Privacy Policy
Privacy Policy
Last update: September 23, 2024
This Privacy Policy describes how IRIS AI TECHNOLOGIES, INC. (“IRIS AI,” “we,” “us”) handles personal information that we collect through our website and any other website or services that we own or control and which posts to this Privacy Policy (collectively, the “service” or “services”). IRIS AI is an AI-powered solution for companies to manage their security documentation and compliance.
Our services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal information covered by this Privacy Policy, including information about any visitors to our website, as pertaining to individuals acting as business representatives, rather than in their personal capacity.
IRIS AI’s customers may have their own policies regarding the collection, use and disclosure of their employees’ personal information, and IRIS AI is not responsible for our customers’ handling of such information. IRIS AI’s handling of our customers’ employee data is governed by service agreements with our employer-customers. To learn about how a particular customer handles personal information, we encourage you to read the customer’s privacy statement or contact the customer directly.
Personal information we collect
Information you provide to us. Personal information you may provide to us through our services or otherwise may include:
- Contact details, such as your first and last name, business email, and phone number.
- Communications that we exchange with you, including when you contact us with questions (via our website, the Services, social media, or otherwise), feedback, to request a demo, or otherwise.
- Transactional data, such as your bank account, wire, or other information needed to process orders.
- Profile data, such as the username and password that you may set to establish an online account on the Service, and any other information that you add to your account profile.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
User-generated content or uploaded data, such as prompts, conversation text, comments, questions, messages, documents, images, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data. You agree that no sensitive personal information shall be inserted into prompts, such as government identification numbers, medical or health information, and financial information. Please note that profile and other user-generated content (except for private messages) may be visible to third parties. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.
- Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Third-party sources. We may combine personal information we receive from you with personal information falling within one of the categories identified above that we obtain from other sources, such as:
- Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
- Data providers, such as data brokers, information services and data licensors.
- Partners, such marketing partners and event co-sponsors.
- Third-party services that you use to log into, or otherwise link to, your Service account (such as Google). This data may include your Google username, profile picture and other information associated with your Google account on that third-party service that is made available to us based on your account settings on that service. Our use, retention, deletion, and disclosure of information received from Google’s APIs will be consistent with the Google API Services User Data Policy, including the Limited Use requirements. We do not sell information associated with your Google account for value, and we only share information associated with your Google account as disclosed in this privacy policy.
- Customers.
-
Service providers that provide services on our behalf or help us operate the Service or our business.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with our website, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to our services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
Cookies and similar technologies. Like many online services, we use the following technologies:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
- Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How we use your personal information
We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:
Service function and delivery. We use your personal information to:
- Provide information about our products and services;
- Operate and improve our service, provide support, establish and maintain your user presence on the Service, and communicate with you about our services, including by sending announcements, updates, security alerts, and support and administrative messages;
- Understand your needs and interests, and personalize your experience with our services and our communications; and
- Provide support for our services, respond to your requests, questions and feedback.
- Send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Service improvement and analytics.
We may use your personal information to analyze your usage of the Service, improve the Service and our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services. For example, we may use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en. We may also create aggregated, de-identified or other anonymous data from personal information we collect for service improvement and development purposes. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use your aggregated, de-identified or other anonymous data to train our AI models. We will not use your personal data to train generalized AI models.
Interest-based advertising.
We may engage third party advertising companies and social media companies to display ads on our services and other online services. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) over time across our services, our communications, and interactions with other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Advertising choices section below.
Compliance and protection. We may use your personal information to:
-
Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
-
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
-
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
-
Enforce the terms and conditions that govern our services; and
-
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Retention
We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, for service improvement, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
How we share your personal information
We may share your personal information with:
Service providers. Companies and individuals that provide services on our behalf or help us operate our services or our business (such as hosting, professional services, information technology, payment processors, customer support, email delivery, and website analytics services).
Generative AI providers. Our Service integrates with generative AI providers, such as Databricks and Amazon Web Services, to provide specific services or features.
Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, IRIS AI or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Your choices
You have the following choices with respect to your personal information.
Cookies. Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of our services and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
Local storage.
You may be able to limit use of HTML5 cookies in your browser settings. Unlike other cookies, Flash-based local storage cannot be removed or rejected via your browser settings, but you can adjust the settings of your Flash player to block it. Blocking Flash storage may impede the functionality of Flash applications, including those employed by our services. For more information on Flash local storage visit https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.
Opt-out of marketing communications.
You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@heyiris.ai.
Advertising choices. You can limit use of your information for interest-based advertising by:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
- Digital advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
Do Not Track.
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Linked third-party platforms.
If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
Delete or close your account. If you wish to request to close your account, please contact us.
Declining to provide information.
We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory or later request that we delete it, we may not be able to provide those services.
Other sites and services
We may offer links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.
Security
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country. By continuing to use the Services, you agree with and consent to such transfer.
Children
Our services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our website. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through our services. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of our services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
How to contact us
You can reach us at privacy@heyiris.ai.