Privacy Policy

Last updated: October 6, 2025

‍

Thank you for choosing to be part of our community at Eliza Solutions Corp, Inc. (”Eliza,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy. If you have questions or concerns about this policy or our practices, contact us at privacy@eliza.com.

‍

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

• visit or interact with our websites and online properties that link to this Privacy Policy (collectively, the “Site”),
  
• register for or attend our events, webinars, or workshops (”Events”), and
  
• engage us to deliver consulting, enablement, or custom AI application services (our “Services”).
  
  

We describe separate roles below: Site Visitors (people who visit our Site or interact with marketing), Prospects (people who engage with sales), Customer Contacts/Users (people whose data we process to provide our Services under a contract with a customer), and Vendors/Partners.

‍

1) Information We Collect

a) Information you provide to us

• Contact and account details (name, job title, company, email, phone, password, preferences).
  
• Communications and content (messages, meeting notes, feedback, support requests, form submissions, survey responses).
  
• Event data (registration details, RSVP status, dietary preferences you choose to share, participation information).
  
• Contract and billing data (billing contact, purchase orders, payment method, tax IDs; payment details are processed by our payment processor and not stored by Eliza beyond last four digits and expiry where needed).
  
• Customer Content and Customer Data Sources that you choose to connect so we can deliver the Services (e.g., documents, datasets, system credentials such as API keys or service accounts—handled per the contract and security measures below).
  
  

b) Information we collect automatically

• Device and usage data (IP address, device identifiers, browser type, operating system, referring/exit pages, pages viewed, links clicked, time stamps, session data).
  
• Cookies, pixels, SDKs, and similar technologies (see Cookies & Tracking below).
  
  

c) Information from third parties

• Partners, data enrichment providers, and analytics platforms (e.g., firmographics),
  
• Social media platforms (when you interact with our pages or ads),
  
• Our customers and vendors (as needed to perform the Services),
  
• Publicly available sources.
  

We may aggregate, de‑identify, or anonymize information and use it for any lawful purpose. Aggregated or de‑identified data is not considered personal information.

‍

2) How We Use Information

We use information to:

• operate, maintain, and improve the Site and Services;
  
• provide and support the Services under our agreements with customers;
  
• configure and administer connected systems and integrations at your request;
  
• secure our environment, prevent fraud, debug, and perform audits;
  
• personalize content and measure marketing performance;
  
• send administrative messages and—where permitted—marketing communications (you can opt out at any time);
  
• comply with law, enforce terms, and protect rights, safety, and property.
  
  

AI/Model‑Related Disclosures

• Customer Content Handling. We process Customer Content solely to provide the Services and as instructed by the customer. We do not use Customer Content to train our or third‑party foundation models without explicit written instruction from the customer.
  
  
• Model Providers & Subprocessors. At your instruction, we may leverage third‑party AI platforms (e.g., cloud AI model hosts) as subprocessors. We bind them by contract to appropriate confidentiality, security, and privacy obligations.
  
  
• Human‑in‑the‑loop. Where human review is required (e.g., quality assurance), we apply role‑based access controls, least‑privilege, and logging.
  
  
• Automated decision‑making. We do not perform solely automated decisions that produce legal or similarly significant effects about individuals. If that changes, we will provide required notices and rights.
  
  

3) Legal Bases for Processing (EEA / UK / Switzerland)

Where GDPR/UK GDPR applies, we rely on one or more of the following legal bases: (i) performance of a contract, (ii) legitimate interests (e.g., to secure and improve the Services, prevent fraud, and market to business contacts), (iii) consent (e.g., certain cookies/marketing), and (iv) compliance with legal obligations. You may withdraw consent at any time.

4) Sharing and Disclosure

We share information with:

• Service providers/subprocessors that help us run our business and deliver the Services (e.g., cloud hosting, analytics, customer support, AI model providers, payment processors). They are bound by confidentiality and data‑processing terms.
  
• Partners when you request or consent to a referral, integration, or joint engagement.
  
• Corporate transactions (merger, acquisition, financing, or sale of assets), subject to appropriate safeguards.
  
• Legal and safety (to comply with law, respond to lawful requests, and protect rights/safety).
  

We do not sell personal information. If we engage in cross‑context behavioral advertising (“sharing” under CPRA), we will provide a “Do Not Sell or Share My Personal Information” mechanism and honor browser signals where legally required.

