Privacy Policy

Last updated: March 1, 2025 — Rapidata, Inc.

Rapidata, Inc. ("Rapidata," "we," "our," or "us") is committed to protecting the privacy and security of the personal information we collect, process, and store. This Privacy Policy describes how we collect personal data, what we do with it, and the rights you have with respect to your personal information when you visit our website at rapideta.us, use our data analytics platform ("Platform"), or interact with us through any other means.

By accessing or using our website or Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and Platform.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

• Register for an account on our Platform
• Request a product demonstration or schedule a meeting with our team
• Contact us by email, telephone, or through our website
• Subscribe to our newsletter or marketing communications
• Apply for a job or submit a resume or application to Rapidata
• Participate in surveys, webinars, or promotional activities

This information may include: full name, business email address, phone number, job title, company name, company size, industry, country and region, and any additional information you choose to provide in messages or forms.

1.2 Information Collected Automatically

When you visit our website or use our Platform, we automatically collect certain technical and usage information, including:

• Internet Protocol (IP) address and approximate geographic location derived from IP
• Browser type and version, operating system, device type, and hardware model
• Referring URL and exit pages
• Pages viewed, features accessed, and time spent on each page
• Date and time of each visit
• Clickstream data and interaction events within the Platform
• Error logs and performance metrics from your use of the Platform
• Session identifiers and authentication tokens (stored in browser local storage)

This information is collected using cookies, web beacons, pixel tags, and similar technologies as described in our Cookie Policy.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

• Business partners and resellers who refer customers to Rapidata
• Publicly available databases and professional networking platforms used for sales prospecting in accordance with applicable law
• Analytics providers who provide aggregated and anonymized usage data about our website and marketing channels
• Identity verification providers used in our account security and compliance workflows

1.4 Customer Data Processed on Behalf of Customers

As part of providing our Platform, Rapidata processes data that our customers upload, transmit, or otherwise make available through the Platform ("Customer Data"). This data is processed solely on behalf of and at the instruction of our customers, pursuant to our Data Processing Agreement (DPA). Rapidata acts as a data processor — not a data controller — with respect to Customer Data. This Privacy Policy does not apply to Customer Data, which is governed by the applicable DPA and the privacy practices of our customers.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

2.1 Providing and Improving Our Services

• Creating and managing your account and providing you with access to the Platform
• Processing and fulfilling your requests for product demonstrations, support, or information
• Communicating with you about your account, including technical notices, security alerts, and administrative messages
• Analyzing how our website and Platform are used to identify areas for improvement
• Developing new features, products, and services based on usage patterns and customer feedback
• Diagnosing and resolving technical issues and Platform outages

2.2 Marketing and Sales

• Sending marketing communications about Rapidata products, services, events, and industry content where you have provided consent or where we have a legitimate interest
• Personalizing the content and marketing messages we send you based on your industry, role, and expressed interests
• Managing our relationship with sales prospects and existing customers through our customer relationship management systems
• Measuring the effectiveness of our marketing campaigns and optimizing our marketing spend

You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at privacy@rapideta.us.

2.3 Security and Legal Compliance

• Detecting and preventing fraud, abuse, and unauthorized access to our Platform
• Investigating and responding to potential violations of our Terms of Service
• Complying with applicable laws, regulations, court orders, and legal obligations
• Enforcing our contractual rights and defending legal claims
• Maintaining audit logs required by applicable compliance frameworks including SOC 2, GDPR, and CCPA

3. Legal Basis for Processing (EEA and UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data only when we have a valid legal basis to do so:

• Contractual necessity: Processing required to perform our contract with you or to take steps at your request prior to entering into a contract (e.g., account creation, Platform access, responding to demo requests)
• Legitimate interests: Processing necessary for our legitimate business interests, including product improvement, security, fraud prevention, and direct marketing to business contacts, provided that such interests are not overridden by your fundamental rights
• Consent: Processing based on your specific, informed, and freely given consent, such as subscribing to our newsletter or accepting non-essential cookies. You may withdraw consent at any time
• Legal obligation: Processing necessary to comply with our legal obligations under applicable law

4. How We Share Your Information

4.1 Service Providers

We share personal information with trusted third-party service providers who assist us in operating our business, including:

• Cloud infrastructure providers (Amazon Web Services, Google Cloud Platform) for hosting and data storage
• Customer relationship management software providers
• Email marketing and communication platform providers
• Analytics providers for website and Platform usage measurement
• Security and identity verification service providers
• Payment processing providers (for billing and subscription management)
• Professional services firms (legal, accounting, audit)

All third-party service providers are bound by contractual obligations to process personal data only for the purposes we specify, to implement appropriate security measures, and not to share personal data with unauthorized third parties.

4.2 Business Transfers

If Rapidata is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or other change of control, personal information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a materially different privacy policy.

4.3 Legal Requirements

We may disclose personal information if required to do so by law or in the good-faith belief that such disclosure is necessary to comply with a legal obligation, protect and defend the rights or property of Rapidata, prevent or investigate possible wrongdoing, protect the personal safety of users of the Platform or the public, or protect against legal liability.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing or advertising purposes. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) or similar statutes.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law. Our retention periods are determined by the following criteria:

• Account information is retained for the duration of the customer relationship and for a period of three years following account termination to enable reactivation and for legal and audit purposes
• Marketing contact records are retained until you opt out of marketing communications or request deletion, after which they are suppressed (to prevent re-addition) and deleted from active systems within 30 days
• Website analytics data is retained in aggregated form for up to 26 months
• Security and audit logs are retained for a minimum of one year and a maximum of seven years as required by applicable compliance frameworks
• Legal hold data is retained indefinitely during the pendency of litigation or regulatory inquiry to which it is relevant

When personal information is no longer required for its stated purpose, we securely delete or anonymize it in accordance with our data destruction procedures.

6. Your Privacy Rights

6.1 Rights Available to All Users

Regardless of your location, you have the right to:

• Request confirmation of whether we hold personal information about you
• Request a copy of the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Opt out of marketing communications at any time
• Request deletion of personal information in circumstances where continued processing is no longer justified

6.2 Additional Rights for EEA and UK Users (GDPR/UK GDPR)

• Right of access: Obtain a copy of your personal data and information about how it is processed (Article 15)
• Right to rectification: Correct inaccurate personal data or complete incomplete personal data (Article 16)
• Right to erasure: Request deletion of your personal data in certain circumstances (Article 17)
• Right to restriction of processing: Request restriction of processing your personal data in certain circumstances (Article 18)
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller (Article 20)
• Right to object: Object to processing of your personal data for direct marketing, legitimate interests, or profiling (Article 21)
• Right to withdraw consent: Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing
• Right to lodge a complaint: Lodge a complaint with the supervisory authority in your member state

6.3 California Consumer Privacy Act (CCPA) Rights

California residents have the following rights under the CCPA:

• Right to know: Request disclosure of the categories of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it
• Right to delete: Request deletion of personal information we have collected, subject to certain exceptions
• Right to opt out of sale: As stated above, we do not sell personal information
• Right to non-discrimination: You have the right not to be discriminated against for exercising your CCPA rights

6.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@rapideta.us or by mail at Rapidata, Inc., 315 Park Ave South, Floor 14, New York, NY 10010, Attn: Privacy Team. We will respond to all verified requests within 30 days (or within the timeframe required by applicable law). We may require verification of your identity before processing certain requests.

7. International Data Transfers

Rapidata is headquartered in the United States. If you are accessing our website or Platform from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain infrastructure.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) as adopted by the European Commission, supplemented by appropriate technical and organizational measures to ensure equivalent protection for your personal data.

8. Security

We implement and maintain appropriate technical and organizational security measures to protect personal information against unauthorized access, destruction, alteration, disclosure, or loss. Our security measures include:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Role-based access controls with principle of least privilege
• Multi-factor authentication for all employee access to production systems
• Regular security assessments, penetration testing, and vulnerability scanning
• SOC 2 Type II compliance audit program
• Incident response procedures and breach notification protocols

Despite our efforts, no security measures are perfect or impenetrable. In the event of a security breach involving personal data, we will notify affected individuals and relevant authorities as required by applicable law.

9. Children's Privacy

Our website and Platform are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child under 16 has provided us with personal information without parental consent, please contact us at privacy@rapideta.us and we will take steps to delete that information.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform functionality. When we make material changes, we will notify you by email (to the address on file with your account), by posting a prominent notice on our website, or through other appropriate communication channels prior to the change becoming effective.

Your continued use of our website or Platform after the effective date of any changes constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Rapidata, Inc.
Attn: Privacy Team
315 Park Ave South, Floor 14
New York, NY 10010
Email: privacy@rapideta.us
Phone: (212) 247-3891

For EEA and UK residents, our EU Representative can be contacted at the address above. You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.