PERCIDIAN — PRIVACY POLICY
Last Updated: April 7, 2026 Effective Date: April 7, 2026
TABLE OF CONTENTS
- Overview and Scope
- Information We Collect
- How We Use Your Information
- AI Features: How They Work and What They Mean for Your Privacy
- Information About Non-Users and Third-Party Participants
- How We Share Your Information
- Data Security and Protection
- Data Retention
- Your Privacy Rights and Choices
- Cookies, Tracking Technologies, and Analytics
- Communications and Marketing
- Data Transfers and International Use
- Children's Privacy
- Third-Party Services and Links
- Security Breach Notification
- Policy Changes and Updates
- Legal Compliance and Regulatory Framework
- Definitions
- Contact Information
- Acknowledgment and Agreement
1. OVERVIEW AND SCOPE
1.1 About This Policy
Percidian AI, Inc. ("Percidian," "we," "us," "our," or "Company") is a technology company that develops and operates agentic AI systems for deals, calibrated to a firm's established standards.
This Privacy Policy explains how we collect, process, use, disclose, and protect your personal information when you use our websites (including percidian.com, percidian.ai, and related domains), applications, APIs, and related services (collectively, the "Services").
1.2 What We Are (and Are Not)
Percidian is a technology company. We are not a law firm, accounting firm, investment adviser, broker-dealer, financial institution, or professional services firm. We do not provide legal, financial, tax, or investment advice. All information, analysis, and AI-generated insights provided through the Services are informational and organizational in nature only.
1.3 Legal Agreement
By accessing or using the Services, you agree to be bound by this Privacy Policy and our Terms of Use. If you do not agree to these terms, please do not use the Services.
1.4 Percidian's Dual Role
Percidian may act in two capacities with respect to personal data:
(a) As a Controller (or "Business" under CCPA): When we collect personal data directly from you through our websites, marketing activities, account registration, and customer support — we determine the purposes and means of processing.
(b) As a Processor (or "Service Provider" under CCPA): When our clients upload documents and data to the Services, we process that data on behalf of and under the instructions of our clients. Our clients are responsible for obtaining appropriate consents and providing required notifications to individuals whose data they upload. Percidian does not review, analyze, or control the content of client-uploaded data except as necessary to provide the Services.
2. INFORMATION WE COLLECT
We collect and process various categories of personal information necessary to provide the Services. This information comes from multiple sources and is used in accordance with applicable law.
2.1 Information You Provide Directly
Account and Registration Information
- Contact information (name, email address, phone number)
- Authentication credentials (password, multi-factor authentication details)
- Company name, job title, and professional role
- Billing and payment information (processed by third-party payment processors; we do not store full credit card numbers)
- Profile preferences and settings
Uploaded Documents and Content
You or your organization may upload documents, files, and data to the Services, which may include:
- Business documents (financial statements, contracts, corporate records)
- Due diligence materials
- Legal and compliance documents
- Any other files you choose to upload or store
Communications and Collaboration Data
When you use the Services' communication and collaboration features, we may collect and process:
- Email messages, correspondence, and attachments sent to, from, or through the Services
- Meeting content, including transcripts, notes, summaries, and recordings generated through or in connection with the Services
- Names, email addresses, and other contact information of individuals you communicate or collaborate with, including individuals who may not be registered users of the Services
- Calendar and scheduling information related to meetings and events conducted through the Services
- Q&A interactions within the platform
Customer Support and Feedback
- Messages to customer support
- Survey responses and product feedback
- Feature requests and suggestions
2.2 Information Collected Automatically
Usage and Device Information
- Device identifiers (IP address, device ID, browser type and version)
- Operating system and version
- Access times, session duration, and frequency of use
- Pages viewed, features used, and actions taken within the Services
- Click patterns and navigation paths
- Referral sources and URLs
Location Information
- General location (city, state, country) derived from IP address
- We do not collect precise geolocation data
Cookies and Tracking Technologies
We use cookies, pixels, and similar technologies to maintain your session, remember preferences, analyze usage patterns, and protect against fraud and security threats. See our Cookie Notice for detailed information.
2.3 Information from Third Parties and Non-Users
- Identity Verification Services: When necessary for fraud prevention, compliance, or know-your-customer requirements, we may obtain verification data from third-party providers.
- Publicly Available Information: We may supplement your information with publicly available data to verify identity, enhance data accuracy, or prevent fraud.
- Client-Provided Information: Our clients may provide your name, email address, and role to invite you to access a project.
- Communications from Non-Users: If you are not a registered user of the Services but you send or receive communications through the Services (for example, by corresponding with a Percidian user or participating in a meeting facilitated through the Services), we may collect your name, email address, the content of your communications, and associated metadata. This data is collected as part of providing the Services to our registered users and clients. See Section 4A below for more information about your rights if you are not a registered user.
2.4 Sensitive Personal Data
We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation, or criminal history.
If clients upload documents to the Services that contain sensitive personal data, the client is responsible for ensuring they have appropriate legal grounds and consents for such processing.
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes, in accordance with applicable law and with your consent where required.
3.1 Core Service Delivery
- Account Management: Create, maintain, and administer your account
- Authentication and Security: Verify your identity and protect against unauthorized access
- Service Provision: Provide access to AI agents, document management, collaboration tools, communication features, and other platform capabilities
- Document Processing: Store, organize, index, encrypt, and enable retrieval of uploaded documents
- Communications Processing: Process, analyze, organize, and surface insights from emails, meeting content, and other communications conducted through or ingested by the Services on behalf of our users
- Notifications and Alerts: Send account activity alerts, project updates, and important system notifications
3.2 AI-Powered Features
Percidian employs proprietary AI systems to provide features such as document analysis, summarization, search, categorization, and insight generation. When AI features process your data:
- Processing occurs within secure, controlled environments
- AI outputs are generated algorithmically and are informational only
- We do not use your confidential documents or proprietary data to train external, public, or third-party AI models
- We may use aggregated, anonymized, and de-identified data for internal model improvement and service optimization
Important: All AI-generated outputs are informational aids only and should be independently verified by qualified professionals.
3.3 Service Improvement and Development
- Analyze usage patterns to improve features and user experience
- Conduct testing and quality assurance
- Develop new capabilities and services
- Optimize performance and reliability
3.4 Security and Fraud Prevention
- Monitor for suspicious activity and unauthorized access
- Detect and prevent fraud, abuse, and security threats
- Investigate security incidents
- Maintain audit logs and security records
3.5 Customer Support
- Respond to inquiries and support requests
- Troubleshoot technical issues
- Resolve disputes
- Maintain support history for continuity
3.6 Legal Compliance and Protection
- Comply with applicable laws and regulations
- Respond to legal process (subpoenas, court orders, regulatory requests)
- Enforce our Terms of Use and other agreements
- Protect rights, property, and safety of Percidian, users, and the public
3.7 Communications
- Send service-related announcements and updates
- Provide account notifications and alerts
- Deliver newsletters and educational content (with your consent)
- Request feedback and conduct surveys
- Send marketing communications (with your consent, where required)
3.8 Business Operations
- Process payments and manage subscriptions
- Maintain business records and analytics
- Conduct internal research and analysis
- Manage corporate transactions (mergers, acquisitions, asset sales)
4. AI FEATURES: HOW THEY WORK AND WHAT THEY MEAN FOR YOUR PRIVACY
4.1 What Is Agentic AI?
Certain Percidian AI features are "agentic," meaning they autonomously orchestrate tasks, retrieve data, reason over information, and generate outputs without continuous human oversight. These features may include document analysis, summarization, Q&A, risk identification, and search.
4.2 How Your Data Is Processed by AI
(a) Input: Documents and data you or your organization upload to the Services, plus your specific queries or instructions.
(b) Analysis: Data is processed through AI models to identify patterns, extract key information, generate summaries, and produce responses.
(c) Output: AI-generated summaries, insights, categorizations, and responses presented to you within the Services.
(d) Temporary Storage: AI processing outputs may be cached temporarily for performance. Most outputs are generated dynamically on request.
4.3 AI Data Practices and Commitments
We Do:
- Use AI to analyze your data and provide useful features within the Services
- Process your data within secure, controlled environments
- Use aggregated, de-identified data to improve AI model performance
- Implement guardrails to prevent inappropriate AI responses
- Monitor AI outputs for quality and accuracy
We Do NOT:
- Sell or license your personal data or documents to third parties for AI training
- Share identifiable document content with external AI model providers for their own purposes
- Use your confidential data to train publicly available AI models
- Transfer control of your data to external AI systems
4.4 Limitations and Disclaimers
- Not Professional Advice: AI outputs are informational only, not legal, financial, or professional advice
- Potential Errors: AI may misinterpret data, miscategorize documents, or generate incorrect conclusions, including factually incorrect information ("hallucinations")
- No Guarantees: We do not guarantee accuracy, completeness, or suitability of AI outputs
- User Responsibility: You are responsible for verifying AI outputs and making decisions based on your own professional judgment
4.5 Your Rights Regarding AI Processing
You have the right to:
- Human Review: Request human review of any AI-generated output that significantly affects you
- Explanation: Ask how AI reached a specific conclusion or recommendation
- Opt-Out: Disable certain AI features while maintaining core functionality (where available)
- Challenge: Contest or correct AI-generated analysis
- Transparency: Understand what data is used for AI processing
To exercise these rights, contact us at Contact us.
4A. INFORMATION ABOUT NON-USERS AND THIRD-PARTY PARTICIPANTS
4A.1 How We May Receive Your Information
If you are not a registered user of the Services, Percidian may still collect and process limited personal information about you in the following circumstances:
- Communications: A registered user of the Services communicates with you through or in connection with the Services (for example, via email), and the content of that correspondence — including your name, email address, and message content — is processed by the Services on behalf of the user.
- Meetings and Events: You participate in a meeting, call, or event where the Services are used by a registered user to capture notes, transcripts, summaries, or recordings. Your name, voice, statements, and participation may be processed.
- Referrals and Invitations: A registered user provides your contact information to invite you to access a project or collaboration space.
- Documents: A registered user uploads documents to the Services that contain your personal information.
4A.2 Legal Basis and Purpose
We process non-user personal information as necessary to provide the Services to our registered users and clients (our legitimate business interest and contractual obligation to our customers). Our clients and registered users are responsible for ensuring they have appropriate legal authority or consent to use the Services in ways that involve your personal information, including compliance with applicable recording, consent, and notification laws.
4A.3 What We Do With Non-User Information
Non-user information is:
- Processed, stored, and organized as part of the registered user's or client's data within the Services
- Subject to the same security, encryption, and access-control protections as all other data in the Services
- Not used by Percidian for marketing, advertising, or any purpose unrelated to providing the Services to the registered user or client
- Not sold to third parties
- Retained in accordance with the client's or user's instructions and our standard data retention practices (see Section 7)
4A.4 Your Rights as a Non-User
Even if you are not a registered user of the Services, you may have rights regarding your personal information under applicable law, including the right to:
- Access: Request information about what personal data we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information from the Services
- Object: Object to the processing of your personal information
To exercise these rights, contact us at Contact us. Because we process non-user data on behalf of our clients, we may need to refer your request to the relevant client or registered user and coordinate with them to fulfill it. We will respond to all requests within the timeframes required by applicable law.
4A.5 Opting Out
If you do not wish to have your information processed through the Services, you may:
- Contact us at Contact us to request removal of your data
- Contact the registered user or organization that is using the Services in connection with your information and request that they cease including your data
- Where applicable, decline to participate in meetings or communications facilitated through the Services
5. HOW WE SHARE YOUR INFORMATION
Percidian shares personal information only when necessary to provide Services, comply with legal obligations, or with your explicit consent. All recipients are contractually bound to maintain confidentiality and security.
5.1 Service Providers and Vendors
We share personal information with third-party vendors who perform essential functions on our behalf:
- Infrastructure and Cloud Services: Hosting, storage, and database services
- Security: Content delivery, network security, and threat detection
- Authentication: User authentication and identity verification providers
- Payment Processing: Subscription billing and payment processors
- Analytics and Monitoring: Web and application analytics, error tracking, and performance monitoring
- Customer Support: Help desk, ticketing, and communication services
- AI Infrastructure: Cloud-based AI processing within our controlled environment
All service providers are contractually obligated to use data only for providing services to Percidian, maintain comparable security standards, and delete or return data upon contract termination.
5.2 Client Administrators and Authorized Users
If you access the Services through a corporate or organizational account:
- The account administrator may have access to information about your activity within the platform (e.g., document access logs, login times)
- Other authorized users in the same project may see your name, email, and activity as permitted by the project administrator
- Your employer or the inviting organization may request activity reports
5.3 Legal and Regulatory Requirements
We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:
- Comply with legal process (subpoenas, court orders, warrants)
- Respond to government or regulatory requests
- Enforce our Terms of Use and agreements
- Protect against fraud, security threats, or illegal activity
- Protect rights, property, and safety of Percidian, users, or the public
We will notify you of legal requests when permitted by law.
