Cerebri AI is dedicated to protecting your privacy whether you are a visitor to Cerebri AI websites ( herein referred to as our “Website” ) or a user of oursoftware-as-a-service solutions ( “Services” ) under an agreement with our Cerebri AI group of companies, including Cerebri AI Inc., incorporated under the laws of the State of Delaware, Interplx Holdings LLC, incorporated under the laws of the State of Delaware, and Cerebri AI Limited, incorporated under the laws of the Province of Ontario, Canada ( the group being referenced herein as “Cerebri AI” ).

Visitors to our Website and users of our software-as-a-service solutions are herein referred to collectively as “Interested Parties” and individually as an“Interested Party.” Our privacy policy, as outlined below, is herein referred to as our “Privacy Policy” and sets forth Cerebri AI’s policy with respect to personally identifiable information ( “Personal Data” ) and other information collected from Interested Parties. For purposes of providing our Services, please note that Personal Data may include both personally identifiable “human resources” data ( “HR Data” ) and/or personally identifiable “personal data other than H.R. Data” ( “Non-HR Data” ).

We may update our Privacy Policy from time to time, and as a result, we encourage Interested Parties to check with us for updates by checking the date of the last revision shown above. To the best of our ability, we have tried to use common sense English in describing our privacy policies as outlined herein; however, if you have any questions or concerns regarding our Privacy Policy, please feel free to contact us at privacy@cerebriai.com.  

What We Use Personal Data For

Our privacy policy outlined below describes the information we receive from Interested Parties and how it is used. We only use Personal Data and other information we collect for improving our Website and for our Services.

Our Services help corporations, government agencies and non-governmental organizations ( “NGOs”) manage their travel programs and related spending for expenses such as meals and entertainment. Such spending is referred to as “T&E” spending by corporations, government agencies and NGOs. The Global Business Travel Association ( Washington D.C. ) has estimated that global business T&E spending will total in excess of US $1.5 trillion in 2025.

T&E spending is a very important discretionary spending category in most organizations and receives significant attention from travel managers, procurement,and financial planning & analysis ( “FP&A” ) staff. T&E spending by organizations vary depending on their industry vertical, economic conditions, and other factors and can range up to over $1 billion per organization for the largest T&E spenders.

Interested Parties in T&E programs are
( i ) Employees of organizations that use our Services and
( ii ) Non-employees such as recruits, speakers for events, health care patients, professional staff, and others, that organizations that use our Services pay for their T&E spending ( usually referred to as “Guest Travel” ).

T&E programs use specialized tools to

( i ) Book travel – either with the aid of travel agents and online booking agencies similar to Booking.com andExpedia Group, Inc., such services usually provided by travel management companies ( referred “TMCs” );
( ii ) Pay for travel, especially large ticket items such as airfares and hotel charges, usually using corporate credit cards ( “Cards” ), and
( iii ) Expense reporting tools that Interested Parties fill in on a regular basis to account for their T&E spending for reimbursement by their organization.

Cerebri AI offers a number of Services to help organizations manage their T&E spending including:

( i ) Reconciling and aggregating on a global basis TMC, Card and expense report data,
( ii ) Auditing airfares & hotel rates purchased from TMCs versus what airlines charge on their website online on the Internet,
( iii) Auditing air & hotel contracts which organizations sign to ensure the availability of discounted fares, and
( iv ) Advanced AI-based analytics helping travel managers, procurement and FP&A staff manage T&E spending.

In September 2025, Cerebri AI purchased InterplX, Inc. ( “Interplx” ), a Minneapolis MN company that provides

( i ) Expense reporting services for companies of all sizes used by their Interested Party employees to tabulate their T&E spending,
( ii ) Reimbursement services for tabulated expense reports, usually carried out via banking automated clearing house services ( “ACH” transfers ), and expense reporting and reimbursement services for “Guest Travel” where organizations pay for travel and related expenses for non-employee Interested Parties as outlined above.

Cerebri AI has, and continues to, undertake a number of third-party certifications and related annual audits to support our Services processing Interested Party credit card data and Interested Party reimbursements of T&E spending. Such third-party certifications and related annual audits include:

   ( i )   “PCI DSS” - the Payment Card Industry Data Security Standard administered by the Payment Card Industry Security Standards Council. It regulates how we store, process, and transmit credit cardholder data and/or sensitive authentication data;

  ( ii )   ISO/IEC 27001 - the standard for establishing, implementing, maintaining and continually improving an information security management system originally published jointly by the International Organization for Standardization ( “ISO”) and the International Electrotechnical Commission ( “IEC” );

  ( iii )   “SOC1 ( Type 2 ); “SOC 2” ( Type 1 ); and “SOC 3” ( Type 2 ) -the organizational system and organization controls as defined by the American Institute of Certified Public Accountants ( “AICPA” ): and

 ( iv )   “ACH Rules” – the automated clearinghouse transfer rules administered by the National Automated ClearingHouse Association ( “NACHA” ), a non-profit organization owned by c financial institutions and payments associations.

For our Services, Personal Data is processed for the exclusive use of Interested Parties using our Services. We do not sell Personal Data. If you visit our Website or use our Services, you accept and consent to this Privacy Policy.

When an Interested Party registers with us, or contacts us, we collect Personal Data and other information to fulfill their requests. When an Interested Party interacts with our Website, their browsers may send us log data, including their I.P. address, browser type/version, pages visited, time and date of visit, etc.

When an Interested Party uses our Services, we collect usage information relating to our Services. If an Interested Party subscribes to content from our Website or other Cerebri AI sources and wishes to stop receiving any of our content, they can follow our unsubscribe instructions, or they can contact us at privacy@cerebriai.com.

For marketing purposes, an Interested Party consents to Cerebri AI sharing with sponsoring partners their contact information and sponsor interaction activity when attending a conference, convention or trade show where Cerebri AI is an active participant. In addition, we may collect Personal Data at these events using lead scanners. If an Interested Party uses a third party to communicate with us, we encourage them to become familiar with the privacy policies of these third parties.

If an Interested Party sends Personal Data to Cerebri AI, we will only use it for the specific purposes outlined in this Privacy Policy or as otherwise directed by them. Any incidental transmission of Personal Data to us is at the Interested Party’s own risk. If an Interested Party provides us credit card information for payments on our Website, it is collected and processed by our third-party payment processor pursuant to their privacy policy and practices.  Pursuant to our Privacy Policy, we will not intentionally collect or maintain Personal Data, and we do not want Interested Parties to provide, and we will never ask Interested Parties for, any information regarding medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or any other sensitive information.

We use Personal Data and other information we collect to help us provide and manage our Website and to provide our Services. We need to verify accounts and activity ,and we need to promote security on our Website and for our Services, including violations of any of our terms or policies or agreements entered into with us.   We use Personal Data and other information we collect when we provide Interested Parties with

( i ) Information about our Services,
( ii ) Information in licensing to use our Services,
( iii ) Customer support, and ( iv ) surveys used to improve our Services.

We also use Personal Data and other information we collect to:

( i ) Allow candidates to apply for positions at Cerebri AI;
( ii ) Customize our communications and our Website according to Interested Party preferences ( allowing them to request specific information about our products and services, etc. );
( iii ) Provide the opportunity for Interested Parties to download our product documentation or any other communications available on our Website from Cerebri AI and/or third-party partners ( e.g., white papers );
( iv ) Allow Interested Parties to make requests for demos of our Services;
( v ) Enable Interested Parties to register for events organized by us or organized in collaboration with others;
( vi ) Allow us to carry out obligations relating to any agreements entered into with Interested Parties and/or their companies;
( vii ) Allow us to collect usage statistics for internal analytics relating to our Services in order to improve out Services and provide better support;
( viii ) Notify Interested Parties of changes to our Services and Website, and if applicable; and
( ix ) Allow Interested Parties to transfer information to a third-party,

We process Personal Data and other information to

( i ) Perform our obligations under contracts with Interested Parties,
( ii ) Perform our legal obligations to which we are subject, which may include specific legal or regulatory requirements, and
( iii ) Pursue improving and managing our Website and Services and those of third parties that will apply where we consider that it is not outweighed by an individual’s interests or rights which require protection of their Personal Data.

We may also analyze information collected from Interested Parties to create a profile of their interests and preferences so we can tailor how we contact them or send them information about our Services that is more relevant to them. If additional information about an Interested Party is available from external sources, we may use it to assist with this. Interested Party information may also be used to help us identify general trends.

When an Interested Party does not provide Personal Data required, for example, to use our Services, we will not be able to provide our Services or may not be able to comply with any related legal obligations. We will make it clear if and when this situation arises and what the consequences of not providing the Personal Data will be.

We may work with third-party companies who are partner organizations working on our behalf or processors to help us

( i ) Complete tasks such as qualifying leads; and
( ii ) Provide Services to Interested Parties.

If we share any information with these partner organizations, we only disclose Personal Data and other information to the minimum extent necessary to support our business and provide our Services, including providing technical infrastructure services, analyzing how our Services are used, providing customer service, or conducting research and surveys. These processors adhere to strict data processing obligations consistent with our Services, this Privacy Policy, applicable legislation, and the respective agreements we enter into with them.

We will not make Interested Party information, including Personal Data, available to any other parties except as provided in this Privacy Policy or only with Interested Party consent. We will not sell, rent, exchange, or share any Interested Party information, including Personal Data, with any third parties, without their prior permission, for any other purpose than the ones they requested or signed up for. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, Interested Party information, including Personal Data,may be transferred to an acquiring entity.

We may also share Interested Party information within our Cerebri AI group of companies,but only to the extent required to provide our Services or respond to Interested Party requests and needs. All entities making up the Cerebri AI group of companies will process any information and Personal Data received under all applicable laws.

We will retain information, including Personal Data of Interested Parties, for as long as needed to provide our Services, or respond to requests. We only retain and use Personal Data and other information as necessary to comply with our agreements,legal obligations, and the resolution of any disputes.

If Interested Parties want to access, correct, delete, or transfer any information they have provided, they may send a request to Cerebri AI at privacy@cerebriai.com, and we will respond and address their request within 30 days. This also applies to their right:

( i ) To be informed,
( ii ) Of access,
( iii ) To rectification,
( iv ) To erasure,
( v ) To restrict processing,
( vi ) To data portability;
( vii ) To object;
( vii ) Not to be subject to automated decision-making and
( viii ) To determine guidelines as to the use of their Personal Data after their death.

Interested Parties also have the right to lodge a complaint with a supervisory authority.

We may share Interested Party information in response to investigations, court orders, or other regulatory, governmental, or judicial requests. We may also share Interested Party information to investigate, prevent, or take action against illegal activities, violations of Cerebri AI’s terms of use, or a separate agreement you may have entered into with us or as otherwise required by law.

We gather certain information in log files about your use of our Website, including thebrowser type you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Website and storing it in log files. We may also log or monitor information about your access to our Services, but this does not include any Personal Data.

Cookies are small data files stored on your device that help us improve our Website and your experience browsing our Website; see which areas and features of our Website are popular. We may also, from time to time, use web beacons (electronic images that may be used in our emails to help deliver cookies ),count visits, and understand usage and campaign effectiveness. Web browsers are usually set to accept cookies by default. You may choose to set your browser to remove or reject browser cookies, but this may affect your experience visiting our Website.

We sometimes allow third parties to provide us with analytics services and to serve up advertisements on our behalf throughout the Internet. These entities may usecookies, web beacons, and other technologies to collect information about your use of our Website and other websites and applications, including your IP address, web browser, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by Cerebri AI and its service providers to, among other things, analyze and track data,determine the popularity of certain content, deliver advertising and content targeted to your interests regarding our Services and other websites, and better understand your online activity. For more information about interest-based ads or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.

We may also work with other websites or platforms to serve ads to you as part of a customized campaign unless you notify us that you prefer not to have information about you used in this way. Please note you will continue to receive generic ads.

Our Website and Services are not designed for or directed at minors as defined by local laws or regulations. We will never intentionally collect or maintain information about individuals considered children or minors. If we are notified about any collection of information about individuals considered children or minors, we will take all appropriate measures to investigate and, if necessary, delete that information.

Interested Parties may be required to provide credit card details for purchases on ourwebsite to credit card processors.  Such payment processing services undertaken by these companies are subject to their privacy policies, which may be updated from time to time. For Cerebri AI to process such payments, Interested Parties authorize Cerebri AI to provide credit card details and other transaction information necessary to process their payment to credit card processing companies. For questions concerning the privacy policies of our credit card processing companies, please contact us at privacy@cerebriai.com.

