Skip to content
CanopyIQ logo

Privacy Policy

Effective Date: January 1, 2025

Introduction

CanopyIQ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent security platform and related services.

Information We Collect

Information You Provide

  • • Account registration information (name, email, organization)
  • • Contact form submissions and support requests
  • • Configuration settings and policy definitions
  • • Billing and payment information

Information We Collect Automatically

  • • Usage analytics and performance metrics
  • • Log data including API calls, timestamps, and response codes
  • • Device and browser information
  • • IP addresses and geographic location data

Information from Third Parties

  • • Identity provider data (SSO integrations)
  • • Integration data from connected systems
  • • Public information about your organization

How We Use Your Information

  • Service Provision: Operate and maintain our platform
  • Security: Monitor for threats and policy violations
  • Support: Respond to inquiries and provide assistance
  • Improvement: Analyze usage patterns to enhance our services
  • Communication: Send important updates and notifications
  • Compliance: Meet legal and regulatory requirements

Data Protection Principles

Zero Knowledge Architecture

CanopyIQ operates on a zero-knowledge principle. We do not store, process, or have access to your proprietary data, AI model interactions, or sensitive business information. Our platform operates on metadata and policy decisions only.

Data Minimization

We collect only the minimum data necessary to provide our services effectively. Personal data is anonymized where possible and retained only as long as necessary for legitimate business purposes.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Cryptographic keys are managed using industry-standard key management systems with hardware security modules.

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following limited circumstances:

  • Service Providers: Trusted vendors who assist in operating our platform
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with mergers or acquisitions
  • Consent: When you explicitly authorize disclosure

Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Until account deletion plus 30 days
  • Usage Logs: 2 years for security and compliance
  • Support Data: 3 years for service improvement
  • Billing Data: 7 years for tax and audit purposes

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured format
  • Restriction: Limit processing of your data
  • Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@canopyiq.ai.

International Transfers

CanopyIQ operates globally and may transfer data across international borders. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions where applicable. Data residency options are available for organizations with specific requirements.

Security Measures

  • • SOC 2 Type II and ISO 27001 certified infrastructure
  • • Regular security audits and penetration testing
  • • Multi-factor authentication and role-based access controls
  • • Incident response and breach notification procedures
  • • Employee security training and background checks

Cookies and Tracking Technologies

We use essential cookies for platform functionality and analytics cookies to improve our services. You can control cookie preferences through your browser settings.

  • Essential Cookies: Required for platform operation
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings

Children's Privacy

CanopyIQ is designed for enterprise use and is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through email or platform notifications at least 30 days before taking effect.

Contact Information

For questions about this Privacy Policy or our data practices, contact:

CanopyIQ Privacy Team

Email: privacy@canopyiq.ai

Address: [Company Address]