Privacy Policy

Last Updated: May 05, 2026

Effective Date: May 05, 2026

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Privacy Policy") describes how Automatan, Inc., a company organized under the laws of Delaware, United States of America, with its registered office at 4695 Chabot Drive #200, Pleasanton, CA 94588 USA. ("Automatan," "we," "us," or "our"), collects, uses, discloses, processes, stores, and protects personal data in connection with the provision of our websites, applications, APIs, software, artificial-intelligence powered services, automation tools, and related products (collectively, the "Service").

This Privacy Policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation and Data Protection Act 2018 ("UK GDPR"), the Swiss Federal Act on Data Protection ("FADP"), and applicable U.S. state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").

This Privacy Policy applies to all individuals whose personal data is processed by Automatan in connection with the Service, including visitors to our websites, users of the Service, customers and prospective customers, representatives of business customers, end users whose data is submitted to the Service by customers, and any other individuals who interact with Automatan.

This Privacy Policy forms part of, and should be read together with, the Terms of Service, the Data Processing Addendum (DPA), and any applicable Order Form or written agreement between Automatan and the customer.

1.1 Roles of the Parties

Depending on the circumstances, Automatan may act as either:

  • a data controller, when we determine the purposes and means of processing personal data; or
  • a data processor, when we process personal data on behalf of a customer in accordance with the customer's instructions.

When you visit our website or create an account directly with Automatan, Automatan acts as a data controller. When a customer submits your personal data to the Service as part of their use of the platform, that customer acts as the data controller and Automatan acts as the data processor. In that case, your rights requests should be directed to the relevant customer, not to Automatan.

Where Automatan processes personal data on behalf of a customer in connection with the Service, such processing is governed by the Data Processing Addendum entered into between Automatan and the customer.

Customers are responsible for ensuring that they have a lawful basis to provide personal data to Automatan for processing through the Service.

1.2 Scope of This Privacy Policy

This Privacy Policy applies to personal data processed by Automatan in connection with use of the Automatan website, account registration and administration, subscription to the Service, use of APIs, integrations, and automation features, communications with Automatan, billing and payment processing, support, training, and customer success activities, security and fraud prevention, and compliance with legal obligations.

This Privacy Policy does not apply to: data processed by customers using the Service where Automatan acts solely as a processor, third-party services not controlled by Automatan, or external websites linked from the Service.

1.3 Acceptance of This Privacy Policy

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you use the Service on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service. You accept this Privacy Policy by accessing or using the Service, creating an account, or clicking to accept when prompted. If you use the Service on behalf of a company, your acceptance binds that company.

1.4 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, changes in applicable law, changes in the Service, or security and operational requirements. When we make material changes, we will update the "Last Updated" date, post the revised Privacy Policy on our website, and Automatan will provide at least fourteen (14) days' notice before the updated Privacy Policy takes effect, except where shorter notice is required by law or necessary to address a security or legal issue. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes acceptance of the updated terms.

1.5 Contact Information

If you have any questions about this Privacy Policy or our data practices, you may contact us at:

Automatan, Inc. 4695 Chabot Drive, Suite 200, Pleasanton, CA 94588
Email: privacy@automatan.ai
Legal Notices: legal@automatan.ai

Automatan has determined that appointment of a Data Protection Officer is not required at this time. Where required by applicable law, Automatan will appoint a DPO and update this Privacy Policy accordingly.

2. INFORMATION WE COLLECT

Automatan collects personal data and other information in connection with the operation of the Service. The type of information we collect depends on how you interact with us, the features you use, and whether you are a customer, user, visitor, or end user whose data is processed through the Service.

We collect this information to provide and operate the Service, communicate with you, process payments, maintain security, comply with legal obligations, and improve the platform. The specific purposes for which each category of data is used are described in Section 3.

For purposes of this Privacy Policy, "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.

2.1 Information You Provide Directly

We may collect information that you provide directly to Automatan when you create an account, use the Service, communicate with us, or otherwise interact with the platform. This information includes, but is not limited to:

(a) Account and Registration Information

If you purchase or subscribe to the Service, we may collect the following, and any other information required:

  • Full name
  • Email address
  • Username or account identifier
  • Company or organization name
  • Job title or role
  • Phone number
  • Mailing or billing address
  • Password or authentication credentials (stored in encrypted form)

(b) Subscription and Billing Information

If you purchase or subscribe to the Service, we may collect the following, and any other information required:

  • Billing name and address
  • Payment method details
  • Credit card or payment token information (processed by third-party payment processors)
  • Transaction history
  • Subscription plan details
  • Renewal and invoicing information
  • Tax identification numbers where required

Automatan does not store full payment card numbers. Payment processing is handled by authorized third-party payment providers.

(c) Communications and Support Data

When you contact Automatan, we may collect the following, and any other information required:

  • Emails and messages you send to us
  • Support tickets
  • Chat transcripts
  • Call recordings (where permitted by law)
  • Feedback and survey responses
  • Requests for demos, training, or documentation

(d) User Content and Inputs

When you use the Service, you may submit content, including prompts, automation instructions, workflow data, uploaded files, documents, text inputs, API requests, configuration settings any other information as required. This information may contain Personal Data depending on how you use the Service.

Where such data is submitted by a customer, Automatan processes it as a data processor under the applicable Data Processing Addendum.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information about your device, network, and usage.

(a) Device Information

  • IP address
  • Device identifiers
  • Operating system
  • Browser type and version
  • Device type
  • Language settings
  • Time zone
  • Unique session identifiers

(b) Usage Information

  • Pages viewed
  • Features used
  • Actions taken in the Service
  • Dates and times of access
  • Referring URLs
  • Error logs
  • Performance data
  • Crash reports
  • API usage metrics

(c) Log Data

We collect log and diagnostic information for security, troubleshooting, and analytics purposes, including authentication logs, system events, request logs, API calls, access timestamps, configuration changes, and audit trails.

(d) Location Information

We may infer approximate location from IP address for purposes such as security monitoring, fraud prevention, compliance, and service optimization. We do not collect precise geolocation data unless explicitly provided.

2.3 Customer Data Processed on Behalf of Customers

Customers may submit or store data in the Service that contains personal data relating to their users, clients, employees, or other individuals ("Customer Data"). In such cases, the customer acts as data controller and Automatan acts as data processor.

Automatan processes Customer Data only in accordance with the customer's instructions, as described in the Terms of Service, and as governed by the Data Processing Addendum.

Customer Data may include, depending on customer usage: names, email addresses, identifiers, business data, documents, workflow data, automation outputs, and AI inputs and outputs. Automatan does not control the content of Customer Data.

2.4 Information from Integrations and Third-Party Services

If you connect third-party services to Automatan, we may receive information from those services, including from cloud storage providers, CRMs, messaging platforms, productivity tools, APIs, enterprise systems, and identity providers. The data received depends on the permissions granted by the customer or user. Automatan processes such data only as necessary to provide the Service. Customers may disconnect third-party integrations from the Service at any time through their account settings, at which point Automatan will cease receiving data from those services.

2.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve the Service. These may include session cookies, persistent cookies, analytics cookies, security cookies, and preference cookies. Cookies may be used to remember user settings, authenticate users, analyze usage, improve performance, detect fraud, and maintain session state.

You may control cookies through your browser settings, but disabling cookies may affect the functionality of the Service. Additional details are provided in our Cookie Policy.

2.6 Analytics and Telemetry

We may use internal or third-party analytics tools to understand how the Service is used. This may include collection of the following types of data: feature usage statistics, page views and navigation paths, performance metrics such as load times and error rates, session duration and frequency, device and browser information, and interaction patterns such as clicks and feature engagement. Analytics data is used to improve the Service, maintain reliability, enhance security, and develop new features.

2.7 Information We Do Not Intentionally Collect

The Service is not intended to collect sensitive personal data unless submitted by a customer. Users should not submit to the Service government ID numbers, financial account credentials, health information, biometric identifiers, or other highly sensitive data, unless permitted under the Terms of Service and Data Processing Addendum. Customers are responsible for determining what data they submit to the Service. Where Customer believes their use case requires submission of sensitive personal data to the Service, Customer must contact Automatan at legal@automatan.ai before doing so to discuss appropriate safeguards and enter into any required supplemental agreements.

3. HOW WE USE INFORMATION

Automatan uses the information we collect for legitimate business purposes in connection with operating, maintaining, securing, and improving the Service. The purposes for which we use personal data depend on the context in which the data is collected and the nature of the relationship between you and Automatan. For information about how long we retain data processed for each purpose, see Section 5.

3.1 Provision and Operation of the Service

We use personal data to provide, maintain, and operate the Service, including to create and manage user accounts, authenticate users, enable access to the platform, provide automation, AI, and workflow functionality, process API requests, store and process Customer Data, enable integrations, deliver requested features, maintain system functionality, and provide updates and patches.

Where Automatan processes Customer Data on behalf of a customer, we do so solely in accordance with the customer's instructions and the applicable Data Processing Addendum.

3.2 Transaction Processing and Subscription Management

We use information to process payments, issue invoices, manage subscriptions, calculate usage, apply renewals, administer billing accounts, detect fraudulent transactions, and comply with tax and accounting obligations. Payment information may be processed by authorized third-party payment processors. For information about how long we retain data processed for each purpose, see Section 5.

3.3 Communications

We use personal data to communicate with users and customers, including to respond to inquiries, provide support, send service-related notices, notify users about updates, provide security alerts, send billing notifications, provide product information, and deliver training or onboarding materials.

Where permitted by law, we may also send marketing or promotional communications. You may opt out of marketing messages at any time. Service-related communications may still be sent even if you opt out of marketing.

3.4 Service Improvement and Development

We use information to analyze usage patterns, troubleshoot errors, improve performance, develop new features, test functionality, monitor reliability, optimize infrastructure, and enhance user experience.

We may use aggregated or de-identified data for analytics, product development, and service improvement. Automatan does not use identifiable Customer Data to train general machine learning or artificial intelligence models.

We currently use Google Analytics to assist with usage analysis and product development. For further detail on how Google Analytics collects data, see our Cookie Policy.

3.5 Security and Misuse Prevention

We use personal data to protect the Service, our customers, and our systems, including to detect unauthorized access, prevent fraud, investigate suspicious activity, enforce the Terms of Service, enforce the Acceptable Use Policy, monitor system integrity, maintain audit logs, prevent API abuse, and protect against malicious automation or attacks. This processing is necessary for our security and legitimate business interests, which Automatan has assessed as not being overridden by the rights and interests of data subjects. For prohibited uses, see Automatan's Acceptable Use Policy.

Where a security incident involves Customer Data, Automatan will handle such data in accordance with its security incident procedures described in the Terms of Service and the Data Processing Addendum, and will notify Customer as required by applicable law.

3.6 Legal Compliance

We may use personal data to comply with applicable laws and legal requirements, including to respond to lawful requests from authorities, comply with court orders, comply with regulatory obligations, maintain required records, enforce legal rights, resolve disputes, and defend against claims. We may also use personal data where necessary to protect the rights of Automatan, protect users, protect the public, and protect the integrity of the Service.

Where Automatan receives a legally binding request for Customer Data from a law enforcement or government authority, Automatan will attempt to redirect the authority to Customer where possible. Where disclosure is compelled by law, Automatan will provide reasonable prior notice to Customer unless prohibited from doing so by applicable law or court order.

3.7 Processing on Behalf of Customers

When customers use the Service to process personal data, Automatan acts as a data processor. In such cases, Automatan processes personal data only on documented instructions, does not determine the purpose of processing, does not control Customer Data, does not use Customer Data for its own purposes, and processes data only to provide the Service in accordance with the Data Processing Addendum.

Customers are responsible for providing required notices, obtaining required consents, ensuring lawful processing, and complying with applicable data protection laws.

3.8 Legal Bases for Processing

Where required by applicable data protection laws, Automatan processes personal data on the following legal bases depending on the purpose of processing:

  • Performance of a contract — for account creation, service delivery, billing, and subscription management;
  • Legitimate interests — for security monitoring, fraud prevention, analytics, product improvement, and service-related communications, where Automatan has assessed that such interests are not overridden by the rights and interests of data subjects;
  • Compliance with a legal obligation — for record-keeping, responding to lawful requests, and regulatory compliance; and
  • Consent — for marketing communications, where required by applicable law.

