Privacy Policy
Date: 1 March 2024
Version number: 1.2
Our Data Privacy Promise
Private: We will never sell personally identifiable data.
Secure: We will keep your data encrypted and safe.
Consensual: We will only use your data in ways that you have consented to.
No spam: You control what you receive from us.
No floating data: if we aren’t using it, we’ll delete it.
We Care: as a compliance technology company, this is part of our culture.
This Privacy Policy (“Policy”) applies to personal data processed by Castellum.AI in our business, including on our websites and other online or offline offerings (a “Service” or collectively, the “Services”).
This Policy describes how Castellum.AI and its related companies (“Company,” “we,” “our,” “us,”) collect, use and share information in connection with your use of our websites, services and applications, collectively, the “Services.” This Policy also applies to any of our other websites that post this Policy. This Policy does not apply to websites that post different statements.
We may collect and receive information about users of our Services ("users," "you," or "your") from various sources, including: (i) information you provide through your user account on the Services (your "Account") if you register for the Services; (ii) your use of the Services; and (iii) from third-party websites, services, and partners. See the table below for more information.
Legal Basis for Processing Personal Information: Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We normally collect personal information from you where:
Where we have your consent to do so.
Where we need the personal information to perform a contract with you.
Where we have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform and services, researching and developing new products, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
Where we have a legal obligation to collect personal information from you and need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Cookies: We use, and allow certain third parties to use cookies, web beacons and other similar technologies to enhance our Services and to help collect data. We, or third parties, may use session cookies or persistent cookies. Session cookies only last for the specific duration of your visit and are deleted when you close your browser. Persistent cookies remain on your device’s hard drive until you delete them or they expire. Different cookies are used to perform different functions, which we explain below:
Essential functions: Some cookies are necessary in order to enable you to move around our websites and use their features, such as accessing secure areas of the website. Without these cookies, we cannot enable appropriate content based on the type of device you are using. These cookies allow us to remember choices you make on our websites, such as your preferred language and the country from which you are visiting, and provide our services.
Analytics and Performance Measurement: We use third-party services to see how you use our websites and services in order to enhance their performance and develop them according to your preferences. We use Google Analytics to see where our Website users come from, what languages they prefer to see content in, and how long they spend on our site. Google provides a complete privacy policy, instructions on controlling your data at this link, and describes how it uses information from Google Analytics at this link. We also use Hotjar. Hotjar is a technology service that helps us better understand our users’ experience (e.g. allowing users to submit feedback through a widget, how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) Hotjar uses cookies and other technologies to collect data on our users’ actions on our website and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, read more at this link. We use Clearbit to collect IP information regarding which enterprises are visiting our website. For this Clearbit uses pixel tags to collect IP addresses, which can then be used to analyze web traffic and derive insights. You can learn more about Clearbit’s service at this link.
Cookie Management: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. Many of the cookies we use are “necessary” cookies. By blocking or deleting them, you will not be able to access certain features of our Services. For more information about cookies and how to block them, please visit allaboutcookies.org.
Opportunity to Opt-Out: You can use some of the features of the Services without registering, thereby limiting the type of information that we collect. You may unsubscribe from receiving certain promotional emails from us. If you wish to do so, simply follow the instructions found at the end of emails you receive from us. Even if you unsubscribe, we may still contact you for informational, transactional, account-related, or similar purposes. Many browsers have an option for disabling cookies, which may prevent your browser from accepting new cookies or enable selective use of cookies. Please note that, if you choose not to accept cookies, some features and the personalization of our Services may no longer work for you. You will continue to receive advertising material but it will not be tailored to your interests.
California Consumer Privacy Act Rights: California law permits residents of California to opt-out of their disclosure of personal information to third parties for direct marketing purposes. We do not provide personal information to third parties. California law also permits residents of California to request and obtain from us once per year, free of charge, a list of the third parties (if any) to whom we have disclosed personal information for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. As we do not share information with third parties for marketing purposes, we do not have any information to provide. If we ever change this policy, which we do not plan to, we will update this Privacy Policy appropriately.
Data Breach: If we learn of a data breach we will notify you through the email you have provided to us. We may also post a notice on the Services if a security breach occurs. Depending on where you live, you may have a legal right to receive written notice of a data privacy or security breach.
Security: Security is a top consideration in everything we do and Castellum.AI is committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing personal information.
HTTPS for secure connections. Castellum.AI forces HTTPS for all services using TLS (SSL), including our public website.
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support.
You agree, and understand, that despite all the measures we take, the Internet cannot be guaranteed to be 100% secure.
Data Encryption: Castellum.AI protects user data with encryption in transit and at rest. Measures are in place at every layer of the platform to protect confidentiality and ensure reliable delivery of cloud services.
The product development team adheres to industry best practices, following a secure software development lifecycle process, where security is considered at every stage in the development.
To reduce security risk, measures have been taken throughout the entire operating environment, to include code scanning, vulnerability management, automation, monitoring, access controls, network protection, incident response, training, and the use of secure cloud service and hosting providers.
