Privacy Policy

Introduction

At Catalio, we respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website or use our services, and tell you about your privacy rights and how the law protects you.

Information We Collect

We may collect, use, store, and transfer different kinds of personal data about you:

• Identity Data: First name, last name, username, or similar identifier
• Contact Data: Email address, telephone number, and billing address
• Account Data: Username, password, and other authentication information
• Usage Data: Information about how you use our website and services
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform
• Profile Data: Your preferences, feedback, and survey responses
• Organization Data: Information about your organization when using our multi-tenant platform

How We Use Your Information

We use your personal data for the following purposes:

• To register you as a new customer and create your account
• To provide and maintain our services to you
• To manage your relationship with us, including notifying you about changes to our terms or privacy policy
• To enable you to participate in interactive features when you choose to do so
• To deliver relevant content and communications to you
• To improve our website and services through analytics and research
• To protect our services from fraud, abuse, or security risks
• To comply with legal obligations

Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

• All data is encrypted in transit using industry-standard SSL/TLS protocols
• Sensitive data is encrypted at rest in our secure databases
• Access to personal data is restricted to authorized personnel only
• We regularly review and update our security practices
• We use secure cloud infrastructure with robust physical and network security
• Multi-tenant data is strictly isolated to ensure organizational privacy

AI Features and Your Data

Catalio uses artificial intelligence to help you discover, document, and manage requirements more efficiently. We are committed to transparency about how your data is used in connection with these AI features.

How We Use Your Data with AI

• Service Delivery: Your data is processed by AI models to provide features such as requirement analysis, summarization, semantic search, and chat assistance.
• Contextual Learning (Optional): With your consent, we may use your organization's data to improve AI responses specifically for your organization. This includes learning your terminology, patterns, and domain-specific context. This learning is isolated to your organization and never shared.
• No Global Model Training: Your data is never used to train, fine-tune, or improve AI models that are shared with other customers or the general public. Your business information remains exclusively yours.

Bring Your Own LLM

Catalio allows you to connect your own AI provider accounts (such as OpenAI, Anthropic, Azure OpenAI, Google, and others). When you use your own provider:

• Your data is sent directly to your chosen provider using your API credentials
• Data handling follows your provider's terms of service and data processing agreements
• Your API keys are encrypted at rest using AES-256-GCM encryption and are never logged or exposed
• You maintain full control over which provider processes your data

Your AI Data Choices

You have control over how AI features interact with your data:

• Provider Selection: Choose to use Catalio's default AI provider or connect your own
• Contextual Learning: Opt in or out of organization-specific AI improvements in your settings
• Data Deletion: When you delete data or close your account, any contextual learning associated with your organization is also removed

For more information about our supported AI providers and how to configure them, see our AI documentation. For questions about AI data handling or to request changes to your AI preferences, contact us at privacy@catalio.io.

Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who provide services on our behalf (e.g., hosting, analytics, customer support)
• Business Partners: Trusted partners who help us deliver our services
• Legal Authorities: When required by law or to protect our legal rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request access to your personal data
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request transfer of your data to another service
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing your personal data
• Withdrawal: Withdraw consent at any time where we rely on consent

To exercise any of these rights, please contact us using the information provided at the end of this policy.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze how you use our services
• Improve our website and user experience
• Provide security features and prevent fraud

You can control cookies through your browser settings, but disabling cookies may limit your ability to use certain features of our service.

Third-Party Services

Our services may contain links to third-party websites and integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you interact with.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. When we no longer need your personal data, we will securely delete or anonymize it.

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last Updated" date. We encourage you to review this privacy policy periodically.

Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us: