Privacy, telemetry handling, and customer data boundaries.

Welcome to Artemes AI ("Artemes AI," "Company," "we," "our," or "us"). We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit https://www.artemes.ai and any related websites, applications, portals, or services we own or operate (collectively, the "Website"), and when you use our context-aware vulnerability assessment and security posture platform (the "Service"). It also describes our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy applies to information we collect:

• On our Website;
• Through the Service;
• In email, text, and other electronic communications between you and us; and
• Through interactions with prospective customers, customers, partners, and service providers.

This Privacy Policy does not apply to information collected by any third party, including through any application or content that may link to or be accessible from our Website or Service.

By accessing or using our Website or Service, you acknowledge the terms of this Privacy Policy.

We may collect several types of information from and about users of our Website and Service, including the following:

Account and Contact Information

When you request information, schedule a demo, sign up for updates, create an account, or otherwise interact with us, we may collect information such as your name, business email address, company name, job title, phone number, mailing address, and other contact details.

Billing and Transaction Information

If you purchase a subscription or other paid services, we or our third-party payment processors may collect billing details, payment-related information, billing contact information, transaction history, and related records. We do not store full payment card numbers on our own servers unless expressly stated otherwise.

Website Usage Data

As you navigate through our Website, we may automatically collect certain information about your equipment, browsing actions, and usage patterns. This may include IP address, browser type, operating system, device information, referring and exit pages, timestamps, pages viewed, clickstream data, and approximate geolocation derived from IP address.

Cookies and Similar Technologies Data

We and our service providers may collect information through cookies, pixels, local storage, SDKs, log files, and similar technologies to support Website functionality, analytics, performance, and security.

Platform Telemetry and Security Data

To provide the Service, we may process telemetry and technical data from customer-authorized assets, systems, endpoints, and environments, including system state data, running processes, open ports, installed software, configuration details, security settings, log-derived signals, asset metadata, vulnerability findings, and related technical information necessary to deliver the Service.

Communications and Support Data

If you contact us directly, submit a support request, participate in surveys, or otherwise communicate with us, we may collect the contents of those communications and any information you choose to provide.

Trust is foundational to our platform. Because our Service may analyze technical telemetry and configuration data using artificial intelligence and automated systems, we follow these principles:

Isolation

Customer telemetry and related Customer Data are logically isolated within the applicable customer environment or tenant architecture.

AI Training and Model Use

We do not use your proprietary telemetry, configuration data, logs, or other Customer Data to train generalized or public artificial intelligence models. We process Customer Data to provide, secure, support, maintain, and improve the Service for your organization, including generating vulnerability context, remediation guidance, analytics, prioritization, and related product functionality.

Where permitted by applicable law and our agreements, we may use aggregated, anonymized, or de-identified information that does not identify you, your users, or your organization to improve our products, services, security posture, and internal models.

Data Minimization

We aim to collect and process only the information reasonably necessary to provide the Service, operate the platform, secure our systems, comply with legal obligations, and support legitimate business purposes described in this Privacy Policy.

In connection with providing the Service, Artemes AI may process information submitted to or collected through the platform by or on behalf of our customers, including telemetry, endpoint data, security findings, and related technical metadata ("Customer Data").

When we process Customer Data on behalf of a customer, the customer is generally the data controller or equivalent business, and Artemes AI acts as a data processor or equivalent service provider, subject to our agreements with that customer and the customer's instructions.

When we collect information directly for our own business purposes, such as Website analytics, marketing inquiries, account administration, billing, and support communications, Artemes AI is generally the data controller.

If you are an individual whose information is included in Customer Data processed through a customer account, you should direct your privacy request to the relevant customer first.

We may use information that we collect about you or that you provide to us for the following purposes:

• To provide, operate, maintain, support, and improve our Website and Service;
• To create and manage accounts and customer relationships;
• To analyze telemetry and technical data in order to identify vulnerabilities, misconfigurations, security risks, and compliance issues;
• To generate findings, recommendations, remediation guidance, reports, dashboards, and related Service outputs;
• To process transactions and send related information, including invoices, receipts, renewal notices, and administrative messages;
• To send technical notices, product updates, security alerts, support communications, and other service-related messages;
• To respond to your comments, questions, requests, and customer support inquiries;
• To personalize Website content and improve user experience;
• To communicate with you about our products, services, research, events, promotions, or newsletters, subject to your marketing preferences and applicable law;
• To monitor, investigate, prevent, and detect fraud, abuse, misuse, unauthorized activity, security incidents, and other harmful or unlawful conduct;
• To comply with legal obligations, enforce our agreements, protect our rights, and defend against legal claims; and
• For any other purpose for which you provide the information or for which we provide specific notice at the time of collection.

Where applicable under data protection law, we process personal information on one or more of the following legal bases:

• Performance of a contract: to provide the Website and Service, manage accounts, fulfill subscriptions, provide support, and perform our contractual obligations;
• Legitimate interests: to operate, secure, improve, and analyze our Website and Service; prevent fraud and abuse; develop new features; and communicate with business contacts in a proportionate and lawful manner;
• Consent: where required by law, including for certain marketing communications or certain cookies and similar technologies; and
• Legal obligation: to comply with applicable laws, regulations, legal process, and lawful governmental requests.

