portability; (vii) to object; (vii) not to be subject to automated decision-making and (viii) to determine guidelines as to the use of their Personal Data after their death. Interested Parties also have the right to lodge a complaint with a supervisory authority.

We may share Interested Party information in response to investigations, court orders, or other regulatory, governmental, or judicial requests. We may also share Interested Party information to investigate, prevent, or take action against illegal activities, violations of Cerebri AI’s terms of use, or a separate agreement you may have entered into with us or as otherwise required by law.

We gather certain information in log files about your use of our Website, including the browser type you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Website and storing it in log files. We may also log or monitor information about your access to our Service, but this does not include any Personal Data.

Cookies are small data files stored on your device that help us improve our Website and your experience browsing our Website; see which areas and features of our Website are popular. We may also, from time to time, use web beacons (electronic images that may be used in our emails to help deliver cookies), count visits, and understand usage and campaign effectiveness. Web browsers are usually set to accept cookies by default. You may choose to set your browser to remove or reject browser cookies, but this may affect your experience visiting our Website.

We sometimes allow third parties to provide us with analytics services and to serve up advertisements on our behalf throughout the Internet. These entities may use cookies, web beacons, and other technologies to collect information about your use of our Website and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Cerebri AI and its service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests regarding our Service and other websites, and better understand your online activity. For more information about interest-based ads or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.

We may also work with other websites or platforms to serve ads to you as part of a customized campaign unless you notify us that you prefer not to have information about you used in this way. Please note you will continue to receive generic ads.

Our Website and Service are not designed for or directed at minors as defined by local laws or regulations. We will never intentionally collect or maintain information about individuals considered children or minors. If we are notified about any collection of information about individuals considered children or minors, we will take all appropriate measures to investigate and, if necessary, delete that information.

Interested Parties may be required to provide credit card details to our credit card processors.  Payment processing services undertaken by these companies are subject to their privacy policies, which may be updated from time to time. For Cerebri AI to process payments, Interested Parties authorize Cerebri AI to provide credit card details and other transaction information necessary to process their payment to credit card processing companies. For questions concerning the privacy policies of our credit card processing companies, please contact us at privacy@cerebriai.com.

Personal Data and other information collected within countries outside the EEA and Switzerland, including the United States and other countries, may be transferred outside those countries for the purposes described in this Privacy Policy. We follow the laws of the countries in which we operate, and we obtain not only your consent to legitimize data transfers to the United States and elsewhere but also have agreements containing protections and other appropriate safeguards established by such governments. Contact us with questions or concerns regarding any transfer of Personal Data or other information at privacy@cerebriai.com.

California privacy laws give their residents the right to make requests, at no charge, to direct Cerebri AI to (i) send them their Personal Data we collected in the past 12 months; (ii) delete their Personal Data, subject to certain exemptions (information used to detect security incidents, debugging, or to comply with a legal obligation, etc.); and (iii) not sell us and not sell Personal Data collected to third parties, now or in the future. A California resident can send such requests to us by email at privacy@cerebriai.com.

If such Personal Data is deleted, we may be unable to continue providing or supporting our products or services. We do not discriminate against you for exercising your rights or offer you financial incentives related to using your personal information. In addition to the above, California Civil Code Section §1798.83 permits California residents to request certain information regarding our disclosure of certain types of Personal Data to third parties for their direct marketing purposes. A California resident can send such requests to us by email at privacy@cerebriai.com.

Data Privacy Framework

Cerebri AI complies with the European Union (“E.U.”) & United States (“U.S.”) Data Privacy Framework (“EU-US DPF”), the United Kingdom (“U.K.”) Extension (“U.K. Extension”) to the EU-US DPF, and Switzerland and US Data Privacy Framework (“Swiss-US DPF”), all as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personally identifiable information transferred from the European Union, the U.K. or Switzerland to the United States. For purposes of this privacy policy, the EU-US DPF, U.K. Extension, and Swiss-US DPF shall be referred to as the “Data Privacy Framework.”

As indicated in our Privacy Policy above, for purposes of providing our Service, personally identifiable information (“Personal Data”) that we collect, use, and retain may include both personally identifiable “human resources” data (“HR Data”) and/or personally identifiable data “other than H.R. data” (“Non-HR Data”). We may also collect, use, and retain other information from Interested Parties that is not Personal Data.

Cerebri AI has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework.  If there is any conflict between the terms in this privacy policy and the Data Privacy Framework, the Data Privacy Framework shall govern.  To learn more about the Data Privacy Framework and to view our certification, please visit https://www.dataprivacyframework.gov.

This Data Privacy Framework Policy (the “Cerebri AI DPF Policy”) sets forth the privacy principles that Cerebri AI follows when processing Personal Data as defined above received from customers or prospective customers located in the European Economic Area (“EEA”), the U.K. and Switzerland while providing our Services.

This Cerebri AI DPF Policy does not apply to information collected through www.cerebriai.com or other Cerebri AI websites or information collected during Cerebri AI-sponsored sales and marketing activities. This Cerebri AI DPF Policy also does not apply to Personal Data (including HR and Non-HR Data) collected through Cerebri AI’s recruiting process. For purposes of this Cerebri AI DPF Policy, Personal Data (including both HR Data and Non-HR Data) means information about an identified or identifiable individual that is received by Cerebri AI in the U.S. from the EEA, the U.K. or Switzerland and recorded in any form.

Cerebri AI’s Role as a Service Provider to its Customers and Prospective Customers

Cerebri AI is the creator of certain software products. In connection with these software products, Cerebri AI provides product development services, solution engineering services, professional technical services, data migration services, and product technical support services, collectively referred to as Services, to its customers and prospective customers in the EEA, the U.K., and Switzerland through employees who may be located in the U.S.

These U.S.-based employees may process Personal Data (including HR and Non-HR Data) to provide Services to customers and prospective customers in the EEA, the U.K., or Switzerland. Customers determine the categories of Personal Data and other information made accessible by Cerebri AI, how that information will be used, to whom it will be disclosed, and for what purposes. Similarly, Cerebri AI’s customers and prospective customers who share data with Cerebri AI in connection with any of its Services determine which categories of Personal Data will be shared and for what purposes.

Consequently, Cerebri AI does not know the categories of Personal Data (including both HR and Non-HR Data) to be processed or the purpose(s) of the processing unless and until Cerebri AI receives instructions from its customers or prospective customers. When Cerebri AI processes Personal Data, Cerebri AI does so only to provide Services pursuant to a customer’s or prospective customer’s instructions.

Customer’s & Prospective Customer’s Responsibilities with Respect to Personal Data

Cerebri AI customers and prospective customers may choose to include Personal Data among the data shared with Cerebri AI in connection with its provision of Services.

Cerebri AI processes only the Personal Data that its customers or prospective customers have chosen to share with Cerebri AI.  Cerebri AI has no direct or contractual relationship with the subject of such Personal Data (a “Data Subject”).  As a result, when a customer or prospective customer shares Personal Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

It is the customer’s or prospective customer’s responsibility to ensure that Personal Data (including HR and Non-HR Data) it collects can be legally collected in the country of origin.  The customer or prospective customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject’s request to exercise their rights with respect to Personal Data.  In addition, the customer or prospective customer is responsible for ensuring that its use of Cerebri AI’s Services is consistent with any privacy policy the customer or prospective customer has established and any notices it has provided to Data Subjects.

Cerebri AI is not responsible for its customers’ or prospective customers’ privacy policies or practices or for the customers’ or prospective customers’ compliance with such policies or practices. Cerebri AI does not review, comment upon, or monitor its customers’ or prospective customers’ privacy policies or compliance with such policies.

Cerebri AI also does not review instructions or authorizations provided to Cerebri AI to determine whether the instructions or authorizations comply with or conflict with the terms of a customer’s or prospective customer’s published privacy policy or any notice provided to Data Subjects.  Customers and prospective customers are responsible for providing instructions and authorizations that comply with their policies, notices, and applicable laws.

Cerebri AI’s Compliance with the Data Privacy Framework

Cerebri AI employees in the U.S. may provide Services for customers and prospective customers in the EEA, the U.K., or Switzerland. To provide such Services, Cerebri AI may access and use Personal Data (including both HR Data and Non-HR Data). Cerebri AI will apply the following Cerebri AI DPF Policy to Personal Data physically or remotely transferred from the EEA, the U.K., or Switzerland to the U.S.

Access:  Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the Cerebri AI DPF Policy, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When Cerebri AI receives Personal Data, it does so on its customer’s or prospective customer’s behalf.  To request access to or correction, amendment, or deletion of Personal Data, Data Subjects should contact the Cerebri AI customer or prospective customer that collected their Personal Data.  Cerebri AI will cooperate with its customers’ and prospective customers’ reasonable requests to assist Data Subjects in exercising their rights under the Data Privacy Framework.

Choice:  Data subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.  Cerebri AI’s customers and prospective customers are responsible for informing Data Subjects when they have the right to opt out of such uses or disclosures.  Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to Cerebri AI’s customer or prospective customer that controls the use and disclosure of their Personal Data.  Cerebri AI will cooperate with its customers’ and prospective customers’ instructions regarding Data Subjects’ choices.

Security:  Cerebri AI is committed to safeguarding the Personal Data it receives from the EEA, the U.K., and Switzerland.  While Cerebri AI cannot guarantee the security of Personal Data, Cerebri AI takes reasonable and appropriate measures to protect Personal Data in Cerebri AI’s possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  Cerebri AI utilizes online and offline security technologies, procedures, and organizational measures to help safeguard Personal Data.  For example, facility security is designed to prevent unauthorized access to Cerebri AI computers.  Electronic security measures — including, for example, network access controls, passwords, and access logging — provide protection from hacking and other unauthorized access.  Cerebri AI also protects Personal Data through the use of firewalls, role-based restrictions, and, where appropriate, encryption technology.  Cerebri AI limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data.  Individuals granted access to Personal Data are aware of their responsibilities to protect such information and are provided with appropriate training and instruction.

Purpose Limitation and Data Integrity:  Cerebri AI’s customers and prospective customers are responsible for limiting their Personal Data collection to that necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. They are also responsible for providing Cerebri AI with instructions for processing Personal Data consistent with such purposes.  Cerebri AI will process Personal Data only in accordance with the customer’s or prospective customer’s instructions.   Cerebri AI’s customers and prospective customers are also responsible for ensuring that (a) Personal Data they collect is accurate, complete, current, and reliable for its intended uses and (b) Personal Data is retained only for as long as is necessary to accomplish the customer’s or prospective customer’s legitimate business purposes disclosed to the Data Subject and for compatible purposes. Cerebri AI will cooperate with customers’ and prospective customers’ reasonable requests for assistance in meeting these obligations.  In the performance of Services, Cerebri AI will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Cerebri AI’s legal rights.

Onward Transfer: Cerebri AI will not disclose Personal Data to a third party, except as stated below:  Cerebri AI may disclose Personal Data to subcontractors and third-party agents who assist Cerebri AI in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, Cerebri AI will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist Cerebri AI in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the Principles; and (c) notify Cerebri AI if the recipient is no longer able to provide the required protections.

Upon notice, Cerebri AI will promptly act to stop and remediate a recipient’s unauthorized processing of Personal Data.  Cerebri AI will remain liable for onward transfers to subcontractors and third-party agents.  Cerebri AI may also be required to disclose and may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent permitted, Cerebri AI will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Recourse, Enforcement & Liability:  In compliance with the Data Privacy Framework, Cerebri AI commits to resolve complaints concerning its processing of Personal Data in accordance with the Data Privacy Framework.  Any Data Subject who has a complaint about Cerebri AI’s processing of their Personal Data should first contact Cerebri AI’s Chief Security Officer by emailing cso@cerebriai.com.

Cerebri AI has further committed to refer unresolved privacy complaints under the Data Privacy Framework to independent recourse mechanisms, the  Data Protection Supervisor (“EDPS”) under the EU-US DPF, the Information Commissioner Office (“UKICO”) under the U.K. Extension, and the Federal Data Protection and Information Commissioner (“SFDPIC”) under the Swiss-US DPF.

If you do not receive timely acknowledgment of your complaint, or if Cerebri AI does not satisfactorily address your complaint, please visit https://www.dataprivacyframework.gov/s/assistance  for more information on how to file a complaint at no cost to you. In addition to the above dispute resolution mechanisms, Data Subjects may invoke binding arbitration if their complaint is not resolved by the EDPS, UKICO or the SFDPIC or by the U.S. Department of Commerce after referral from the relevant data protection authorities in the EEA, the U.K. or Switzerland. For information about arbitration, visit https://www.dataprivacyframework.gov/. Cerebri AI is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Cerebri AI has further committed to refer unresolved privacy complaints under the Data Privacy Framework to independent recourse mechanisms, the  Data Protection Supervisor (“EDPS”) under the EU-US DPF, the Information Commissioner Office (“UKICO”) under the U.K. Extension, and the Federal Data Protection and Information Commissioner (“SFDPIC”) under the Swiss-US DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Cerebri AI commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to Insights Association Data Privacy Framework Services Program (“IA-DFP SP”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit  IA-DFP SP for more information or to file a complaint. The services of IA-DFP SP are provided at no cost to you.

For More Information

Data Subjects with questions about how Cerebri AI processes Personal Data should first contact the Cerebri AI customer or prospective customer that collected the Personal Data. Cerebri AI’s Security Department can be contacted by emailing cso@cerebriai.com.  Cerebri AI’s Privacy and related DPF Policies are executed in English and can be translated into other languages upon request. In case of any conflict or discrepancy between the English and translated versions, the English versions of the Cerebri AI Privacy Policy and related Cerebri AI DPF Policies shall control.

Cerebri AI may revise its Cerebri AI Privacy and DPF Policies at any time. If Cerebri AI decides to change these policies significantly or materially, Cerebri AI will post any revisions at this location.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.