Privacy Policy

Last updated: January 2025

1. Introduction

Authentica Supply Chain Solutions Corp. ("Authentica," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our AI-powered supply chain automation services.

This policy applies to information regulated as personal data, personal information, or personally identifiable information under applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.

2. Information We Collect

Information You Provide

We collect information you voluntarily provide when you:

  • Fill out forms on our website (name, email, company, job title)
  • Request a demo or contact us
  • Subscribe to our newsletter
  • Create an account or use our Services
  • Communicate with us via email or other channels

Information Collected Through Our Services

When you use our AI agent platform services, we may process:

  • Contact information (names, email addresses, phone numbers)
  • Account credentials and authentication data
  • User-generated content and prompts (Inputs)
  • AI-generated content (Outputs)
  • Usage data and logs (metadata, timestamps, IP addresses)
  • Professional information (job titles, company names)

Information Collected Automatically

When you visit our website, we may automatically collect:

  • Device and browser information
  • IP address and location data
  • Pages visited and time spent
  • Referring website or source
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide AI agent services (workflow automation, AI-generated outputs, agent orchestration)
  • Respond to your inquiries and provide customer support
  • Send you marketing communications (with your consent)
  • Billing and account management
  • Analyze usage patterns to improve our services
  • Protect against fraud and unauthorized access
  • Comply with legal obligations

Important: We do not use your data to train AI models by default. Any use of customer data for model training requires a separate signed amendment.

4. Data Sharing and Disclosure

We do not sell or share your personal information. We may share your data with:

  • Service providers (Subprocessors): Third parties that help us operate our business, subject to data protection obligations substantially equivalent to this policy. Our current subprocessors are listed at authenti.ca/legal/subprocessors.
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We provide 30 days' notice before authorizing any new subprocessor to process personal data.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. You can control cookies through your browser settings, though some features may not function properly without them.

We use the following types of cookies:

  • Essential cookies: Required for basic site functionality
  • Analytics cookies: Help us understand how visitors use our site
  • Marketing cookies: Used to deliver relevant advertisements

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Access controls: Role-based access control (RBAC), multi-factor authentication for administrative access
  • Network security: Firewalls, intrusion detection, DDoS protection
  • Security assessments: Regular vulnerability scanning and penetration testing
  • Compliance: SOC 2 and/or ISO 27001 compliance

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy. Upon termination of services, we will delete or return your personal data within 30 days at your election, and provide written certification of deletion upon request.

Personal data in disaster recovery or backup systems is deleted according to our standard backup retention schedule (currently 30 days rolling retention).

8. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

We respond to data subject requests within 10 business days. To exercise these rights, please contact us at privacy@authenti.ca.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA:

  • We do not sell or share your personal information
  • You may request access to, deletion of, or correction of your personal information
  • You have the right to opt-out of the sale or sharing of personal information

9. International Transfers

Our primary data hosting is in the United States. For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Addendum
  • Additional safeguards including encryption, access controls, and contractual commitments

We provide 60 days' notice before making material changes to data residency.

10. Security Incident Notification

In the event of a confirmed security incident affecting your personal data, we will notify you without undue delay and within 72 hours of becoming aware of the incident, providing details about the nature of the incident, likely consequences, and measures taken to address it.

11. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this privacy policy to reflect changes in data protection laws, guidance from supervisory authorities, or industry best practices. Material changes will be subject to 30 days' notice, except changes required by law may take effect immediately.

13. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Authentica Supply Chain Solutions Corp.
Dover, Delaware
Email: privacy@authenti.ca
Website: authenti.ca

For security issues: security@authenti.ca