Date of Last Revision: July 31, 2025
This privacy notice for Iterate.ai and its affiliates (collectively, "Iterate", "Company," "we," "us," "our" and any variant), describes how and why we might collect, store, use, and/or share ("process") your Personal Information (as defined below) when you use our products, services, features, or content ("Services"), such as when you:
As used herein, the term "you" (including any variant) refers to each individual who enters into this privacy notice on such individual's own behalf or any entity on behalf of which an individual enters into this privacy notice, in which case you represent and warrant that you have the authority to bind that entity to this privacy notice (and in that case, "you" will refer to the individual and that entity).
PLEASE READ THIS NOTICE CAREFULLY TO UNDERSTAND OUR PROCESSES AND PRACTICES REGARDING YOUR PERSONAL INFORMATION AND HOW WE WILL TREAT IT. IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, DO NOT USE OUR SERVICE. BY ACCESSING, BROWSING OR OTHERWISE USING THE SERVICE, YOU ARE ACCEPTING AND AGREEING TO BE BOUND BY AND ABIDE BY THE TERMS OF THIS NOTICE, AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY AND CAPACITY TO ENTER INTO AND AGREE TO THE TERMS (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT).
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hello@iterate.ai.
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
In Short: We believe in the ethical and legal training of AI models.
We deploy several open-source AI foundational models within our applications, including models that have been fine-tuned by our engineers. We DO NOT use the Google Workspace APIs to train, develop, or improve generalized AI and/or ML models. When we use AI systems for automated decision-making or profiling that may have legal or similarly significant effects, we will notify you and provide mechanisms to opt-out, contest decisions, or request human review as required by applicable laws.
In Short: We collect Personal Information that you provide and disclose to us, with specific purposes and legal bases for each category.
We collect Personal Information that you voluntarily provide and disclose to us when, among other things, you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you communicate with and contact us.
The Personal Information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use.
Data Category
Identifiers
Contact Information
Usage Data
Communication Data
Examples
Name, email, IP address, account details
Phone number, mailing address
Browser data, device characteristics, service interactions
Messages, support requests
Purpose
Account creation, service provision, communications
Customer support, service notifications
Service improvement, analytics, security
Customer service, troubleshooting
Legal Basis
Contract, consent, legitimate interest
Contract, consent
Legitimate interest, consent
Contract, legitimate interest
Retention Period
Until account closure + 30 days
Until account closure + 30 days
12 months from collection
3 years or as legally required
Sensitive Personal Information. We may collect sensitive personal information only with your explicit opt-in consent and only for specific, disclosed purposes. We do NOT use sensitive personal information for targeted advertising, especially for users under 18 years of age, in compliance with Maryland's Online Data Privacy Act and similar state laws.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, such as your LinkedIn, Facebook, X (formerly known as Twitter), or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.
All Personal Information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such Personal Information.
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.
Like many businesses, we also collect information through cookies and similar technologies. We honor universal opt-out signals, including Global Privacy Control (GPC), as required by Delaware, New Jersey, and other state privacy laws.
In Short: We process your Personal Information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your Personal Information for other purposes with your consent.
We process your Personal Information for a variety of reasons, depending on how you interact with our Services, including:
We may use automated systems, including AI, to make decisions or create profiles that could affect you. When such processing may produce legal or similarly significant effects, we will:
In Short: We only process your Personal Information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.
To process your Personal Information, we require a valid legal basis pursuant to applicable law for doing so. This may include:
In Short: We may share Personal Information in specific situations described in this section and/or with the following third parties.
We may need to share your Personal Information in the following situations:
We do NOT sell your personal information as defined by applicable privacy laws. We do NOT share personal information for cross-context behavioral advertising without explicit opt-in consent.
In Short: We conduct risk assessments for high-risk data processing activities.
In compliance with Maryland, Delaware, and other state requirements, we conduct data protection assessments for processing activities that present heightened risks to consumers, including:
In Short: We may use cookies and other tracking technologies to collect and store your Personal Information, with respect for your preferences and universal opt-out signals.
We may use cookies and similar tracking technologies to access or store information. We recognize and honor universal opt-out signals, including:
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.
Our Services offer you the ability to register and log in using your third-party social media account details. When you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the provider concerned, but will often include your name, email address, friends list, and profile picture.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services.
In Short: We may transfer, store, and process your Personal Information in countries other than your own, with appropriate safeguards.
We are headquartered in the United States. If you are accessing our Services from outside the United States, please be aware that your Personal Information may be transferred to, stored, and processed by us and our service providers in other countries.
For transfers outside the European Economic Area, we implement appropriate safeguards such as:
In Short: We keep your Personal Information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your Personal Information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law. Different categories of personal information have different retention periods based on their purpose:
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize such information.
In Short: We aim to protect your Personal Information through a system of organizational and technical security measures.
We have implemented appropriate technical, administrative, organizational and physical security measures designed to protect the security of any Personal Information we process. These measures include:
However, no electronic transmission or storage system can be guaranteed to be 100% secure. You should only access the Services within a secure environment.
In Short: We do not knowingly collect data from or market our Services to children under 18 years of age, and we provide enhanced protections for minors.
The Services are not directed to or intended for use by children under 18 years of age. We do not knowingly solicit data from or market our Services to children under 18 years of age.
Enhanced Minor Protections: In compliance with Maryland's Online Data Privacy Act and similar laws:
If we learn that Personal Information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
In Short: In some regions, you have rights that allow you greater access to and control over your Personal Information.
Depending on your location, you may have the following rights:
Universal Rights
Additional Rights by Jurisdiction
European Economic Area/UK (GDPR):
California (CCPA/CPRA):
Other U.S. States (2025 Laws):
Residents of Delaware, Maryland, Minnesota, Tennessee, and other states with comprehensive privacy laws have similar rights to those outlined above.
In Short: We recognize and honor universal opt-out signals as required by law.
Our systems are configured to recognize browser-based universal opt-out signals, including:
When we detect such signals, we will treat them as valid requests to opt-out of the sale or sharing of your personal information and targeted advertising, as required by applicable state laws.
In Short: You have choices with respect to your Personal Information and advertising.
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. We honor DNT signals and similar privacy controls.
You may also opt out of interest-based advertising through:
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Last updated" date. If we make material changes, we may notify you by:
Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
If you have questions or comments about this notice, you may email us at hello@iterate.ai or contact us by post at:
Iterate.ai
3031 Tisch Way
San Jose, California, United States 95128
For EU/EEA Residents: If you are located in the European Economic Area and believe we are unlawfully processing your Personal Information, you have the right to complain to your local data protection authority.
Based on the applicable laws of your country, state, or province, you may have the right to request access to the Personal Information we collect from you, change that information, or delete it. To request to review, update, or delete your Personal Information, please contact us at hello@iterate.ai.
Response Time: We will respond to your request within the timeframes required by applicable law, typically within 30 days.
Verification: We may need to verify your identity before processing your request. We will only use personal information provided in verification for that purpose and will delete it afterward.
No Discrimination: We will not discriminate against you for exercising your privacy rights.
This privacy policy has been updated to comply with 2025 privacy law requirements, including new state privacy laws, GDPR enforcement guidance, and CCPA/CPRA amendments.