Privacy Policy
Effective Date: February 1, 2026
Last Updated: January 29, 2026
YOUR PRIVACY MATTERS. This Privacy Policy explains how SymphonIQ, Inc. collects, uses, discloses, and protects your personal information when you use our website, platform, and AI-powered services. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. This Policy is incorporated into and subject to our Terms of Use.
1. INTRODUCTION AND SCOPE
1.1 About SymphonIQ. SymphonIQ, Inc. ("SymphonIQ," "Company," "we," "us," or "our") is a Delaware corporation that provides a governed, multi-agent enterprise artificial intelligence platform. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of personal information in connection with our website at symphoniq.ai (the "Website"), our AI platform, software applications, and related services (collectively, the "Services").
1.2 Scope of This Policy. This Privacy Policy applies to personal information we collect from:
(a) visitors to our Website; (b) individuals who register for or use our Services; (c) business contacts and prospective customers; and (d) any other individuals who interact with us. Certain provisions of this Policy apply only to registered users or customers with active service agreements, as indicated herein.
1.3 Enterprise Customers. When we provide Services to enterprise customers, we process personal information on behalf of those customers as a "data processor" or "service provider" under applicable law. In such cases, our customers' privacy policies govern their end users' personal information, and our processing is subject to Data Processing Addenda executed with those customers.
1.4 Changes to This Policy. We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on our Website with a new "Last Updated" date, and where required by law, by email or other direct communication. Your continued use of the Services after such changes constitutes acceptance of the updated Policy
2. INFORMATION WE COLLECT
2.1 Information You Provide
We collect information you voluntarily provide when you interact with our Services, including:
Account Information: Name, email address, company name, job title, phone number,
and account credentials when you register for our Services.User Content (Input): Data, documents, text, images, files, and other content you
upload, transmit, or input into the Services, including prompts and instructions provided
to our AI systems.Communication Data: Information you provide when you contact us for support, submit
inquiries, participate in surveys, or communicate with us through any channel.Payment Information: Billing address and payment card details (processed by our
third-party payment processors; we do not store complete payment card numbers).Professional Information: Job function, industry, company size, and business needs
relevant to our Services.
2.2 Information Collected Automatically
When you access or use our Services, we automatically collect certain information, including:
• Device and Browser Information: Device type, operating system, browser type and
version, screen resolution, and device identifiers.
• Usage Data: Pages visited, features used, actions taken, session duration, clickstream
data, and interaction patterns with our Services.
• Log Data: IP addresses, access times, referring URLs, error logs, and system activity.
• Location Information: General geographic location inferred from IP address (we do not
collect precise geolocation without consent).
2.3 AI-Generated Outputs
Our AI-powered Services generate content, analysis, and recommendations based on your
Input ("Output"). As described in our Terms of Use, you retain ownership of your Input and own
the Output generated through your authorized use of the Services. We process Output to
provide the Services and may retain Output for the purposes described in Section 3.
2.4 Cookies and Similar Technologies
We use cookies, pixels, and similar tracking technologies to collect information about your
interactions with our Services. These technologies help us:
• Maintain session state and authenticate users
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Provide relevant marketing communications (with your consent where required)
You can manage cookie preferences through your browser settings. Disabling certain cookies
may affect the functionality of our Services. For more information, see our Cookie Policy [if
applicable, link here].
2.5 Information from Third Parties
We may receive personal information from third-party sources, including: (a) business partners
and resellers; (b) publicly available sources; (c) identity verification services; (d) marketing
partners (with appropriate consent); and (e) your employer or organization if you access the
Services through an enterprise account
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
3.1 Providing and Operating the Services
• Creating and managing your account
• Processing your Input and generating Output through our AI systems
• Providing customer support and responding to inquiries
• Processing payments and managing billing
• Enforcing our Terms of Use and applicable policies
3.2 Improving and Personalizing the Services
• Analyzing usage patterns to improve functionality and user experience
• Personalizing the Services for your organization's specific needs
• Developing new features, products, and services
• Conducting research and analysis to enhance AI capabilitie
3.3 AI Model Training
IMPORTANT: We will NOT use your User Content (Input) or AI-generated Output to train or
improve general-purpose AI models that would be made available to other customers or the
public, unless you explicitly opt-in to such use. Your data sharing preferences can be controlled
through your account settings or by contacting privacy@symphoniq.ai. This commitment aligns
with Section 6.5 of our Terms of Use.
We may use aggregated, anonymized, or de-identified data that does not identify you or your
organization for research, analytics, benchmarking, and service improvement purposes.
3.4 Security and Compliance
• Detecting, preventing, and responding to security incidents, fraud, and abuse
• Maintaining audit logs and records as required for compliance
• Enforcing our governance framework and acceptable use policies
• Complying with legal obligations, court orders, and regulatory requirements
3.5 Communications
• Sending transactional communications (service updates, security alerts, account
notifications)
• Marketing communications (with consent where required; you can opt out at any time)
• Responding to your inquiries and requests
4. LEGAL BASES FOR PROCESSING (EEA/UK/SWITZERLAND)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we
process your personal information based on the following legal grounds:
• Contract Performance: Processing necessary to perform our contract with you or take
steps at your request before entering into a contract (e.g., providing the Services,
managing your account).
• Legitimate Interests: Processing necessary for our legitimate business interests, such
as improving our Services, ensuring security, conducting analytics, and marketing
(where such interests are not overridden by your rights).
• Consent: Processing based on your explicit consent (e.g., marketing communications,
optional data sharing for AI training). You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws and
regulations.
5. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We may share your information in the following
circumstances:
5.1 Service Providers
We engage third-party service providers to perform functions on our behalf, including cloud
hosting (Amazon Web Services), payment processing, customer support tools, analytics, and
email delivery. These providers are contractually bound to use your information only as
necessary to provide services to us and in accordance with this Privacy Policy.
5.2 AI Model Providers
Our Services utilize large language models provided by third parties (such as Anthropic). When
you use our Services, your Input may be processed by these AI providers to generate Output.
We have contractual agreements with these providers that prohibit them from using your data to
train their general AI models and require them to maintain appropriate security and
confidentiality measures.
5.3 Business Transfers
In connection with any merger, acquisition, financing, reorganization, bankruptcy, or sale of
company assets, your information may be transferred to a successor entity. We will notify you of
any such transaction and any choices you may have regarding your information.
5.4 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental
request, or when we believe disclosure is necessary to: (a) comply with applicable law; (b)
protect our rights, property, or safety, or that of our users or the public; (c) detect, prevent, or
address fraud, security, or technical issues; or (d) enforce our Terms of Use.
5.5 With Your Consent
We may share your information with third parties when you have given us your explicit consent
to do so.
5.6 Enterprise Administrators
If you access our Services through an enterprise account, your organization's administrators
may have the ability to access, monitor, and control your use of the Services, including viewing
usage data and managing your account, in accordance with your organization's policies.
6. DATA RETENTION
6.1 Retention Periods. We retain your personal information for as long as necessary to fulfill
the purposes for which it was collected, including to satisfy legal, accounting, or reporting
requirements. Retention periods vary based on the type of data and purpose of processing:
• Account Information: Retained for the duration of your account and for a reasonable
period thereafter to comply with legal obligations and resolve disputes.
• User Content and Output: Retained in accordance with your account settings and
applicable Data Processing Addendum. You may request deletion of specific content
through your account or by contacting us.
• Usage and Log Data: Generally retained for up to 24 months for analytics and security
purposes.
• Audit Logs: Retained as required for compliance, typically 7 years for financial records.
6.2 Deletion. When personal information is no longer needed, we securely delete or anonymize
it. Some information may be retained in backups for a limited period or where required by law.
7. DATA SECURITY
7.1 Security Measures. We implement commercially reasonable technical and organizational
measures designed to protect your personal information against unauthorized access,
alteration, disclosure, or destruction. These measures include:
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection and security
• Incident response procedures
7.2 Security Certifications. Our security practices are designed to align with industry
standards, including SOC 2 Type II and ISO/IEC 27001. Our AI management practices are
informed by ISO/IEC 42001 (Artificial Intelligence Management System) principles. Information
regarding our security practices is available to enterprise customers upon request.
7.3 No Absolute Security. Despite our efforts, no method of electronic transmission or storage
is completely secure. We cannot guarantee absolute security of your personal information. You
are responsible for maintaining the confidentiality of your account credentials.
