Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, password, and organization name when you create an account.
• Payment Information: Billing address and payment method details (processed securely through Stripe; we do not store full credit card numbers).
• Forecast Submissions: Probability estimates, reasoning, and predictions you submit on the platform.
• Communications: Information you provide when contacting us, including support inquiries and feedback.
• Profile Data: Optional information such as professional background, areas of expertise, and location preferences.

1.2 Information Collected Automatically

• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, features used, time spent on pages, and interaction patterns.
• Log Data: IP address, access times, referring URLs, and error logs.
• Location Data: Approximate geographic location based on IP address (used to provide region-specific forecasts and comply with local regulations).
• Cookies and Similar Technologies: We use essential cookies for functionality, analytics cookies to understand usage, and preference cookies to remember your settings.

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party service (e.g., Google), we receive your name and email from that provider.
• Public Data Sources: We aggregate publicly available data from government agencies, international organizations, and research institutions to power our forecasts.

2. How We Use Your Information

We use the information we collect to:

• Provide Services: Operate and maintain the Tier9 platform, process your forecasts, and display aggregated predictions.
• Improve Our Platform: Analyze usage patterns, identify bugs, and develop new features.
• Personalize Experience: Show you region-relevant challenges, customize your dashboard, and remember your preferences.
• Communicate: Send service announcements, respond to inquiries, and provide customer support.
• Process Payments: Handle subscription billing and invoicing through our payment processor.
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with Law: Meet legal obligations and respond to lawful requests from authorities.
• Generate Aggregate Insights: Create anonymized, aggregated forecasts and statistics that do not identify individual users.

2.1 Legal Bases for Processing (for EEA/UK Users)

• Contract: Processing necessary to provide services you requested.
• Legitimate Interests: Improving our services, preventing fraud, and marketing (where you have not opted out).
• Consent: Where you have given explicit consent (e.g., marketing communications).
• Legal Obligation: Compliance with applicable laws.

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

• Cloud hosting (Vercel, Supabase)
• Payment processing (Stripe)
• Analytics (privacy-focused analytics)
• Customer support tools

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.2 Aggregated and De-identified Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you. This includes aggregate forecast statistics, platform usage trends, and research findings.

3.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

If Tier9AI, Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Strict role-based access controls limit employee access to personal data.
• Infrastructure: Our systems are hosted on SOC 2 compliant infrastructure.
• Monitoring: Continuous security monitoring and regular vulnerability assessments.
• Authentication: Secure password hashing and support for multi-factor authentication.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for up to 30 days after deletion request.
• Forecast Data: Aggregated forecast contributions may be retained indefinitely in anonymized form for research and platform improvement.
• Payment Records: Retained for 7 years as required for tax and accounting purposes.
• Log Data: Typically retained for 90 days, unless needed for security investigations.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 All Users

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your account and personal information.
• Opt-Out: Unsubscribe from marketing communications at any time.

6.2 California Residents (CCPA/CPRA)

Under California law, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

6.3 European Economic Area, UK, and Switzerland (GDPR)

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Data portability (receive your data in a machine-readable format)
• Object to processing based on legitimate interests
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

6.4 Other US States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt out. Contact us to exercise these rights.

7. International Data Transfers

Tier9AI, Inc. is based in the United States. If you access our services from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from those in your country.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with our service providers
• Your explicit consent where applicable

8. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for basic site functionality (authentication, security, load balancing).
• Preference Cookies: Remember your settings (language, region, theme).
• Analytics Cookies: Help us understand how visitors use our site (privacy-focused, no personal tracking).

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

9. Children's Privacy

Tier9 is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at privacy@tier9.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email to registered users for significant changes
• Displaying a notice on our platform

Your continued use of Tier9 after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us: