Privacy Policy

1. Introduction & Scope

CapForecast AI Inc. ("CapForecast AI," "we," "us," "our") is committed to protecting your privacy and ensuring you have a positive experience on our website and while using our products and services. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our services, website, and interactions with you.

This policy applies to all CapForecast AI customers, users, visitors, and website visitors. For enterprise customers, we may have separate Data Processing Agreements (DPAs) that supplement or supersede certain provisions of this policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us:

• Account Information: Name, email address, phone number, company name, job title, and billing address when you create an account or request a trial.
• Communication Data: Content of emails, chat messages, and support requests when you contact us.
• Payment Information: Credit card details and billing address (processed securely by third-party payment processors).
• Survey & Feedback Data: Responses to surveys, questionnaires, and voluntary feedback forms.

2.2 Information Collected Automatically

We automatically collect certain information about your use of our services:

• Device Information: Device type, operating system, browser type, IP address, and device identifiers.
• Usage Data: Pages visited, features used, interactions with the platform, timestamps, and duration of use.
• Cookies & Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to recognize you, maintain session information, and analyze usage patterns.
• Infrastructure Monitoring Data: Network metrics, bandwidth usage, IP address pools, and resource capacity data you authorize us to monitor (provided by your administrators).

2.3 Third-Party Information

We may receive information about you from third parties, including:

• Payment processors and financial institutions for fraud detection and billing purposes.
• Marketing partners and lead generation platforms.
• Public sources for verification and compliance purposes.
• Other vendors and service providers who process data on our behalf.

3. How We Use Your Information

We process personal information for the following purposes:

• Service Delivery: Providing, maintaining, and improving CapForecast AI services; generating forecasts; analyzing infrastructure capacity.
• Account Management: Creating and managing your account, authentication, and access control.
• Billing & Payments: Processing payments, invoicing, and financial reconciliation.
• Communication: Sending service announcements, support responses, updates, and customer success messages.
• Marketing & Outreach: Sending promotional emails, newsletters, and product updates (with your consent where required).
• Analytics & Improvement: Analyzing usage patterns, identifying bugs, optimizing performance, and developing new features.
• Compliance & Legal Obligations: Meeting regulatory requirements, responding to legal requests, and enforcing our terms.
• Security & Fraud Prevention: Detecting unauthorized access, preventing fraud, and protecting against malicious activity.
• Research & Benchmarking: Aggregated analysis to generate industry insights and benchmarking reports (anonymized).

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or other jurisdictions with similar laws, we rely on the following legal bases for processing:

• Contract Performance: Processing necessary to provide services under our agreement with you.
• Legitimate Interest: Our business interests in providing secure services, improving products, and preventing fraud.
• Consent: Where you have explicitly consented (e.g., marketing communications).
• Compliance with Law: Processing required by applicable law or court order.

5. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

• Service Providers: Vendors who provide email, cloud hosting, analytics, payment processing, and customer support services (all under confidentiality agreements).
• Business Partners: Resellers and integration partners who assist in delivering services (only with your consent).
• Legal Requirements: When required by law, court order, subpoena, or government request.
• Safety & Security: To protect against fraud, abuse, and security threats.
• Business Transfers: In the event of merger, acquisition, or sale of assets, information may be transferred as part of that transaction.
• Aggregated Data: We share anonymized, aggregated data for research, benchmarking, and industry analysis (cannot identify individuals).

6. Data Retention & Deletion

We retain personal information only as long as necessary to provide services and comply with legal obligations:

• Account Data: Retained while your account is active. Deleted within 30 days of account closure unless required by law.
• Infrastructure Data: Retained per your subscription tier (default 3 years). Older data is automatically purged.
• Transactional Data: Retained for 7 years for tax and accounting purposes.
• Marketing Data: Retained until you unsubscribe or request deletion.

You may request deletion of your personal data at any time via [email protected]. We will comply within 30 days unless legal obligations require retention.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Right to obtain a copy of your personal data.
• Rectification: Right to correct inaccurate or incomplete information.
• Erasure: Right to request deletion of your personal data (subject to legal exceptions).
• Restriction: Right to restrict processing of your information.
• Portability: Right to receive your data in a portable format and transmit it to another service provider.
• Objection: Right to opt-out of marketing communications and certain processing activities.
• Automated Decision-Making: Right to object to decisions made solely by automated means.

To exercise any of these rights, contact us at [email protected] with "Privacy Request" in the subject line.

8. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256.
• Access Controls: Role-based access control (RBAC) limits employee access to customer data.
• Compliance: We maintain SOC 2 Type II certification, ISO 27001 compliance, and HIPAA BAA availability.
• Incident Response: We maintain an incident response plan and will notify you of breaches within 72 hours (or as required by law).
• Regular Audits: Third-party security assessments and penetration testing conducted annually.

While we employ robust safeguards, no system is perfectly secure. We encourage you to use strong passwords and contact us immediately if you suspect unauthorized access.

9. International Data Transfers

CapForecast AI may transfer, process, and store your information in the United States and other countries. If you are located in the EEA or UK, we comply with GDPR by:

• Using Standard Contractual Clauses (SCCs) for data transfers to third countries.
• Implementing Binding Corporate Rules (BCRs) within the CapForecast AI group.
• Obtaining your explicit consent for transfers where applicable.

By using CapForecast AI, you consent to the transfer of your information to countries outside your country of residence.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Maintain session information, enable authentication, and ensure site functionality.
• Analytics Cookies: Track user behavior, measure feature usage, and optimize the platform (Google Analytics, Mixpanel).
• Marketing Cookies: Serve targeted advertisements and measure campaign effectiveness (Google Ads, LinkedIn).
• Third-Party Cookies: Enable integrations with Intercom (customer support), Hotjar (heatmaps), and similar vendors.

You may control cookies through browser settings or the cookie preference center on our website. Disabling essential cookies may impair functionality.

11. Marketing Communications & Preferences

We send marketing emails only to users who have opted in or with whom we have an existing business relationship. You may manage your preferences:

• Click "Unsubscribe" in any marketing email.
• Log in to your account and update communication preferences.
• Email [email protected] with your request.

We will honor your preference within 10 business days. Transactional and service-related emails (account alerts, support responses, billing notifications) cannot be unsubscribed from while your account is active.

12. Children's Privacy

CapForecast AI services are not directed toward children under the age of 13. We do not knowingly collect information from children under 13. If we discover we have collected such information, we will delete it immediately. If you are a parent or guardian and believe your child has provided information to CapForecast AI, please contact us at [email protected].

13. Third-Party Links & Services

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.

14. Contact & Data Protection Officer

If you have questions, concerns, or wish to exercise your privacy rights, contact us:

• Email: [email protected]
• Mailing Address: CapForecast AI Inc., 123 Market St, San Francisco, CA 94105, USA
• Data Protection Officer: [email protected]

For GDPR-related concerns, you have the right to lodge a complaint with your local data protection authority.

15. Policy Updates

We may update this Privacy Policy periodically to reflect changes in law, technology, and our practices. We will notify you of material changes via email or prominent website notice. Your continued use of CapForecast AI following such notification constitutes your acceptance of the revised policy.

16. California Privacy Rights (CCPA & CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, and shared.
• Right to delete personal information (with exceptions).
• Right to opt-out of the sale of personal information.
• Right to correct inaccurate personal information.
• Right to non-discrimination for exercising CCPA/CPRA rights.

To submit a request, email [email protected] or use our online request form on the website.