Privacy Policy

1. Introduction

Salt AI, Inc. ("Salt AI," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Wilbur Salt OS platform and related services (collectively, the "Service").

As a company serving the life sciences and pharmaceutical industries, we understand the critical importance of data privacy and security. Our practices are designed to meet the stringent requirements of healthcare data protection regulations, including HIPAA, GDPR, and industry-specific standards.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

• Account Information: Name, email address, job title, organization name, and contact details when you register for an account
• Profile Information: Professional credentials, department, and role within your organization
• User Content: Data, documents, and materials you upload to the Service for analysis, including organizational data, clinical trial information, and strategic planning documents
• Communications: Information you provide when contacting our support team or participating in surveys
• Payment Information: Billing details and payment method information for subscription services

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type, and unique device identifiers
• Usage Data: Features accessed, actions taken, time spent on the Service, and interaction patterns
• Log Data: IP address, access times, pages viewed, and referring URLs
• Cookies and Tracking: Information collected through cookies, pixels, and similar technologies

2.3 Information from Third Parties

We may receive information from third-party sources, including:

• Identity verification services for account security
• Business information providers for enterprise customer validation
• Public databases such as ClinicalTrials.gov, FDA databases, and scientific literature

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve the Wilbur Salt OS platform and its features
• Analysis and Simulation: To process your User Content and generate insights, simulations, and recommendations
• Account Management: To create and manage your account, authenticate access, and provide customer support
• Communication: To send service-related notifications, updates, and respond to your inquiries
• Security: To detect, prevent, and address fraud, security threats, and technical issues
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Analytics: To understand usage patterns and improve the Service (using aggregated, de-identified data)

Important: We do not use your proprietary User Content to train general-purpose AI models. Your organizational data remains confidential and is processed solely to provide the Service to you.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating the Service, subject to confidentiality obligations (e.g., cloud infrastructure providers, payment processors)
• Within Your Organization: With other authorized users from your organization as permitted by your administrator
• Legal Requirements: When required by law, subpoena, or legal process, or to protect the rights, property, or safety of Salt AI, our users, or others
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
• With Your Consent: When you have provided explicit consent for specific sharing

5. Data Security

We implement comprehensive security measures to protect your information, including:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and multi-factor authentication
• Infrastructure Security: SOC 2 Type II certified cloud infrastructure with continuous monitoring
• Audit Logging: Comprehensive logging of all system access and data operations
• Vulnerability Management: Regular security assessments and penetration testing
• Incident Response: Documented procedures for security incident detection and response

For detailed information about our security practices, please refer to our Security page.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specific retention periods include:

• Account Information: Retained while your account is active and for a reasonable period thereafter
• User Content: Retained according to your organization's preferences; available for export upon request
• Usage Logs: Retained for up to 24 months for security and analytics purposes
• Legal Compliance: Certain data may be retained longer as required by law or for legitimate business purposes

Upon account termination, you may request export of your User Content within 30 days. After this period, we will securely delete your data in accordance with our data destruction procedures.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request export of your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law.

8. International Data Transfers

Salt AI is headquartered in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. Enterprise customers may request on-premises deployment or region-specific data residency options.

9. HIPAA Compliance

For customers who are covered entities or business associates under HIPAA, Salt AI offers Business Associate Agreements (BAAs) and maintains HIPAA-compliant infrastructure and processes. Our platform is designed to support the handling of Protected Health Information (PHI) in accordance with HIPAA requirements.

If you require a BAA or have questions about HIPAA compliance, please contact our compliance team at [email protected].

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Types of cookies we use include:

• Essential Cookies: Required for basic Service functionality and security
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority.