Privacy Policy
v2026-05-12iSpi WEBSITE PRIVACY POLICY
Last Updated: April 30, 2026
This Privacy Policy explains how iSpi Ventures, LLC, a Delaware limited liability company qualified to do business in the State of Alabama, with principal place of business in Birmingham, Alabama (referred to as "iSpi," "we," "our," or "us"), collects, uses, discloses, retains, and otherwise processes information when you ("you," "your," or "Visitor") access or interact with the website located at ispi.ai and any subdomains, successor properties, or related online materials (collectively, the "Site"), or when you communicate with iSpi as a prospect, demo requester, marketing contact, free-tier user, or customer-account administrator.
THIS PRIVACY POLICY APPLIES ONLY TO INFORMATION COLLECTED THROUGH THE SITE AND THROUGH RELATED MARKETING, SALES, AND CUSTOMER-ACCOUNT-MANAGEMENT INTERACTIONS. IT DOES NOT APPLY TO CAMERA FOOTAGE, ALERT CONTENT, MAGIC-LINK CONTENT, PROTECTED HEALTH INFORMATION, OR ANY OTHER DATA THAT iSpi PROCESSES ON BEHALF OF AN iSpi CUSTOMER UNDER THE iSpi MASTER SERVICE AGREEMENT OR BUSINESS ASSOCIATE AGREEMENT. THAT DATA IS GOVERNED BY THOSE AGREEMENTS AND, WHERE APPLICABLE, BY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
Please review this Privacy Policy carefully. By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described in it. This Privacy Policy is incorporated by reference into the iSpi Website Terms of Use. In the event of any conflict between this Privacy Policy and the Terms of Use, the document that affords iSpi greater protection controls.
1. SCOPE AND APPLICABILITY
1.1 What This Privacy Policy Covers.
This Privacy Policy applies to information collected by iSpi:
(a) through the Site, including all subpages, subdomains, demo experiences, blog posts, gated content, contact forms, demo-request forms, free-trial signups, and customer-account-management interfaces accessible from the Site;
(b) through marketing, sales, and customer-success communications between iSpi and any prospect, lead, demo participant, marketing contact, beta participant, customer administrator, or other person who interacts with iSpi outside of the operational scope of the iSpi Services;
(c) from third parties (such as data-enrichment providers, advertising partners, account-based-marketing platforms, and public sources) about you in connection with iSpi's marketing or sales activities; and
(d) about your use of the Site, including through cookies, pixels, server logs, and analytics tools described in Section 4.
1.2 What This Privacy Policy Does NOT Cover.
This Privacy Policy does not apply to:
(a) camera footage, video, audio, biometric data, or any image of any individual captured by hardware or software made available as part of the iSpi Services;
(b) alert content, alert-routing messages, magic-link content, or any patient, employee, or visitor information generated, processed, or transmitted in the operational use of the iSpi Services;
(c) Protected Health Information (as defined under the Health Insurance Portability and Accountability Act ("HIPAA")) processed by iSpi as a Business Associate of any iSpi Customer;
(d) any information processed by iSpi on behalf of an iSpi Customer under the iSpi Master Service Agreement or the iSpi Business Associate Agreement; or
(e) third-party websites, services, applications, advertising networks, or properties not owned and operated by iSpi (even where linked from or embedded in the Site).
The data described in subsections (a) through (d) above is governed by the iSpi Master Service Agreement and the iSpi Business Associate Agreement between iSpi and the applicable iSpi Customer, and (where applicable) by HIPAA, state privacy laws, biometric-data laws, and other laws addressed in those agreements. Nothing in this Privacy Policy modifies, supplements, or supersedes those agreements.
1.3 Relation to the Terms of Use.
This Privacy Policy is incorporated by reference into the iSpi Website Terms of Use. Capitalized terms used but not defined in this Privacy Policy have the meanings given in the Terms of Use. In the event of any conflict between this Privacy Policy and the Terms of Use, the document that affords iSpi greater protection controls.
1.4 Updates and Continued Use.
iSpi may update this Privacy Policy at any time as described in Section 14. Your continued access to or use of the Site after the effective date of any modification constitutes your acceptance of the modified Privacy Policy.
2. INFORMATION WE COLLECT
iSpi collects the categories of information described in this Section 2. The specific items collected depend on how you interact with the Site and with iSpi.
2.1 Information You Provide Directly.
When you fill out a form, request a demo, sign up for a free tier, communicate with iSpi, or otherwise voluntarily submit information through the Site or to iSpi's marketing or sales personnel, iSpi collects:
(a) identifiers and contact information, including your name, email address, telephone number (mobile or landline), employer name, job title, role or function, professional address, and personal address (where you provide one);
(b) account credentials, where you create an account; iSpi's authentication is provided by Clerk, Inc. ("Clerk"), and account credentials are stored and managed by Clerk under Clerk's terms (see Section 5 regarding service providers);
(c) billing and payment information for paid offerings, where applicable; payment instruments are processed by iSpi's payment processor and are not stored on iSpi's primary systems;
(d) the contents of demo, contact, free-trial, beta-enrollment, survey, feedback, and similar forms;
(e) the contents of any communication you send to iSpi (including email, chat, support tickets, social-media direct messages, and recorded sales or support calls where you have given any required consent), and any attachments or files you transmit; and
(f) any other information you choose to provide.
2.2 Information Collected Automatically.
When you access or interact with the Site, iSpi (and iSpi's service providers, advertising partners, and other authorized third parties) automatically collects:
(a) network and device identifiers, including internet-protocol (IP) address, mobile-device identifier, advertising identifier, and browser fingerprint (typically a hash of browser, operating system, screen resolution, language, timezone, installed fonts, and similar attributes);
(b) approximate geolocation derived from IP address (typically city or region precision);
(c) device and software characteristics, including browser type and version, operating system, device type, screen resolution, language and timezone settings, installed plugins, and device performance metrics;
(d) navigation and interaction data, including referrer URL, landing page, exit page, time on page, session duration, page views, click paths, scroll depth, mouse-movement patterns, form-field interactions (excluding password and other secure-entry fields), keystrokes in non-sensitive fields, and copy-paste behavior;
(e) marketing-attribution and traffic-source data, including UTM parameters, Google click identifiers (gclid), Facebook click identifiers (fbclid), other ad-network click identifiers, search keywords (where shared by the referring search engine), and partner-referral identifiers;
(f) session-replay data, where iSpi or its service providers use session-replay tools to reconstruct your interaction with the Site (with masking of sensitive fields such as passwords);
(g) cookies, pixels, web beacons, local storage, session storage, and similar tracking technologies (see Section 4 for details and your choices); and
(h) server logs, error logs, performance logs, and security logs.
2.3 Information from Third Parties.
iSpi may receive information about you from third parties, including:
(a) data-enrichment providers, who supplement iSpi's records with firmographic information (company size, industry, technology stack), intent signals (purchase-intent indicators), and technographic information;
(b) advertising and audience-matching networks, including Google, Meta, LinkedIn, Microsoft, TikTok, and similar platforms;
(c) account-based-marketing platforms;
(d) co-marketing partners, joint webinar hosts, content syndication partners, and event organizers;
(e) public sources, including LinkedIn profiles, employer websites, public business registries, and publicly available news and analyst reports;
(f) single-sign-on identity providers (currently Clerk, and potentially Google, Microsoft, or other providers if and when iSpi enables such login methods); and
(g) referrals, recommendations, and introductions from existing iSpi customers, partners, advisors, or investors.
2.4 Information Inferred or Generated.
iSpi may generate or infer additional information about you based on the information described above, including:
(a) account-activity records, login events, feature-usage profiles, and engagement scores;
(b) propensity scores, lead-quality scores, opportunity-stage classifications, and other lead-management inferences;
(c) inferred attributes such as industry vertical, role seniority, geographic territory, and buying-stage classification;
(d) audience-segment memberships used for marketing and advertising; and
(e) behavioral patterns relating to your engagement with iSpi's content, advertising, and outreach.
2.5 No Sensitive Personal Information from Site Tracking by Default.
iSpi does not intentionally collect, through the Site's analytics or advertising tools, any of the following: government-issued identification numbers (such as Social Security numbers, driver's-license numbers, or passport numbers); precise geolocation (latitude and longitude precision finer than approximately five thousand feet); racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; biometric data used to uniquely identify a natural person; health-condition or treatment data; sex-life or sexual-orientation data; or contents of mail, email, or text messages where iSpi is not a recipient of the communication. If you voluntarily provide any of the foregoing through a free-form text submission, iSpi will treat it consistent with this Privacy Policy and applicable law.
3. HOW WE USE INFORMATION
iSpi uses the information described in Section 2 for the purposes set forth below. The specific purposes for which a particular item of information is used depend on the nature of that information, your interaction with iSpi, and applicable law.
3.1 Operating and Securing the Site and Services.
To operate, maintain, secure, troubleshoot, and improve the Site; to detect, investigate, and prevent fraud, abuse, security incidents, and unauthorized access; to enforce the iSpi Website Terms of Use; to monitor uptime and performance; and to defend against denial-of-service or other attacks.
3.2 Account Management.
To register and authenticate accounts; to manage account profiles and settings; to deliver account-related communications (such as verification, password reset, billing, and service announcements); and to bill and collect payment from paying customers.
3.3 Marketing, Sales, and Advertising.
To send marketing emails, newsletters, product updates, event invitations, and similar communications, subject to your right to opt out of marketing communications as described in Section 3.10; to operate retargeting, lookalike-audience, and audience-matching advertising campaigns across the Site, third-party advertising networks, and social-media platforms; to develop, target, and measure advertising; to score, route, and prioritize sales leads and opportunities; to research and analyze the effectiveness of marketing campaigns; and to maintain customer-relationship-management records.
3.4 Product Research and Improvement.
To analyze how visitors interact with the Site; to research and evaluate user preferences, market trends, and product opportunities; to develop, test, and roll out new features, content, and offerings; and to inform iSpi's product roadmap.
3.5 Artificial Intelligence and Machine Learning.
To train, validate, evaluate, fine-tune, distill, benchmark, and otherwise develop and improve artificial-intelligence and machine-learning models used in iSpi's marketing, sales, customer-support, fraud-detection, and product-development workflows. This use of website-tracking and marketing-interaction information is in addition to (and separate from) any use of operational customer or Protected Health Information that is governed by the iSpi Master Service Agreement and the iSpi Business Associate Agreement.
3.6 Communications.
To send transactional and informational communications relating to your interaction with iSpi (including replies to your inquiries, demo confirmations, billing notices, security notifications, legal notices, service announcements, and changes to iSpi's terms or policies); and to send marketing communications consistent with Section 3.3 and Section 3.10.
3.7 Compliance, Legal Process, and Defense.
To comply with applicable laws, regulations, court orders, subpoenas, search warrants, civil-investigative demands, regulatory inquiries, government requests, and other legal process; to respond to law-enforcement requests; to assert, exercise, defend, or settle legal claims; to protect the rights, property, or safety of iSpi, its employees, customers, visitors, or the public; and to comply with internal policies and audit requirements.
3.8 Business Operations.
For internal recordkeeping, financial reporting, audits, tax matters, insurance, internal investigations, restructurings, and similar business-operational purposes; for due diligence and integration in connection with any merger, acquisition, financing, sale of assets, change of control, joint venture, partnership, bankruptcy, dissolution, or similar transaction; and for evaluation of and integration with potential or actual partners, vendors, advisors, and acquirers.
3.9 Aggregation and De-Identification.
To create aggregated, de-identified, anonymized, statistical, and pseudonymized data from any of the information described in Section 2. Such aggregated or de-identified data is owned by iSpi and may be used and disclosed for any purpose without restriction by this Privacy Policy.
3.10 Marketing Opt-Out.
You may opt out of marketing communications from iSpi by following the unsubscribe instructions in any marketing email or by contacting iSpi using the information in Section 15. Opt-out from marketing communications does not affect transactional or informational communications, which are necessary for the operation of your account or your interaction with iSpi.
3.11 Other Disclosed Purposes.
To use information for any other purpose disclosed at the time of collection or for which you have provided consent, where consent is required by applicable law.
4. COOKIES, TRACKING TECHNOLOGIES, AND ANALYTICS
4.1 Categories of Tracking Technologies.
iSpi uses the following categories of tracking technologies on the Site:
(a) "strictly necessary" technologies, which are required for the Site to function (for example, session identifiers, load-balancing cookies, security tokens, and authentication cookies);
(b) "functional" technologies, which remember preferences and improve user experience (for example, language preference, region preference, and form-field auto-population);
(c) "performance and analytics" technologies, which help iSpi understand how visitors interact with the Site (for example, page-view counts, session duration, scroll depth, click tracking, and error reporting);
(d) "advertising and targeting" technologies, which support advertising campaigns, retargeting, audience matching, conversion measurement, and attribution; and
(e) "social-media" technologies, which integrate with social-media platforms and enable sharing, embedded content, or social login.
4.2 Tools and Service Providers.
iSpi uses or may use the following tools, among others, to deliver the categories of tracking technologies described in Section 4.1 (this list is illustrative and non-exhaustive; iSpi may add, remove, or change tools at any time without notice):
(a) analytics: Google Analytics 4, Microsoft Clarity, Hotjar, FullStory, Mixpanel, Amplitude, PostHog, Segment;
(b) advertising and conversion measurement: Google Ads, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, Microsoft Advertising, TikTok Pixel;
(c) error and performance monitoring: Sentry, Datadog (including Real User Monitoring);
(d) email and notification tracking: open-tracking pixels, click-tracking links, unsubscribe-link instrumentation, in-app messaging analytics; and
(e) other tools that iSpi may add from time to time.
4.3 First-Party and Third-Party Cookies.
The Site uses both first-party cookies (set directly by ispi.ai or its subdomains) and third-party cookies (set by tools and partners listed in Section 4.2). Some cookies persist across browser sessions; others expire at the end of a session.
4.4 Server-Side Tracking.
iSpi may use server-side tracking, server-side tag management, conversions APIs, offline-conversion uploads, and similar techniques to capture conversion and attribution data through means that do not depend on cookies set in your browser. iSpi discloses use of server-side tracking here so that any required statutory disclosure is satisfied.
4.5 Pixel Beacons in Email.
Marketing emails sent by iSpi (or by iSpi's email-delivery service providers) typically include pixel beacons that report when the email is opened, when links are clicked, and similar engagement metrics. Disabling image loading in your email client may suppress some of these signals.
4.6 Session Replay.
iSpi or its service providers may record session replays of your interactions with the Site. These recordings include mouse movements, clicks, scrolling, and form-field interactions, with masking of password fields and other fields configured for masking. iSpi may use these recordings to diagnose user-experience problems, improve the Site, and investigate suspected fraud or abuse.
