Privacy Policy

1. Scope of This Policy

This Policy applies to personal information collected:

• Through our websites and applications
• Through subscription-based SaaS platforms
• Through API integrations
• During account registration
• Through communications and support requests
• Through enterprise engagements

This Policy does not apply to third-party services not operated by Noir Stack LLC.

2. Categories of Information Collected

A. Information Provided Directly

• Name
• Email address
• Business contact information
• Billing information
• Account credentials
• Communications and support inquiries

B. Information Collected Automatically

• IP address
• Device type and operating system
• Browser type
• Access timestamps
• Usage metrics
• Log data
• API request metadata

C. Enterprise and Platform Data

Customers may upload data to the Services. Such data may include operational, analytic, or structured information. Noir Stack processes such data solely for purposes of providing the Services.

The Company does not claim ownership of Customer data.

D. AI Processing Data

When Users interact with AI-enabled systems:

• Prompts
• Model inputs
• Generated outputs
• Performance metrics

may be processed to deliver the requested functionality.

3. How Information Is Used

Personal information may be used to:

• Provide and maintain Services
• Authenticate users
• Process payments
• Enforce security controls
• Improve system performance
• Detect fraud or misuse
• Comply with legal obligations
• Provide customer support

AI inputs may be processed to generate outputs. Unless explicitly disclosed, such data is not used to train third-party public models.

4. Legal Basis for Processing (Where Applicable)

Where required by applicable law, processing may occur on the basis of:

• Performance of a contract
• Legitimate business interests
• Legal compliance
• User consent

5. Data Sharing and Disclosure

The Company does not sell personal information.

Information may be shared:

• With service providers supporting infrastructure, billing, hosting, or security
• With enterprise customers under contractual obligations
• To comply with legal process
• To protect rights, safety, or property
• In connection with a merger, acquisition, or asset sale

All service providers are contractually required to maintain confidentiality and appropriate safeguards.

6. Multi-Tenant and Data Segregation

Noir Stack operates logically segregated environments designed to:

• Isolate tenant data
• Enforce role-based access control
• Apply least-privilege principles
• Maintain audit logging

Customers are responsible for managing internal access permissions.

7. Security Practices

The Company implements safeguards consistent with industry practices, including:

• Encryption in transit (TLS)
• Encryption at rest (where applicable)
• Access control enforcement
• Logging and monitoring
• Change management controls
• Incident response procedures

Security measures are aligned with principles consistent with SOC 2 Trust Services Criteria.

No method of transmission or storage guarantees absolute security.

8. Data Retention

Personal information is retained only as long as necessary to:

• Fulfill contractual obligations
• Comply with legal requirements
• Resolve disputes
• Enforce agreements

Customer-controlled data may be deleted upon account termination, subject to legal retention requirements.

9. Virginia Consumer Data Protection Act (VCDPA)

If applicable, residents of Virginia may have the right to:

• Confirm whether personal data is being processed
• Access personal data
• Correct inaccuracies
• Delete personal data
• Obtain a copy of personal data
• Opt out of targeted advertising (if applicable)

Requests may be submitted to: privacy@noirstack.com

Identity verification may be required.

10. Other U.S. State Rights

Where required by applicable U.S. state privacy laws, similar rights may be honored.

The Company does not currently engage in the sale of personal data.

11. International Data Transfers

If personal information is transferred outside the United States, appropriate safeguards will be implemented consistent with applicable law.

12. Cookies and Tracking Technologies

The Company may use:

• Essential cookies
• Security cookies
• Analytics tools

Cookies may be managed through browser settings.

The Company does not currently deploy behavioral advertising tracking without consent.

13. Third-Party Links

Services may contain links to third-party sites. Noir Stack is not responsible for the privacy practices of external sites.

14. Children's Privacy

The Services are not directed to individuals under the age of 13. The Company does not knowingly collect personal information from children.

15. Incident Response

In the event of a confirmed data breach involving personal information, the Company will:

• Investigate promptly
• Mitigate impact
• Notify affected parties as required by Virginia law and other applicable regulations

16. Enterprise Data Processing

Where the Company acts as a service provider or processor on behalf of an enterprise customer:

• Processing occurs pursuant to contract
• The enterprise customer acts as data controller
• The Company processes data only under documented instructions

A separate Data Processing Addendum may apply.

17. Export and Sanctions Compliance

Data processing is subject to applicable U.S. export control laws. Access to Services from sanctioned jurisdictions may be restricted.

18. Changes to This Policy

The Company may update this Privacy Policy periodically.

Material changes will be reflected by updating the "Last Updated" date.

Continued use of the Services after changes constitutes acceptance.

19. Contact Information

Privacy inquiries or rights requests may be directed to:

privacy@noirstack.com

Noir Stack LLC
Commonwealth of Virginia