Privacy Policy

1. Scope

This policy applies to www.objectos.ai, docs.objectos.ai, related websites that link to it, account and support interactions, and Cloud Services we operate. It does not apply to third-party websites, products, or services, or to self-hosted ObjectOS deployments that we do not operate.

2. Our role: controller and processor

We act as a data controller or business for personal information used to operate our websites, manage accounts, bill customers, communicate, secure our Services, and run our business.

When a customer uses Cloud Services to process personal information contained in Customer Data, the customer generally acts as controller or business and ObjectStack AI acts as processor or service provider on the customer’s instructions. Those activities may be governed by a data processing addendum. Users should direct requests about Customer Data to the relevant customer organization.

3. Self-hosted ObjectOS

A self-hosted ObjectOS deployment runs in infrastructure controlled by the customer. Unless the customer separately enables a connection to our Cloud Services or sends information to us for support, we do not receive or process the application records, prompts, files, credentials, or other data inside that deployment. The operator of the deployment is responsible for its privacy practices.

4. Personal information we collect

Depending on how you interact with us, we may collect the following categories of personal information.

• Account and identity information, such as name, email address, organization, role, username, authentication identifiers, and account preferences.
• Commercial and billing information, such as plan, orders, invoices, transaction status, billing contact, and limited payment details received from payment processors.
• Usage and device information, such as IP address, browser, device, operating system, requested URLs, timestamps, referrer, cookie identifiers, feature usage, logs, and diagnostic events.
• Communications and support information, such as messages, feedback, survey responses, support tickets, call or meeting details, and files you choose to provide.
• Customer Data processed through Cloud Services, including content, records, code, prompts, files, and metadata submitted by customers and their users.
• Information from integrations and third parties, such as identity providers, partners, public sources, or services you authorize to connect.

5. How we collect information

We collect information directly from you, automatically when you use our websites or Cloud Services, from your organization or account administrator, from services you connect, and from vendors and partners that help us operate our business.

6. How we use personal information

We use personal information for the purposes below and as otherwise disclosed at collection.

• Provide, operate, maintain, personalize, and support websites and Cloud Services.
• Create and secure accounts; authenticate users; enforce permissions; prevent fraud, abuse, and security incidents.
• Process orders, payments, subscriptions, usage, invoices, and taxes.
• Respond to inquiries, provide support, send service notices, and manage customer relationships.
• Monitor performance, troubleshoot, conduct analytics, and improve products and user experience.
• Develop new features, including AI-assisted features, using safeguards appropriate to the data and applicable agreements.
• Comply with law, enforce agreements, protect rights and safety, and establish or defend legal claims.
• Send marketing communications where permitted; you may opt out at any time.

7. Legal bases for processing

Where applicable law requires a legal basis, we process personal information to perform a contract; pursue legitimate interests such as operating, securing, and improving the Services; comply with legal obligations; protect vital interests; or based on consent. You may withdraw consent where processing depends on consent, without affecting prior processing.

8. AI features and model providers

If you enable AI features or connect a model provider, prompts, context, Customer Data, and outputs may be sent to the selected provider as necessary to perform the request. We will describe available controls and providers in product documentation or agreements. You are responsible for deciding what data to submit and configuring features consistently with your obligations.

We do not use Customer Data from paid Cloud Services to train general-purpose models unless the customer affirmatively agrees or a separate agreement expressly permits it.

9. Cookies and similar technologies

We may use cookies, local storage, pixels, and similar technologies for authentication, preferences, security, functionality, analytics, and, where used, marketing. You can control cookies through browser settings and any consent tools we provide. Blocking some technologies may affect functionality.

10. How we share personal information

We do not sell personal information for money. We may share personal information as described below.

• With service providers and subprocessors that provide hosting, infrastructure, analytics, communications, support, security, payment processing, and professional services.
• With integrations and third parties at your direction or when you enable a connection.
• With your organization, administrators, and authorized users.
• With authorities or other parties when reasonably necessary to comply with law, protect rights and safety, investigate abuse, or enforce agreements.
• In connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate protections.
• With consent or as otherwise disclosed when information is collected.

11. Data processing addendum and subprocessors

Customers that require a data processing addendum may contact [email protected]. For Customer Data processed on behalf of customers, we will use subprocessors under written obligations designed to protect the data and will remain responsible as required by the applicable agreement and law. We may publish or provide a current subprocessor list before relevant Cloud Services become generally available.

12. International data transfers

We and our providers may process information in the United States and other countries that may have different data-protection laws. Where required, we use recognized transfer mechanisms and safeguards, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful mechanism.

13. Data retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy, including providing Services, maintaining security and business records, complying with law, resolving disputes, and enforcing agreements. Retention depends on the type of information, account status, contract terms, sensitivity, legal requirements, and technical constraints.

Customer Data retention and deletion for Cloud Services will be described in applicable documentation, orders, or data processing addenda. Backup copies may persist for a limited period before being overwritten or deleted.

14. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure. Customers and users are responsible for protecting credentials, configuring permissions, and promptly reporting suspected unauthorized access.

15. Your privacy rights

Depending on your location, you may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent, and to appeal a denied request. You may also have rights concerning targeted advertising, sale or sharing, or certain automated decisions. We do not discriminate against you for exercising applicable rights.

To exercise rights for information controlled by ObjectStack AI, contact [email protected]. We may verify your identity and authority. If your request concerns Customer Data controlled by an ObjectOS customer, contact that customer first.

16. California and other U.S. state notices

Residents of California and certain other U.S. states may have rights to know, access, correct, delete, and obtain a copy of personal information; limit certain uses of sensitive personal information; and opt out of certain sale, sharing, targeted advertising, or profiling. We do not sell personal information for money. If our practices constitute sharing or targeted advertising under applicable law, we will provide required opt-out methods.

17. Children

Our Services are intended for business users and are not directed to children under 13. We do not knowingly collect personal information from children under 13. Cloud Services must not be used to process children’s personal information without all legally required authorization, notices, and safeguards.

18. Marketing communications

You may opt out of marketing emails by using the unsubscribe link or contacting us. We may still send transactional, security, legal, and service-related messages.

19. Changes to this policy

We may update this policy as our Services and legal obligations evolve. We will post the updated version and change the effective date. For material changes, we will provide additional notice where required.

20. Contact and complaints

ObjectStack AI LLC, 30 N Gould St, Ste R, Sheridan, Wyoming 82801, United States. Federal Employer Identification Number (EIN): 37-2224437.

For privacy requests, questions, or complaints, contact [email protected] or write to the address above. Depending on your location, you may also have the right to complain to your local data-protection authority or attorney general.