Privacy Policy

Learn how we collect, use, and protect your information when you use the Innovaiden platform

Effective Date: October 1, 2026

Last Updated: September 29, 2025

Privacy Policy

Innovaiden Inc. ("Innovaiden," "we," "us," or "our") respects your privacy and is committed to protecting the personal information of our website visitors, customers, and the subjects of our assessments. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website www.innovaiden.com or use our digital due diligence platform and services (collectively, the "Services"). In this Privacy Policy, "assessments" refers to the due diligence reviews, reports, and related analysis that form part of our Services.

We are committed to compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. SCOPE AND CONSENT

This Privacy Policy applies to information we collect through our Services and in our business operations. By using our Services, you consent to our collection and use of information as described in this Policy.

Important: Our Services are intended for business use only. We do not knowingly collect personal information from individuals under 16 years of age. If you are under 16, please do not use our Services or provide any information to us.

2. INFORMATION WE COLLECT

2.1 Information from Website Visitors

When you visit our website, we automatically collect:

  • Technical Information: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Cookie Data: As detailed in our Cookie Policy

2.2 Information from Customers

When you create an account or use our platform:

  • Account Information: Name, email address, company name, job title, phone number
  • Authentication Data: Username, password (encrypted), multi-factor authentication tokens
  • Billing Information: Processed directly through our payment processor (Stripe); we do not store payment card details
  • Service Usage: Assessment requests, report access logs, platform interactions
  • Communications: Support requests, feedback, email correspondence

2.3 Information for Assessment Services

To provide our Services, we collect publicly available information about target companies from:

  • Enterprise intelligence platforms and business databases
  • Security vulnerability and breach notification databases
  • Public records and regulatory filings
  • Dark web monitoring services
  • Social media and professional networking platforms
  • News, blogs, and public forums

Important Note on Assessment Data: While we may process information about individuals (such as executives or employees) as part of company assessments, we:

  • Focus our analysis at the company level
  • Anonymize individual data points in our reports
  • Do not present individual names or usernames in assessment outputs
  • Only identify executives when relevant to material risk assessment

We may collect limited personal information about company executives or employees from publicly available sources as part of our Services. Consistent with GDPR Article 14, We do not provide direct notice to these individuals where doing so would seriously impair the purpose of our services (for example, during pre-transaction due diligence). We apply safeguards such as anonymizing individual data in Our outputs and limiting retention of raw personal information.

For certain Services, inlucding our comprehensive due diligence Services, information obtained through direct company access, interviews, and document reviews is handled under separate confidentiality agreements..

3. HOW WE USE INFORMATION

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to comments, questions, and customer service requests
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms
  • With your consent, send marketing communications about our Services

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area, we process personal data based on:

  • Contract Performance: To provide Services you've requested
  • Legitimate Interests: To improve our Services, ensure security, and conduct business operations
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: When you've given explicit consent for specific processing activities

For further details on how We handle assessment data collected from public sources, including our reliance on GDPR Article 14, please see Section 2.3 of this Policy.

5. DATA SHARING AND DISCLOSURE

We do not sell, trade, or rent personal information to third parties. We may share information with:

5.1 Service Providers

Trusted third-party service providers who assist in operating our Services, including:

  • Cloud infrastructure providers (data hosting and processing)
  • Payment processors (Stripe for payment handling)
  • Analytics and performance monitoring services
  • Customer support tools

5.2 Business Transfers

In connection with any merger, acquisition, reorganization, or sale of assets, information may be transferred to the relevant third party, subject to appropriate confidentiality agreements.

5.3 Legal Requirements

When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, users' safety, or investigate fraud.

5.4 Aggregated Information

We may share anonymized, aggregated usage statistics with investors and advisors under strict confidentiality agreements, but never individual customer data or assessment details.

6. DATA STORAGE AND SECURITY

6.1 Data Location

Our platform uses a tenant-based architecture. When you sign up, you select where your data will be stored from available regions offered by our cloud infrastructure provider. Your data remains in your selected region throughout our relationship.

6.2 Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Multi-factor authentication requirements
  • Regular security assessments and monitoring
  • Access controls and audit logging
  • Tenant isolation to ensure data separation

While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users of any data breach as required by applicable law.

7. DATA RETENTION

We retain personal information for as long as necessary to:

  • Provide Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records for analysis and trending

Specific retention periods:

  • Customer account data: Retained while account is active and for a reasonable period thereafter
  • Assessment data: Retained as needed for trending analysis and service improvement
  • Financial records: Retained as required by tax and accounting regulations
  • Marketing data: Retained until opt-out or as permitted by law

8. YOUR RIGHTS AND CHOICES

8.1 Access and Control

Depending on your location, you may have the right to:

  • Access: Request a copy of personal information we hold about you
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to processing based on legitimate interests
  • Withdrawal of Consent: Withdraw previously given consent

To exercise these rights, contact us at privacy@innovaiden.com. We will respond to requests within the timeframes required by applicable law.

8.2 California Residents (CCPA)

California residents have additional rights under the CCPA. We do not sell personal information to third parties. You may submit requests through our privacy email or by calling our support line.

8.3 Marketing Communications

You can opt-out of marketing emails by clicking the unsubscribe link in any marketing message or by contacting us directly. Note that you will continue to receive transactional and service-related communications.

9. COOKIES AND TRACKING

We use cookies and similar tracking technologies to enhance your experience. Our use of cookies is detailed in our separate Cookie Policy, which forms part of this Privacy Policy.

We use Cookiebot for cookie consent management, ensuring compliance with GDPR and CCPA requirements. You can manage your cookie preferences at any time through our cookie consent tool.

10. THIRD-PARTY SERVICES

Our Services use various third-party tools for analytics and functionality:

10.1 Website Analytics

  • Google Analytics
  • PostHog
  • Ahrefs
  • LinkedIn Pixel
  • Reddit Pixel

10.2 Platform Monitoring

  • AWS CloudWatch (performance monitoring)
  • Sentry.io (error tracking)

These services may collect information according to their own privacy policies. We recommend reviewing their policies to understand their data practices.

11. INTERNATIONAL TRANSFERS

While your customer data remains in your selected region, some processing activities (such as support services) may involve international transfers. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other lawful transfer mechanisms under applicable law

12. CHILDREN'S PRIVACY

Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will provide additional notice through email or our platform.

14. CONTACT US

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Protection Officer
Innovaiden Inc.
30 N Gould St Ste R
Sheridan, WY 82801
United States

Email: privacy@innovaiden.com
Website: www.innovaiden.com

15. SUPERVISORY AUTHORITY

If you are located in the European Economic Area and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.