4.7 Your Choices.
You may control or limit some tracking through the following methods:
(a) browser-level controls, including blocking third-party cookies, blocking specific cookies, deleting cookies, enabling tracking-prevention features, or using private-browsing modes;
(b) industry opt-out tools offered by the Network Advertising Initiative (https://optout.networkadvertising.org), the Digital Advertising Alliance (https://optout.aboutads.info), the European Interactive Digital Advertising Alliance (https://www.youronlinechoices.com), and the AppChoices mobile-opt-out app;
(c) platform-specific advertising controls offered by Google, Meta, LinkedIn, Microsoft, and TikTok within your account settings on those platforms; and
(d) the cookie banner or consent-management interface that iSpi may display on the Site (where required by law in your jurisdiction).
Disabling tracking technologies may impair Site functionality and may render some features unavailable.
4.8 Do-Not-Track and Global Privacy Control.
iSpi does not honor browser-based "Do Not Track" signals because no consensus standard exists for interpreting them. Where required by applicable law (including, in some circumstances, in California), iSpi will treat a Global Privacy Control signal as a valid request to opt out of "sale" or "sharing" of personal information for purposes of the relevant statute.
4.9 Cookie Banner / Consent Interface.
Where iSpi presents a cookie banner or consent interface, that interface conforms to the statutory minimum required by your jurisdiction. Visitors located in jurisdictions that do not require an opt-in cookie consent are deemed to consent to all cookies and tracking technologies on first visit and on each subsequent visit.
5. SHARING AND DISCLOSURE OF INFORMATION
iSpi shares the information described in Section 2 with the categories of recipients described in this Section 5. The specific recipients of any particular item of information depend on the nature of that information, the purpose for sharing, and applicable law.
5.1 Service Providers and Sub-Processors.
iSpi shares information with service providers and sub-processors who process information on iSpi's behalf and pursuant to written agreements that restrict their use of the information. Categories of service providers include:
(a) cloud-hosting and storage providers (currently Microsoft Azure and Vercel, and others as iSpi may add);
(b) authentication and identity providers (currently Clerk, Inc.);
(c) telecommunications and messaging providers (currently Twilio, Inc., for SMS and voice and identity verification);
(d) payment processors;
(e) email-delivery, customer-relationship-management, and marketing-automation platforms;
(f) analytics, error-monitoring, and performance-monitoring providers (including Sentry, Datadog, and the providers listed in Section 4.2);
(g) advertising and audience-matching networks (including the providers listed in Sections 2.3(b) and 4.2(b));
(h) customer-support, helpdesk, and chat tools;
(i) legal, accounting, audit, and professional-services advisors;
(j) document-signing, contract-management, and onboarding-workflow providers; and
(k) other vendors that iSpi engages from time to time to support iSpi's business operations.
iSpi may add, remove, or change service providers and sub-processors at any time, in iSpi's sole discretion and without further notice except as required by applicable law.
5.2 Advertising and Analytics Partners.
iSpi shares information with advertising and analytics partners for purposes of measurement, conversion tracking, retargeting, audience matching, lookalike-audience generation, and attribution. Some of these uses may constitute a "sale" or "sharing" of personal information under California or other state law; please see Sections 10 and 11 for your rights in those jurisdictions.
5.3 Affiliates and Subsidiaries.
iSpi shares information with iSpi's parent, subsidiary, and affiliated entities (collectively, "iSpi Affiliates") for purposes consistent with this Privacy Policy, including marketing, advertising, product development, and business operations.
5.4 Business Transfers.
If iSpi is involved in a merger, acquisition, financing, restructuring, sale of assets, change of control, joint venture, partnership, bankruptcy, dissolution, or similar transaction (whether actual, proposed, or contemplated), iSpi may transfer, disclose, or assign any or all information described in Section 2 to one or more successors, acquirers, financing parties, advisors, or counterparties to that transaction, in each case for purposes of due diligence, integration, or continued operation. Notice of any such transfer will be provided by Site posting (which is sufficient notice for all purposes); no individual notice is required.
5.5 Legal Compliance and Defense.
iSpi may disclose information when iSpi believes in good faith that disclosure is necessary or appropriate to:
(a) comply with any applicable law, regulation, court order, subpoena, search warrant, civil-investigative demand, regulatory inquiry, government request, or other legal process;
(b) cooperate with law-enforcement officials or other government authorities, with or without notice to you, to the maximum extent permitted by applicable law;
(c) assert, exercise, defend, or settle legal claims, including in litigation, arbitration, or pre-litigation dispute resolution;
(d) enforce iSpi's terms, policies, or rights;
(e) protect the rights, property, or safety of iSpi, its employees, customers, visitors, or the public; or
(f) prevent, investigate, or address fraud, security incidents, technical issues, or violations of law or contract.
5.6 With Your Consent.
iSpi may share information for any other purpose with your consent, where consent is required by applicable law.