5.4 Corporate Transactions
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets:
- Your information may be transferred as part of that transaction
- The acquiring entity must honor this Privacy Policy
- We will notify you of any material change in ownership or control
5.5 With Your Consent
We may share information with third parties when you explicitly authorize specific sharing or connect third-party services to your account.
5.6 Aggregated and De-Identified Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you for purposes including statistical analysis, benchmarking, research, and service improvement.
Percidian does not sell your personal data.
6. DATA SECURITY AND PROTECTION
Percidian implements comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.
6.1 Encryption
Data at Rest: All personal information and documents stored in databases, file systems, and backups are encrypted using AES-256 encryption or equivalent. Encryption keys are managed through dedicated key management services and rotated regularly.
Data in Transit: All data transmitted between your device and our servers uses TLS 1.2 or higher. API communications use encrypted channels.
6.2 Access Controls
- Role-Based Access: Employees and systems access only data necessary for their specific function
- Least Privilege: Access permissions are minimized to essential functions
- Multi-Factor Authentication: Required for employee and administrative access
- Access Logging: All data access is logged with user, timestamp, and action
- Regular Review: Access permissions are reviewed and updated regularly; access removal upon role change or termination begins within 24 hours (within 4 hours for privileged systems)
6.3 Infrastructure Security
- Isolated Environments: Infrastructure operates within isolated network environments
- Firewalls: Multi-layer firewall protection at network and application levels
- Intrusion Detection: Continuous monitoring for unauthorized access attempts
- DDoS Protection: Defense against distributed denial-of-service attacks
- Secure Development: Code review and security testing before deployment
- Vulnerability Management: Regular scanning and patching of systems and dependencies
6.4 Third-Party Security
Service providers are assessed under our Vendor Management Policy; critical providers maintain SOC 2 or equivalent certifications. Data processing agreements specify security requirements and obligations.
6.5 Monitoring and Incident Response
- Continuous Monitoring: Security systems monitor for threats 24/7
- Incident Response Plan: Documented procedures for detecting, investigating, containing, and responding to security incidents
- Regular Testing: Security controls are tested through vulnerability assessments; third-party penetration testing is planned on an at-least-annual cycle
6.6 Your Security Responsibilities
You play a critical role in protecting your account:
- Use strong, unique passwords and enable multi-factor authentication
- Keep your devices and software updated
- Do not share your credentials with unauthorized persons
- Log out after each session, especially on shared devices
- Report suspicious activity immediately to Contact us
Important: No security system is completely impenetrable. While we implement industry-leading safeguards, we cannot guarantee absolute security. You use the Services at your own risk.
7. DATA RETENTION
We retain personal information only as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements.
7.1 General Retention Principles
- Active Accounts: Data is retained as long as your account is active
- Business Purposes: Retention continues while necessary for legitimate business purposes
- Legal Requirements: Some data must be retained to comply with law
- User Control: You may request deletion subject to legal exceptions
7.2 Account Closure and Data Deletion
When you close your account or request data deletion:
(a) Immediate Actions: Access to Services is terminated; personal identifiers are removed from active systems; data is marked for deletion.
(b) Within 30 Days: Core personal information is deleted from primary databases; uploaded documents are deleted.
(c) Backup Retention: Some data may persist in encrypted backups for up to 90 days. Backups are automatically purged according to retention schedules.
(d) Exceptions: Data may be retained if required for legal, accounting, or regulatory purposes; de-identified data may be retained for analytics; data necessary for ongoing disputes or investigations may be retained.
To request account closure or data deletion, contact Contact us. We will confirm completion within 30 days.
7.3 Data Minimization
We practice data minimization by collecting only information necessary for stated purposes, regularly reviewing data holdings, anonymizing or de-identifying data when possible, and limiting data sharing to essential parties.
8. YOUR PRIVACY RIGHTS AND CHOICES
Depending on your location and applicable law, you have certain rights regarding your personal information.
8.1 Universal Rights (All Users)
- Right to Access: Request a copy of personal information we hold about you and understand how your data is collected and used
- Right to Correction: Request correction of inaccurate or incomplete information, or update your information through account settings
- Right to Deletion: Request deletion of your personal information (subject to legal exceptions)
- Right to Portability: Receive your data in a structured, commonly used format
- Right to Withdraw Consent: Withdraw consent for processing at any time (where consent is the legal basis)
- Right to Object: Object to certain processing activities; request human review of automated decisions
- Right to Non-Discrimination: Exercise privacy rights without discrimination in service, pricing, or quality
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know: Detailed information about data collection and use
- Right to Delete: Request deletion with limited exceptions
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out of Sale/Sharing: Opt out of data "sale" or "sharing" for cross-context behavioral advertising
- Right to Limit Sensitive Personal Information: Limit use of sensitive personal information to providing Services
- Right to Non-Discrimination: No discrimination for exercising CCPA rights
California-Specific Disclosures:
- Do We Sell Personal Information? No. We do not sell personal information to third parties.
- Do We Share for Cross-Context Advertising? We may use cookies and similar technologies for remarketing, which may constitute "sharing" under California law. You may opt out through our Cookie Notice.
- Authorized Agents: California residents may designate an authorized agent to submit requests by providing written authorization or proof of power of attorney.
8.3 Other U.S. State Residents
If you reside in Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or other states with comprehensive privacy laws, you generally have rights to access your personal information, correct inaccuracies, delete your data, opt out of targeted advertising, and opt out of data sales.
8.4 European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including rights of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and the right to lodge a complaint with supervisory authorities.
Legal Basis for Processing: Contract performance, legitimate interests (fraud prevention, security, service improvement), consent, and legal obligation.
International Transfers: Percidian's Services are primarily designed for U.S. users. Data is processed and stored in the United States. Personal data subject to non-U.S. law requires a separate transfer addendum; contact legal@percidian.com.
8.5 How to Exercise Your Rights
Submitting Requests:
- Email: Contact us
- In-App: Use the privacy request form in your account settings (if available)
Verification Process: To protect your privacy, we verify your identity before fulfilling requests. We may ask for account information or additional verification for sensitive requests.
Response Timeline: We respond to most requests within 30–45 days. Complex requests may require up to 90 days; we will notify you of any extension.
No Fees: We do not charge fees for privacy requests unless they are manifestly unfounded, excessive, or repetitive.
Appeal Process: If your request is denied, you may appeal by contacting Contact us with a detailed explanation. We will respond to appeals within 60 days. You may also file a complaint with relevant regulatory authorities.
9. COOKIES, TRACKING TECHNOLOGIES, AND ANALYTICS
We use cookies and similar technologies to operate the Services, enhance user experience, and understand usage patterns. For full details, please see our separate Cookie Notice.
9.1 Types of Technologies We Use
- Essential Cookies: Necessary for the Services to function (session management, authentication, security)
- Analytics Cookies: Help us understand how the Services are used (usage analytics, performance monitoring)
- Functional Cookies: Enable enhanced functionality and personalization (preferences, settings)
- Marketing Cookies: May be used by advertising partners to deliver relevant advertisements (subject to your consent and opt-out rights)
9.2 Your Cookie Choices
- Browser Controls: All major browsers allow you to manage, block, or delete cookies
- Global Privacy Control (GPC): We respect GPC signals from your browser
- Do Not Track (DNT): We honor DNT browser signals and limit tracking when DNT is enabled
- Cookie Preferences: You can manage preferences through our Cookie Notice or consent management tools on our websites
Note: Blocking essential cookies will impair Services functionality.
10. COMMUNICATIONS AND MARKETING
10.1 Service-Related Communications
We send essential communications that cannot be opted out of, including account confirmations, security alerts, password resets, service updates, payment notifications, and legal notices. These communications are necessary to provide the Services.
10.2 Marketing Communications
With your consent (where required by law), we may send product updates, newsletters, educational content, and promotional offers.
How to Opt Out:
- Click "Unsubscribe" in any marketing email
- Adjust communication preferences in your account settings
- Email Contact us with your opt-out request
- Reply "STOP" to marketing text messages
Opting out of marketing does not affect service-related communications.
11. DATA TRANSFERS AND INTERNATIONAL USE
11.1 United States-Based Processing
Percidian operates from the United States, and all primary data processing occurs in U.S.-based infrastructure.
11.2 International Users
If you access the Services from outside the United States:
- Consent to Transfer: By using the Services, you consent to the transfer of your personal information to the United States
- Different Protections: U.S. law may provide different data protection standards than your home country
- Safeguards: Personal data subject to non-U.S. law requires a separate transfer addendum; contact legal@percidian.com
11.3 Subprocessors
Percidian may engage third-party subprocessors to assist in providing the Services. A current list of subprocessors is available upon request by contacting Contact us.
12. CHILDREN'S PRIVACY
The Services are intended for adults 18 years of age and older. We do not knowingly collect personal information from children or minors. If you are a parent or guardian and believe your child has provided personal information to Percidian, contact us immediately at Contact us and we will delete the information promptly.
13. THIRD-PARTY SERVICES AND LINKS
13.1 External Links
The Services may contain links to third-party websites, applications, or services. These third parties have their own privacy policies and terms. Percidian is not responsible for third-party data practices. We encourage you to review their privacy policies before sharing information.
13.2 Non-Percidian Applications
If the Services interoperate with third-party applications or integrations, each integration has its own privacy policy and terms. We share only the data necessary for the specific integration you authorize.
14. SECURITY BREACH NOTIFICATION
14.1 Commitment to Transparency
In the event of a security breach involving your personal information, we are committed to timely and transparent notification.
14.2 Our Response Process
Upon discovering or receiving notice of a suspected breach:
- Investigation: Immediate investigation to determine scope and impact
- Containment: Steps to stop unauthorized access and secure systems
- Assessment: Determine what information was compromised and who is affected
- Notification: Notify affected individuals and authorities as required by law
- Remediation: Implement measures to prevent recurrence
14.3 Notification
We will notify affected individuals via email, prominent notice on our website or in the application, or first-class mail. Notifications will include a description of the incident, types of information compromised, steps we have taken, measures you can take to protect yourself, and contact information.
We will report breaches to appropriate authorities as required by applicable state breach-notification laws and federal law.
15. POLICY CHANGES AND UPDATES
15.1 Right to Modify
Percidian reserves the right to modify this Privacy Policy at any time to reflect changes in our data practices, new features, legal or regulatory developments, or industry best practices.
15.2 Notice of Material Changes
For material changes that significantly affect your privacy rights, we will provide prominent notice via email, in-app notification, or website banner at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.
15.3 Non-Material Changes
For non-material changes (clarifications, formatting, contact information updates), we may update the policy without individual notice. The "Last Updated" date at the top will reflect the change.
15.4 Version History
Previous versions of this Privacy Policy are available upon request by contacting Contact us.
16. LEGAL COMPLIANCE AND REGULATORY FRAMEWORK
16.1 U.S. Federal Standards
Percidian follows Federal Trade Commission (FTC) guidance on data security, transparency, unfair and deceptive practices prevention, and AI transparency.
16.2 State Privacy Law Compliance
We comply with comprehensive state privacy laws including:
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Texas Data Privacy and Security Act (TDPSA)
- Other applicable state privacy and breach-notification laws
16.3 Industry Standards
Percidian follows industry best practices including:
- SOC 2 Type II-equivalent controls
- NIST Cybersecurity Framework principles
- ISO 27001 information security principles
- OWASP security standards for application security
17. DEFINITIONS
- Personal Information — Information that identifies, relates to, or could reasonably be linked to you, including name, email, professional information, and usage data.
- Sensitive Personal Data — Personal information requiring heightened protection, including government identifiers, financial account credentials, precise geolocation, and similar data as defined by applicable law.
- Agentic AI — Autonomous AI systems that analyze data and generate outputs within defined parameters and security constraints.
- De-Identified Data — Information processed to remove or obscure identifiers such that it cannot reasonably be linked to an individual.
- Aggregated Data — Information combined across multiple users such that individual-level data cannot be distinguished.
- Service Providers — Third-party vendors that perform services on behalf of Percidian.
- Breach or Security Incident — Unauthorized access, acquisition, use, or disclosure of personal information.
- User Data — All information, data, files, documents, and content that you submit, upload, or make available through the Services.
18. CONTACT INFORMATION
For questions about this Privacy Policy, data subject access requests, or privacy concerns:
Email: Contact us
Response Time: We aim to respond to all inquiries within 5 business days; data access requests may require up to 30–45 days.
Regulatory Contacts
Federal Trade Commission: Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580 Website: https://www.ftc.gov/complaint
California Privacy Protection Agency: Website: https://cppa.ca.gov
Residents of states with privacy laws may also contact their state attorney general.
ACKNOWLEDGMENT AND AGREEMENT
By creating an account and using Percidian's Services, you acknowledge and agree that:
- You have read and understood this Privacy Policy
- You consent to the collection, use, disclosure, and processing of your personal information as described
- You understand that AI-generated outputs are informational only, not professional advice
- You are responsible for maintaining the security of your account credentials
- You accept that data will be transferred to and processed in the United States
- You have reviewed and accept our Terms of Use
- You are at least 18 years of age
If you do not agree to these terms, please do not use the Services.