Privacy Policy

‍

‍

Privacy Policy

‍

Effective Date: May 1, 2026

‍

This Privacy Policy describes how eSleuth Inc., a corporation organized under the laws of Delaware ("Company," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our websites, applications, software products, hosted services, APIs, and other services that link to or reference this Privacy Policy (collectively, the "Services").

‍

This Privacy Policy is intended to provide transparency regarding our data handling practices. It does not apply to any third-party websites, services, or applications that are not owned or controlled by us, even if they are linked from or integrated with the Services.

‍

If you are using the Services on behalf of an organization, such as your employer, a law enforcement or investigative agency or a customer of ours, that organization may control certain aspects of how your personal information is processed in connection with the Services. In those cases, we may act as a service provider, processor, or similar role on behalf of that organization, and the organization’s privacy policy may also apply.

‍

1. Scope and Roles

‍

For purposes of this Privacy Policy:

• "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual, or any similar concept under applicable law.
• "Customer Data" means data, including personal information, that our customers or their authorized users submit to, store on, transmit through, or otherwise make available via the Services.
• "Usage Data" means technical, device, log, and interaction information we automatically collect when the Services are used.

In providing the Services:

• We generally act as a controller for personal information we collect for our own business purposes, such as account administration, billing, marketing, security, analytics, and website operations.
• We generally act as a processor, service provider, or similar role for Customer Data that we process on behalf of our customers, subject to our contracts with those customers.

2. Categories of Information We Collect

‍

We may collect the following categories of personal information, depending on how you interact with the Services.

• Contact and account information, such as your name, business email address, phone number, employer, title, username, and login credentials.
• Profile and preference information, such as your profile details, communication preferences, and subscription settings.
• Commercial and transaction information, such as billing address, payment-related information, subscription details, order history, and records of purchases or evaluations.
• Communications, such as information included in your messages, support tickets, feedback, requests, survey responses, webinar registrations, or other interactions with us.
• Content and files, such as documents, attachments, prompts, inputs, outputs, and other materials you submit through the Services.

B. Information We Collect Automatically
‍‍

When you access or use the Services, we may automatically collect:

‍

• Device and browser information, such as IP address, device identifiers, operating system, browser type, language, and similar technical information.
• Log and usage information, such as access dates and times, pages viewed, features used, clicks, referring URLs, error logs, crash data, and performance diagnostics.
• Location information, such as approximate location derived from IP address or other network signals.
• Cookie and similar technology data, as described in the "Cookies and Similar Technologies" section below.

C. Information We Collect from Third Parties

‍

We may receive personal information from third parties, including:

• Business partners and resellers;
• Authentication, payment, analytics, security, hosting, and other service providers;
• Marketing, event, and lead-generation partners;
• Subscription services and platform providers, such as providers' data aggregators, providers that enable subscription management, billing, account provisioning, renewals, entitlements, or related customer administration functions;
• Public sources, such as professional networking platforms or publicly available business contact information; and
• Our customers or other users, including when they invite you to use the Services or share information with us.

D. Sensitive Personal Information

‍

We do not intentionally collect sensitive personal information except as necessary for a lawful business purpose, with your consent where required, or as otherwise permitted by law. Please do not provide sensitive personal information through the Services unless requested or expressly permitted.

‍

3. How We Use Personal Information

‍

We may use personal information for the following purposes:

• To provide, operate, maintain, support, secure, and improve the Services;
• To create, administer, and manage accounts and customer relationships;
• To authenticate users and control access to the Services;
• To process transactions, subscriptions, renewals, invoices, and payments;
• To communicate with you about the Services, including service-related notices, updates, security alerts, administrative messages, and support responses;
• To respond to inquiries, requests, feedback, and customer support issues;
• To personalize content, user experiences, and product features;
• To monitor usage, analyze trends, develop analytics, and improve performance, usability, and functionality;
• To detect, investigate, prevent, and address fraud, abuse, security incidents, unauthorized access, and other harmful or unlawful activity;
• To enforce our terms, agreements, and policies;
• To market and promote our products, services, events, and content, subject to your rights and choices;
• To comply with legal obligations, regulatory requirements, lawful requests, and industry standards; and
• For other disclosed purposes compatible with the context of collection or as otherwise permitted by law.

