Cerebri AI Privacy Policy

( Effective Date: June 1, 2018. Last revised: June 20, 2022 )

Cerebri AI is dedicated to protecting your privacy whether you are a visitor to our Cerebri AI website ( the “Website”) or a user of our software-as-a-service (“Service”) under an agreement with our Cerebri AI group of companies, including Cerebri AI Inc., incorporated under the laws of Delaware, and Cerebri AI Limited, incorporated under the laws of Ontario, Canada. Visitors to our Website and users of our software-as-a-service are herein referred to collectively as “Interested Parties” and individually as an “Interested Party .”Our privacy policy, as outlined below, is herein referred to as our “Privacy Policy” and sets forth Cerebri AI’s policy with respect to personally identifiable information (“Personal Data”) and other information collected from Interested Parties.    

We may update our Privacy Policy from time to time, and as a result, we encourage Interested Parties to check with us for updates by checking the date of the last revision shown above. We have tried to the best of our ability to use common sense English in describing our privacy policies as outlined herein; however, if you have any questions or concerns regarding our Privacy Policy, please feel free to contact us at privacy@cerebriai.com.  

Our privacy policy outlined below describes the information we receive and how it is used. We only use Personal Data and other information we collect for: ( i ) improving our Website and Service, ( iii ) engaging with Interested Parties about our Service, ( iv ) helping us provide our Service to Interested Parties and others, and ( v ) helping us provide support for the Service to you and others

We will not sell Personal Data, and if you visit our Website or use our Service, you accept and consent to this Privacy Policy. When an Interested Party registers with us or contacts us, we collect Personal Data and other information to fulfill their requests. When an Interested Party interacts with our Website, their browsers may send us log data, including their IP address, browser type/version, pages visited, time and date of visit, etc. In addition, when an Interested Party licenses our Service, we collect usage information relating to our Service. If an Interested Party subscribes to content from our Website or other Cerebri AI sources and wishes to stop receiving any of our content, they can follow our unsubscribe instructions, or they can contact us at privacy@cerebriai.com.

For marketing purposes, an Interested Party consents to Cerebri AI sharing with sponsoring partners their contact information and sponsor interaction activity when attending any Cerebri AI conference. In addition, we may collect Personal Data with consent at conferences using lead scanners. If an Interested Party uses a third party to communicate with us, we encourage them to review and become familiar with the privacy policies of these third parties.

It should be noted that if an Interested Party sends Personal Data to Cerebri AI, we will use it for the specific purposes outlined in this Privacy Policy or as otherwise directed by them. Any incidental transmission of Personal Data to us is at the Interested Party’s own risk. If an Interested Party provides us credit card information, that information is collected and processed by our third-party payment processor pursuant to their privacy policy and practices.  Pursuant to our Privacy Policy, we will not intentionally collect or maintain, do not want Interested Parties to provide, and will never ask Interested Parties for, any information regarding medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or any other sensitive information.

We use Personal Data and other information we collect to help us provide and manage our Website and Service. We need to verify accounts and activity, and we need to promote security on our Website and Service, including violations of any of our terms or policies or agreements entered into with us.   We use Personal Data, and other information we collect when we provide Interested Parties with ( i ) information about our Service, ( ii ) information in licensing to use our Service, ( iii ) customer support, and ( iv ) surveys targeting improving our Service.

We also use Personal Data and other information we collect to: ( i ) allow candidates to apply for positions at Cerebri AI, ( ii ) customize our communications and our Website according to Interested Party preferences ( allowing them to request specific information about our products and services, etc. ), ( iii ) provide the opportunity for Interested Parties to download our product documentation or any other communications available on our Website from Cerebri AI and/or third-party partners ( for example: white papers, etc. ), ( iv ) allow Interested Parties to make requests for demos of our Service, ( v ) enable Interested Parties to register for events organized by us and/or in collaboration with others, ( vi ) allow us to carry out obligations relating to any agreements entered into with Interested Parties and/or their companies, ( vii ) allow us to collect usage statistics for internal analytics relating to our Service in order to improve the Service and provide better support, ( viii ) notify Interested Parties of changes to our Service and Website, and if applicable, ( ix ) allow Interested Parties to transfer information to a third-party,

We process Personal Data and other information to ( i ) perform our obligations under contracts with Interested Parties, ( ii ) perform our legal obligations to which we are subject, which may include specific legal or regulatory requirements, and ( iii )  pursue improving and managing our Website and Services and those of third parties that will apply where we consider that it is not outweighed by an individual’s interests or rights which require protection of their Personal Data.

We may also analyze information collected from Interested Parties to create a profile of their interests and preferences, so we can tailor how we contact them or send them information about our Service that is more relevant to them. If additional information about an Interested Party is available from external sources, we may use it to assist with this. Interested Party information may also be used to help us identify general trends.

When an Interested Party does not provide Personal Data required, for example, to use our Service, we will not be able to provide our Service or may not be able to comply with a legal obligation on us. We will make it clear if and when this situation arises and what the consequences of not providing the Personal Data will be.

We may work with third-party companies who are partner organizations working on our behalf, or processors, who help us complete tasks ( such as qualifying leads ) and provide services to Interested Parties. If we share any information with these partner organizations, we only disclose Personal Data and other information to the minimum extent necessary to support our business and provide our Service, including providing technical infrastructure services, analyzing how our Service is used, providing customer service, or conducting research and surveys. These processors adhere to strict data processing obligations consistent with our Service, this Privacy Policy, applicable legislation, and the respective agreement(s) we enter into with them.

We will not make Interested Party information, including Personal Data, available to any other parties except as provided in this Privacy Policy or only with Interested Party consent. We will not sell, rent, exchange or share any Interested Party information, including Personal Data, with any third parties, without their prior permission, for any other purpose than the ones they requested or signed up for.

If we are ever involved in a merger, acquisition, or sale of all or a portion of our assets, Interested Party information, including Personal Data, may be transferred to an acquiring entity. Interested Parties will be notified of any impact of such transfers with respect to Personal Data and other information, as well as any choices they may have regarding such changes.

We may also share Interested Party information within our Cerebri AI companies but only to the extent required to provide our Service or respond to Interested Party requests and needs. All entities making up Cerebri AI will process any information and Personal Data received under all applicable laws.

We will retain information, including Personal Data of Interested Parties, for as long as needed to provide our Service or respond to requests. We only retain and use Personal Data and other information as necessary to comply with our agreements, legal obligations, and the resolution of any disputes.

If Interested Parties want to access, correct, delete, or transfer any information they have provided, they may send a request to privacy@cerebriai.com, or they may mail their request to Cerebri AI Inc., 3267 Bee Caves Rd.,  Suite 107,  Box 341  Austin, TX 78746.  We will respond and address their request within 30 days whatever method to contact us is used. This also applies to their right: ( i ) to be informed; ( ii ) of access; ( iii ) to rectification; ( iv ) to erasure; ( v ) to restrict processing; ( vi ) to data portability; ( vii ) to object; ( vii ) not to be subject to automated decision-making and (viii) to determine guidelines as to the use of their Personal Data after their death. Interested Parties also have the right to lodge a complaint with a supervisory authority.

We may share Interested Party information in response to investigations, court orders, or other regulatory, governmental, or judicial requests. We may also share Interested Party information to investigate, prevent, or take action against illegal activities, violations of Cerebri AI’s terms of use, or a separate agreement you may have entered into with us or as otherwise required by law.

We gather certain information in log files about your use of our Website, including the browser type you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Website and store it in log files. We may also log or monitor information about your access to our Service, but this does not include any Personal Data.

Cookies are small data files stored on your device that help us improve our Website and your experience browsing our Website; see which areas and features of our Website are popular. We may also, from time to time, use web beacons ( electronic images that may be used in our emails to help deliver cookies ), count visits, and understand usage and campaign effectiveness. Web browsers are usually set to accept cookies by default. You may choose to set your browser to remove or reject browser cookies, but this may affect your experience visiting our Website.

We sometimes allow third parties to provide analytics services and serve advertisements on our behalf throughout the Internet. These entities may use cookies, web beacons, and other technologies to collect information about your use of our Website and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Cerebri AI and its service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests regarding our Service and other websites and better understand your online activity. For more information about interest-based ads or to opt-out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.

We may also work with other websites or platforms to serve ads to you as part of a customized campaign unless you notify us that you prefer not to have information about you used in this way. Please note you will continue to receive generic ads.

Our Website and Service are not designed for or directed at minors as defined by local laws or regulations. We will never intentionally collect or maintain information about individuals considered children or minors. If we are notified about any collection of information about individuals considered children or minors, we will take all appropriate measures to investigate and, if necessary, delete that information.

Interested Parties may be required to provide credit card details to our credit card processors.  Payment processing services undertaken by these companies are subject to their privacy policies which may be updated from time to time. For Cerebri AI to process payments, Interested Parties authorize Cerebri AI to provide credit card details and other transaction information necessary to process their payment to credit card processing companies. For questions concerning the privacy policies of our credit card processing companies, please reach out to us at privacy@cerebriai.com.