5) International Data Transfers

We are headquartered in the United States and may transfer personal data internationally. Where required, we use approved transfer mechanisms (e.g., EU Standard Contractual Clauses and UK IDTA/Addendum) and implement supplementary measures.

6) Data Retention

We retain personal information for as long as necessary to fulfill the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements. Customer Content is retained per our contract and your instructions.

7) Security

We implement administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit and at rest where appropriate, access controls, least‑privilege, logging and monitoring, security reviews for subprocessors). No security program is perfect; we cannot guarantee absolute security.

8) Your Privacy Choices & Rights

• Marketing communications. You can unsubscribe via the link in our emails or by contacting us.
  
• Cookies & tracking. Manage preferences via our cookie banner or your browser/device settings (see Cookies & Tracking below). Where required by law, we will obtain consent for certain cookies and provide opt-out controls for targeted advertising.
  
• Universal opt-out signals. Where required by law (e.g., Texas TDPSA as of Jan 1, 2025), we honor browser- or device-based signals such as Global Privacy Control (GPC) for opting out of targeted advertising and the sale of personal data.
  
• Data subject requests. Depending on your location, you may have rights to request access, correction, deletion, portability, restriction, or objection. You may also have the right to opt out of profiling/targeted advertising. To exercise rights, contact privacy@eliza.com. We may ask for information to verify your identity. Authorized agent requests (where applicable) are honored per local law.
  

California (CPRA)

California residents have the right to know, delete, correct, and opt out of “selling” or “sharing” (as defined by CPRA), and to limit the use/disclosure of sensitive personal information. We do not sell personal information. If we “share” for cross‑context behavioral advertising, you can opt out via our cookie banner or a “Do Not Sell or Share” link (if/when applicable). We will not discriminate for exercising your rights.

‍

EEA / UK / Switzerland

You also have the right to lodge a complaint with your local supervisory authority.

‍

9) Cookies & Tracking

We and our service providers use cookies, pixels, SDKs, and similar technologies to operate the Site, analyze usage, and (where permitted) personalize or measure marketing. You can manage preferences through our cookie banner and browser settings. Some features may not function without certain cookies. For more details, see our Cookie Notice.

10) Children’s Privacy

Our Site and Services are not directed to children. We do not knowingly collect personal information from children under 13 (or a higher age where required by local law). If you believe a child provided personal information, contact us and we will delete it.

11) Data Processing Addendum & Subprocessors

For customers, our Data Processing Addendum (DPA) forms part of the Services Agreement and governs our processing of Customer Personal Data on your behalf. We maintain a current list of subprocessors used to deliver the Services. Both are available upon request or via the links provided in your order documents.

12) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, if changes are material, we will provide additional notice as required by law.

13) Contact Us

Eliza Solutions Corp, Inc.

5000 Plaza on the Lk, Suite 100 #2027

Austin, TX 78746, United States

‍

privacy@eliza.com

‍

If you need this Policy in an alternative format due to a disability, please contact us at the email above.

‍

Regional Supplements (Optional Templates)

‍

A. Texas (TDPSA)

Effective dates. The Texas Data Privacy and Security Act (TDPSA) is effective July 1, 2024. Universal browser-based opt-out signals (e.g., Global Privacy Control) must be honored beginning January 1, 2025.

Your rights (Texas residents). Access/port, correct, delete; and opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects (as defined by TDPSA).

How to exercise. Use the methods in Section 8; we provide at least two secure methods and an appeals process. We will respond within 45 days (extendable once by 45 days where reasonably necessary).

Universal opt-out signals. We honor legally required browser/device signals (e.g., Global Privacy Control) for Texas residents as of Jan 1, 2025.

Sensitive/biometric notices. We do not sell personal information, including sensitive or biometric data. If this were to change, we would provide the explicit TDPSA notices (e.g., “NOTICE: We may sell your sensitive personal data.”) and obtain any required consent before processing sensitive data.

‍

B. California Notice at Collection (CPRA)

• Categories of personal information collected: identifiers; commercial information (B2B context); internet/network activity; geolocation (approximate); professional information; inferences. See Sections 1–2.
  
• Purposes: See Section 2.
  
• Retention: See Section 6.
  
• Selling/Sharing: We do not sell personal information. If we share for cross‑context behavioral advertising, you may opt out via cookie preferences and any “Do Not Sell or Share” link.
  
  

C. EEA / UK Controller & DPO Details (if applicable)

‍

If required, we will identify an EU/UK representative and Data Protection Officer (DPO) in our order documents or on our legal page.

‍