Privacy Policy

Cerebral OS, Inc. ("Cerebral," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, platform, and services (collectively, the "Services").

By using Cerebral, you agree to the practices described in this policy.

1. Information We Collect

We collect information in three main categories:

a) Information You Provide

• Account information (name, email, company, role)
• Authentication credentials
• Configuration data (workflows, rules, policies, settings)
• Support communications and feedback

b) Information Processed on Your Behalf (Customer Data)

When you use Cerebral to run workflows, we may process data from your connected systems (e.g., orders, tickets, customer records, messages, logs). This data is processed on your instructions and remains your data.

Cerebral acts as a data processor for this information, not the data owner.

c) Automatically Collected Information

• Usage data (feature usage, performance metrics, logs)
• Device and browser information
• IP address and general location
• Cookies and similar technologies

2. How We Use Information

We use information to:

• Provide, operate, and maintain the Services
• Execute workflows and platform features
• Authenticate users and secure accounts
• Monitor performance, reliability, and errors
• Improve the product and user experience
• Provide support and respond to requests
• Comply with legal and regulatory obligations

We do not sell your data.

3. How We Share Information

We may share information only in these cases:

• With service providers who help us operate the platform (e.g., cloud hosting, monitoring, support tools)
• With your instruction (e.g., integrations you configure)
• For legal reasons (e.g., to comply with law, regulation, or valid legal process)
• In a business transfer (e.g., merger, acquisition, or sale of assets)

All service providers are bound by confidentiality and security obligations.

4. Data Security

We use industry-standard security measures, including:

• Encryption in transit (TLS) and at rest (AES-256)
• Access controls and least-privilege permissions
• Audit logging and monitoring
• Secure key management

Sensitive fields are masked before logging where applicable. No system is 100% secure, but we design Cerebral to meet enterprise security expectations.

5. Data Retention

We retain data only as long as necessary to:

• Provide the Services
• Meet legal, regulatory, or contractual obligations
• Support auditing and operational integrity

You may request deletion of your data, subject to legal and operational requirements.

6. Your Rights and Choices

Depending on your location, you may have rights to:

• Access your personal information
• Correct or update your information
• Request deletion of your information
• Object to or restrict certain processing

To exercise these rights, contact us at: privacy@cerebralos.com

7. GDPR, HIPAA, and Compliance

Cerebral is designed to support:

• GDPR-compliant data handling and deletion workflows
• SOC 2–aligned security practices
• HIPAA-aligned architectures where configured by customers

When we process Customer Data, we do so under our customers' instructions and applicable data processing agreements.

8. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, understand usage and performance, and improve the Services. You can control cookies through your browser settings.

9. Children's Privacy

Cerebral is not intended for use by children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date. Continued use of the Services means you accept the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: