PINEGAP INC.

Pinegap.ai | Privacy Policy

This Privacy Policy explains how Pinegap Technologies, Inc. (Pinegap, we, our, or us) collects, uses, shares, and safeguards personal and organizational data when you (Customer or User) interact with our AI-powered equity research platform, Pinegap.ai (Service).

1. WHO WE ARE

Pinegap is an artificial intelligence and cybersecurity company headquartered in 80 Slope Dr, Short Hills, NJ 07078, United States. We design and deliver AI-powered cybersecurity platforms, predictive analytics solutions, and compliance tools to enterprise clients worldwide.

In most cases, Pinegap acts as a Data Controller, determining the purposes and means of processing personal and organizational data collected through our Services. In limited circumstances, such as under managed service agreements, we act as a Data Processor, processing personal data solely on the instructions of our clients.

Pinegap is committed to maintaining high standards of data protection and privacy in accordance with applicable global data protection laws.

2. SCOPE

This Privacy Policy applies to personal and organizational data collected through Pinegap's websites (including Pinegap.ai), platforms, applications, customer support channels, marketing activities, and enterprise interactions (collectively, the Services).

This Privacy Policy does not apply to third-party websites, services, integrations, or other entities that may be accessible through our Services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies separately.

3. INFORMATION WE COLLECT

We collect and process both personal data and organizational data to provide, operate, and improve our Services. The types of information we collect fall into the following categories:

A. DATA YOU PROVIDE DIRECTLY

We collect information you voluntarily provide when interacting with our Services, including:

  • Account Information. Such as your name, business email address, job title, organization name, billing details, and authentication credentials.
  • Communications. Records of correspondence when you contact customer support, sales representatives, or participate in surveys, research studies, or feedback sessions.
  • Uploaded Content. Files, documents, queries, and other data submitted through our platforms. Uploaded content may include sensitive organizational or proprietary information depending on your use of the Services.

B. DATA WE COLLECT AUTOMATICALLY

When you access or use our Services, we automatically collect certain technical and usage information, including:

  • Platform Usage Data. Records of your interactions with the Services, such as access times, feature usage metrics, clickstream data, error logs, and operational timestamps.
  • Device & Technical Information. Information about your device, including IP address, device type, operating system version, browser type, screen resolution, language preferences, and approximate geolocation (derived from IP address).
  • Cookies & Tracking Technologies. We use cookies, pixel tags, and similar tracking technologies to enhance the functionality of our Services, monitor platform performance, and understand user behavior. For more information on our use of cookies and how to manage your preferences, please refer to our Cookie Policy (below).

C. DATA WE RECEIVE FROM THIRD PARTIES

We may receive data about you from third-party sources, including:

  • Analytics Providers. Aggregated and anonymized usage and performance data provided by third-party analytics services (e.g., Google Analytics).
  • Cloud Infrastructure & Hosting Providers. Metadata related to service usage and performance, which does not include access to the content you upload.
  • Marketing Partners & Business Affiliates. Business contact information, professional profiles, or referral details provided in accordance with applicable law, typically obtained through industry events, partnerships, or referrals.

We take steps to ensure that third parties providing your data have secured the necessary permissions and comply with applicable data protection laws.

4. HOW WE USE YOUR INFORMATION

A. PRIVACY REGULATIONS

We process your personal data in accordance with the following data protection laws where they apply:

  • The General Data Protection Regulation (EU GDPR);
  • The United Kingdom General Data Protection Regulation (UK GDPR);
  • The United Kingdom Data Protection Act 2018 (UK DPA);
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA);
  • The Personal Information Protection & Electronic Documents Act (PIPEDA) (Canada);
  • The Lei Geral de Proteção de Dados (LGPD) (Brazil).

B. LEGAL BASES

Where required under these laws, we rely on one or more of the following legal grounds to process your personal data:

  • Consent. We obtain your consent before placing non-essential cookies, sending marketing communications, or processing data for purposes that require prior approval. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Contractual Necessity. We process personal data as necessary to perform our contractual obligations, such as providing access to the Services, maintaining your account, and delivering customer support.
  • Legitimate Interests. We process data to operate, improve, and secure our Services; conduct internal analytics; develop new features; and protect against misuse, provided that such interests are not overridden by your fundamental rights and freedoms.
  • Legal Obligations. We process data where necessary to comply with applicable laws, regulations, and lawful requests, including obligations related to tax, financial reporting, and cybersecurity.
  • Vital Interests & Public Interest. In limited circumstances, we may process data to protect vital interests (such as responding to security incidents) or where processing is necessary for reasons of substantial public interest.

We maintain documentation of our processing activities and legal bases to demonstrate compliance with applicable data protection laws.