Personal Data and other information collected within countries, outside the EEA and Switzerland, and including the United States and other countries may be transferred outside those countries for the purposes described in this Privacy Policy. We follow the laws of the countries in which we operate, and we obtain not only your consent to legitimize data transfers to the United States and elsewhere but also have in place agreements containing protections and other appropriate safeguards established by such governments. Contact us with questions or concerns regarding any transfer of Personal Data or other information at privacy@cerebriai.com.

California privacy laws give their residents the right to make requests, at no charge, to direct Cerebri AI to ( i ) send them their Personal Data we collected in the past 12 months; ( ii ) delete their Personal Data, subject to certain exemptions ( information used to detect security incidents, debugging, or to comply with a legal obligation, etc. ); and ( iii ) not sell us and not sell Personal Data collected to third parties, now or in the future. A California resident can send such requests to us by email at privacy@cerebriai.com.  If such Personal Data is deleted, we may be unable to continue providing or supporting our products or services. We do not discriminate against you for exercising your rights or offer you financial incentives related to using your personal information. In addition to the above, California Civil Code Section §1798.83 permits California residents to request certain information regarding our disclosure of certain types of Personal Data to third parties for their direct marketing purposes. A California resident can send such requests to us by email at privacy@cerebriai.com.

Cerebri AI complies with the Trans-Atlantic Data Privacy Data Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Cerebri AI has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/.

Privacy Shield Framework

As stated above, Cerebri AI complies with the The Trans-Atlantic Data Privacy Data Framework between the EU-US and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively.

Cerebri AI has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov

This Privacy Shield Privacy Policy (the “Shield Privacy Policy”) sets forth the privacy principles that Cerebri AI follows when processing Personal Data received from customers or prospective customers located in the European Economic Area (“EEA”) and Switzerland, while providing services. This Shield Privacy Policy does not apply to information collected through www.cerebriai.com or other Cerebri AI websites or to information collected during Cerebri AI sponsored sales and marketing activities.  This Shield Privacy Policy also does not apply to Personal Data collected through Cerebri AI’s recruiting process.  For purposes of this Shield Privacy Policy, Personal Data means information about an identified or identifiable individual that is received by Cerebri AI in the U.S. from the EEA or Switzerland and recorded in any form.  

Cerebri AI’s Role as a Service Provider to its Customers and Prospective Customers

           Cerebri AI is the creator of certain software products, and in connection with these software products, Cerebri AI provides product development services, solution engineering services, professional technical services, data migration services, and product technical support services, collectively referred to as Services, to its customers and prospective customers in the EEA and Switzerland through employees who may be located in the U.S. These U.S.-based employees may process Personal Data to provide Services to customers and prospective customers located in the EEA or Switzerland.

           Customers determine the categories of Personal Data and other information that are made accessible by Cerebri AI, how that information will be used, to whom it will be disclosed, and for what purposes.  Similarly, Cerebri AI’s customers and prospective customers who share data with Cerebri AI in connection with any of its Services determine which categories of Personal Data will be shared and for what purposes.  Consequently, Cerebri AI does not know the categories of Personal Data to be processed or the purpose(s) of the processing unless and until Cerebri AI receives instructions from its customers or prospective customers.  

           When Cerebri AI processes Personal Data, Cerebri AI does so only for the purpose of providing Services pursuant to the customer's or prospective customer's instructions.

Customer’s & Prospective Customer’s Responsibilities with respect to Personal Data

           Cerebri AI customers and prospective customers may choose to include Personal Data among the data shared with Cerebri AI in connection with its provision of Services.

           Cerebri AI processes only the Personal Data that its customers or prospective customers have chosen to share with Cerebri AI.  Cerebri AI has no direct or contractual relationship with the subject of such Personal Data (a "Data Subject").  As a result, when a customer or prospective customer shares Personal Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

           It is the customer's or prospective customer's responsibility to ensure that Personal Data it collects can be legally collected in the country of origin.  The customer or prospective customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject's request to exercise his or her rights with respect to Personal Data.  In addition, the customer or prospective customer is responsible for ensuring that its use of Cerebri AI’s Services is consistent with any privacy policy the customer or prospective customer has established and any notices it has provided to Data Subjects.

           Cerebri AI is not responsible for its customers’ or prospective customers’ privacy policies or practices or for the customers’ or prospective customers’ compliance with such policies or practices. Cerebri AI does not review, comment upon, or monitor its customers’ or prospective customers’ privacy policies or their compliance with such policies.  

           Cerebri AI also does not review instructions or authorizations provided to Cerebri AI to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer's or prospective customer's published privacy policy or of any notice provided to Data Subjects.  Customers and prospective customers are responsible for providing instructions and authorizations that comply with their policies, notices, and applicable laws.