We and our third-party service providers may use cookies, pixels, tags, local storage objects, analytics tools, and similar technologies to:

• Operate and secure the Website;
• Remember user preferences;
• Understand Website usage and performance;
• Measure the effectiveness of campaigns and communications; and
• Improve functionality and user experience.

These technologies may collect information such as IP address, browser type, device identifiers, pages visited, referral URLs, timestamps, and approximate location derived from IP address.

You may be able to control cookies through your browser settings and, where applicable, through any cookie consent or preference tools we make available. Please note that disabling certain cookies may affect Website functionality.

We do not sell personal information for monetary consideration. We may disclose aggregated, anonymized, or de-identified information that does not identify any person or organization without restriction, subject to applicable law.

We may disclose personal information and Customer Data as described below:

To Service Providers and Subprocessors

We may disclose information to vendors, contractors, subprocessors, and service providers that perform services on our behalf, such as cloud hosting, infrastructure, storage, security monitoring, payment processing, analytics, CRM, communications, customer support, and professional services. These parties are authorized to use information only as necessary to provide services to us or as otherwise permitted by law and contract.

To Infrastructure and Security Providers

We may disclose information to hosting, cloud, networking, storage, identity, monitoring, and security providers that help us operate and secure the Website and Service.

To Payment and Financial Service Providers

We may disclose billing and transaction-related information to payment processors, invoicing platforms, and related financial service providers in connection with subscriptions and payment processing.

To Analytics, Marketing, CRM, and Support Providers

We may disclose personal information to vendors that assist with Website analytics, marketing operations, communications, sales workflows, support ticketing, and customer relationship management.

For Legal Compliance and Protection

We may disclose information to comply with any court order, law, regulation, legal process, or lawful government request, and to enforce our terms, agreements, and legal rights, or to protect the rights, property, safety, and security of Artemes AI, our customers, or others.

Business Transfers

We may disclose or transfer information to a buyer, investor, lender, successor, affiliate, or other relevant third party in connection with a merger, acquisition, financing, due diligence review, divestiture, restructuring, reorganization, dissolution, bankruptcy, or sale or transfer of some or all of our assets.

Professional Advisors

We may disclose information to our auditors, attorneys, insurers, bankers, accountants, and other professional advisors where reasonably necessary in connection with the professional services they provide to us.

No Independent Third-Party Marketing Use

We do not disclose Customer Data to third parties for their own independent advertising or marketing purposes.

We retain personal information and Customer Data for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce our agreements, maintain security and audit records, and protect our legitimate business interests.

Retention periods may vary depending on the type of data, the nature of the relationship, the sensitivity of the information, technical and operational requirements, contractual commitments, and applicable law. When information is no longer needed for these purposes, we will delete it, anonymize it, or de-identify it, unless retention is required or permitted by law.

We may process and store information in the United States and other countries where we, our affiliates, or our service providers operate. These jurisdictions may have data protection laws that differ from those in your jurisdiction.

Where required by applicable law, we will implement appropriate safeguards for cross-border transfers of personal information, such as contractual protections or other lawful transfer mechanisms.

We may engage subprocessors and service providers to help deliver the Service and operate our business. We require such providers to protect personal information and Customer Data through appropriate confidentiality, security, and data protection obligations consistent with applicable law and our contractual commitments.

We maintain administrative, technical, and physical safeguards designed to protect personal information and Customer Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

Our security measures may include access controls, encryption, logging, network protections, authentication controls, vendor oversight, and other safeguards appropriate to the nature of the information we process and the services we provide.

However, no method of transmission over the Internet and no method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

Depending on your location and applicable law, you may have certain rights regarding your personal information, which may include the right to:

• Request access to the personal information we hold about you;
• Request correction of inaccurate or incomplete personal information;
• Request deletion of your personal information;
• Object to or restrict certain processing of your personal information;
• Request portability of your personal information, where applicable;
• Withdraw consent where processing is based on consent; and
• Opt out of certain marketing communications.

If you would like to exercise any of these rights, please contact us using the contact information below.

We may need to verify your identity before processing your request, and we may deny or limit a request where permitted by applicable law.

You may also designate an authorized agent to submit certain requests on your behalf where permitted by law.

We will not discriminate against you for exercising any privacy rights granted under applicable law.

If you are located in a jurisdiction that provides a right to appeal a privacy-related decision, you may submit an appeal by contacting us and including "Privacy Rights Appeal" in the subject line.

If we process Customer Data on behalf of a customer, we may direct your request to that customer or ask you to submit the request directly to them.

Our Website and Service are intended for business and professional use and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so that we can take appropriate steps.

Some web browsers offer a "Do Not Track" setting. Because there is not yet a consistent industry standard for responding to these signals, our Website may not respond to all Do Not Track signals unless required by applicable law.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we make material changes, we will provide notice as required by applicable law, which may include posting a prominent notice on the Website, notifying account administrators through the Service, or sending notice by email.

Your continued use of the Website or Service after any changes become effective constitutes your acknowledgement of the updated Privacy Policy, to the extent permitted by law.

If you have questions about this Privacy Policy or our privacy practices, please contact us at: