Privacy and Security Policy

---

Last Updated: January 21, 2025

PhrasIQ, Inc. ("PhrasIQ," "we," "us," or "our") is committed to protecting your privacy and securing your data. This Privacy and Security Policy explains how we collect, use, store, disclose, and safeguard your personal and organizational data when you visit our website (the "Site") and use our services, including InSightOS and Loktak Flow (collectively, the "Services").

By accessing or using our Services, you acknowledge and agree to this Privacy and Security Policy. If you do not agree with our practices, please refrain from using our Services.

Information we collect

We collect information in the following ways:

a. Information you provide

• Personal information: When you contact us, register for our Services, or engage with our platform, you may provide details such as your name, email address, company name, phone number, and payment information.
• Account information: If you create an account, we collect login credentials, authentication details, profile preferences, and settings.
• Communications: We collect communications you send to us, including inquiries, feedback, customer support requests, and correspondence through email or live chat.
• Government identifiers (if applicable): If required for verification or regulatory compliance, we may collect government-issued identification data, including passport or driver’s license information.
• Billing and transaction information: When making payments for our Services, we collect billing details, transaction history, and related financial information.
• User-generated content: If you participate in discussions, forums, or community features on our platform, we may collect the content you submit, such as posts, comments, and feedback.

b. Information collected automatically

• Device & usage data: We collect information about your device, including IP address, browser type, operating system, and device identifiers.
• Activity & interaction data: We log interactions with our Services, including timestamps, clickstream data, pages visited, and navigation patterns.
• Cookies & tracking technologies: We use cookies, web beacons, pixel tags, and similar technologies to enhance user experience, analyze trends, and track interactions. Users may manage cookie preferences in their browser settings.
• Log files: Our servers automatically collect certain data when you visit the Site, including error reports, diagnostic data, and session activity.

c. Information from third parties

We may receive information from business affiliates, partners, service providers, and public sources to enhance our Services, including:

• Data from third-party integrations: If you link third-party services (e.g., social media or enterprise applications) to our platform, we may collect relevant information from those services.
• Marketing and advertising data: We may collect demographic data, interests, and behavioral insights from external sources to optimize our marketing efforts.

How we use your information

We process collected data for the following purposes:

• To provide, operate, and improve our Services.
• To process transactions, authenticate accounts, and send confirmations.
• To enhance security, detect fraud, and prevent unauthorized access.
• To comply with legal and regulatory requirements.
• To communicate with users regarding product updates, promotions, and security notices.
• To conduct analytics, research, and service enhancements.
• To ensure compliance with contractual obligations and internal policies.
• To provide personalized recommendations and customized experiences based on user preferences.
• To maintain business records, monitor system performance, and troubleshoot technical issues.

How we share your information

We do not sell personal data. However, we may share information in the following circumstances:

• With service providers: Trusted vendors assisting in hosting, analytics, security, compliance, marketing, and payment processing.
• For legal compliance: When required by law, court orders, regulatory agencies, or to protect our legal rights.
• With business partners: If engaged in a merger, acquisition, or asset sale, data may be transferred as part of the transaction.
• With consent: We may share information with third parties upon explicit user consent.
• With analytics providers: We may share aggregated and anonymized data with analytics firms for performance tracking and reporting.

Data security

We employ industry-leading security measures, including:

• Data encryption: Secure encryption for data in transit and at rest.
• Access controls: Role-based access, multi-factor authentication, and user permissions management.
• Monitoring & auditing: Continuous security monitoring, logging, and incident response protocols.
• Compliance standards: Alignment with data protection frameworks such as GDPR, CCPA, and SOC 2 compliance.
• Data minimization: We limit data collection to what is necessary for service delivery and user experience improvements.
• Regular security audits: Routine assessments to detect vulnerabilities and maintain system integrity.

Despite our security efforts, no transmission over the internet is completely secure. Users should take precautions when sharing sensitive data.

Data retention

We retain information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal requirements, and maintain service integrity. Retention periods may vary based on:

• Business needs and operational requirements.
• Legal and regulatory obligations.
• Data subject requests for deletion.

Your rights & choices

Users have rights regarding their personal data, including:

• Access & correction: Request access to or correction of personal data.
• Opt-out of marketing: Unsubscribe from marketing communications at any time.
• Cookie preferences: Adjust cookie settings in browser preferences.
• Data deletion: Request deletion of data, subject to legal and operational constraints.
• Portability: Obtain a copy of your data in a structured, machine-readable format.
• Restriction of processing: Request that we limit data processing under certain conditions.

International data transfers

If you are located outside the United States, your data may be transferred to and processed in the U.S. and other jurisdictions where we operate. By using our Services, you consent to such transfers. We implement appropriate safeguards, including:

• Standard contractual clauses (SCCs) for data transfers.
• Adherence to applicable privacy shield frameworks.
• Encryption and pseudonymization where feasible.

Children's privacy

Our Services are not intended for individuals under 18. We do not knowingly collect personal data from minors. If we discover such data, we will delete it promptly.

Updates to this policy

We may update this Privacy and Security Policy periodically. Updates will be posted on this page with the revised date. Continued use of our Services constitutes acceptance of any changes. Users will be notified of significant changes via email or website announcements.

Contact us

If you have any questions about this Privacy and Security Policy or wish to exercise your rights, contact us at:

PhrasIQ, Inc.

Email: [email protected]