The applicable legal basis for any specific processing activity depends on the context in which the data is collected.

Where processing is based on consent, Automatan will obtain consent through appropriate mechanisms before processing. You may withdraw consent at any time as described in Section 8.7, without affecting the lawfulness of processing carried out before withdrawal.

3.9 Aggregated and De-Identified Data

Automatan may use aggregated, anonymized, or de-identified information for analytics, research, product development, security, reporting, benchmarking, and improving the Service. Such information does not identify individuals.

3.10 No Sale of Personal Data

Automatan does not sell personal data to third parties. We do not share personal data for third-party advertising purposes. We only disclose personal data as described in this Privacy Policy.

4. HOW WE SHARE INFORMATION

Automatan may disclose personal data to third parties in limited circumstances in order to operate the Service, comply with legal obligations, protect our rights, or as otherwise described in this Privacy Policy. We do not sell personal data and we do not share personal data for third-party advertising purposes.

4.1 Service Providers and Subprocessors

We may share personal data with third-party service providers who perform services on our behalf, including providers of cloud hosting and infrastructure, data storage, payment processing, analytics, logging and monitoring, customer support, security services, email delivery, authentication services, billing platforms, collaboration tools, and development and testing tools.

These providers may process personal data only on our instructions, for the purposes of providing the Service, and subject to confidentiality obligations and appropriate data protection safeguards.

Where Automatan processes Customer Data on behalf of customers, such providers act as subprocessors under the Data Processing Addendum. A current list of subprocessors is available upon request or as described in the Data Processing Addendum.

4.2 Affiliates and Corporate Entities

We may share personal data with our affiliates, subsidiaries, or related corporate entities where necessary to operate the Service, manage accounts, provide support, ensure security, comply with legal obligations, or conduct internal administration. All affiliated entities are required to protect personal data in accordance with this Privacy Policy.

4.3 Third-Party Integrations

If you choose to connect third-party services to Automatan, we may share data with those services as directed by you. Automatan is not responsible for the privacy practices of third-party services. Your use of third-party integrations is governed by the privacy policies of those providers.

4.4 Customer Instructions

Where customers use the Service to process personal data, Automatan may disclose or transfer such data as directed by the customer. In such cases, Automatan acts solely as a processor and the customer is responsible for the disclosure. Where Customer uses AI-powered features of the Service, Customer Data may be processed by AI models to generate Outputs. Such processing is governed by Automatan's AI Usage Policy, incorporated into the Terms of Service by reference, and the Data Processing Addendum. Automatan does not use identifiable Customer Data to train general machine learning or artificial intelligence models.

4.5 Legal Requirements and Protection of Rights

We may disclose personal data if we believe disclosure is necessary to comply with applicable law, respond to lawful requests, comply with court orders or subpoenas, comply with regulatory requirements, enforce agreements, investigate violations, detect fraud, protect security, protect the rights of Automatan, protect users or the public, or prevent harm. We may also disclose data where required to cooperate with law enforcement or government authorities.

4.6 Business Transfers

Personal data may be disclosed in connection with a corporate transaction, including a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or change of control. In such cases, personal data may be transferred to the acquiring entity, subject to appropriate confidentiality and security protections. We will take reasonable steps to ensure that any successor entity processes personal data in accordance with this Privacy Policy.

4.7 With Consent or Direction

We may share personal data with third parties where you request, authorize, or consent to the sharing, where you configure the Service to share data, or where disclosure is required to provide a feature you enable.

4.8 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that does not identify individuals for purposes including analytics, research, reporting, benchmarking, product improvement, security analysis, and operational insights.

4.9 No Sale of Personal Data

Automatan does not sell personal data. We do not rent, trade, or otherwise disclose personal data to third parties for their own marketing or advertising purposes. We only share personal data as described in this Privacy Policy.

4.10 International Disclosures

Personal data may be transferred to and processed in countries other than the country in which the data was collected. Such transfers are subject to appropriate safeguards as described in Section 7 (International Data Transfers).

5. DATA RETENTION

As a general guide, Automatan applies the following retention periods by data category:

  • Account and registration data — retained for the duration of the subscription and up to three (3) years following account closure for legal and audit purposes
  • Billing and transaction data — retained for up to seven (7) years to comply with applicable tax and accounting obligations
  • Support communications — retained for up to two (2) years following resolution
  • Usage logs and analytics data — retained for up to twelve (12) months
  • Customer Data — retained in accordance with Sections 5.1 and 5.2

Longer retention may apply where required by law as described in Section 5.4.

Automatan retains personal data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain the security and integrity of the platform. The retention period depends on the type of data, the purpose for which it was collected, and the applicable contractual and legal requirements.

5.1 Retention During the Subscription Term

We retain personal data for as long as your account is active, a subscription is in effect, the Service is being used, or as otherwise necessary to provide the Service. This includes account information, billing information, usage data, configuration data, Customer Data stored in the Service, and logs required for security and operation.

Where Automatan processes Customer Data on behalf of a customer, such data is retained in accordance with the customer's instructions and the applicable Data Processing Addendum.

5.2 Retention After Termination

Upon termination or expiration of the subscription, Automatan will retain Customer Data for a limited period to allow retrieval by the customer. Unless otherwise agreed in writing, Customer Data will be deleted from active systems within twenty-eight (28) days after termination of the Service. During this period, the customer may request export or deletion of data. After the retention period expires, Customer Data may be permanently deleted from active systems, subject to backup retention and legal requirements.

5.3 Backup and Security Copies

Personal data may remain in backup systems for a limited period after deletion from active systems. Backups are maintained for disaster recovery, security, system integrity, and legal compliance. Backup data is protected and not used for active processing. Backup copies are deleted in accordance with Automatan's internal retention schedules, and in any event within ninety (90) days after the underlying personal data has been deleted from active systems.

5.4 Legal and Compliance Retention

We may retain personal data for longer periods where necessary to comply with legal obligations, comply with tax or accounting requirements, resolve disputes, enforce agreements, maintain audit records, detect fraud, protect security, or comply with regulatory requirements. Such data will be retained only for as long as required for those purposes.

5.5 Aggregated and De-Identified Data

Automatan may retain aggregated, anonymized, or de-identified data after deletion of personal data for analytics, research, product improvement, reporting, and security monitoring. This data does not identify individuals.

5.6 Retention When Acting as Processor

Where Automatan processes personal data on behalf of a customer, retention and deletion are governed by the Terms of Service, the Data Processing Addendum, the customer's instructions, and applicable law. Automatan will delete or return Customer Data in accordance with those agreements.

5.7 Suspension or Investigation

Automatan may retain data for longer periods if necessary to investigate violations, enforce the Acceptable Use Policy, detect abuse, prevent fraud, comply with legal requests, or protect the Service. Data retained for these purposes will be limited to what is reasonably necessary.

6. SECURITY OF INFORMATION

Automatan implements reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures are intended to provide a level of security appropriate to the nature of the information processed and the risks involved. However, no system can be completely secure, and Automatan cannot guarantee absolute security.

6.1 Security Measures

We maintain safeguards that may include, as appropriate: encryption of data in transit using industry-standard protocols, encryption of data at rest where supported, role-based access controls, authentication mechanisms, logging and monitoring, network security controls, firewalls and intrusion detection systems, vulnerability management, system patching, internal access restrictions, employee confidentiality obligations, and secure development practices. Access to personal data is limited to authorized personnel who require access to perform their duties.

6.2 Cloud Infrastructure

The Service is hosted using third-party cloud infrastructure providers, including Google Cloud. Unless otherwise agreed in writing, Customer Data may be stored and processed in infrastructure located in the United States. Automatan selects service providers that maintain appropriate security standards, and use of third-party infrastructure providers is subject to contractual confidentiality and security obligations. Automatan's subprocessor list, including infrastructure providers, may be updated from time to time and is available upon request or as described in the Data Processing Addendum.

6.3 Customer Responsibilities

Customers are responsible for maintaining the security of their accounts, including protecting login credentials, managing user access, using secure passwords, configuring integrations securely, and controlling what data is submitted to the Service. Customers must not share account credentials with unauthorized persons. Automatan is not responsible for unauthorized access resulting from compromised customer credentials.