8. INTERNATIONAL DATA TRANSFERS
8.1 Transfer Locations. SymphonIQ is based in the United States. If you access our Services
from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These
countries may have data protection laws different from those in your country.
8.2 Transfer Safeguards. When we transfer personal information from the EEA, UK, or
Switzerland to countries not deemed adequate by relevant authorities, we implement
appropriate safeguards, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement or UK Addendum to SCCs
• Swiss-approved data transfer mechanisms
• Supplementary measures as appropriate based on transfer impact assessments
You may request a copy of the relevant transfer mechanism by contacting us at
privacy@symphoniq.ai.
9. YOUR RIGHTS AND CHOICES
9.1 General Rights
Depending on your location and applicable law, you may have the following rights regarding
your personal information:
• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention
requirements.
• Portability: Request a portable copy of your personal information in a structured,
machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on
consent.
9.2 GDPR Rights (EEA/UK/Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the rights described above under
the General Data Protection Regulation (GDPR) or equivalent local laws. You also have the
right to lodge a complaint with your local supervisory authority.
9.3 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer
Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
• Right to Know: Request disclosure of the categories and specific pieces of personal
information we have collected.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Correct: Request correction of inaccurate personal information.
•Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information
for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive
personal information to what is necessary for the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your
privacy rights.
9.4 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@symphoniq.ai. We may need to
verify your identity before processing your request. We will respond within the timeframes
required by applicable law (generally 30-45 days). You may designate an authorized agent to
make requests on your behalf.
9.5 Marketing Preferences
You can opt out of marketing communications at any time by: (a) clicking the "unsubscribe" link
in marketing emails; (b) updating your preferences in your account settings; or (c) contacting us
at privacy@symphoniq.ai. Even if you opt out of marketing, we may still send you transactional
communications related to your account and the Services.
10. AI TRANSPARENCY AND EU AI ACT COMPLIANCE
10.1 AI-Powered Services. SymphonIQ provides AI-powered services that utilize large language models and machine learning technologies. We are committed to transparency about how these technologies process your information.
10.2 EU AI Act Compliance. For users in the European Economic Area, Switzerland, or the United Kingdom, we comply with applicable requirements of Regulation (EU) 2024/1689 (the EU AI Act), including:
• Transparency: We inform you that you are interacting with AI systems and provide information about the capabilities and limitations of those systems.
• Human Oversight: Our Services include governance mechanisms and human oversight capabilities as described in our Terms of Use.
• Documentation: We maintain technical documentation regarding the design, development, and operation of our AI systems.
• Incident Reporting: We have procedures for identifying and reporting serious incidents involving our AI systems as required by applicable law.
10.3 AI Outputs. As described in our Terms of Use, AI-generated outputs are produced through probabilistic modeling and may contain errors or inaccuracies. Users should review and validate AI outputs before relying on them for decisions
11. CHILDREN'S PRIVACY
Our Services are not directed to children under the age of 18. We do not knowingly collect
personal information from children. If you believe we have collected personal information from a
child, please contact us immediately at privacy@symphoniq.ai, and we will take steps to delete
such information.
12. THIRD-PARTY LINKS AND SERVICES
Our Services may contain links to third-party websites, applications, or services that are not
operated by us. This Privacy Policy does not apply to such third-party services. We encourage
you to review the privacy policies of any third-party services you access through our Services.
We are not responsible for the privacy practices of third parties.
13. PROTECTED HEALTH INFORMATION (HIPAA)
If you are a covered entity or business associate under the Health Insurance Portability and
Accountability Act (HIPAA) and intend to use the Services with Protected Health Information
(PHI), you must execute a Business Associate Agreement (BAA) with SymphonIQ prior to any
such use. Please contact legal@symphoniq.ai to request a BAA. Without a valid BAA in place,
you agree not to upload, transmit, or process any PHI through the Services.
14. DO NOT TRACK SIGNALS
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform
standard for interpreting DNT signals, our Services do not currently respond to DNT signals.
You can manage your tracking preferences through your browser settings and our cookie
preferences tool.
15. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy
practices, please contact us:
SymphonIQ, Inc.
A Delaware Corporation
Email: privacy@symphoniq.ai
General Legal Inquiries: legal@symphoniq.ai
Website: www.symphoniq.ai
For EEA, UK, or Swiss residents, you may also contact your local data protection authority if
you have concerns about our privacy practices.