5.7 Aggregated and De-Identified Data.
iSpi may share aggregated, de-identified, anonymized, or pseudonymized data freely and for any purpose. This data is owned by iSpi and is not subject to the restrictions in this Privacy Policy or to data-subject rights under applicable law.
5.8 No Sale of Personal Information for Money.
iSpi does not sell personal information for money. Some of the sharing described in this Section 5 (particularly with advertising and analytics partners under Section 5.2) may, however, qualify as a "sale" or "sharing" under definitions in California, Colorado, Connecticut, Virginia, or other state laws that define those terms broadly. Please see Sections 10 and 11 for your statutory rights to opt out of such sale or sharing where applicable.
6. RETENTION
6.1 Retention Period.
iSpi retains the information described in Section 2 for as long as is necessary to fulfill the purposes described in Section 3, to comply with iSpi's legal, regulatory, audit, contractual, and recordkeeping obligations, to assert, exercise, or defend legal claims, or for other legitimate business purposes, whichever is longest. iSpi does not commit to any fixed deletion schedule.
6.2 Specific Retention Considerations.
(a) iSpi may retain prospect, lead, and contact records for the duration of any sales or business-development relationship and for a reasonable period thereafter to support re-engagement, audit, defense of claims, or future contact;
(b) iSpi may retain transactional and billing records for the period required by tax, accounting, audit, and other applicable law;
(c) iSpi may retain communications, support tickets, and recorded calls for so long as the underlying matter remains open or potentially relevant, plus a reasonable defense-of-claims tail;
(d) iSpi may retain marketing-attribution and advertising data for so long as it remains useful for measurement, modeling, optimization, or reporting;
(e) iSpi may retain account-activity logs, security logs, and audit logs for the period required by iSpi's information-security program and for the period required by applicable law and contract; and
(f) iSpi may retain records relating to a legal hold, regulatory matter, or pending dispute for as long as the hold, matter, or dispute (and any defense-of-claims tail) requires.
6.3 Backups.
Information may persist in iSpi's encrypted backups and disaster-recovery systems for a reasonable period after deletion from primary systems. iSpi is not required to delete information from backups except in the ordinary course of backup-rotation cycles.
6.4 Aggregated and De-Identified Data.
Aggregated, de-identified, anonymized, or pseudonymized data created from any of the information described in Section 2 may be retained by iSpi indefinitely.
6.5 Deletion Requests.
You may request deletion of personal information about you to the extent required by applicable law (see Sections 10 and 11). iSpi may deny a deletion request, in whole or in part, where retention is required or permitted by applicable law (including the bases in Section 6.2 and Section 6.3).
7. SECURITY
7.1 Security Measures.
iSpi maintains administrative, technical, and physical safeguards designed to protect against the unauthorized access, use, disclosure, alteration, or destruction of information, taking into account the nature of the information, the costs of implementing the safeguard, and the state of the art at the time. These safeguards include access controls, encryption in transit, encryption at rest where appropriate, network segmentation, vulnerability management, security monitoring, incident response, and personnel training.
7.2 No Guarantee of Security.
NO METHOD OF TRANSMISSION OVER THE INTERNET, OF ELECTRONIC STORAGE, OR OF DATA PROCESSING IS COMPLETELY SECURE. iSpi DOES NOT GUARANTEE OR WARRANT THE SECURITY OF ANY INFORMATION TRANSMITTED TO OR STORED BY iSpi. iSpi DISCLAIMS ALL LIABILITY FOR UNAUTHORIZED ACCESS TO OR USE OF INFORMATION TO THE MAXIMUM EXTENT PERMITTED BY LAW.
7.3 Visitor Responsibilities.
You are responsible for protecting the confidentiality of any account credentials you create, for using a strong unique password, for keeping your devices and software up to date, and for limiting access to your accounts and devices. You should promptly notify iSpi at legal@ispi.ai of any actual or suspected unauthorized access to your account.
7.4 Breach Notification.
In the event of a security incident affecting personal information about you, iSpi will provide notification in accordance with applicable law (statutory floor only). iSpi reserves the right to delay notification to the extent permitted by law, including where notification would impede an active law-enforcement investigation or where iSpi reasonably believes notification would create additional risk.
8. INTERNATIONAL TRANSFERS
8.1 U.S.-Based Processing.
iSpi is based in the United States, and iSpi's primary processing of information takes place in the United States. iSpi's service providers and sub-processors may also process information in the United States.
8.2 Cross-Border Transfers.
iSpi may transfer information to, and process information in, any country in which iSpi, iSpi Affiliates, or iSpi's service providers operate. By accessing or using the Site or by submitting information to iSpi, you consent to the transfer of information to and processing in the United States and any other jurisdiction in which iSpi or its service providers may operate, including jurisdictions whose privacy laws may differ from those in your country of residence.
8.3 EEA, UK, and Swiss Visitors.
The Site is intended primarily for visitors located in the United States. iSpi does not target the Site to data subjects in the European Economic Area, the United Kingdom, or Switzerland. To the extent that any visitor located in those jurisdictions accesses the Site or otherwise transfers personal information to iSpi, iSpi will, where required by applicable law, implement Standard Contractual Clauses adopted by the European Commission, the UK International Data Transfer Addendum, the Swiss Federal Data Protection and Information Commissioner-approved equivalents, or other lawful transfer mechanisms.