Cerebri AI’s Compliance with the Privacy Shield Principles

           Cerebri AI employees located in the U.S. may provide Services for customers and prospective customers located in the EEA or Switzerland. To provide such Services, Cerebri AI may access and use Personal Data. Cerebri AI will apply the following Privacy Shield Principles to Personal Data physically or remotely transferred from the EEA or Switzerland to the U.S.

Access:  Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the Privacy Shield Principles, a Data Subject may also request that Personal Data be corrected, amended, or deleted.  When Cerebri AI receives Personal Data, it does so on its customer's or prospective customer's behalf.  To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact the Cerebri AI customer or prospective customer that collected their Personal Data.  Cerebri AI will cooperate with its customers' and prospective customers' reasonable requests to assist Data Subjects to exercise their rights under the Privacy Shield.  

Choice:  Data subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.  Cerebri AI’s customers and prospective customers are responsible for informing Data Subjects when they have the right to opt out of such uses or disclosures.  Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to Cerebri AI’s customer or prospective customer that controls the use and disclosure of their Personal Data.  Cerebri AI will cooperate with its customers’ and prospective customers’ instructions regarding Data Subjects’ choices.

Security:  Cerebri AI is committed to safeguarding the Personal Data that it receives from the EEA and Switzerland.  While Cerebri AI cannot guarantee the security of Personal Data, Cerebri AI takes reasonable and appropriate measures to protect Personal Data in Cerebri AI’s possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.  Cerebri AI utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data.  For example, facility security is designed to prevent unauthorized access to Cerebri AI computers.  Electronic security measures — including, for example, network access controls, passwords and access logging — provide protection from hacking and other unauthorized access.  Cerebri AI also protects Personal Data through the use of firewalls, role-based restrictions and, where appropriate, encryption technology.  Cerebri AI limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data.  Individuals granted access to Personal Data are aware of their responsibilities to protect such information and are provided appropriate training and instruction.

Purpose Limitation and Data Integrity:  Cerebri AI’s customers and prospective customers are responsible for limiting their collection of Personal Data to that which is necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. They also are responsible for providing Cerebri AI with instructions for the processing of Personal Data consistent with such purposes.  Cerebri AI will process Personal Data only in accordance with the customer's or prospective customer's instructions.  Cerebri AI’s customers and prospective customers also are responsible for ensuring that (a) Personal Data they collect is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the customer's or prospective customer's legitimate business purposes disclosed to the Data Subject and for compatible purposes. Cerebri AI will cooperate with customers' and prospective customers' reasonable requests for assistance in meeting these obligations.  In the performance of Services, Cerebri AI will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Cerebri AI’s legal rights.

Onward Transfer:  Cerebri AI will not disclose Personal Data to a third party, except as stated below:  Cerebri AI may disclose Personal Data to subcontractors and third-party agents who assist Cerebri AI in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, Cerebri AI will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist Cerebri AI in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the Principles; and (c) notify Cerebri AI if the recipient is no longer able to provide the required protections.  Upon notice, Cerebri AI will act promptly to stop and remediate unauthorized processing of Personal Data by a recipient.  Cerebri AI will remain liable for onward transfers to its subcontractors and third-party agents.  Cerebri AI may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Cerebri AI will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Recourse, Enforcement & Liability:  In compliance with the Privacy Shield Principles, Cerebri AI commits to resolve complaints concerning its processing of Personal Data in accordance with these Privacy Shield Principles.  Any Data Subject who has a complaint about Cerebri AI’s processing of his/her Personal Data should first contact Cerebri AI’s Chief Security Officer by emailing cso@cerebriai.com.  Cerebri AI has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles to independent recourse mechanisms, EU data protection authorities (DPAs) under the EU-U.S. Privacy Shield Framework and with the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Cerebri AI, please visit https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint for more information on how to file a complaint at no cost to you.  In addition to the above dispute resolution mechanisms, Data Subjects may invoke binding arbitration if their complaint is not resolved by the DPA, the SFDPIC, or by the Department of Commerce after referral from the relevant data protection authority in the EEA or Switzerland. For information about arbitration, visit https://www.privacyshield.gov.   Cerebri AI is subject to the investigatory and enforcement powers of the Federal Trade Commission.

For More Information

           Data Subjects with questions about how Cerebri AI processes Personal Data should first contact the Cerebri AI customer or prospective customer that collected the Personal Data. Cerebri AI’s Security Department can be contacted by emailing cso@cerebriai.com.  This Shield Privacy Shield Privacy Policy is executed in English and can be translated into other languages upon request. In the event of any conflict or discrepancy between the English language version and a translated version, the English language version of this policy shall control.

           Cerebri AI may revise its Privacy Shield Privacy Policy at any time, and if Cerebri AI decides to materially change this policy, Cerebri AI will post any revisions at this location.