Privacy Policy

1. Introduction

Cinchapi, Inc. (“Cinchapi,” “we,” “our,” or “us”) is committed to protecting the privacy of individuals who visit our websites, use our products and services, or otherwise interact with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use any Cinchapi products, services, applications, or platforms, including those available at https://cinchapi.com and https://api.cinchapi.com (collectively, the “Services”).

This Privacy Policy applies to all users of our Services, including individual consumers and business customers. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Account Information

When you create an account or register for our Services, we may collect the following information:

• Full name and display name
• Email address
• Company or organization name
• Job title or role
• Account credentials (passwords are stored in encrypted form)
• Profile preferences and settings

2.2 Payment and Billing Information

When you purchase or subscribe to our Services, we collect billing information necessary to process your transactions. This may include:

• Credit or debit card number (processed and stored by our third-party payment processor)
• Billing address
• Transaction history and subscription details

We use third-party payment processors (such as Stripe) to handle payment transactions. We do not directly store your full credit card number on our servers.

2.3 Usage and Interaction Data

We automatically collect information about how you interact with our Services, including:

• Log data (IP address, browser type, operating system, device identifiers)
• Usage patterns, features accessed, and actions taken within the Services
• Session duration, frequency of use, and performance metrics
• Error logs and diagnostic information
• Interactions with AI agents, assistants, and analysts, including prompts, goals, instructions, and outputs

2.4 User-Uploaded Content and Files

Our Services may allow you to upload, submit, or provide content and files, including:

• Documents, data files, images, and other materials you submit to the Services
• Goals, configurations, and instructions you provide to AI agents, assistants, and analysts
• Custom automations, workflows, and integrations you create

2.5 Data from Connected Systems and Integrations

Our Services may connect to third-party systems, platforms, and data sources on your behalf. When you authorize such connections, we may collect and process:

• Data retrieved from connected APIs, databases, and external services
• Authentication tokens and credentials necessary to maintain connections (stored securely and encrypted)
• Metadata about connected systems and synchronization status

You are responsible for ensuring that you have the necessary rights and permissions to share data from connected systems with our Services.

2.6 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activity, measure the effectiveness of our Services, and improve your experience. The types of cookies we use include:

• Essential Cookies. Required for the operation of the Services, including authentication, security, and session management. These cookies cannot be disabled.
• Analytics Cookies. Help us understand how users interact with the Services by collecting usage data. These cookies allow us to measure and improve performance.
• Functional Cookies. Enable enhanced features and personalization, such as remembering your preferences and settings.
• Marketing Cookies. Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns.

We may use both first-party and third-party analytics and tracking tools for these purposes. The specific tools and services we use may change over time as we evaluate and adopt new technologies.

You may manage your cookie preferences through our cookie consent banner (where available), your browser settings, or by contacting us at privacy@cinchapi.com. Please note that disabling certain cookies may affect the functionality of our Services. For users in the European Economic Area or the United Kingdom, we obtain your consent before placing non-essential cookies in accordance with applicable law.

2.7 Sensitive and Regulated Data

Our Services are not designed to process or store sensitive regulated data, including but not limited to protected health information (PHI), Social Security numbers, financial account numbers, government-issued identification numbers, or other data subject to specific regulatory requirements (such as HIPAA, PCI-DSS, or similar frameworks). While we do not actively block the submission of such data, you acknowledge and agree that you submit any sensitive or regulated data at your own risk. Cinchapi shall not be liable for any failure to comply with regulatory requirements applicable to such data, and you are solely responsible for ensuring your use of the Services complies with all applicable laws and regulations governing such data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve our Services
• To process transactions, manage subscriptions, and send billing-related communications
• To personalize your experience and deliver relevant features and content
• To enable AI agents, assistants, and analysts to execute tasks, goals, and automations on your behalf
• To communicate with you regarding account activity, updates, security alerts, and support
• To monitor and analyze usage trends, performance, and system health
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• To comply with legal obligations and enforce our Terms of Use
• To train and improve our AI models and algorithms

3.1 AI Model Training and Improvement

Cinchapi uses customer data, including usage patterns, interactions, and content submitted to the Services, to train and improve our AI models, algorithms, and overall service quality. This training is performed by default and is a core part of how we enhance the Services for all users.

Enterprise customers may negotiate separate agreements that modify or restrict the use of their data for model training purposes. Any such modifications will be set forth in the applicable enterprise service agreement. Human personnel may review user content on a limited basis for purposes of safety, abuse prevention, customer support, and quality assurance.

3.2 Marketing Communications

We may send you promotional emails, newsletters, SMS messages, or other marketing communications about our Services. You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email, replying “STOP” to any marketing SMS, or contacting us at privacy@cinchapi.com.

Please note that even after opting out of marketing communications, you will continue to receive transactional and service-related messages, such as account notifications, billing communications, and security alerts.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers. We share information with third-party vendors who perform services on our behalf, such as payment processing, hosting, analytics, and customer support, subject to contractual obligations of confidentiality.
• AI Infrastructure Providers. To deliver the Services, we may transmit data to third-party artificial intelligence model and infrastructure providers. These providers process data on our behalf and are contractually bound to use your data only as necessary to provide services to Cinchapi and in accordance with our instructions.
• Connected Third-Party Services. When you authorize integrations with third-party platforms, data may be transmitted to and from those services in accordance with your configuration and their respective privacy policies.
• Legal Requirements. We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Cinchapi, our users, or others.
• Business Transfers. In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent. We may share your information with third parties when you have given us your express consent to do so.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Following account termination or deletion, Cinchapi may continue to retain your data indefinitely unless you submit an explicit request for deletion or applicable law or regulatory obligations require us to delete or anonymize it.