C. DATA COLLECTION & DISCLOSURE (CCPA AND SIMILAR FRAMEWORKS)

For purposes of compliance with the CCPA and similar laws, we make the following disclosures:

  • Categories of Personal Information Collected. In the past 12 months, we have collected the following categories of personal information: identifiers (such as names, email addresses, and organization details), commercial information (such as records of Services purchased or considered), Internet or network activity (such as browsing history or interactions with our Services), geolocation data (derived from IP addresses), and professional or employment-related information.
  • Categories of Personal Information Disclosed. In the past 12 months, we have disclosed the above categories of personal information to service providers and other third parties for business purposes, as described in Section 6 of this Privacy Policy.
  • No Sale or Sharing of Personal Information. We do not sell or share personal information for cross-context behavioral advertising as defined under the CCPA.

For a complete description of the recipients of personal data, please refer to Section 6 (Data Sharing and Service Providers) of this Privacy Policy.

D. SENSITIVE PERSONAL DATA

We do not intentionally collect sensitive personal data (such as information revealing racial or ethnic origin, political opinions, religious beliefs, health, or biometric data) unless expressly required and authorized by applicable law or with your explicit consent.

E. USE OF DATA FOR AI MODEL TRAINING

We do not use customer-uploaded content, communications, or personal data to train, retrain, or improve our AI models without your explicit, informed consent. By default, all uploaded customer data remains isolated from model training pipelines. If we seek to use your data for AI model development purposes in the future, we will first obtain your express consent through a separate, clearly presented agreement.

5. DATA SHARING & SERVICE PROVIDERS

A. DATA RECIPIENTS

We may share personal and organizational data with trusted third parties under the following circumstances:

  • Service Providers. We engage cloud infrastructure providers (e.g., Amazon Web Services), AI model providers (e.g., OpenAI), analytics services (e.g., Google Analytics), payment processors, and other vendors who assist in operating and securing our Services. These providers are subject to confidentiality obligations and data processing agreements where required by applicable law.
  • Professional Advisors. We may share data with legal, accounting, auditing, or other professional advisors to obtain their services.
  • Compliance with Legal Obligations. We may disclose personal data as required to comply with applicable laws, lawful requests, court orders, or legal processes.
  • Business Transfers. In the event of a merger, acquisition, restructuring, or sale of assets, we may transfer personal data as part of that transaction, subject to applicable data protection requirements.
  • With Consent. Where legally required, we will seek your express consent before sharing your information with third parties for purposes outside the scope of this Privacy Policy.

6. DATA STORAGE, RETENTION & SECURITY

A. DATA STORAGE

We store and process personal and organizational data using technical, physical, and administrative safeguards designed to meet global privacy and data transfer requirements.

B. DATA RETENTION

We retain personal and organizational data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, complying with legal obligations, enforcing our agreements, and resolving disputes. Retention periods include:

  • Account & Usage Data. Retained for the duration of your active subscription or service relationship, and for a reasonable period thereafter as required by applicable law or contractual obligations.
  • Uploaded Content. Retained for the duration of your subscription unless you delete it through platform controls or submit a written deletion request. We do not access or use your uploaded content beyond what is necessary to deliver the Services or as permitted by your agreement.
  • Support Communications. Stored securely in a separate environment and retained only as necessary to resolve the issue. You may request deletion of this correspondence in accordance with applicable law.
  • Aggregated or Anonymized Data. We may retain non-identifiable data indefinitely for research, analytics, or service improvement purposes, provided it can no longer be associated with any individual or client organization.

Where feasible, we may aggregate, de-identify, or anonymize personal data and use it indefinitely for research, analytics, or service improvement purposes. We regularly review our retention practices and implement controls to securely dispose of data when it is no longer needed. You may request deletion of your personal data at any time by contacting us at privacy@pinegap.ai, subject to applicable legal obligations and rights limitations.

C. DATA SECURITY

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. These safeguards include encryption of data in transit and at rest, access control and authentication protocols, security logging, monitoring and alerting, regular vulnerability testing and penetration assessments, and incident response planning, including data breach notification procedures where required by law. We also require our service providers to maintain equivalent security measures through written agreements. While no system can be guaranteed to be completely secure, we continuously monitor and enhance our security practices to mitigate potential risks.

7. YOUR RIGHTS

Subject to applicable data protection laws, you may exercise the following rights regarding your personal data:

  • Right to Be Informed. You have the right to receive clear and transparent information about the data we collect, how we use it, and with whom we share it.
  • Right of Access. You may request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to Rectification. You may request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to Be Forgotten). You may request deletion of your personal data under certain conditions, such as when it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing. You may request that we temporarily or permanently cease processing all or some of your personal data.
  • Right to Object. You may object to the processing of your personal data where we rely on legitimate interests as our legal basis, subject to compelling legitimate grounds for the processing.
  • Right to Data Portability. You may request a copy of your personal data in a structured, commonly used, and machine-readable format and transmit that data to another controller where technically feasible.
  • Right Not to Be Subject to Automated Decision-Making. You have the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects.
  • Use of Authorized Agents (California Residents). If you are a California resident, you may designate an authorized agent to submit a verifiable request to exercise your rights on your behalf.

You may exercise these rights by contacting us at privacy@pinegap.ai. We may require verification of your identity before responding to your request. We will respond to verified requests within the timeframes required by applicable law, typically within 30 days.

We may deny requests where permitted by law, such as where fulfilling the request would adversely affect the rights and freedoms of others, conflict with legal obligations, or be manifestly unfounded or excessive. If you are dissatisfied with our response, you may have the right to lodge a complaint with a relevant data protection authority, as outlined in Section 13, below.

8. YOUR CONTROLS

We provide you with options to manage how your personal and organizational data is collected, used, and shared through our Services:

A. ACCOUNT SETTINGS

If you have registered an account with us, you can access, update, or delete certain personal information through your account settings at any time. You may also deactivate your account or request deletion of associated data by contacting us at privacy@pinegap.ai.

B. COMMUNICATIONS PREFERENCES

You may opt out of receiving marketing or promotional communications by following the unsubscribe link in any marketing email. Transactional communications relating to your account or use of our Services (such as security alerts, order confirmations, or account notifications) will continue even if you opt out of marketing messages.

C. COOKIE & TRACKING PREFERENCES

You may manage your cookie preferences, including consenting to or withdrawing consent for non-essential cookies, as described in our Cookie Policy (below).

D. THIRD-PARTY PLATFORM INTERACTIONS

If you interact with us through third-party platforms (e.g., LinkedIn, X/Twitter), those interactions are governed by the privacy policies of the respective platforms. We encourage you to review and adjust your privacy settings directly with those providers.

E. EXERCISING YOUR RIGHTS

You may exercise your privacy rights, request access to your data, or submit a data deletion request by contacting us at privacy@pinegap.ai. We may require verification of your identity before fulfilling such requests, and we reserve the right to deny requests where permitted by applicable law.

9. COOKIE POLICY

A. WHAT ARE COOKIES?

Cookies are small text files placed on your device when you visit our websites or use our Services. They serve a variety of functions, including enabling platform functionality, remembering user preferences, enhancing security, and analyzing usage patterns.

B. COOKIE TYPES USED

  • Strictly Necessary Cookies. Required for the operation of our Services, such as authentication, account management, and security. These cookies cannot be disabled through our cookie consent tool.
  • Performance & Analytics Cookies. Help us understand how users interact with our Services by collecting aggregated information on usage patterns and performance metrics.
  • Functional Cookies. Enable enhanced functionality and personalization, such as remembering your preferences and settings.
  • Targeting & Advertising Cookies. Used by our marketing and social media partners to deliver relevant content and measure the effectiveness of campaigns.

C. MANAGING COOKIES

Upon your first visit to our websites, you will be presented with a cookie consent banner that allows you to accept all cookies, reject non-essential cookies, or customize your cookie preferences. You may also manage your cookie settings at any time by clicking the Cookie Settings link available in the website footer.

You can control or delete cookies through your browser or device settings. Most browsers allow you to refuse or accept cookies, delete cookies already stored on your device, or alert you when cookies are being placed. Please note that disabling cookies may impact the functionality or availability of certain features within our Services. You may also opt out of targeted advertising from participating partners by visiting:

  • Network Advertising Initiative. NetworkAdvertising.org/Managing/Opt_Out.asp
  • Digital Advertising Alliance. AboutAds.info/Choices/
  • European Interactive Digital Advertising Alliance. YourOnlineChoices.eu

D. DO NOT TRACK SIGNALS

Our Services do not currently respond to browser-based Do Not Track (DNT) signals. You may use other settings and tools to control data collection and tracking preferences.

E. UPDATES TO THIS COOKIE POLICY

We may update this Cookie Policy from time to time to reflect changes to our practices, legal requirements, or technology. We encourage you to review this section periodically for the latest information.

10. GENERAL PROVISIONS

A. POLICY UPDATES

We reserve the right to update this Privacy Policy at any time to reflect changes to our practices, legal requirements, or services. When we do, we will revise the Last Updated date at the top. Material changes will be posted prominently or communicated directly when required by law. Continued use of our Services after any update constitutes acknowledgement of the revised Privacy Policy.

B. CONTACT US

If you have questions about this Policy, please contact our Compliance Team at privacy@pinegap.ai.

C. CONTACT A DATA PROTECTION AUTHORITY

If you have a concern about how we may collect and use data, please contact us. You also have the right to contact your local Data Protection Authority (DPA) if you prefer. To contact your local DPA, refer to the links below:

Where appropriate, your local DPA may also forward the matter to the Department of Commerce or FTC for consideration.