Privacy Policy

SECTION 01How We Collect and Use Information

Information you provide us directly

We collect a variety of information that you provide directly to us, including:

• Account Information. When you first sign in to your account, you will need to provide us with a username, password, your first and last name, and your email address.
• Your User Content. When you use the Service to interact with our technologies, we collect and retain this information to facilitate our services, and for troubleshooting and abuse monitoring purposes. You may choose to have information shared by you removed at any time by contacting us at legal@bastionintelligence.com.

Information we automatically collect

When you use our Service, we may automatically collect certain information, including:

• Analytics information. We may directly collect analytics data, or use third-party analytics tools (such as those of Google Analytics), to help us measure traffic and usage trends for the Service. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving the Service. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
• Cookies information. When you visit the Service, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us or our business partners to track your usage of the Service over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. You can choose to remove a persistent cookie any time by following your web browser's directions about how to erase or delete cookies. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, key features of the Service may not function properly if the ability to accept cookies is disabled or if you erase our cookies.
• Do Not Track signals and similar mechanisms. While it is FortaTech Security's intent to honor browser-initiated Do Not Track signals, industry standards for how to prevent tracking and continue to provide functionality are not defined. Please do not use this service if you are concerned about Do Not Track capabilities.
• Log file information. Log file information is automatically reported by your browser or mobile device each time you access the Service. When you use our Service, our servers automatically record certain log file information. These server logs may include your web request, Internet Protocol ("IP") address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information.

SECTION 02How We Use Your Information

We use your information for various purposes, including, but not limited to:

• Respond to your requests for information.
• Provide you with more effective and efficient customer service.
• Contact you regarding our products, services, and other information that we think may be of interest to you. Such communications use only account-level identifiers (such as your name and email address) and do not use, reference, or rely on any Protected Health Information.
• Customize the content on the Services.
• Improve the Services and other products and services we may offer.
• Engage in analysis, marketing research, and reports regarding use of our Services.
• Operate, maintain, and provide to you and others the features and functionality of the Service.
• Provide security and monitoring, and address technical issues and bugs.
• Enforce legal agreements, including our Terms of Use and this Privacy Policy.

We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device ("Aggregate/De-Identified Information").

SECTION 03Commercial and Marketing Communications

We may use the information we collect or receive to communicate directly and indirectly with you. We may send you emails containing newsletters, promotions and special offers related to the Service. If you do not want to receive such email messages, you will be given the option to opt out or change your preferences.

SECTION 04How We Share Your Information

We may share your information in the following ways:

• Service Providers and Sub-processors. We share personal data with contractors and third-party service providers as needed to operate, secure, support, and improve our Services. We publish the full list of providers we engage in Section 3.4 of our Terms of Use. We do not provide BastionGPT Customer Content to our marketing, advertising, scheduling, payment, public-website, affiliate/referral, or customer-communications providers. Service providers who are classified as sub-processors are held to standards of data protection no less rigorous than applicable data protection laws require.
• Marketing Website Advertising Partners. On our marketing website at bastionintelligence.com, we use advertising and analytics pixels from Meta Platforms (Facebook), Reddit, and LinkedIn to measure marketing campaigns and reach prospective customers. These partners may receive cookie or pixel identifiers, IP address, device or browser information, and information about how you interact with our marketing pages. Under the California Consumer Privacy Act, this activity may be considered "sharing" for cross-context behavioral advertising. We do not use these partners in the BastionGPT application, and BastionGPT Customer Content (prompts, uploads, documents, audio, transcripts, and outputs entered into or generated through the BastionGPT application) is never disclosed to Meta, Reddit, LinkedIn, or any other advertising provider.
• Protection of FortaTech Security and Others. We will disclose your information where it is required to do so by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Use or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of us, our Users or others.
• Aggregate/De-Identified Information. We may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. This Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
• With Your Consent. We may disclose your information to third parties with your consent or based on another legal basis permitted by applicable law.

SECTION 05How We Store and Protect Your Information

Storage and processing location

Information collected through the Service will generally be stored and processed in the United States. However, for users registered in Canada and Australia, your personal data will be stored and processed within Canada and Australia, respectively. By using the Service, you consent to the transfer, processing, and storage of your information in the United States, or, if applicable, in Canada or Australia. This includes using your information in other countries where we may process and store data. Such processing will be conducted in accordance with the purposes outlined in this Privacy Policy and in compliance with applicable laws.

Keeping your information safe

We care about the security of your information, and we use a variety of physical, administrative, and technical safeguards to preserve the integrity and security of information collected through the Service. To protect your privacy and security, we take steps to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your account information, and for controlling access to your email communications from us, at all times. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.

We have rigorous data protection measures in place, including data encryption, alerting and monitoring solutions, and access control measures. Refer to our Security Page for more details.

SECTION 06Your Choices About Your Information

Deleting uploaded data

If at any time you wish to remove information you have uploaded to the Service or stored in your account, you may request to do so by contacting us at legal@bastionintelligence.com. However, we may retain your information even after you have opted out if retention is necessary to comply with legal obligations, regulatory requirements, or to prevent fraud or abuse.

Communications from us

You can stop receiving promotional email communications from us by clicking on the "unsubscribe" link provided in such communications. You may opt out of promotional emails. You cannot opt out of essential transactional, billing, legal, security, or service notices while your account remains active. If you have any questions about reviewing or modifying your account information, you can contact us directly at support@bastionintelligence.com.

SECTION 07Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), provides you with the rights described in this Section regarding your personal information. Capitalized terms used in this Section have the meanings given to them in the CCPA.

Categories of personal information collected

In the preceding 12 months we have collected the following categories of personal information: identifiers (such as name, email address, and IP address); commercial information (such as subscription and billing records); internet or other electronic network activity information (such as log data, device information, and usage analytics); and any User Content you submit through the Services. We collect this information from you directly, automatically through your use of the Services, and from service providers who help us operate the Services. We do not knowingly collect sensitive personal information beyond what is necessary to provide the Services.

Purposes for collection

We collect personal information to provide, maintain, and secure the Services; to communicate with you; to comply with our legal obligations; and for the other purposes described in Section 2 of this Privacy Policy.

Sale and sharing of personal information

We do not sell personal information for monetary consideration. On our marketing websites at bastionintelligence.com and bastiongpt.com, we use advertising and analytics pixels from partners such as Meta Platforms, Reddit, and LinkedIn to measure marketing campaigns and reach prospective customers. These partners may receive cookie or pixel identifiers, IP address, device or browser information, and information about how you interact with our marketing pages. Under the CCPA, this activity may be considered “sharing” for cross-context behavioral advertising.

We do not use advertising pixels in the BastionGPT application. BastionGPT Customer Content (including prompts, uploads, documents, audio, transcripts, outputs, and PHI) is not sold, shared with advertising partners, or used for advertising.

California residents may opt out of sale/sharing by clicking “Your Privacy Choices” in the footer, using the opt-out control provided there, enabling a recognized opt-out preference signal such as Global Privacy Control, or contacting us at legal@bastionintelligence.com.

Your CCPA rights

Subject to certain exceptions, California residents have the right to:

• Right to know. Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the purposes for collecting it, and the categories of third parties with whom we have disclosed it.
• Right to delete. Request that we delete personal information we have collected from you, subject to applicable exceptions.
• Right to correct. Request that we correct inaccurate personal information we maintain about you.
• Right to portability. Request a copy of personal information you have provided to us in a portable, readily usable format.
• Right to opt out of sale or sharing. Direct us not to sell or share your personal information, including sharing for cross-context behavioral advertising on our marketing website.
• Right to limit use of sensitive personal information. Direct us to limit the use and disclosure of sensitive personal information to purposes specified in the CCPA.
• Right to non-discrimination. Not be subject to discriminatory treatment for exercising your CCPA rights.

Submitting a request

To exercise access, deletion, correction, or portability rights, contact us at legal@bastionintelligence.com. We may verify your identity before responding to those requests. To opt out of sale/sharing, click “Your Privacy Choices” in the footer, use the opt-out control provided there, enable a recognized opt-out preference signal such as Global Privacy Control, or contact us at legal@bastionintelligence.com. We do not require account creation or identity verification to honor a browser/device-level opt-out where we can process the request without additional information.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request, once per calendar year and free of charge, information about any disclosure of their personal information to third parties for those third parties' direct marketing purposes during the prior calendar year. To make such a request, email legal@bastionintelligence.com.

SECTION 08Children's Privacy

The Services are intended for users who are at least 18 years old, and are not directed to children. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has provided us with personal information, we will delete that information as quickly as possible. If you believe that we may have any information from or about a person under 18, please contact us at legal@bastionintelligence.com.

SECTION 09Links to Other Websites and Services

The Service may contain links to third-party websites and services. We are not responsible for the practices employed by these websites or services, including the information or content contained therein. If you choose to use these sites or features, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function.

Because these third-party websites and services are not operated by us, we are not responsible for the content or practices of those websites or services. Please remember that when you use a link to go from the Service to another website, our Privacy Policy does not apply to those websites or services. Your browsing and interaction on any third-party website or service, including those that have a link or advertisement on our website, are subject to that third party's own rules and policies.

SECTION 10Data Subject Rights

Data subjects are entitled, as set out in and subject to the conditions of applicable law, to:

• Request access to the personal data we process about you: you are entitled to know whether we process data about you. If we do, you may obtain a copy of this data.
• Request a rectification of your personal data: you are entitled to request rectification of data about you that is inaccurate or incomplete.
• Request the erasure of your personal data: you are entitled to request deletion of your personal data.
• Request the restriction of the processing of your personal data: you are entitled to request that FortaTech Security restrict processing activities of your personal data.
• Request portability of your personal data: you are entitled to request a copy of your personal data (in a structured, commonly used and machine-readable format) to transfer this data to another data controller.
• Object to processing of your personal data: you are entitled to request that FortaTech Security no longer process your personal data.

Where processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting FortaTech Security's Legal Team at legal@bastionintelligence.com. This will not affect FortaTech Security's right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.

SECTION 11How to Contact Us

Please contact us at legal@bastionintelligence.com if you have any questions about the information we may have collected about you, and to review, revise, or delete such information.

SECTION 12Changes to Our Privacy Policy

We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, and so you should review this page periodically. We keep our Privacy Policy under review to ensure it is up to date and accurate.