To request deletion of your data, please contact us at privacy@cinchapi.com. Upon receipt of a verified deletion request, we will delete or anonymize your personal data within ninety (90) days, except to the extent that retention is required by law or legitimate business purposes. Aggregated and anonymized data that cannot be used to identify you may be retained indefinitely for analytics, model training, and improvement purposes.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent)
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee security training and confidentiality obligations
• Operational controls consistent with SOC 2 principles

While we take reasonable measures to protect your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

6.1 Breach Notification

In the event of a security breach that compromises your personal information, Cinchapi will notify affected users and applicable regulatory authorities in accordance with applicable law. For users in the European Economic Area or the United Kingdom, Cinchapi will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of a qualifying breach, where required under GDPR. Affected individuals will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms. For users in the United States, Cinchapi will comply with applicable state breach notification laws.

7. Human Review of Content

Cinchapi personnel may access and review user content, including inputs, outputs, uploaded files, and AI interactions, on a limited basis for the following purposes:

• Safety monitoring and enforcement of our acceptable use policies
• Abuse detection and prevention
• Customer support, when you contact us for assistance or troubleshooting
• Quality assurance and improvement of the Services

Human review is conducted under strict confidentiality obligations, and access to user content is limited to authorized personnel on a need-to-know basis.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Request correction of inaccurate or incomplete personal information.
• Deletion. Request deletion of your personal information, subject to certain exceptions.
• Portability. Request a copy of your data in a portable, machine-readable format.
• Objection/Restriction. Object to or request restriction of certain processing activities.
• Withdrawal of Consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@cinchapi.com. We will respond to verifiable requests within the timeframes required by applicable law.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the categories of sources from which it is collected, the business purpose for collection, and the categories of third parties with whom it is shared. You also have the right to request deletion of your personal information and the right to opt out of the sale or sharing of personal information.

Cinchapi does not sell personal information and does not share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. If our practices change in the future, we will update this Privacy Policy and provide the required opt-out mechanisms, including a “Do Not Sell or Share My Personal Information” link on our website.

To exercise your California privacy rights, please contact us at privacy@cinchapi.com. We will not discriminate against you for exercising your CCPA/CPRA rights.

10. European and UK Data Subjects (GDPR)

10.1 Legal Basis for Processing

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Performance of a Contract. Processing necessary to provide the Services you have requested.
• Legitimate Interests. Processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and conducting analytics, where those interests are not overridden by your data protection rights.
• Consent. Where you have provided your explicit consent to specific processing activities.
• Legal Obligation. Processing necessary to comply with applicable laws and regulations.

10.2 Your Rights Under GDPR

In addition to the rights described in Section 8, EEA and UK data subjects have the right to lodge a complaint with a supervisory authority in the EU Member State or UK jurisdiction where you reside or where the alleged infringement occurred.

10.3 International Data Transfers

Your personal data may be transferred to and processed in the United States or other countries outside the EEA/UK. When transferring data outside the EEA/UK, we implement appropriate safeguards, which may include Standard Contractual Clauses (SCCs) approved by the European Commission or UK equivalent transfer mechanisms, to ensure that your data receives an adequate level of protection.

10.4 Data Processing Terms

Where Cinchapi processes personal data on behalf of a business customer acting as a data controller, Cinchapi acts as a data processor. In such cases, the following data processing terms apply and are incorporated into the applicable service agreement:

• Cinchapi will process personal data only in accordance with the controller’s documented instructions and for the purposes specified in the Terms of Use and this Privacy Policy
• Cinchapi will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing
• Cinchapi will not engage sub-processors without prior general or specific written authorization from the controller, and will impose equivalent data protection obligations on any sub-processors
• Cinchapi will assist the controller, to the extent commercially reasonable, in fulfilling its obligations to respond to data subject requests and in ensuring compliance with obligations related to security, breach notification, and data protection impact assessments
• Upon termination of the service agreement, Cinchapi will delete or return personal data upon the controller’s explicit written request, in accordance with Section 5 (Data Retention) of this Privacy Policy, unless retention is required by applicable law
• Cinchapi will make available to the controller information necessary to demonstrate compliance with these data processing obligations

A current list of sub-processors used by Cinchapi is available upon request by contacting privacy@cinchapi.com. Cinchapi will notify the controller of any intended changes to its sub-processors, providing the controller a reasonable opportunity to object to such changes.

10.5 Data Protection Contact

For privacy and data protection inquiries related to the processing of EEA or UK personal data, you may contact our Data Protection Contact at privacy@cinchapi.com with the subject line “Data Protection Inquiry.”

11. Children’s Privacy

Our Services are not directed to, or intended for, children under the age of thirteen (13). We do not knowingly collect personal data from children under 13. If you have reason to believe that a child under 13 has provided personal data to Cinchapi through the Services, please email us at privacy@cinchapi.com. We will investigate any such notification and, if appropriate, delete the personal data from our systems.

Users between the ages of thirteen (13) and eighteen (18) must have permission from their parent or legal guardian to use our Services. By permitting a minor to use the Services, the parent or guardian agrees to these terms on behalf of the minor and assumes responsibility for the minor’s use of the Services.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the “Effective Date” above. For material changes that affect your rights under GDPR, we will provide notice at least thirty (30) days before the changes take effect. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Cinchapi, Inc.
[Address]
Email: privacy@cinchapi.com
Website: https://cinchapi.com

For GDPR-related inquiries, you may also contact us at the email address above with the subject line “GDPR Request.”