CICADA's Privacy
Statement

Who is CICADA?

We are a technology company founded to help organizations transform their operations through AI-powered solutions. We provide software platforms and services to help public, private, and non-governmental organizations gain insights into their data to make better decisions.

You can learn more about our company and our products here.

This Privacy Statement ("Statement") applies to the processing activities for which CICADA Technologies Inc. and its affiliates act as "data controllers" on their own behalf. This Statement does not apply to personal data we process on behalf of our customers. What does this Statement cover.

How can you contact us?

If you are looking:

• to understand more about how we use your information, or
• to exercise your rights

You may also reach us at privacy@cicada.tech.

Data Controller

CICADA is a global company made up of multiple entities that process personal data in the course of conducting our business. Depending on where you engage with us, the entity responsible as controller may vary. You can find a list of our entities here.

Why should you read this Statement?

As a commercial business, CICADA may collect, use, and disclose personal data in the course of our standard operations. Where a CICADA entity processes your personal data as controller (meaning that we determine the purposes and means of processing), we want you to understand how we handle your information.

What does this Statement cover?

This Statement sets out how we use and protect personal data globally. If you live or work in certain countries, states or territories, there is additional information at the end of this Statement that may apply to you.

It is important to note that this Statement does not apply to personal data we process on behalf of our customers. When we provide our products and services to our customers, we act as a data processor.

Consequently, this Statement does not apply to our customers' processing of personal data using CICADA products or services. If you are seeking to understand how one of our customers processes personal data, please contact that customer directly.

As you engage with our services or communications, you may encounter links to third parties outside of the control of CICADA that enable you to share information with the controllers of those websites. We encourage you to review the privacy policies of those third parties.

We collect personal data in various ways, including when you provide it directly to us, when third parties provide it to us, and when it is collected automatically through your use of our services.

Information you provide directly

• Contact information (name, email, phone number, address)
• Account credentials
• Professional information (job title, company, industry)
• Communications you send to us
• Information you provide when applying for a job

Information collected automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, interactions)
• Location data (derived from IP address)
• Cookies and similar technologies

Information from third parties

• Business partners and service providers
• Publicly available sources
• Social media platforms (when you interact with our content)

We use personal data for various purposes related to our business operations:

Providing our services

• Delivering and maintaining our products and services
• Processing transactions and sending related information
• Providing customer support and responding to inquiries
• Personalizing your experience

Business operations

• Analyzing usage patterns to improve our services
• Conducting research and development
• Marketing and promotional communications (with your consent where required)
• Recruiting and hiring

Legal and security purposes

• Complying with legal obligations
• Protecting our rights and property
• Detecting and preventing fraud and security incidents
• Enforcing our terms and policies

We process personal data based on various legal grounds depending on the context:

Contractual necessity

Processing necessary to perform a contract with you or take steps at your request before entering into a contract.

Legitimate interests

Processing necessary for our legitimate business interests, such as improving our services, marketing, and security, where these interests are not overridden by your rights.

Consent

Where you have given us specific consent to process your data for a particular purpose.

Legal obligation

Processing necessary to comply with our legal obligations.

We may share your personal data with the following categories of recipients:

CICADA group companies

We may share data within our corporate group for internal administrative purposes and to provide our services.

Service providers

Third parties who provide services on our behalf, such as hosting, analytics, payment processing, and customer support.

Business partners

Partners with whom we collaborate to offer joint products or services.

Legal and regulatory authorities

When required by law or to protect our legal rights.

Corporate transactions

In connection with mergers, acquisitions, or other corporate transactions.

As a global company, we may transfer your personal data to countries other than your country of residence. When we do so, we ensure appropriate safeguards are in place.

Transfer mechanisms

• Standard Contractual Clauses approved by relevant authorities
• Adequacy decisions by data protection authorities
• Binding Corporate Rules where applicable
• Your explicit consent where required

For more information about our international data transfer practices, please contact us at privacy@cicada.tech.

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention criteria

The retention period depends on various factors:

• The nature of the data and the purposes for processing
• Legal and regulatory requirements
• Contractual obligations
• Our legitimate business interests
• Industry standards and practices

When personal data is no longer needed, we securely delete or anonymize it.

Depending on your location, you may have certain rights regarding your personal data:

Access

The right to request access to your personal data and information about how we process it.

Rectification

The right to request correction of inaccurate or incomplete personal data.

Erasure

The right to request deletion of your personal data in certain circumstances.

Restriction

The right to request restriction of processing in certain circumstances.

Data portability

The right to receive your data in a structured, commonly used format.

Objection

The right to object to processing based on legitimate interests or for direct marketing.

Withdraw consent

Where processing is based on consent, the right to withdraw that consent at any time.

To exercise your rights, please contact us at privacy@cicada.tech.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security measures

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures
• Physical security measures for our facilities

For more information about our security practices, please visit our Trust Center.

We use cookies and similar technologies to enhance your experience on our websites and to understand how our services are used.

Types of cookies we use

• Essential cookies: Required for the website to function properly
• Analytics cookies: Help us understand how visitors interact with our site
• Functional cookies: Enable enhanced functionality and personalization
• Marketing cookies: Used to deliver relevant advertisements

Managing cookies

You can manage your cookie preferences through your browser settings or through our cookie consent tool. Please note that disabling certain cookies may affect the functionality of our websites.

For more detailed information, please see our Cookie Policy.

We may update this Privacy Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

When we make material changes, we will notify you by updating the date at the top of this Statement and, where appropriate, provide additional notice (such as adding a statement to our website or sending you a notification).

We encourage you to review this Statement periodically to stay informed about how we are protecting your information.

Depending on where you are located, additional rights and information may apply to you.

European Economic Area (EEA) and UK

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including the right to lodge a complaint with your local data protection authority.

California

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, and opt-out of the sale or sharing of personal information.

Japan

If you are located in Japan, additional provisions under the Act on the Protection of Personal Information (APPI) may apply.

South Korea

If you are located in South Korea, additional provisions under the Personal Information Protection Act (PIPA) may apply.

For jurisdiction-specific inquiries, please contact us at privacy@cicada.tech.