Personal Data and other information collected within countries outside the EEA and Switzerland, including the United States and other countries, may be transferred outside those countries for the purposes described in this Privacy Policy. We follow the laws of the countries in which we operate, and we obtain not only your consent to legitimize data transfers to the United States and elsewhere but also have agreements containing protections and other appropriate safeguards established by such governments. Contact us with questions or concerns regarding any transfer of Personal Data or other information at privacy@cerebriai.com.

California privacy laws give their residents the right to make requests, at no charge, to direct Cerebri AI to

( i ) Send them their Personal Data we collected in the past 12 months;
( ii ) Delete their Personal Data, subject to certain exemptions ( information used to detect security incidents, debugging, or to comply with a legal obligation, etc. ); and
( iii ) Not sell us and not sell Personal Data collected to third parties, now or in the future. A California resident can send such requests to us by email at privacy@cerebriai.com.

If such Personal Data is deleted, we may be unable to continue providing or supporting our Services. We do not discriminate against you for exercising your rights or offer you financial incentives related to using your personal information. In addition to the above,California Civil Code Section §1798.83 permits California residents to request certain information regarding our disclosure of certain types of Personal Data to third parties for their direct marketing purposes. A California resident cansend such requests to us by email at privacy@cerebriai.com.

Data Privacy Framework

Cerebri AI complies with the EU-U.S. Data Privacy Framework( “EU-U.S. DPF” ) and the UK Extension to the EU-U.S. DPF, andthe Swiss-U.S. Data Privacy Framework ( “Swiss-U.S. DPF” ) as set forth by the U.S. Department of Commerce. Our compliance with the EU-U.S. DPF includes coverage for both Cerebri AI Inc. and its subsidiary Interplx Holdings LLC.

Cerebri AI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S.Data Privacy Framework Principles ( “EU-U.S. DPF Principles” ) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. 

Cerebri AI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S.Data Privacy Framework Principles ( “Swiss-U.S. DPF Principles” ) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. 

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework ( “DPF”) Program, and to view our certification, please visit the website of the Data Privacy Framework.

As indicated in our Privacy Policy above, for purposes of providing our Services, personally identifiable information ( “Personal Data” ) that we collect, use, and retain may include both personally identifiable “human resources” data ( “HR Data” ) and/or personally identifiable data “other than H.R. data” ( “Non-HR Data” ). We may also collect, use, and retain other information from Interested Parties that is not Personal Data.

Cerebri AI’s core business includes the

( i ) Processing and analyzing data related to T&E spending of corporations, government agencies and NGOs, and
( ii ) Compiling of T&E spending by Interested Parties that employees, and in some case non-employees ( Guest Travel ), andthe reimbursement of the T&E spending thereof. We intake, quality assure,enhance, reconcile and consolidate various and datasets that contain Personal Data including HR Data and Non-HR Data from multiple vendors used by our customers processing their T&E data.

This Data Privacy Framework Policy ( the “Cerebri AI DPF Policy” ) sets forth the privacy principles that Cerebri AI follows when processing Personal Data as defined above received from customers or prospective customers located in the European Economic Area ( “EEA” ),the U.K. and Switzerland while providing our Services.

This Cerebri AI DPF Policy does not apply to information collected through www.cerebriai.com or other Cerebri AI websites or information collected during Cerebri AI-sponsored sales and marketing activities. This Cerebri AI DPF Policy also does not apply to Personal Data collected through Cerebri AI’s recruiting process.

For purposes of this Cerebri AI DPF Policy, Personal Data means both HR Data & Non-HR Data about an identified or identifiable individual that is received by Cerebri AI in the U.S. from the EEA, the U.K. or Switzerland and recorded in any form.   

Cerebri AI’s Role as a Services Provider to its Customers and Prospective Customers

Cerebri AI is the creator of T&E software solutions. In connection with these T&E  software solutions, Cerebri AI undertakes software development services, solution engineering services, professional technical services, data migration services, and product technical support services, allused in delivering its Services, to its customers and prospective customers in the EEA, the U.K., and Switzerland through employees who may be located in the U.S.

These U.S.-based employees may process Personal Data to provide Services to customers and prospective customers in the EEA,the U.K., or Switzerland. Customers determine the categories of Personal Data and other information made accessible to Cerebri AI, how that information will be used, to whom it will be disclosed, and for what purposes. Similarly, Cerebri AI’s customers and prospective customers who share data with Cerebri AI in connection with any of its Services determine which categories of Personal Data will be shared and for what purposes.  

