Privacy Policy — Terminus

1. Overview

Terminus ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, website, or related services (collectively, the "Services"). Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide

Account registration details (name, work email, company name, job title)
Communications you send us (support tickets, demo requests, feedback)
Payment and billing information (processed by our payment providers — we do not store card data)

2.2 Information Collected Automatically

Log data: IP address, browser type, pages visited, timestamps
Usage telemetry: feature interactions, API call volumes, error rates (aggregated and anonymized)
Cookies and similar tracking technologies (see Section 6)

2.3 AI Activity Data

When you connect AI agents to Terminus, we process metadata about agent interactions (tool calls, policy evaluations, enforcement decisions) to provide the governance service. For Private VPC and on-premise deployments, this data never leaves your infrastructure.

3. How We Use Your Information

To provide, operate, and improve the Services
To authenticate users and enforce access controls
To send transactional emails (account alerts, policy breach notifications)
To respond to support requests and inquiries
To detect and prevent fraud, abuse, and security incidents
To comply with legal obligations

We do not sell your personal data to third parties. We do not use your AI agent data to train machine learning models without explicit written consent.

4. Data Sharing

We may share your information with:

Service providers: cloud hosting, payment processing, customer support tooling — bound by data processing agreements
Legal authorities: when required by law, court order, or to protect our rights
Business transfers: in connection with a merger, acquisition, or asset sale (you will be notified)

5. Data Retention

We retain your data for as long as your account is active or as needed to provide Services. You may request deletion of your account and associated data at any time by contactingprivacy@terminus.ai. Aggregated, anonymized analytics data may be retained indefinitely.

6. Cookies

We use strictly necessary cookies to operate the Services (session management, CSRF protection) and optional analytics cookies to understand usage patterns. You may disable optional cookies via your browser settings without affecting core functionality.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion ("right to be forgotten")
Object to or restrict processing
Data portability
Lodge a complaint with a supervisory authority (EU/UK users)

To exercise any of these rights, email privacy@terminus.ai.

8. International Transfers

Our infrastructure is hosted in the United States. If you access the Services from outside the US, your data may be transferred to and processed in the US. We use standard contractual clauses (SCCs) approved by the European Commission for transfers from the EEA.

9. Security

We implement industry-standard security controls including encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access controls, and regular penetration testing. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions or requests, contact our Data Protection team at privacy@terminus.ai.