6.4 Shared Responsibility

Security of the Service is a shared responsibility. Automatan is responsible for securing the infrastructure it controls and maintaining platform-level safeguards. Customers are responsible for the data they upload, user permissions, integrations they enable, and compliance with applicable laws.

6.5 Security Incidents

Automatan maintains processes designed to detect and respond to security incidents. In the event of a confirmed breach of security affecting personal data, Automatan will take appropriate steps consistent with applicable law and contractual obligations, which may include investigation, mitigation, notification where required, and corrective measures. Where Automatan acts as a processor, incident notification will be handled in accordance with the Data Processing Addendum.

6.6 No Guarantee of Absolute Security

While we implement reasonable safeguards, the transmission of information over the internet and electronic storage involve inherent risks. Automatan does not guarantee that the Service will be completely secure or free from unauthorized access. Users acknowledge that they provide information at their own risk, subject to the protections described in this Privacy Policy.

6.7 Security Reviews and Updates

We periodically review and update our security practices to improve protection, address new risks, comply with legal requirements, and maintain industry standards. Security measures may be updated without prior notice where necessary to maintain the integrity of the Service.

7. INTERNATIONAL DATA TRANSFERS

Automatan operates globally. Personal data may be transferred to, stored in, and processed in countries other than the country in which the data was originally collected, including the United States. By using the Service, you acknowledge that your information may be transferred to and processed in jurisdictions that may have different data protection laws than your jurisdiction.

7.1 Hosting Location

Automatan currently hosts Customer Data using cloud infrastructure located in the United States, including data centers operated by third-party providers such as Google Cloud. Unless otherwise agreed in writing, Automatan does not guarantee that data will be stored or processed in any specific country or region.

7.2 Cross-Border Transfers

Where personal data is transferred internationally, Automatan will implement appropriate safeguards as required under applicable data protection laws. Such safeguards may include Standard Contractual Clauses (SCCs), contractual data protection obligations, processor agreements, security measures, and confidentiality obligations.

7.3 Transfers from the EEA, United Kingdom, and Switzerland

Where personal data originating from the European Economic Area (EEA), United Kingdom, or Switzerland is transferred to a country that has not been deemed to provide an adequate level of protection, Automatan relies on Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms, as further described in the Data Processing Addendum. Automatan may update the transfer mechanism used from time to time in accordance with applicable law.

7.4 Customer Responsibility for Transfer Legality

Customers are responsible for ensuring that they have the legal right to transfer personal data to Automatan and to authorize Automatan to process such data in accordance with the Terms of Service, the Data Processing Addendum, and this Privacy Policy.

7.5 Additional Safeguards

Automatan implements technical and organizational safeguards designed to protect personal data during international transfers, including encryption in transit, access controls, contractual restrictions, processor oversight, and security reviews.

7.6 Enterprise Data Residency

Regional hosting, data residency, or location-specific processing commitments may be offered only under separate written agreements, enterprise contracts, or addenda. Unless such an agreement is executed, no specific data residency obligation applies.

8. YOUR PRIVACY RIGHTS

Depending on your location and applicable law, you may have certain rights regarding your personal data. Automatan will honor applicable data protection rights in accordance with law and subject to the limitations described in this Privacy Policy, the Terms of Service, and the Data Processing Addendum.

8.1 Right to Access

You may request confirmation of whether Automatan processes personal data about you and request access to such data. Subject to applicable law, you may also request information about the categories of data processed, the purposes of processing, the recipients of the data, the retention period, the source of the data, and the safeguards used for international transfers.

8.2 Right to Correction

You may request that Automatan correct inaccurate or incomplete personal data. Automatan may require verification before making corrections.

8.3 Right to Deletion

You may request deletion of personal data where permitted by law, including where the data is no longer necessary, consent is withdrawn, processing is unlawful, or deletion is required under applicable law. Automatan may retain data where required for legal obligations, dispute resolution, security purposes, or enforcement of agreements. Deletion of Customer Data may also be governed by the Terms of Service and Data Processing Addendum.