Consequently, Cerebri AI does not know the categories of Personal Data to be processed or the purpose(s) of the processing unless and until Cerebri AI receives instructions from its customers or prospective customers. When Cerebri AI processes Personal Data, Cerebri AI does so only to provide Services pursuant to a customer’s or prospective customer’s instructions.

Customer’s & Prospective Customer’s Responsibilities with Respect to Personal Data

Cerebri AI customers and prospective customers may choose to include Personal Data among the data shared with Cerebri AI in connection with its provision of Services. 

Cerebri AI processes only the Personal Data that its customers or prospective customers have chosen to share with Cerebri AI.  Cerebri AI has no direct or contractual relationship with the subject of such Personal Data ( a “Data Subject”).  As a result, when a customer or prospective customer shares Personal Data, the customer or prospective customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

It is the customer’s or prospective customer’s responsibility to ensure that Personal Data it collects can be legally collected in the country of origin.  The customer or prospective customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject’s request to exercise their rights with respect to Personal Data. In addition, the customer or prospective customer is responsible for ensuring that its use of Cerebri AI’s Services is consistent with any privacy policy the customer or prospective customer has established and any notices it has provided to Data Subjects.

Cerebri AI is not responsible for its customers’ or prospective customers’ privacy policies or practices or for the customers’ or prospective customers’ compliance with such policies or practices. Cerebri AI does not review, comment upon, or monitor its customers’ or prospective customers’ privacy policies or compliance with such policies. 

Cerebri AI also does not review instructions or authorizations provided to Cerebri AI to determine whether the instructions or authorizations comply with or conflict with the terms of a customer’s or prospective customer’s published privacy policy or any notice provided to Data Subjects.  Customers and prospective customers are responsible for providing instructions and authorizations that comply with their policies, notices, and applicable laws.

Cerebri AI’s Compliance with the Data Privacy Framework

Cerebri AI employees in the U.S. may provide Services for customers and prospective customers in the EEA, the U.K., or Switzerland. To provide such Services, Cerebri AI may access and use Personal Data. Cerebri AI will apply the following Cerebri AI DPF Policy to Personal Data physically or remotely transferred from the EEA, the U.K., or Switzerland to the U.S. 

Access: Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the Cerebri AI DPF Policy, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When Cerebri AI receives Personal Data, it does so on its customer’s or prospective customer’s behalf.  To request access to or correction, amendment, or deletion of Personal Data, Data Subjects should contact the Cerebri AI customer or prospective customer that collected their Personal Data.  Cerebri AI will cooperate with its customers’ and prospective customers’ reasonable requests to assist Data Subjects in exercising their rights under the Data Privacy Framework.

Choice: Data subjects have the right to opt out of

( a ) Disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized and
( b ) Uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.  

Cerebri AI’s customers and prospective customers are responsible for informing Data Subjects when they have the right to opt out of such uses or disclosures. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to Cerebri AI’s customer or prospective customer that controls the use and disclosure of their Personal Data. Cerebri AI will cooperate with its customers’ and prospective customers’ instructions regarding Data Subjects’ choices.

Security: Cerebri AI is committed to safeguarding the Personal Data it receives from the EEA, the U.K., and Switzerland.  While Cerebri AI cannot guarantee the security of Personal Data, Cerebri AI takes reasonable and appropriate measures to protect Personal Data in Cerebri AI’s possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  Cerebri AI utilizes online and offline security technologies, procedures, and organizational measures to help safeguard Personal Data.  For example,facility security is designed to prevent unauthorized access to Cerebri AI computers.  Electronic security measures — including, for example, network access controls, passwords, and access logging — provide protection from hacking and other unauthorized access.  Cerebri AI also protects Personal Data through the use of firewalls, role-based restrictions, and, where appropriate,encryption technology.  Cerebri AI limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data.  Individuals granted access to Personal Data are aware of their responsibilities to protect such information and are provided with appropriate training and instruction.

