Privacy Policy
This Privacy Policy explains how Avatier Corporation (“Avatier,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit www.avatier.com (“the Site”) and use our identity management product information, AI assistant, and related services. This policy applies to visitors worldwide. Region-specific rights and disclosures are addressed in the Regional Addenda at the end of this document.
1. Overview
Avatier Corporation is a provider of identity management, single sign-on, password management, and identity governance software. The Site provides information about our products, allows visitors to interact with an AI assistant, request product demonstrations, and submit contact information for follow-up. We are committed to protecting your privacy and processing your personal data transparently, lawfully, and in accordance with applicable data protection laws worldwide.
If you are located in a jurisdiction with specific data protection regulations, please review the applicable Regional Addendum below for additional rights and disclosures that apply to you.
2. Data Controller
The data controller responsible for your personal data is:
Avatier Corporation
4733 Chabot Drive, Suite 201
Pleasanton, CA 94588, USA
Email: [email protected]
Phone: (800) 609-8610 or (925) 217-5170
For EEA/UK-specific inquiries, you may also contact our designated privacy representative at the address above or via [email protected].
3. Data We Collect
3.1 Information You Provide Directly
- Contact form submissions: Name, email address, company name, job title, phone number (if provided), and any message content you include when requesting information, a quote, or a follow-up.
- Demo and product information requests: Information you provide when requesting product details, pricing, or a demonstration, including company information and role.
- Trial and evaluation requests: Information you provide when initiating a product trial, including company information and technical environment details where relevant.
- AI assistant interactions (powered by Delphi.ai): Questions and prompts you submit to the on-site AI chat assistant. If you provide your name or email address during the conversation — for example, when booking a sales call or requesting follow-up — Delphi.ai collects that contact information. Delphi.ai may also collect your email if you log in or authenticate to use the assistant. Conversation content, engagement data (message count, last active date), and any tags or properties assigned based on your interactions are stored within the Delphi.ai platform. The Delphi.ai embedded widget additionally uses bundled third-party services for product analytics and error/session monitoring; cookies set by these services are categorized as Statistics and are only set after you grant statistics-cookie consent. Contact data (email and name) is automatically synced to our CRM (HubSpot). For more information, see Delphi.ai’s Privacy Policy.
- Account information: If you create an account on the Site (e.g., for customer support, partner portal, or documentation access), we collect your username, password, and associated profile information.
3.2 Information Collected Automatically
- Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
- Usage data: Pages visited, time spent on pages, click patterns, scroll depth, referral source (search engine, social media, direct), and exit pages.
- Cookie and tracking data: Information collected through cookies, pixels, and similar technologies as described in Section 6 below.
- Geolocation data: Approximate geographic location derived from your IP address, used to serve the appropriate cookie consent banner and (where available) localized content.
- Cross-device data (Google Signals): When you are signed in to a Google Account with Ads Personalization enabled, Google may associate your activity on the Site with information Google holds about your other devices and signed-in sessions, providing us with aggregated cross-device, demographic, and interest-category reports. See Section 7 for details.
3.3 Information from Third Parties
- Analytics providers: We may receive aggregated insights about visitor demographics and interests from analytics services such as Google Analytics, including aggregated reports derived from Google Signals.
- Advertising providers: We may receive aggregated campaign performance data from advertising platforms such as Google Ads, including conversion measurement and audience insights.