We may aggregate, anonymize, or de-identify information and use such information for any lawful purpose. Where we maintain de-identified information, we will not attempt to re-identify it except as permitted by applicable law.

‍

4. Legal Bases for Processing

‍

If and to the extent applicable data protection law requires a legal basis for processing, we rely on one or more of the following:

• Performance of a contract: to provide the Services, fulfill our obligations, and manage our relationship with you or your organization;
• Legitimate interests: to operate, secure, improve, and market our business and Services, except where such interests are overridden by your interests or fundamental rights and freedoms;
• Compliance with legal obligations: to satisfy applicable law, regulation, court order, or lawful process;
• Consent: where we ask for and receive your consent for a specific processing activity; and
• Other lawful bases: as otherwise available under applicable law.

5. How We Disclose Personal Information

‍

We may disclose personal information to the following categories of recipients:

• Affiliates and subsidiaries for purposes consistent with this Privacy Policy;
• Vendors, contractors, and service providers that perform services on our behalf, such as hosting, infrastructure, analytics, customer support, payment processing, security, communications, storage, and professional services;
• Integration partners and third-party services at your direction or when you choose to enable integrations or features involving third-party services;
• Business partners, resellers, channel partners and customers in connection with sales, implementation, or support of the Services;
• Professional advisers, such as lawyers, auditors, consultants, insurers, and accountants;
• Authorities, regulators, and law enforcement where required by law or necessary to protect rights, property, or safety, or in performance of the Services; and
• Other parties with your consent or at your direction.

We do not generate revenues through  the sale of sell personal information, nor do we share personal information for cross-context behavioral advertising.

‍

6. Cookies and Similar Technologies

‍

We and our service providers may use cookies, SDKs, pixels, local storage, and similar technologies to collect information automatically and support the operation of the Services.

‍

These technologies may be used to:

• keep you signed in and remember preferences;
• operate and secure the Services;
• understand how users interact with the Services;
• analyze traffic and performance;
• troubleshoot errors; and
• support marketing, advertising, and campaign measurement, where permitted.

You can manage cookies through your browser settings and, where available, our cookie management tools. Blocking or disabling certain technologies may affect the functionality of the Services.

‍

If required by applicable law, we will obtain consent before placing non-essential cookies or similar technologies on your device.

‍

7. Customer Data and Enterprise Accounts

‍

When we process Customer Data on behalf of our customers, our customers determine the purposes and means of processing, subject to our contractual arrangements. In those cases:

• we process Customer Data only on the customer’s documented instructions, unless otherwise required by law;
• we implement appropriate technical and organizational measures designed to protect Customer Data;
• we require our sub processors and service providers to protect Customer Data through appropriate contractual commitments; and
• we assist customers with certain legal obligations, requests, or incidents as required by contract or applicable law.

If you use the Services through an employer, administrator, or other organization, that organization may be able to access, disclose, restrict, or remove information associated with your account or use of the Services in accordance with its policies and applicable law.

‍

8. Data Retention

‍

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide the Services;
• maintain business and financial records;
• comply with legal, tax, accounting, and reporting obligations;
• fulfill our contractual  agreements; and
• resolve disputes and protect our legal interests.

Retention periods vary depending on the type of information, the context in which it was collected, the nature of the relationship, and applicable legal requirements. We may retain de-identified or aggregated information for longer periods where permitted by law.

‍

9. Data Security

‍

We implement reasonable and appropriate technical, administrative, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

‍

You are responsible for maintaining the confidentiality of your account credentials and for any activities conducted through your account, except to the extent caused by our failure to implement appropriate safeguards.

‍

10. International Data Transfers

‍

We process personal information exclusively in the United States. In the future, we may process personal information in other countries where we or our service providers operate. Those countries may have data protection laws that differ from the laws of your jurisdiction. Where required by applicable law, we will implement appropriate safeguards for cross-border transfers of personal information, which may include standard contractual clauses, data transfer agreements, adequacy decisions, privacy impact assessments or other legally recognized mechanisms.

‍

11. Your Rights and Choices

‍

Depending on your location and subject to applicable law, you may have the right to:

• access personal information we hold about you;
• request correction of inaccurate or incomplete personal information;
• request deletion of personal information;
• object to or request restriction of certain processing;
• withdraw consent where processing is based on consent;
• request portability of certain personal information;
• opt out of certain marketing communications;
• opt out of the sale or sharing of personal information, if applicable; and
• appeal or lodge a complaint with a supervisory authority or regulator.

You may exercise certain rights by contacting us using the information in the "Contact" section below. We may need to verify your identity before processing your request. We will not discriminate against you for exercising rights conferred by applicable law.

‍

If we process personal information on behalf of a customer, we may direct your request to the relevant customer or instruct you to contact that customer directly.

‍

Marketing Communications

‍

You may opt out of promotional emails by following the unsubscribe instructions in those emails or by contacting us. Even if you opt out of promotional messages, we may still send you transactional or service-related communications.

‍

Do Not Track and Similar Signals

Our Services may not respond to browser-based "Do Not Track" signals unless required by applicable law. Where legally required, we will honor opt-out preference signals in accordance with applicable law.

‍

12. U.S. State Privacy Disclosures

‍

If you are a resident of a U.S. state that provides specific privacy rights, including California or other states with applicable privacy laws, you may have additional rights and disclosures. Depending on the law that applies, these may include:

• the right to know the categories of personal information collected, disclosed, sold, or shared;
• the right to know the purposes for collecting, using, or disclosing personal information;
• the right to access, correct, or delete personal information;
• the right to opt out of certain targeted advertising, sales, or profiling activities;
• the right to limit the use and disclosure of sensitive personal information, where applicable; and
• the right not to be discriminated against for exercising privacy rights.

In the preceding 12 months, we may have collected and disclosed for business purposes the categories of personal information described in Section 2 of this Privacy Policy. We encourage you to add a jurisdiction-specific privacy supplement if the Services are subject to the California Consumer Privacy Act, as amended, or similar state laws and your practices require additional statutory disclosures.

‍

13. Children’s Privacy

‍

The Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under that age without legally sufficient authorization. If you believe a child has provided personal information in violation of this Privacy Policy, please contact us so we can take appropriate action.

‍

14. Third-Party Services

‍

The Services may contain links to or integrations with third-party websites, products, or services. We are not responsible for the privacy, security, or data handling practices of third parties, and this Privacy Policy does not apply to them. You should review the applicable privacy policies and terms of those third parties before interacting with them.

‍

15. Changes to This Privacy Policy

‍

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will post the updated Privacy Policy and revise the Effective Date above. If required by law, we will provide additional notice or obtain consent for material changes.

‍

16. Contact Us

‍

If you have questions, requests, or complaints regarding this Privacy Policy or our privacy practices, you may contact us at:

‍

eSleuth, Inc.
Attn: Chief Compliance Officer
Address: 712 Bancroft Rd., Suite 423, Walnut Creek, CA 94598
Email: tryder@eSleuth.ai

If applicable law requires the appointment of arepresentative, data protection officer, or similar contact, insert that information here:

Representative / DPO: Chief Compliance Officer
Email: tryder@eSleuth.ai
‍

17. Additional Jurisdiction-Specific Provisions

To the extent required by applicable law, the Services maybe supplemented by additional privacy notices for specific jurisdictions, products, or business relationships, including:

• a website cookie notice;
• a California privacy notice;
• a GDPR/UK GDPR notice;
• a job applicant privacy notice;
• a customer-facing data processing addendum; and
• product- or service-specific privacy disclosures.

In the event of a conflict between this Privacy Policy and any jurisdiction-specific supplement, the supplement will control to the extentof the conflict for individuals located in the relevant jurisdiction.

‍

‍

‍