8.4 No Local-Storage Commitment.
iSpi makes no commitment to store information in any particular country, region, or data center. iSpi may move data between data centers, regions, and providers at any time without notice.
9. CHILDREN'S PRIVACY
9.1 Site Not Directed to Children.
The Site is not directed to children, and iSpi does not knowingly market the Site or the iSpi Services to children. The eligibility provisions of the iSpi Website Terms of Use require that you be at least eighteen (18) years of age to access or use the Site.
9.2 No Knowing Collection from Children Under 13.
iSpi does not knowingly collect personal information from children under the age of thirteen (13) within the meaning of the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. Section 6501 et seq., or its implementing regulations. If iSpi becomes aware that it has collected personal information from a child under the age of thirteen (13) without verifiable parental consent, iSpi will take reasonable steps to delete that information.
9.3 Parental Contact.
A parent or legal guardian who believes that iSpi has collected personal information from their child in violation of this Section 9 may contact iSpi using the information in Section 15 to request review and deletion.
10. CALIFORNIA PRIVACY RIGHTS
This Section 10 provides additional disclosures and describes rights available to California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"). Capitalized terms used in this Section 10 and not defined elsewhere in this Privacy Policy have the meanings given in the CCPA.
10.1 Categories of Personal Information Collected.
Within the twelve (12) months preceding the date at the top of this Privacy Policy, iSpi has collected the following categories of personal information about California residents (using the categories defined in California Civil Code Section 1798.140):
(a) identifiers, including name, postal address, IP address, email address, account name, and similar identifiers;
(b) categories of personal information described in California Civil Code Section 1798.80(e), including signature, telephone number, and employment-related information;
(c) characteristics of protected classifications under California or federal law (only if voluntarily provided by you in a free-form submission);
(d) commercial information, including products or services purchased, considered, or evaluated;
(e) internet or other electronic-network activity information, including browsing history, search history, and information regarding interaction with the Site, an iSpi advertisement, or an iSpi communication;
(f) geolocation data (approximate, derived from IP address);
(g) audio, electronic, visual, thermal, or similar information (only to the extent of recorded sales or support calls or session recordings);
(h) professional or employment-related information;
(i) inferences drawn from any of the foregoing to create a profile reflecting your preferences, characteristics, behavior, attitudes, or aptitudes; and
(j) sensitive personal information (only if voluntarily provided by you and subject to Section 2.5).
10.2 Sources of Personal Information.
The categories of sources from which iSpi has collected personal information are described in Section 2 (information you provide directly, information collected automatically, information from third parties, and information inferred or generated).
10.3 Business or Commercial Purposes.
iSpi has collected each category of personal information for one or more of the business or commercial purposes described in Section 3.
10.4 Categories of Third Parties Receiving Personal Information.
iSpi has disclosed each category of personal information to one or more of the categories of recipients described in Section 5.
10.5 Sale and Sharing.
iSpi does not sell personal information for money. However, some sharing of personal information with advertising partners (as described in Section 5.2) and some uses of cookies, pixels, and similar technologies (as described in Section 4) may constitute a "sale" or "sharing" under the CCPA's broad definitions of those terms. The categories of personal information that iSpi may have "sold" or "shared" within the meaning of the CCPA are: identifiers; internet or electronic-network activity information; geolocation data (approximate); commercial information; and inferences. The categories of recipients of any such "sale" or "sharing" are: advertising and audience-matching networks; analytics providers; and account-based-marketing platforms.
10.6 Sensitive Personal Information.
iSpi does not use or disclose Sensitive Personal Information for purposes that require an opt-out right under the CCPA.
10.7 Your CCPA Rights.
Subject to verification and applicable exceptions, California residents have the following rights:
(a) the right to know the categories and specific pieces of personal information iSpi has collected, used, disclosed, sold, or shared in the preceding twelve (12) months;
(b) the right to delete personal information iSpi has collected (subject to the exceptions in California Civil Code Section 1798.105(d) and Section 6 of this Privacy Policy);
(c) the right to correct inaccurate personal information iSpi maintains;
(d) the right to opt out of the sale or sharing of personal information;
(e) the right to limit use and disclosure of Sensitive Personal Information (where applicable);
(f) the right to non-discrimination for exercising any of the rights described above; and
(g) the right to designate an authorized agent to make a request on your behalf.
10.8 How to Submit a Request.
You may submit a request by:
(a) emailing iSpi at privacy@ispi.ai with a subject line that identifies the type of request (for example, "Right to Know," "Deletion Request," or "Opt-Out");
(b) using the "Do Not Sell or Share My Personal Information" link or an equivalent opt-out interface on the Site (where iSpi has activated such an interface);
(c) configuring a Global Privacy Control signal in your browser, which iSpi will treat as a valid request to opt out of "sale" or "sharing" within the meaning of the CCPA; or
(d) writing to iSpi at the mailing address in Section 15 with a clearly labeled subject line.
10.9 Verification.
iSpi will take reasonable steps to verify your identity before responding to a request. The verification method depends on the type of request, the sensitivity of the information involved, and the nature of your relationship with iSpi. iSpi may request additional information from you to verify your identity. iSpi will not use information collected for verification for any other purpose.
10.10 Authorized Agents.
You may designate an authorized agent to submit a request on your behalf. The authorized agent must provide signed written permission from you, and iSpi may also independently verify your identity directly.
10.11 Response Time.
iSpi will respond to a verified consumer request within the time required by the CCPA (generally forty-five (45) days from receipt, with a possible additional forty-five (45) days where reasonably necessary, with notice).
10.12 Non-Discrimination.
iSpi will not discriminate against you for exercising any of the rights described in this Section 10.
10.13 Look-Back.
The disclosures in this Section 10 reflect the twelve (12) months preceding the date at the top of this Privacy Policy.
11. OTHER U.S. STATE PRIVACY RIGHTS
11.1 States Covered.
Residents of the following states (and any other state with a comparable comprehensive consumer-privacy statute as it may take effect from time to time) may have additional rights under their state's law: Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), Utah (Utah Consumer Privacy Act), Texas (Texas Data Privacy and Security Act), Oregon (Oregon Consumer Privacy Act), Montana (Montana Consumer Data Privacy Act), Iowa (Iowa Consumer Data Protection Act), Indiana (Indiana Consumer Data Protection Act), Tennessee (Tennessee Information Protection Act), Delaware (Delaware Personal Data Privacy Act), New Jersey (New Jersey Data Privacy Act), New Hampshire, Maryland, Minnesota, Rhode Island, Kentucky, and other states. The specific rights, exceptions, thresholds, definitions, and procedures vary state by state.
11.2 Rights Generally Available.
Subject to verification, applicable thresholds, and applicable exceptions, residents of the states identified in Section 11.1 may have one or more of the following rights:
(a) the right to confirm whether iSpi processes personal data about you and to access that data;
(b) the right to obtain a portable copy of personal data;
(c) the right to correct inaccurate personal data;
(d) the right to delete personal data (subject to applicable exceptions, including the exceptions described in Section 6);
(e) the right to opt out of the processing of personal data for purposes of targeted advertising;
(f) the right to opt out of the "sale" of personal data (where applicable);
(g) the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (where applicable);
(h) the right to limit use and disclosure of sensitive personal data (where applicable); and
(i) the right to appeal a denial of any of the above (where applicable).
11.3 How to Submit a Request.
You may submit a request through the methods described in Section 10.8. Please identify the state of your residence in your request so that iSpi may apply the correct procedures.
11.4 Verification.
iSpi will take reasonable steps to verify your identity before responding to a request. The verification methods described in Section 10.9 apply.
11.5 Authorized Agents.
You may designate an authorized agent as described in Section 10.10 (and as supplemented by the requirements of your state's law).
11.6 Appeals.
Where your state of residence provides a right to appeal a denial of a privacy request, you may submit an appeal by emailing privacy@ispi.ai with a subject line "Privacy Request Appeal" and identifying the original request and the denial. iSpi will respond within the time required by your state's law.
11.7 Response Time.
iSpi will respond within the time required by your state's law.
11.8 No Private Right of Action.
Except as required by applicable law, this Section 11 does not create any private right of action against iSpi. Enforcement of state privacy laws is generally vested in the relevant state attorney general or designated regulator.
12. CONSUMER HEALTH DATA LAWS
12.1 Statutes Addressed.
This Section 12 addresses the following consumer-health-data statutes (and any successor or comparable statute as it may take effect from time to time):
(a) the Washington My Health My Data Act, RCW 19.373 ("Washington MHMDA");
(b) Nevada Senate Bill 370 (codified at NRS Chapter 603A et seq.);
(c) Connecticut Public Act 23-56 (the consumer-health-data-related amendments to the Connecticut Data Privacy Act); and
(d) any other state statute, regulation, or ordinance that creates special protections for "consumer health data," health-related geolocation, biometric data used in connection with health, or comparable categories.
12.2 Scope on the Site.
iSpi's website tracking and marketing activities described in this Privacy Policy are not designed to collect "consumer health data" within the meaning of the statutes identified in Section 12.1 for purposes of marketing, profiling, sale, or sharing. iSpi does not knowingly use or disclose information collected through the Site to identify any individual's medical condition, mental-health status, reproductive- or sexual-health status, biometric data used to uniquely identify the individual, precise geolocation in or near a healthcare facility, or other categories that would constitute "consumer health data" under the statutes in Section 12.1.
12.3 If iSpi Collects Such Data.
If iSpi inadvertently collects information that meets a statutory definition of "consumer health data" through Site tracking or marketing interactions (for example, where you voluntarily disclose health-related information in a free-form contact-form submission), iSpi will treat that information consistent with the applicable statute, including the requirements of Washington MHMDA Section 6 (consent or authorization, where applicable), data-minimization, and access and deletion rights at the statutory floor.
