Privacy Policy

Effective: 5 November 2025

This policy covers the Axari.ai public website (the “Website”). It does not cover how we process customer data inside the Axari product; that is governed by our Data Processing Addendum (DPA) and applicable agreements.

1) Scope

Applies to Website visitors and Website interactions (forms, newsletters, event signups, downloads, cookie choices).
Not applicable to product/tenant data processed on behalf of customers; see DPA.

3) What we collect

A. You provide:

Identifiers & contact (name, email, phone, company, role, region).
Content (free-text in forms, support requests, event/webinar details).
Preferences (marketing opt-in/out, cookie choices).

B. Collected automatically:

Device/usage (IP address and coarse location from IP, browser/OS, device type, pages/events, time on page, referrer/UTMs, error logs).
Cookies/SDKs/pixels (unique IDs for session continuity, analytics, A/B testing, and—if enabled—ads measurement).

C. From third parties (where permitted):

Lead enrichment/event platforms (title, employer, industry, attendance).
Analytics/ads partners (campaign and conversion data).
Public sources (company websites, professional profiles).
Offline interactions (conference booth scans, business cards, etc.).

Important: Do not submit sensitive data (health, payment card numbers, government IDs) via Website forms.

4) How we use data (purposes) & legal bases

Operate & secure the Website: load pages, prevent abuse/fraud, debug, monitor reliability. (Legitimate interests; legal obligation where applicable.)
Analytics & site improvement: understand traffic and content performance. (Consent where required; otherwise legitimate interests.)
Respond to you / provide resources: demos, content requests, support. (Contract or legitimate interests.)
Marketing communications: newsletters, events, product updates with opt-out. (Consent where required; legitimate interests otherwise.)
Compliance: legal requests, sanctions checks if applicable, record-keeping. (Legal obligation/legitimate interests.)

GDPR legal bases we may rely on: consent; contract; legal obligation; legitimate interests.

5) Cookies & tracking choices

Types: strictly-necessary (security/session), functional (remember choices), analytics (traffic/performance), advertising/retargeting (optional).
Controls: cookie banner and preferences center to accept/decline non-essential cookies; browser controls to clear or block cookies.
Global Privacy Control (GPC): treated as an opt-out of “sale/share” and targeted ads where applicable.
Do Not Track (DNT): not reliably honored industry-wide; we align with modern signals (e.g., GPC).

6) Disclosures (who we share with)

Service providers/processors: hosting, security, analytics, CRM/marketing automation, email delivery, event platforms, support tools, and (if enabled) advertising/measurement partners.
Affiliates: entities under common control following this policy or equivalent protections.
Corporate events: financing, merger, acquisition, or sale (with appropriate safeguards).
Legal/safety: to comply with law, protect rights/security, prevent fraud/abuse.
Professional advisors: lawyers, auditors, accountants under confidentiality.
Aggregated/de-identified data: statistics that do not identify you.
Consent-driven sharing: where you direct us to share.

7) International transfers

Data may be processed outside your jurisdiction (e.g., US/India).
EEA/UK: Standard Contractual Clauses (and UK addendum) with supplementary measures where appropriate.
Other regions: adequacy decisions or contractual safeguards.

8) Security

Administrative, technical, and organizational measures: encryption in transit, least-privilege access, logging/monitoring, vulnerability management, and incident processes.

No method is 100% secure; residual risk cannot be eliminated.

9) Retention

Keep data only as long as needed, then delete or irreversibly de-identify.

Typical ranges (may vary by tool/law/dispute):

Web analytics: up to ~26 months (or shorter per tool settings).
Marketing contacts: up to 24 months after last engagement or until opt-out.
Inquiry records & logs: ~12–36 months or as required by law or for investigations.

10) Your privacy rights

EEA/UK (GDPR/UK GDPR)

Access, rectification, erasure, restriction, portability, objection (including to direct marketing), and withdrawal of consent.
Complain to a supervisory authority (UK: ICO).

United States (e.g., CCPA/CPRA and similar state laws)

Know/access, correct, delete personal information; opt-out of sale/share and targeted advertising; limit use/disclosure of sensitive information; non-discrimination; appeal a decision.
We honor GPC for sale/share and targeted ads opt-outs where applicable.

India (DPDP Act, 2023)

Access, correction, erasure, and grievance redressal via the Grievance Officer.

Brazil (LGPD) and other regions

Comparable rights (confirm processing, access, correction, anonymization/blocking/deletion of unnecessary data, portability, information about sharing, withdraw consent, review of automated decisions where applicable).

How to exercise your rights

Email privacy@axari.ai.

Verification: We may ask for reasonable information to confirm identity; authorized agents may submit requests where permitted (with proof of authorization). We will respond within statutory timeframes and explain any denials or fees allowed by law.

11) Children

Website not intended for children under 13 (or 16 in the EEA/UK). We do not knowingly collect data from children via the Website; contact us to remove such data.

12) Third-party sites & integrations

Links, embeds, and integrations (e.g., video hosts, social, analytics, AI features, or other tools) are governed by those third parties’ terms/policies. Review those policies to understand their practices; we are not responsible for them.

13) Changes to this policy

We update this policy as needed. Material changes will be posted with a new Effective date; where required, we will provide additional notice.

14) “Notice at Collection” (US states; text format)

Categories of personal information we collect: identifiers (name, email, IP, cookie ID), internet/network activity (page views, clicks, device/browser), commercial/transactional data (registrations/downloads), geolocation (coarse, from IP), professional data (title, employer), inferences (site-level interest categories).

Purposes: site operation/security, analytics, content improvement, responding to inquiries, marketing communications (opt-out available), and compliance.

Sources: you (forms, emails), automatic collection (cookies/SDKs), third-party providers, public sources.

Disclosures: service providers/processors; affiliates; (if enabled) advertising/measurement partners; legal/professional advisers; corporate events.

Sale/Share: we do not sell personal information for money; if we engage in cross-context behavioral advertising, it may be deemed a “share”—you may opt out (including via GPC).

Retention: see Section 9 for typical ranges.

Your choices: use the cookie banner/preferences center, send GPC, click “Do Not Sell or Share My Personal Information” ([insert link]), or email privacy@axari.ai.

15) Analytics & similar technologies (examples)

We may use analytics/engagement tools (e.g., Google Analytics, HubSpot, Mixpanel), server logs, and A/B testing tools to understand Website usage and improve content/performance. Each provider’s collection/processing is subject to its own terms and privacy policy; you can find opt-out mechanisms on their sites.

16) Practical commitments

Data minimization; purpose limitation; no Website-level automated decision-making that produces legal or similarly significant effects.
Vendor due diligence and contracts (confidentiality, security, data protection).
Records of processing and DPIAs where required.

17) Contact

Email: privacy@axari.ai