ThinkAI
Back to Home

Privacy Policy

Last updated: March 15, 2024

Introduction

ThinkAI ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our corporate resource management platform and related services.

This policy applies to all users of our platform, including individual users, corporate administrators, and any other parties who interact with our services. By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.

We understand that privacy is fundamental to trust, and trust is essential for the success of our business relationship with you. This policy is designed to be transparent about our data practices and to give you control over your personal information. We encourage you to read this policy carefully and contact us if you have any questions or concerns.

This Privacy Policy is part of our broader commitment to data protection and security, which includes compliance with applicable privacy laws and regulations, implementation of industry-standard security measures, and regular review and updating of our privacy practices to reflect changes in technology and legal requirements.

Information We Collect

Personal Information

We collect personally identifiable information that you provide directly to us when you register for our services, communicate with us, or use our platform. This information may include:

  • Full name, email address, phone number, and professional contact information
  • Company name, job title, department, and professional role information
  • Account credentials including username, password, and security questions
  • Payment and billing information including credit card details, billing addresses, and transaction history
  • Communications with our support team including emails, chat logs, and support tickets
  • Profile information and preferences you choose to provide
  • Emergency contact information if provided for security purposes
  • Professional certifications and qualifications relevant to platform usage
  • Time zone, language preferences, and accessibility requirements

Usage Information

We automatically collect certain information about your use of our platform to improve our services and ensure optimal performance:

  • Log data including IP addresses, browser type, operating system, and device information
  • Platform usage patterns including features accessed, time spent, and navigation paths
  • Performance metrics including page load times, error rates, and system response times
  • Device information including hardware specifications, screen resolution, and mobile device identifiers
  • Location information derived from IP addresses for security and compliance purposes
  • Session information including login times, session duration, and logout events
  • Search queries and filter preferences within the platform
  • Integration usage data when connecting third-party services
  • API usage statistics and patterns for enterprise integrations
  • Security events including failed login attempts and suspicious activities

Business Data

As part of our service, you may upload or input business-related information that we process to provide our platform functionality:

  • Asset valuation data including financial records, market data, and valuation parameters
  • Risk assessment data including risk factors, monitoring parameters, and historical risk events
  • Corporate documents including reports, policies, and procedural documentation
  • User-generated content including notes, comments, and custom configurations
  • Integration data from connected enterprise systems and third-party services
  • Workflow configurations and custom business rules
  • Historical data imports and data migration information
  • Compliance and regulatory data relevant to your industry
  • Performance benchmarks and key performance indicators
  • Organizational structure data including departments, roles, and reporting relationships
  • Training materials and knowledge base content you create or customize

Cookies and Tracking Technologies

We use various technologies to collect information automatically, including cookies, web beacons, and similar tracking technologies:

  • Essential cookies required for platform functionality and security
  • Performance cookies to monitor and improve platform performance
  • Functional cookies to remember your preferences and settings
  • Analytics cookies to understand usage patterns and user behavior
  • Security cookies to detect and prevent fraudulent activities
  • Third-party cookies from integrated services and analytics providers

How We Use Your Information

We use the collected information for various legitimate business purposes that are essential for providing and improving our services:

  • Service Provision: To provide, maintain, and improve our platform services, including processing your data, generating insights, and delivering the core functionality of our resource management platform
  • Account Management: To create and manage your account, authenticate users, and maintain user profiles and preferences
  • Customer Support: To respond to your inquiries, provide technical support, troubleshoot issues, and deliver customer service
  • Analytics and Insights: To analyze usage patterns, improve platform performance, and develop new features and capabilities
  • Communication: To send service updates, security alerts, administrative messages, and important notifications about your account or our services
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, including data protection and privacy requirements
  • Security: To detect, prevent, and address technical issues, security threats, fraud, and other harmful or illegal activities
  • Business Operations: To conduct internal business operations, including billing, accounting, and business planning
  • Product Development: To research and develop new features, services, and improvements to our platform
  • Quality Assurance: To monitor and maintain the quality of our services and ensure optimal user experience
  • Training and Education: To provide training materials, documentation, and educational resources to help you use our platform effectively

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the specific circumstances outlined below. We are committed to protecting your privacy and only share information when necessary for legitimate business purposes:

Service Providers and Business Partners

We may share information with trusted third-party service providers who assist us in operating our platform, conducting business, or serving users. These providers are contractually obligated to:

  • Keep information confidential and secure
  • Use information only for the specific purposes we authorize
  • Implement appropriate security measures to protect your data
  • Comply with applicable privacy laws and regulations
  • Return or delete information when the service relationship ends

Legal Requirements and Law Enforcement

We may disclose information when required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations and regulatory requirements
  • Protect our rights, property, or safety, or that of our users or the public
  • Respond to lawful requests from law enforcement agencies
  • Investigate and prevent fraud, security breaches, or other illegal activities
  • Enforce our terms of service and other agreements

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of the business transaction. In such cases:

  • We will provide notice before your information is transferred
  • The acquiring entity will be bound by the same privacy commitments
  • You will have the opportunity to opt out if the privacy practices change significantly

Consent and User Direction

We may share information with your explicit consent or at your direction, such as when you:

  • Authorize integration with third-party services
  • Request that we share information with your business partners
  • Participate in joint marketing or business development activities
  • Use features that inherently involve sharing information with other users

Aggregated and De-identified Information

We may share aggregated, de-identified, or anonymized information that cannot be used to identify you personally. This may include industry benchmarks, usage statistics, and research insights that help improve our services and contribute to industry knowledge.

Data Security

We implement comprehensive technical, administrative, and physical security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption standards
  • Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege access
  • Network Security: Firewalls, intrusion detection systems, and network segmentation to protect against external threats
  • Security Monitoring: 24/7 security monitoring, automated threat detection, and incident response procedures
  • Regular Assessments: Quarterly security assessments, annual penetration testing, and vulnerability management programs
  • Employee Training: Comprehensive security training for all employees and regular security awareness programs
  • Data Backup: Regular automated backups with secure storage and tested recovery procedures
  • Compliance Certifications: SOC 2 Type II, ISO 27001, and other relevant security certifications
  • Incident Response: Documented incident response procedures and breach notification protocols
  • Vendor Management: Security assessments and contractual requirements for all third-party service providers

While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We continuously monitor and update our security practices to address emerging threats and maintain the highest levels of protection for your information.

Your Rights and Choices

Depending on your location and applicable privacy laws, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with control over your data:

  • Right of Access: Request access to your personal information and receive a copy of the data we hold about you
  • Right of Correction: Request correction of inaccurate, incomplete, or outdated personal information
  • Right of Deletion: Request deletion of your personal information, subject to certain legal and business requirements
  • Right to Data Portability: Request a copy of your information in a structured, machine-readable format
  • Right to Restriction: Request restriction of processing under certain circumstances, such as while we verify the accuracy of your data
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing activities that are based on your consent
  • Right to Lodge Complaints: File complaints with relevant data protection authorities if you believe your rights have been violated
  • Right to Opt-out: Opt out of certain data processing activities, including marketing communications and non-essential cookies
  • Right to Data Minimization: Request that we limit the collection and processing of your data to what is necessary for our services

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing certain requests to protect your privacy and security.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Our retention periods are based on several factors:

  • Account Information: Retained for the duration of your account plus 7 years for legal and compliance purposes
  • Usage Data: Typically retained for 2-3 years for analytics and service improvement purposes
  • Business Data: Retained according to your organization's data retention policies and legal requirements
  • Communication Records: Support communications retained for 5 years for quality assurance and legal purposes
  • Security Logs: Retained for 1-2 years for security monitoring and incident investigation
  • Financial Records: Retained for 7 years to comply with accounting and tax regulations
  • Legal Hold Data: Retained indefinitely when subject to legal proceedings or regulatory investigations
  • Backup Data: May be retained in backup systems for up to 1 year after deletion from active systems

When information is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements. We regularly review our retention practices to ensure they remain appropriate and compliant with evolving legal and business requirements.

International Data Transfers

Our services are provided globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction. When we transfer your information internationally, we implement appropriate safeguards to protect your data:

  • Standard Contractual Clauses approved by relevant data protection authorities
  • Adequacy decisions recognizing equivalent levels of data protection
  • Binding Corporate Rules for transfers within our corporate group
  • Certification schemes and codes of conduct that ensure appropriate data protection
  • Specific consent for transfers when required by applicable law

We regularly monitor the legal landscape for international data transfers and update our practices to ensure continued compliance with applicable privacy laws and regulations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Provide notice through email notifications to registered users for material changes
  • Display prominent notifications within our platform for significant updates
  • Maintain previous versions of the policy for reference and transparency
  • Provide clear information about what has changed and why
  • Allow reasonable time for you to review changes before they take effect
  • Obtain additional consent when required by applicable law

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may discontinue using our services and request deletion of your account and personal information.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us through any of the following methods:

Privacy Officer Email: privacy@thinkai.com

General Inquiries: info@thinkai.com

Phone: +1 (619) 724-8630

Mailing Address:
ThinkAI Privacy Team
2836 Menlo Ave
San Diego, CA 92105
United States

We are committed to addressing your privacy concerns promptly and thoroughly. Our privacy team will respond to your inquiry within 5 business days and work with you to resolve any issues or answer any questions you may have about our privacy practices.