12.4 BAA-Processed Data Excluded.
The camera footage, alert content, magic-link content, Protected Health Information, and other operational customer data processed by iSpi as a Business Associate of an iSpi Customer (collectively, "BAA Data") is governed by HIPAA and by the iSpi Master Service Agreement and Business Associate Agreement, not by this Privacy Policy and not by the consumer-health-data statutes in Section 12.1. The consumer-health-data statutes in Section 12.1 generally exempt or otherwise carve out PHI subject to HIPAA. Nothing in this Section 12 modifies the BAA or the MSA, and nothing in this Section 12 extends consumer-health-data rights to BAA Data.
12.5 Exercise of Rights.
If you wish to exercise any right available to you under a consumer-health-data statute, please contact iSpi using the methods in Section 10.8 and identify the relevant statute and the specific right you are exercising. iSpi will respond at the statutory floor.
13. EUROPEAN AND UK PRIVACY RIGHTS
13.1 Site Not Targeted to EEA or UK.
The Site is not targeted to data subjects located in the European Economic Area, the United Kingdom, or Switzerland. iSpi does not market the Site to those jurisdictions. iSpi does not have an establishment in any European Economic Area country or in the United Kingdom.
13.2 Data Subjects Located in the EEA or UK.
To the extent that any data subject located in the European Economic Area, the United Kingdom, or Switzerland accesses the Site or otherwise transfers personal data to iSpi, the following provisions apply on a reserved-and-statutory-floor basis only:
(a) Controller. iSpi is the controller of personal data described in Section 2 for purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and the UK General Data Protection Regulation (the "UK GDPR").
(b) Lawful Bases. Where iSpi processes personal data of EEA or UK data subjects, iSpi relies on one or more of the following lawful bases: (i) iSpi's legitimate interests in operating, securing, and marketing the Site, in conducting business communications, in defending claims, and in product research and development, where those interests are not overridden by your fundamental rights and freedoms; (ii) consent, where consent is required by applicable law (including for some uses of cookies and tracking technologies); (iii) performance of a contract to which you are a party or in order to take steps at your request before entering into a contract; and (iv) compliance with legal obligations.
(c) International Transfers. Where required by applicable law, iSpi will implement Standard Contractual Clauses adopted by the European Commission, the UK International Data Transfer Addendum, or other lawful transfer mechanisms when transferring personal data to the United States or other jurisdictions outside the EEA or UK.
(d) Data Subject Rights. EEA and UK data subjects may have rights of access, rectification, erasure, restriction of processing, portability, objection, and to lodge a complaint with a supervisory authority. These rights are subject to applicable exceptions. Requests may be submitted using the methods in Section 10.8.
(e) Retention. iSpi retains personal data of EEA and UK data subjects in accordance with Section 6.
(f) No Data Protection Officer. iSpi has not designated a Data Protection Officer because iSpi's processing does not require one under Article 37 of the GDPR.
13.3 Supervisory Authority Complaints.
EEA data subjects may lodge a complaint with the supervisory authority of their place of residence, place of work, or place of the alleged infringement. UK data subjects may lodge a complaint with the United Kingdom Information Commissioner's Office.
13.4 No Expansion of Rights.
This Section 13 does not extend any rights to any data subject who is not located in the European Economic Area, the United Kingdom, or Switzerland and does not modify any other provision of this Privacy Policy.
14. CHANGES TO THIS POLICY
14.1 Right to Modify.
iSpi may modify this Privacy Policy at any time in iSpi's sole discretion by posting the updated Privacy Policy on the Site and revising the "Last Updated" date at the top of this Privacy Policy.
14.2 Notice of Material Changes.
For changes that iSpi reasonably considers material, iSpi may, but is not required to, also display a banner or notice on the Site for a period of approximately thirty (30) days following the effective date of the change. Site posting (with or without a banner) is sufficient notice for all purposes.
14.3 Effective Date.
Modifications are effective on the "Last Updated" date or such later date as the updated Privacy Policy specifies.
14.4 Continued Use.
Your continued access to or use of the Site after the effective date of any modification constitutes your acceptance of the modified Privacy Policy. If you do not agree with any modification, your sole remedy is to cease accessing and using the Site.
14.5 No Modification by You.
You may not modify this Privacy Policy. No purported amendment, side letter, course of dealing, or extra-contractual representation by you binds iSpi.
15. CONTACT
For questions about this Privacy Policy, to exercise privacy rights described in Sections 10, 11, 12, or 13, or to report a privacy concern, you may contact iSpi as follows:
iSpi Ventures, LLC
Attention: Privacy
1500 1st Ave North, #28
Birmingham, Alabama 35203
United States
Email: privacy@ispi.ai
Privacy-rights submission email: privacy@ispi.ai (please use a clearly labeled subject line that identifies the type of request)
For inquiries unrelated to privacy (including legal notices and DMCA notices), please refer to the contact information in the iSpi Website Terms of Use.
By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described in it.