Purpose Limitation and Data Integrity:  Cerebri AI’s customers and prospective customers are responsible for limiting their Personal Data collection to that necessary to accomplish the purposes disclosed to Data Subjects and compatible purposes. They are also responsible for providing Cerebri AI with instructions for processing Personal Data consistent with such purposes.  Cerebri AI will process Personal Data only in accordance with the customer’s or prospective customer’s instructions.   Cerebri AI’s customers and prospective customers are also responsible for ensuring that

( a ) Personal Data they collect is accurate, complete, current, and reliable for its intended uses and
( b ) Personal Data is retained only for as long as is necessary to accomplish the customer’s or prospective customer’s legitimate business purposes disclosed to the Data Subject and for compatible purposes.

Cerebri AI will cooperate with customers’ and prospective customers’ reasonable requests for assistance in meeting these obligations.  In the performance of Services, Cerebri AI will request only the minimum amount of information required to perform the applicable Services and will retain such information only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Cerebri AI’s legal rights.

Onward Transfer:  Cerebri AI will not disclose Personal Data to a third party, except as stated below:  Cerebri AI may disclose Personal Data to subcontractors and third-party agents who assist Cerebri AI in providing Services to its customers and prospective customers. Before disclosing Personal Data to a subcontractor or third-party agent, Cerebri AI will obtain assurances from the recipient that it will:

( a ) Use the Personal Data only to assist Cerebri AI in providing the Services;
( b ) Provide at least the same level of protection for Personal Data as required by the Principles; and
( c ) Notify Cerebri AI if the recipient is no longer able to provide the required protections. Upon notice, Cerebri AI will promptly act to stop and remediate a recipient’s unauthorized processing of Personal Data.  

Cerebri AI will remain liable for onward transfers to subcontractors and third-party agents.  Cerebri AI may also be required to disclose and may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent permitted, Cerebri AI will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Recourse, Enforcement & Liability:  Cerebri AI commits to resolve complaints concerning its processing of Personal Data in accordance with the DPF.  Any Data Subject who has a complaint about Cerebri AI’s processing of their Personal Data should first contact Cerebri AI’s Chief Security Officer by emailing cso@cerebriai.com. If you do not receive timely acknowledgment of your complaint, or if Cerebri AI does not satisfactorily address your complaint, please visit https://www.dataprivacyframework.gov/s/assistance  for more information on how to file a complaint at no cost to you.

Cerebri AI has committed to refer unresolved HR data privacy complaints under the Data Privacy Framework to independent recourse mechanisms, the  data protection Authorities including the EU Data Protection Authorities     ( “EU-USDPAs” ) under the EU-US DPF, the UK Information Commissioners Office ( “UK-ICOs”) under the U.K. Extension, and the Swiss Federal Data Protection and Information Commissioner ( “Swiss FDPIC” ) under the Swiss-US DPF.

Cerebri AI has further committed to refer unresolved Non-HR data privacy complaints to the Insights Association’s Data Privacy Framework Services Program ( “IA-DPFSP” ), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit here https://www.insightsassociation.org/Resources/Data-Privacy-Framework for more information or to file a complaint. The services of IA-DPF SP are provided at no cost to you.

In addition, Data Subjects may invoke binding arbitration for both HR data and Non-HR data complaints if their complaints are not resolved by the IA-DPF SP for Non-HR data and by the EU-US DPAs, UK-ICOs or the Swiss FDPIC for HR data or by the U.S. Department of Commerce after referral from the relevant data protection authorities in the EEA, the U.K. or Switzerland. For information about binding arbitration, visit https://www.dataprivacyframework.gov/. Cerebri AI is subject to the investigatory and enforcement powers of the Federal Trade Commission.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Cerebri AI commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities ( “DPAs” ) and the UK Information Commissioner’s Office ( UK-ICO ) and the Swiss Federal Data Protection and Information Commissioner ( Swiss FDPIC ) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

For More Information

Data Subjects with questions about how Cerebri AI processes Personal Data should first contact the Cerebri AI customer or prospective customer that collected the Personal Data. Cerebri AI’s Security Department can be contacted by emailing cso@cerebriai.com.  Cerebri AI’s Privacy and related DPF Policies are executed in English and can be translated into other languages upon request. In case of any conflict or discrepancy between the English and translated versions, the English versions of the Cerebri AI Privacy Policy and related Cerebri AI DPF Policies shall control. Cerebri AI may revise its Cerebri AI Privacy and DPF Policies at any time. If Cerebri AI decides to change these policies significantly or materially, Cerebri AI will post any revisions at this location.