Privacy Policy

1. Who We Are

This Privacy Policy describes how Paraison AI LLC ("Paraison AI," "we," "our," or "us") collects, uses, and shares information when you:

• Visit our website at paraison.io and its subdomains (the "Site");
• Communicate with us by email or scheduling tool;
• Use our Agent Control Plane ticket-routing platform (the "Service") as an authorized user of a customer that has signed a Master Service Agreement with us.

We are a New Jersey limited liability company. Our registered office is 155 Willowbrook Blvd, Ste 110, Wayne, NJ 07470 (c/o Republic Registered Agent LLC).

2. Two Roles: Controller vs. Processor

We process personal information in two distinct roles:

(a) As a controller for prospects, website visitors, and the personnel of our customers who interact directly with us. This Privacy Policy describes that processing.

(b) As a processor when we operate the Service on behalf of a customer. In that role, the customer is the controller, and our processing is governed by the Data Processing Agreement (DPA) signed with that customer. If you are an end-user of a customer's support helpdesk and your data has been processed by the Service in support of that customer, please contact the customer directly to exercise your rights.

3. Information We Collect (as a Controller)

3.1 Information You Provide

• Contact information: name, email, company name, job title, phone number — when you fill out a form, request a demo, or email us.
• Communications: the contents of emails, chat messages, ROI-calculator inputs, or other materials you send us.
• Meeting scheduling: when you book a call via Calendly, we receive your name, email, time zone, and any responses to intake questions.

3.2 Information Collected Automatically

• Server logs: when you visit the Site, our hosting provider records the IP address, user agent, referring URL, and pages requested.
• Cookies and similar technologies: we use a small number of strictly necessary cookies for session and security purposes. We do not currently use third-party advertising or cross-site tracking cookies. If we add analytics in the future, we will update this Policy and present a cookie banner where required by law.

3.3 Information from Third Parties

• Apollo, LinkedIn, public registries: in the course of business development, we may consult publicly available business directories and contact databases. The categories we collect are limited to professional contact information (name, work email, job title, employer).

4. How We Use Information (as a Controller)

We use the information described above to:

1. respond to inquiries and provide requested information;
2. operate, secure, and improve the Site;
3. provision and manage customer accounts and contracts;
4. send transactional emails (sales follow-ups, contract communications, service notices) and, where permitted, marketing emails about our products (you can unsubscribe at any time);
5. comply with legal obligations, enforce our agreements, and protect our legal rights.

5. How We Share Information

We share information only as follows:

(a) Service providers ("Sub-processors") acting on our behalf to run our business and the Site — hosting (DigitalOcean), email (Google Workspace), CRM and outreach (Instantly, Apollo), payments and billing (Stripe), scheduling (Calendly), and AI model providers (Anthropic, OpenAI) where they support the Site or internal tooling. A current list of Sub-processors that touch Service data on behalf of customers is maintained in the DPA.

(b) Legal and safety disclosures when required by law, regulation, court order, or government request, or to protect our rights, property, or safety, or that of our customers or the public.

(c) Business transfers — in connection with a merger, acquisition, financing, or sale of substantially all of our assets. We will give notice of any change in control consistent with applicable law.

We do not sell personal information as defined under the California Consumer Privacy Act ("CCPA") or comparable state laws. We do not use personal information for cross-context behavioral advertising.

6. International Transfers

Paraison AI is based in the United States. If you are located outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our Sub-processors operate. Where required by law (e.g., transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

7. Data Retention

• Prospect / inquiry data: retained while there is an active commercial conversation and for up to 24 months afterward, unless you request deletion.
• Customer-personnel account data: retained for the duration of the MSA and for up to 24 months afterward for legal, tax, and audit purposes.
• Server logs: retained for 90 days unless required for security investigation.
• Customer Data processed on behalf of customers: retention is governed by the MSA and DPA with the customer (typically deleted within 60 days of contract termination, subject to backup-rotation schedules).

8. Security

We maintain administrative, physical, and technical safeguards designed to protect personal information, including:

• TLS 1.2+ encryption in transit
• Encryption at rest for our production database
• Role-based access controls and audit logging for administrative actions
• Errors & Omissions and Cyber Liability insurance

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law.

9. Your Rights and Choices

Depending on where you live, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate information;
• Delete your personal information (subject to limited exceptions);
• Port your personal information to another service;
• Object to or restrict certain processing;
• Withdraw consent where processing is based on consent;
• Opt out of marketing emails (use the unsubscribe link in any marketing email, or contact us directly);
• Lodge a complaint with a data-protection authority where applicable.

To exercise these rights, email privacy@paraison.io with your request and enough information for us to verify your identity. We will respond within the time required by applicable law (generally 30–45 days).

California residents have specific rights under the CCPA / CPRA, including the right to know, delete, correct, and opt out of "sales" (we do not sell) and "sharing" for cross-context behavioral advertising (we do not share for that purpose). You may designate an authorized agent to make a request on your behalf, subject to verification.

End-users of a customer's helpdesk: if your data has been processed by the Service in support of a customer's helpdesk, please contact that customer directly to exercise your rights. We will assist the customer in responding as required by the DPA.

10. Children

The Site and the Service are not directed to children under 13 in the United States or under 16 in the EEA/UK. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact privacy@paraison.io and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy with a revised "Last Updated" date and, where appropriate, by additional notice (email or a Site banner). Your continued use of the Site or the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact Us