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide and operate the Site and product information resources | Device/browser data, usage data |
| Provide AI-powered assistance and answer visitor questions via the embedded Delphi.ai assistant | Conversation content, name, email (if provided) |
| Schedule sales calls and demos requested through the AI assistant or contact forms | Name, email, company, conversation context |
| Sync contact data to our CRM (HubSpot) for sales follow-up and relationship management | Name, email, company, job title |
| Respond to your inquiries and contact form submissions | Name, email, company, message content |
| Send marketing communications (only with your consent) | Name, email, company |
| Analyze site performance and improve user experience | Usage data, device data, cookies |
| Measure advertising performance and serve relevant Avatier advertisements on other sites (only with your marketing-cookie consent) | Cookie identifiers, click identifiers (e.g., gclid), referral data |
| Serve region-appropriate cookie consent banners | IP-derived geolocation |
| Detect, prevent, and address security issues | IP address, device data, usage patterns |
| Comply with legal obligations | Any data as required by law |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
5. Legal Bases for Processing
Depending on your location and the nature of the processing, we rely on one or more of the following legal bases:
- Consent: Where you have given clear, affirmative consent for us to process your personal data for a specific purpose (e.g., marketing emails, analytics cookies, advertising cookies). You may withdraw consent at any time.
- Contract performance: Where processing is necessary to fulfill a request you have made (e.g., scheduling a demo, responding to an inquiry, providing a trial).
- Legitimate interests: Where processing is necessary for our legitimate business interests (e.g., site security, fraud prevention, aggregated analytics on essential operations), provided those interests are not overridden by your rights.
- Legal obligation: Where processing is necessary to comply with applicable laws, regulations, or legal proceedings.
6. Cookies & Tracking Technologies
The Site uses cookies and similar tracking technologies. When you first visit the Site, you will see a cookie consent banner appropriate to your geographic location, powered by Cookiebot (Usercentrics). Your consent preferences are stored and respected across your session.
6.1 Categories of Cookies
| Category | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary | Essential for site functionality, security, and cookie consent management. These cannot be disabled. | No |
| Analytics / Performance | Help us understand how visitors interact with the Site (e.g., Google Analytics 4 and the Google Signals feature). Data is aggregated and de-identified where possible. | Yes |
| Marketing / Advertising | Used to measure advertising campaign performance and to show you Avatier advertisements on other websites and apps you visit (“remarketing”). Currently includes cookies set by Google Ads (cookies beginning with _gcl_ and the gclid click identifier appended to ad-click URLs) and by LinkedIn via the LinkedIn Insight Tag (e.g., bcookie, li_gc, lidc). All marketing cookies are loaded only after you grant marketing consent. | Yes |
| Preferences / Functional | Remember your settings such as language preference and display options. | Yes |
6.2 Managing Your Preferences
You can change or withdraw your cookie consent at any time by clicking the cookie settings icon (privacy trigger) visible on every page of the Site, or by clearing cookies in your browser settings. You may also configure your browser to block or alert you about cookies. Note that disabling certain cookies may affect site functionality.
6.3 Do Not Track & Global Privacy Control
We honor Global Privacy Control (GPC) signals where required by applicable state law. If your browser sends a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal information where such laws apply.
6.4 Cookies & Trackers in Use
The list below is generated automatically by Cookiebot and reflects every cookie and tracker currently detected on the Site. It is updated on each scan.
7. Analytics & Advertising
This section describes the specific analytics and advertising features we use, and the choices you have regarding each.
7.1 Google Analytics 4
We use Google Analytics 4 (“GA4”), provided by Google LLC, to understand how visitors find and use the Site. GA4 sets the _ga and _ga_5YJXKDN9HP cookies, which are loaded only after you grant analytics-cookie consent. Data collected is sent to Google in the United States and is processed under Google’s terms.
7.2 Google Signals
We have enabled Google Signals within our GA4 property. When you are signed in to a Google Account that has Ads Personalization enabled, Google may associate your activity on this Site with information Google has about your other devices and signed-in sessions. This allows us to receive aggregated, de-identified reports about cross-device user journeys, demographics (age range, gender), and general interest categories.
We do not receive or store personally identifiable information through this feature — only aggregated reports. You can review or change what Google shares at any time at adssettings.google.com, or by disabling Ads Personalization in your Google Account.
7.3 Google Ads & Remarketing
We use Google Ads to promote our products and services. With your consent for advertising cookies, Google may collect information about your visit to our Site (such as pages viewed and actions taken) and use that information to:
- measure the performance of our advertising campaigns; and
- show you Avatier advertisements on other websites and apps you visit (commonly known as “remarketing”).
Google Ads sets cookies whose names typically begin with _gcl_, and appends a click identifier (gclid) to URLs you arrive at after clicking an Avatier advertisement. You can opt out of personalized Google advertising at any time at adssettings.google.com. You may also use the Universal Opt-Out Mechanism (GPC) described in Section 6.3.
7.4 Analytics Data Warehouse (BigQuery)
An aggregated copy of our Google Analytics data is exported daily to a Google Cloud Platform project under Avatier’s control (project name: “Avatier Analytics,” stored in the United States). Exported data remains subject to the same retention, access, and security commitments described in this policy. This export does not collect any additional information about you; it is a copy of analytics data Avatier already receives through Google Analytics.
7.5 YouTube Embedded Videos
Pages on the Site may embed videos from YouTube (a Google service). YouTube may set cookies and collect data about your video interactions if you choose to play an embedded video, in accordance with Google’s privacy practices.
7.6 Bot Protection (Cloudflare)
We use Cloudflare bot management to detect and prevent automated abuse of the Site. Cloudflare processes IP address and request metadata in real time for this purpose and does not use this data for advertising.
7.7 LinkedIn Insight Tag
We use the LinkedIn Insight Tag, a service operated by LinkedIn Corporation (1000 W Maude Avenue, Sunnyvale, CA 94085, USA — a Microsoft subsidiary), to measure the effectiveness of our LinkedIn advertising, track conversions, and build retargeting audiences. After you grant marketing consent through our cookie banner, the Insight Tag sets cookies (bcookie, li_gc, lidc) that allow LinkedIn to recognize you on its platform if you are a LinkedIn member and to report aggregate campaign performance to us. We do not receive your name, email, or other direct identifiers from LinkedIn — only aggregate metrics. LinkedIn transfers data to the United States under the EU-U.S. Data Privacy Framework. You can withdraw consent at any time via the cookie-settings icon on every page, manage your advertising preferences at linkedin.com/psettings/advertising, or read LinkedIn’s privacy policy at linkedin.com/legal/privacy-policy.
7.8 SafeBase Trust Center & Security Badges
We use SafeBase, Inc. (548 Market Street, San Francisco, CA 94104, USA) to host and display our security certification badges (SOC 2, ISO 27001, PCI-DSS, GDPR, FERPA) and our public security trust center at trust.avatier.com. When your browser loads these badge images or trust-center pages, Cloudflare — SafeBase’s CDN — sets strictly-necessary technical cookies (__cf_bm, _cfuvid) for bot management and DDoS protection. These cookies do not track your behavior across sites and are essential to the secure operation of the service; for that reason they do not require consent under GDPR Art. 6(1)(f). SafeBase’s privacy notice is available at safebase.io/privacy-policy.
8. Data Sharing & Third Parties
We do not sell your personal data. We do not rent, trade, or otherwise make your personal information available to third parties for their own marketing purposes.
We may share your data with the following categories of recipients, solely for the purposes described in this policy:
- Service providers: Hosting and infrastructure providers, analytics services (Google Analytics, Google Cloud BigQuery), AI conversational assistant (Delphi.ai), CRM platform (HubSpot), advertising and conversion tracking (Google Ads and LinkedIn Insight Tag — loaded only after you grant marketing consent; data transferred to the United States under the EU-U.S. Data Privacy Framework), video hosting (YouTube), bot protection (Cloudflare), security trust center and certification-badge hosting (SafeBase), email delivery platforms, and cookie consent management (Cookiebot/Usercentrics). These providers process data on our behalf under contractual obligations that include data protection requirements.
- Professional advisors: Lawyers, auditors, and consultants, when necessary for legal, compliance, or business purposes.
- Law enforcement and regulators: When required by law, regulation, legal process, or enforceable governmental request.
- Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.
9. International Data Transfers
Avatier is headquartered in the United States. Your personal data may be transferred to and processed in the United States or other countries where our service providers operate. These countries may not have data protection laws equivalent to those in your jurisdiction.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, Switzerland, Brazil, or other jurisdictions with data transfer restrictions, we rely on appropriate safeguards, including:
- The EU-US Data Privacy Framework (and UK and Swiss extensions), where applicable.
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Binding Corporate Rules, where adopted by our service providers.
- Your explicit consent, where no other mechanism is available and you have been informed of the potential risks.
You may request a copy of the safeguards we use by contacting [email protected].
10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period |
|---|---|
| Contact form submissions | Up to 24 months from last interaction, or until you request deletion |
| Marketing consent records | Duration of consent plus 3 years (for compliance documentation) |
| Cookie consent records | 12 months (then re-consent is requested) |
| Google Analytics event-level data | Up to 14 months (Google Analytics 4 maximum), then automatically deleted. Aggregated report data is retained indefinitely in dashboards but cannot be used to identify individual users. |
Google Ads advertising cookies (_gcl_au, _gcl_aw, and similar) | Up to 90 days for click identifiers; aggregated conversion metrics retained per Google Ads defaults. |
LinkedIn Insight Tag cookies (bcookie, li_gc, lidc) | Up to 1 year for the bcookie browser identifier; lidc expires after 24 hours; aggregated campaign metrics retained per LinkedIn Campaign Manager defaults. |
| BigQuery analytics export | Mirrors GA4 event-level retention; older data is purged from the Avatier Analytics BigQuery dataset as part of our data lifecycle policy. |
| Server logs (IP, access) | 90 days |
| AI assistant interactions (Delphi.ai) | Conversation history retained in Delphi.ai for the duration of your contact record. Contact data (name, email) synced to HubSpot and retained per HubSpot retention below. |
| CRM contact records (HubSpot) | Retained until you request deletion or the record is no longer needed for business purposes |
| Account credentials (if you create an account) | Retained for the life of your account plus a reasonable archive period required by law |
11. Your Rights
Regardless of where you are located, we are committed to honoring the following data subject rights. Some rights may be subject to conditions or limitations under applicable law. Region-specific rights are detailed in the Regional Addenda below.
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure / Deletion: Request deletion of your personal data, subject to legal retention obligations.
- Restriction: Request that we limit how we use your data in certain circumstances.
- Data portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
- Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any email or by contacting us directly.
- Opt-out of targeted advertising: Disable advertising cookies via the cookie settings icon or by enabling Global Privacy Control (GPC) in your browser.
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (generally 30 days, or as specified in the Regional Addenda).
We will not discriminate against you for exercising your privacy rights. You will not receive different pricing, quality of service, or access to features based on your privacy choices.
12. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS/HTTPS), access controls, regular security assessments, and employee training. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.
13. Children’s Privacy
The Site is not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at [email protected] and we will promptly delete the information.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required by law, provide you with notice (for example, via a banner on the Site or an email to affected individuals). Your continued use of the Site after any changes constitutes acceptance of the updated policy.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Avatier Corporation — Privacy Team
4733 Chabot Drive, Suite 201
Pleasanton, CA 94588, USA
Email: [email protected]
Phone: (800) 609-8610 or (925) 217-5170
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (see Regional Addenda for specifics).
Regional Addenda
The following sections provide additional information and rights specific to your jurisdiction. These addenda supplement — and where they conflict, override — the general provisions above.
GDPR European Economic Area, United Kingdom & Switzerland
This addendum applies if you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland. Your personal data is protected under the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and/or the Swiss Federal Act on Data Protection (“revFADP”).
Legal bases for processing: We process your data based on one or more of the legal bases described in Section 5. For analytics cookies, Google Signals, and advertising cookies, we rely on your consent. For responding to inquiries, we rely on contractual necessity or pre-contractual steps. For security and fraud prevention, we rely on legitimate interests.
Your additional rights under GDPR:
- Right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in the UK, BfDI in Germany). A list of EEA data protection authorities is available at edpb.europa.eu.
- Right to object to processing based on legitimate interests, including profiling.
- Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
- Right to data portability in a structured, commonly used, machine-readable format.
International transfers: Data transferred from the EEA/UK/Switzerland to the United States is protected under the EU-US Data Privacy Framework and/or Standard Contractual Clauses. You may request a copy of these safeguards from [email protected].
Response time: We will respond to data subject requests within 30 days, extendable by up to 60 additional days for complex requests, with notice to you.
LGPD Brazil
This addendum applies if you are located in Brazil. Your personal data is protected under the Lei Geral de Proteção de Dados (“LGPD”), Law No. 13.709/2018.
Data controller (Controlador): Avatier Corporation, as identified in Section 2.
Legal bases under LGPD: We process your personal data based on one or more of the following LGPD-specific legal bases: your consent (Art. 7, I), performance of a contract or preliminary procedures (Art. 7, V), legitimate interests of the controller (Art. 7, IX), or compliance with a legal or regulatory obligation (Art. 7, II).
Your rights under LGPD (Art. 18):
- Confirmation of the existence of processing.
- Access to your personal data.
- Correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data.
- Portability of data to another service provider.
- Deletion of data processed with your consent.
- Information about public and private entities with whom data has been shared.
- Information about the possibility and consequences of not providing consent.
- Revocation of consent.
Supervisory authority: You may lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.
International transfers: Where your data is transferred to the United States, we rely on standard contractual clauses or your explicit consent, in accordance with LGPD Art. 33.
Response time: We will respond to requests within 15 business days.
CCPA + State Laws United States
This addendum applies if you are a resident of a US state with a comprehensive privacy law. As of 2026, this includes California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana (MCDPA), Iowa (Iowa CDPA), Delaware (DPDPA), Florida (FDBR), Tennessee (TIPA), Nebraska (NEDPA), New Hampshire (NHPA), New Jersey (NJDPA), Maryland (MODPA), Minnesota (MNCDPA), Indiana (ICDPA), Kentucky (KCDPA), and Rhode Island (RI-DTPPA).
Categories of personal information collected (CCPA disclosure):
- Identifiers: name, email address, IP address, company name.
- Internet or electronic network activity: browsing history on the Site, interactions with the AI assistant, referral data, advertising cookie identifiers.
- Geolocation data: approximate location derived from IP address.
- Professional information: job title, company (if provided via form).
- Inferences: preferences and interests inferred from usage data and Google Signals aggregated reports.
Sharing for cross-context behavioral advertising: We use Google Ads remarketing audiences, which may constitute “sharing” of personal information under the CCPA/CPRA. You can opt out at any time by disabling advertising cookies via the cookie settings icon, enabling Global Privacy Control (GPC) in your browser, or visiting adssettings.google.com. We do not “sell” personal information for monetary consideration.
Your rights under US state privacy laws:
- Right to know / access the personal information we have collected about you.
- Right to delete your personal information.
- Right to correct inaccurate personal information.
- Right to opt-out of the sale or sharing of personal information.
- Right to opt-out of targeted advertising.
- Right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
- Right to non-discrimination for exercising your rights.
- Right to data portability (where applicable).
Universal Opt-Out Mechanism (UOOM): We honor Global Privacy Control (GPC) signals. If your browser is configured to send a GPC signal, we will treat it as a valid opt-out request under applicable state laws.
How to exercise your rights: Submit a request to [email protected] or call (800) 609-8610. We may need to verify your identity before fulfilling your request. We will respond within 45 days (California) or the timeframe required by your state’s law.
Authorized agents: California residents may designate an authorized agent to make requests on their behalf. The agent must provide written authorization signed by you, and we may verify your identity directly.
California “Shine the Light” (Civil Code § 1798.83): California residents may request information about personal data disclosed to third parties for direct marketing. As stated, we do not disclose personal data to third parties for their direct marketing purposes.
PIPEDA Canada
This addendum applies if you are located in Canada. Your personal data is protected under the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, if you are in Québec, the Act respecting the protection of personal information in the private sector (commonly referred to as “Law 25” or “Québec’s Privacy Law”).
Consent: We obtain your meaningful consent before or at the time of collecting personal information, except where permitted by law. Consent may be express (e.g., form submission, cookie acceptance) or implied (e.g., for low-risk analytics with clear notice). For sensitive information, we obtain express consent.
Your rights under PIPEDA:
- Right to access your personal information and be informed of its use and disclosure.
- Right to challenge the accuracy and completeness of your information and have it corrected.
- Right to withdraw consent (subject to legal or contractual restrictions).
- Right to complain to the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.
Québec residents (Law 25): You additionally have the right to data portability, the right to de-indexing (removal from search results in certain contexts), and the right to be informed of automated decision-making. The Commission d’accès à l’information du Québec (CAI) is your applicable supervisory authority.
Response time: We will respond to access requests within 30 days.
APAC Asia-Pacific
This addendum applies if you are located in Australia, New Zealand, Japan, South Korea, India, China, Singapore, Thailand, the Philippines, Indonesia, Vietnam, Taiwan, Hong Kong, or Malaysia.
China (PIPL): If you are in China, processing of your personal information is governed by the Personal Information Protection Law (“PIPL”). We process your data based on your consent or contractual necessity. You have the right to access, correct, delete, and port your data, and to withdraw consent. Cross-border transfers are conducted in compliance with PIPL requirements, including standard contracts filed with the Cyberspace Administration of China where applicable.
India (DPDPA): If you are in India, we process your personal data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDPA”). We rely on consent as the default legal basis. You have the right to access, correct, erase, and receive grievance redressal.
Japan (APPI): Under the Act on the Protection of Personal Information, we provide clear notice of use purposes and allow you to opt out of third-party data provision.
South Korea (PIPA): Under the Personal Information Protection Act, we obtain consent prior to collecting and processing your personal information. You have the right to access, correct, delete, and suspend processing.
Australia (Privacy Act / APPs) & New Zealand (Privacy Act 2020): We comply with the Australian Privacy Principles and NZ Information Privacy Principles. You may lodge complaints with the OAIC (Australia) or OPC (New Zealand).
Southeast Asia (Singapore PDPA, Thailand PDPA, Philippines DPA, Indonesia PDP Law, Vietnam PDPD, Malaysia PDPA): We comply with applicable local data protection requirements, including obtaining consent where required, providing notice of processing purposes, and honoring data subject access and correction requests.
Response time: We will respond to data subject requests within the timeframe required by applicable local law, generally 30 days.
Additional Other Regions
Latin America (Argentina, Colombia, Chile, Mexico, Peru, Uruguay, Ecuador, Costa Rica, Panama): We comply with applicable data protection laws in your jurisdiction, including Argentina’s PDPA, Colombia’s Law 1581, Chile’s updated Data Protection Law, Mexico’s LFPDPPP, and similar legislation throughout the region. You have the right to access, rectify, cancel, and object to processing of your personal data (known as “ARCO” rights in several jurisdictions).
Africa (South Africa, Nigeria, Kenya, Ghana, Egypt, Morocco, Algeria, and others): If you are in South Africa, your data is protected under the Protection of Personal Information Act (“POPIA”). For Nigeria, we comply with the Nigeria Data Protection Act 2023 (NDPA). For Kenya, the Data Protection Act 2019 applies. For other African jurisdictions with data protection laws, we honor applicable local requirements.
Middle East (Saudi Arabia, UAE, Bahrain, Qatar, Kuwait, Oman, Israel, Turkey): We comply with applicable data protection legislation in your jurisdiction, including Saudi Arabia’s PDPL, the UAE’s federal data protection law, Israel’s Privacy Protection Law, and Turkey’s KVKK.
Russia (FZ-152): We comply with Russian Federal Law No. 152-FZ on Personal Data to the extent applicable.
All other jurisdictions: If you are in a country not specifically listed above, we will process your personal data in accordance with the general provisions of this Privacy Policy and any locally applicable data protection requirements.