These measures are designed and intended to prevent corruption of data, block unknown or unauthorized access to Castellum.AI systems and information, as well as provide reasonable protection of private information.
Data Retention: We retain personal information we collect from you where we have an ongoing legitimate business need to do so.
For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
We retain information you upload where we have an ongoing business need to tune, enhance and improve our services.
When we have no ongoing legitimate business need to retain your personal information or information you upload, we will either delete or anonymize it.
Content and Links to Other Websites or Platforms: The Services contain links to other websites and sources of information. Castellum.AI is not responsible for the privacy practices of unaffiliated companies. Once you leave our Website, please read the Privacy Policy of the other Service, Website or Platform
Assignment: In the event that all or part of Castellum.AI is acquired by another individual or entity, or in the event of a merger, you grant us the right to assign all of the information we have collected from and regarding you.
Our Legal and Security Requirements: We may also share anonymized or personally identifiable information with law enforcement or security investigators to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our BETA Participant Agreement, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) protect our property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Updates to this Privacy Policy: We may update this Privacy Policy from time to time, so please review it frequently. Changes to this Privacy Policy will be posted on our websites. If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will notify you through our Services, by email, or other communication.
Contact Us: Your visit to the Services is subject to this Privacy Policy. If you have any questions, comments or concerns regarding this Privacy Policy, please contact us by email privacy@castellum.ai or by postal mail at: Privacy, Castellum.AI, 99 Wall Street #1377, New York, NY 10005.
Categories of data
Below is a table of the categories of data, as classified by the California Consumer Protection Act (CCPA) which summarizes the types of information Castellum.AI does and does not collect as well as who we share it with.
Category and sources of information |
How we use it |
Types of individuals affected |
How we share it |
Identifiers We collect this information when people visit or log into our website. |
To enable the use of Castellum.AI services on behalf of our customers and users, and gain an understanding of how visitors are using the website. |
People who use or visit our website. |
We share this data with our trusted service providers that we use to run our business. |
Personal information under California Civil Code section 1798.80: We collect this information from our users and customers that visit and use our website. |
To enable the use of our services on behalf of our customers and users, and gain an understanding of how visitors of are using our website. |
People who choose to share personal information through our features while visiting our website. |
We share this data with our customers and users via their password controlled accounts and our trusted service providers that we use to run our business. |
Protected classifications (race, gender, etc.): We do not collect this information. |
Not applicable. |
Not applicable. |
Not applicable. |
Commercial information: We collect this information directly from our leads, customers, and users. It is generated internally by during transactions with them. |
To transact only with those that have requested us to do so. |
Individuals or companies that have a request for such as a support ticket, or a request for a price quote or product demo. |
We share the data pertaining to these requests with those that initiated the original transactions as well as our trusted service providers that we use to run our business. |
Information that you upload to our platform. This includes names, locations, IDs, dates of birth and places of birth, identification numbers and anything else that you upload to ensure that you can perform your compliance functions. |
We screen this information against watchlists that you select to ensure you can comply with your legal needs. We may also use this information to tune, enhance and improve the Service and other products and services. |
Those that upload information to our platform, and those whose information is lawfully, and with appropriate authorization, is uploaded to our platform. |
We do not and will never share any personally identifiable information. |
Biometric information: We do not collect this information. |
Not applicable. |
Not applicable. |
Not applicable. |
Electronic network activity information: We collect this information from our users and customers that visit our website. |
To enable the use of services on behalf of our customers and users, and gain an understanding of how visitors are using the website. |
People who use or visit our website. |
We share this data with our customers and users via their password controlled accounts and our trusted service providers that we use to run our business. |
Communications: If you contact us directly, we will receive the contents of your communication and associated information. |
To respond to you, provide support and inform you of changes that affect your use of services. |
People who use or visit our website and who send us messages. |
We do not share this information, unless sharing it helps us provide you with services, improve features or provide support. |
Geolocation data: We collect this information from our users and customers that visit our website. |
To provide the country of the end user so we can better understand where the end user resides and ensure sanctions and export compliance. |
People who use or visit our website. |
We share this data with our service providers |
Audio or Video data: We do not collect this information. |
Not applicable. |
Not applicable. |
Not applicable. |
Professional or employment related information: We collect this information from our leads, customers, and users. |
To better understand our user community in order to enhance or services. |
Anyone who signs up for an account with us. |
We only share this information with our trusted service providers that we use to run our business. |
Education information: We do not collect this information. |
Not applicable. |
Not applicable. |
Not applicable. |
Inferences: We generate these internally based on specific visitor behaviors. |
We classify specific user behaviors in order to aid in the analysis of how websites are being used. |
Individuals that exhibit specific usage patterns on a website such as those that rapidly click their mouse or bounce back and forth between pages. |
We share this data with our customers and users via their password controlled accounts and our trusted service providers that we use to run our business |