8.4 Right to Restrict Processing

You may request that Automatan limit the processing of your personal data in certain circumstances, including where accuracy is contested, processing is unlawful, data is required for legal claims, or an objection to processing is pending.

8.5 Right to Data Portability

Where required by applicable law, you may request a copy of your personal data in a structured, commonly used, machine-readable format. This right applies only where processing is based on consent or contract and is carried out by automated means.

8.6 Right to Object

You may object to certain processing activities, including processing based on legitimate interests or direct marketing. Automatan may continue processing where permitted by law.

8.7 Marketing Communications

You may opt out of marketing communications at any time by using the unsubscribe link in our emails, contacting Automatan directly, or updating your account settings. Service-related communications may still be sent following an opt-out.

8.8 Rights for EEA, UK, and Switzerland Users

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have additional rights under applicable data protection laws. Automatan processes personal data in accordance with contractual obligations, legitimate interests, and other lawful bases as described in Section 3.8. Where required, Automatan will implement safeguards for international transfers as described in this Privacy Policy and the Data Processing Addendum.

8.9 California and Other U.S. State Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with additional rights regarding your personal data.

The categories of personal data Automatan collects are described in Section 2 of this Privacy Policy and may include identifiers, commercial information, internet or other electronic network activity information, professional or employment-related information, and inferences drawn from the above.

Automatan does not sell personal data and does not share personal data for cross-context behavioral advertising purposes as defined under the CCPA. Where Automatan processes personal data on behalf of a business customer, Automatan acts as a service provider under the CCPA and processes such data only for the business purposes specified in our agreements.

To the extent required by applicable law, California residents may have the right to request access to personal data we hold about them, request deletion of personal data, request correction of inaccurate personal data, and opt out of the sale or sharing of personal data. As Automatan does not sell or share personal data as defined under the CCPA, no opt-out mechanism for sale or sharing is required.

Residents of other U.S. states with applicable privacy laws may have similar rights, which Automatan will honor to the extent required by law. To exercise any applicable rights, please contact us using the information in Section 1.5.

8.10 How to Exercise Your Rights

Requests may be submitted by contacting Automatan using the contact information provided in Section 1.5 of this Privacy Policy. To request access to or deletion of your personal data, please email privacy@automatan.ai with your name, account details, and the nature of your request. Automatan will respond within thirty (30) days of receipt, or such shorter period as required by applicable law. Where a request cannot be fulfilled in full, Automatan will explain the reasons and any available alternatives. Automatan may require identity verification, additional information, or confirmation of authority where a request is made on behalf of another person. Automatan may deny requests where permitted by applicable law.

8.11 Complaints

If you believe your personal data has been processed unlawfully, we encourage you to contact Automatan first so we can attempt to resolve your concern. You may also have the right to lodge a complaint with a data protection authority in your jurisdiction.

9. CHILDREN'S PRIVACY

The Service is not intended for use by individuals under the age of 16. Automatan does not knowingly collect personal data from children. If we become aware that personal data has been collected from a child in violation of applicable law, we will take reasonable steps to delete such data promptly. If you believe that a child has provided personal data to Automatan, please contact us using the contact information provided in Section 1.5. Customers are responsible for ensuring that their use of the Service complies with all applicable laws relating to the processing of children's data.

10. CHANGES TO THIS PRIVACY POLICY

Automatan may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on our website, update the effective date, provide notice through the Service, and where appropriate, provide notice by email. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes acceptance of the revised policy. If you do not agree to the changes, you must stop using the Service.

11. CONTACT INFORMATION

For questions about this Privacy Policy or our data practices, please contact us at privacy@automatan.ai

12. RELATIONSHIP WITH TERMS OF SERVICE AND DATA PROCESSING ADDENDUM

This Privacy Policy describes how Automatan collects and uses personal data when acting as a data controller. Where Automatan processes personal data on behalf of customers, such processing is governed by the Terms of Service, the Data Processing Addendum, customer instructions, and applicable law.

In the event of a conflict between this Privacy Policy and the Data Processing Addendum, the Data Processing Addendum controls with respect to Customer Data processed on behalf of customers. Nothing in this Privacy Policy limits the obligations set forth in the Terms of Service or the Data Processing Addendum.