Privacy Policy

This Privacy Policy applies to personal data we collect and process in connection with:

• visits to our public websites and marketing pages;
• requests for information, demos, pilots, evaluations, partnerships, or other business inquiries;
• creation and administration of user accounts;
• use of the Sentient Agents platform, APIs, documentation, support channels, and related business operations;
• participation in events, webinars, surveys, and similar outreach;
• communications with us by email, phone, forms, or other channels; and
• security, monitoring, logging, support, billing, and compliance activities related to the Services.

This Privacy Policy does notgovern personal data that our customers process using the Services where Thuriyam acts solely on the customer's behalf, except to describe our role and high-level processing activities. In those cases, the relevant customer's privacy notice, internal policies, and agreements with its users typically govern the primary relationship.

The personal data we collect depends on how you interact with us and the Services.

A. Contact and business information

• name;
• business email address;
• phone number;
• company name;
• job title or role;
• business address;
• country or region; and
• other contact details you choose to provide.

B. Account and identity information

• account username or identifier;
• login and authentication details;
• identity provider details and access-related metadata;
• role, permissions, organization, or tenant affiliation; and
• profile settings and preferences.

C. Inquiry, demo, and communications data

• the contents of requests, forms, emails, messages, support tickets, and meeting notes;
• information you provide during sales, onboarding, pilot, support, or partnership discussions;
• recordings, transcripts, or summaries of calls or meetings where permitted by law and disclosed appropriately; and
• attachments, documents, and other materials you send to us.

D. Usage, device, and technical information

• IP address;
• approximate location derived from IP address;
• browser type and version;
• device identifiers;
• operating system and device type;
• referrer URLs;
• pages viewed, links clicked, and timestamps;
• crash, error, and diagnostic data;
• API request metadata;
• log data, audit data, and security events; and
• performance and telemetry information about how the Services are accessed and used.

E. Subscription, transaction, and commercial information

• billing contact details;
• invoice and payment-related records;
• subscription details;
• service plan, usage, and commercial relationship data; and
• records related to contract administration, procurement, and support entitlements.

F. Customer-submitted platform data

When customers use the Services, the platform may process information provided, uploaded, ingested, or connected by or for those customers, which may include:

• customer contact records;
• case, account, ticket, application, dispute, or workflow records;
• messages, transcripts, recordings, summaries, notes, and communications metadata;
• model inputs, prompts, tool requests, outputs, and workflow actions;
• analytics, evaluation, compliance, and human-review artifacts; and
• other content or data the customer chooses to process through the Services.

This category may contain personal data, including sensitive or regulated data, depending on how a customer configures and uses the Services. In those cases, Thuriyam generally processes such data on behalf of the customer and subject to the customer's instructions and contract with us.

We may collect personal data:

• directly from you;
• from your employer or organization;
• from users or administrators who invite or provision your account;
• from forms, emails, calls, demos, support requests, and other direct communications;
• automatically through your use of the Services and related technologies;
• from service providers, identity providers, payment processors, analytics providers, and infrastructure partners;
• from integrations and third-party systems our customers connect to the Services; and
• from public sources, such as company websites, professional profiles, or business directories, where permitted by law.

A. To provide and operate the Services

• provide websites, applications, APIs, documentation, and platform features;
• create and administer accounts;
• authenticate users and manage access;
• enable integrations, workflows, analytics, and service functionality;
• provide customer support, onboarding, implementation, and professional services; and
• process transactions and manage subscriptions.

B. To secure, monitor, and improve the Services

• maintain system integrity, security, and availability;
• detect, investigate, and prevent fraud, abuse, misuse, and unauthorized access;
• monitor usage, diagnose errors, troubleshoot incidents, and enforce policies;
• generate logs, audit trails, operational metrics, and usage analytics;
• improve performance, reliability, product quality, and user experience; and
• develop and enhance existing or new products, services, and features.

C. To communicate with you

• respond to inquiries, demo requests, and support requests;
• send transactional, service, legal, administrative, and security-related communications;
• manage business relationships, contracts, renewals, and billing; and
• send marketing communications where permitted by law and consistent with your preferences.

D. To comply with legal and business obligations

• comply with applicable laws, lawful requests, court orders, or regulatory obligations;
• protect our rights, business, personnel, customers, systems, and Services;
• establish, exercise, or defend legal claims; and
• support internal governance, compliance, recordkeeping, and risk management.

E. To process customer-submitted data on behalf of customers

Where Thuriyam processes customer-submitted platform data for enterprise Services, we may use that data to:

• host, store, transmit, retrieve, organize, analyze, and display the data within the Services;
• provide workflow automation, case-management, analytics, compliance, quality, human-review, and related platform functions;
• generate logs, alerts, audit artifacts, usage records, and service metrics;
• secure, support, maintain, troubleshoot, and improve the Services; and
• comply with applicable law and enforce our agreements.

We do not use customer-submitted platform data for our own independent purposes except as permitted by contract, this Privacy Policy, or applicable law, such as security, support, legal compliance, billing, abuse prevention, service improvement using aggregated or de-identified information, or other limited business operations.

Depending on the jurisdiction and the context in which personal data is collected, we may process personal data based on one or more of the following:

• your consent;
• performance of a contract or steps taken at your request before entering a contract;
• our legitimate interests, such as operating, securing, improving, marketing, and supporting the Services, where those interests are not overridden by applicable legal requirements;
• compliance with legal obligations; and
• other lawful grounds recognized under applicable law.

Where consent is required by law, we will seek it in the manner required and provide applicable choices.

We and our service providers may use cookies, pixels, local storage, log files, software development kits, and similar technologies to operate and secure the Services and, where enabled, understand usage and improve performance.

These technologies may be used for purposes such as:

• essential website and application functionality;
• session management and authentication;
• security and fraud prevention;
• remembering preferences and settings;
• measuring site traffic, engagement, and performance; and
• understanding how users interact with our content and Services.

Where required by law, we will request consent before placing or using non-essential cookies or similar technologies. You may also be able to control cookies through your browser or device settings, subject to certain functionality limits.

If you use our Services after receiving a cookie notice or consent banner, your choices will be handled in accordance with the settings and options presented to you at that time.

When customers use the Sentient Agents platform to process personal data about their own users, customers, prospects, employees, patients, borrowers, or other individuals, Thuriyam generally acts as a processor, service provider, or similar role on behalf of the customer.

In that context:

• the customer decides what data is submitted to the Services and why;
• the customer is responsible for providing required notices and obtaining required rights, permissions, and consents;
• the customer is responsible for configuring workflows, prompts, automation logic, retention settings, and escalation paths appropriately for its use case; and
• Thuriyam processes the data on the customer's behalf to provide and support the Services, subject to applicable agreements and law.

If you believe your personal data has been submitted to the Services by a Thuriyam customer and you want to exercise privacy rights relating to that data, you should contact the relevant customer first. We may assist our customers in responding to such requests where required by law or contract.

Because the Services support AI-enabled workflows, automated scheduling and handoffs, analytics, and related tooling, personal data processed through the Services may be used by the platform to:

• receive and process inputs, prompts, instructions, and context;
• generate outputs, summaries, classifications, recommendations, or workflow actions;
• support quality review, compliance evaluation, audit-oriented records, and human-in-the-loop review;
• produce usage, performance, and operational analytics; and
• maintain logs and traceability needed for security, debugging, and service integrity.

AI-enabled outputs may reflect the data, prompts, rules, and external systems provided to the Services. Customers are responsible for determining whether and how to use such outputs in their own workflows, especially in regulated, customer-facing, or high-impact contexts.

We may also use aggregated and de-identified information derived from Service usage and, where permitted, customer-submitted data to improve and develop the Services, provided that such information does not identify you or any individual as the source.

A. Affiliates and corporate transaction participants

• our affiliates and related entities; and
• actual or prospective investors, acquirers, financing sources, or transaction counterparties, and their advisors, in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate safeguards where required.

B. Service providers and subprocessors

• cloud hosting and infrastructure providers;
• identity and authentication providers;
• security, monitoring, and logging providers;
• payment processors and billing providers;
• communication, support, and collaboration providers;
• analytics and product improvement providers;
• implementation, support, and professional service partners; and
• other vendors or subprocessors that help us operate, secure, support, and improve the Services.

C. Customer-directed integrations and third parties

• third-party applications, services, tools, models, messaging systems, telecom providers, or integrations connected or authorized by a customer or user;
• parties to whom a customer instructs us to disclose or route data; and
• providers involved in delivering customer-configured workflows or connected services.

D. Legal, regulatory, and protection-related recipients

• courts, regulators, government authorities, law enforcement, or other third parties where required or permitted by law;
• advisors, auditors, insurers, and professional service providers; and
• other parties where necessary to protect rights, property, safety, security, or legal interests.

We do not sell personal data in exchange for monetary consideration in the ordinary course of our business. If applicable law uses a broader definition of “sell” or “share,” certain analytics, cookie, or ad-tech practices may be treated differently under those laws; if we engage in such practices, we will address them through the relevant notices and controls required by law.

We may store and process personal data in India and in other countries where we or our service providers operate. As a result, personal data may be transferred to jurisdictions that may have data protection laws different from those of your own jurisdiction.

Where required by law, we will implement appropriate safeguards for cross-border transfers, which may include contractual protections, transfer mechanisms recognized by applicable law, or other lawful measures.

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide the Services;
• maintain accounts and business relationships;
• comply with legal, tax, accounting, and regulatory obligations;
• resolve disputes and enforce agreements;
• maintain security, logs, audit trails, backups, and business continuity controls; and
• support legitimate business needs such as troubleshooting, analytics, and service improvement.

Retention periods vary depending on the type of data, the context in which it was collected, customer instructions, contractual commitments, legal requirements, and operational needs.

For enterprise Services, customers may control certain retention settings or data deletion instructions. We may also retain data for longer where required or permitted by law, for fraud prevention, security, backup integrity, legal claims, or other legitimate and lawful reasons.

We implement administrative, technical, and organizational measures designed to protect personal data against unauthorized access, use, alteration, disclosure, or destruction. These measures may include access controls, encryption in transit, encryption at rest for certain data types, logging, monitoring, environment separation, authentication controls, and other safeguards appropriate to the nature of the Services.

No system is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your own accounts, credentials, devices, networks, integrations, and systems.

Depending on where you are located and subject to applicable law, you may have rights regarding your personal data, which may include the right to:

• access personal data;
• correct or update inaccurate personal data;
• delete personal data;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• request portability of certain data; and
• lodge a complaint with a relevant supervisory or regulatory authority.

You may also opt out of marketing communications by using the unsubscribe link in the message or by contacting us.

If you wish to exercise privacy rights, contact us using the details in the Contact Us section below. We may need to verify your identity and authority before responding. If we are processing your data solely on behalf of a customer, we may direct your request to that customer or ask you to contact the customer directly.

The Services are intended for business and enterprise use and are not directed to children. We do not knowingly collect personal data directly from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, please contact us so we can take appropriate action.

The Services may link to or interoperate with third-party websites, applications, models, APIs, tools, communication channels, or other services. Those third parties have their own privacy practices and terms, and we are not responsible for their content, security, or privacy practices. We encourage you to review the privacy notices of those third parties.

We may update this Privacy Policy from time to time to reflect changes in the Services, applicable law, our practices, or operational needs. When we do, we will post the updated version on the relevant website and update the “Last Updated” date above. Where required by law, we will provide additional notice or obtain consent for material changes.

Your continued use of the Services after the effective date of an updated Privacy Policy means the updated Privacy Policy will apply to your use of the Services, except where applicable law requires additional action.

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices: