Privacy Policy

1.1 Information You Provide Directly. When you complete our System Census or other intake forms, we collect: company name, website, and industry; contact name, email address, phone number, and role; employee count and tool stack information; pain points, AI experience, and related business context. When you email us, schedule a call, or otherwise communicate with us, we collect the content of those communications. When you enter into a consulting engagement, we collect information necessary to perform the Services.

1.2 Information Collected Automatically. We may collect standard web analytics data including IP address, browser type, referring URL, pages visited, and time spent on pages. We use this data in aggregate to improve our website and do not use it to identify individual visitors. We use minimal, functional cookies necessary for website operation. We do not use advertising cookies or tracking pixels from third parties.

1.3 Client Data Accessed During Engagements. During consulting engagements, with explicit Client authorization, we may access data within Client business systems including CRMs, billing platforms, accounting software, HR systems, and other SaaS tools. This access is governed by the applicable Statement of Work and is subject to the data processing practices described in Section 3.

2.1 Portal and Contact Information. We use the information you provide through the Portal and communications to: prepare for discovery calls and consulting engagements; customize our approach based on your industry, tool stack, and pain points; communicate with you about our services; and improve our intake process and service delivery.

2.2 Client Data During Engagements. During an active engagement, Client Data is processed solely for the purpose of delivering the Services described in the applicable Statement of Work. This includes analyzing system schemas and data structures, identifying entities, relationships, and semantic conflicts across systems, generating statistical and structural profiles, and building the Semantic Map and related deliverables.

2.3 Metadata for Service Improvement. Anonymized, aggregated Metadata Profiles may be used to improve our methodology and tools, build cross-industry pattern libraries, and develop the Solaris platform. We do not use individually identifiable Client Data for these purposes.

3.1 What We Retain (Metadata Profiles). After processing Client Data, we retain only: schema metadata (field names, data types, table structures, and relationship definitions — not the records themselves); statistical profiles (record counts, null percentages, value distributions, and format patterns — anonymized and aggregated); semantic annotations (entity type classifications, conflict type labels, severity scores, and resolution patterns); and anonymized samples (a small number of structurally representative examples with all identifying information removed).

3.2 What We Do Not Retain. We do not retain: individual customer records, employee records, or transaction records; personally identifiable information (PII) from Client systems; protected health information (PHI); financial account numbers, Social Security numbers, or similar sensitive identifiers; or raw data exports or database dumps.

3.3 Processing Transparency. Every data processing operation is logged in our audit system. During an engagement, Clients can view the status of data processing at any time, including: schema reading (we accessed field names and data types), data profiling (we analyzed statistical distributions), metadata extraction (we extracted semantic patterns and conflict signatures), and raw data purge (all raw data has been deleted from processing environments).

3.4 Data Deletion Receipts. Upon completion of data processing for any Client system, Solaris issues a formal Data Deletion Receipt documenting: which systems were accessed; how many records were read; what metadata was retained (categories, not content); the exact timestamp when raw data was purged; and a confirmation that no raw Client Data persists in any Solaris system. Clients may request these receipts at any time during or after an engagement.

3.5 Processing Environment. Client Data is processed in isolated, temporary environments. These environments are created specifically for each processing task, not shared between clients, destroyed after processing is complete and metadata has been extracted, and subject to encryption in transit and at rest during the processing window.

4.1 We Do Not Sell Data. We do not sell, rent, or trade any personal information or Client Data to third parties.

4.2 Service Providers. We may share information with third-party service providers that help us operate our business, including cloud infrastructure (hosting and database services), communication tools, and analytics. All service providers are bound by confidentiality and data protection obligations.

4.3 Legal Requirements. We may disclose information if required by law, regulation, legal process, or governmental request. We will make reasonable efforts to notify you before such disclosure unless prohibited by law.

4.4 Business Transfers. In the event of a merger, acquisition, or sale of assets, information may be transferred to the successor entity, subject to the same privacy protections described in this policy.

5.1 Technical Safeguards. We implement reasonable technical safeguards to protect information, including encryption in transit (TLS/HTTPS) for all data transmission, encryption at rest for stored data, access controls limiting data access to authorized personnel, and isolated processing environments for Client Data.

5.2 Organizational Safeguards. Personnel with access to Client Data are bound by confidentiality obligations. We maintain audit logs of all data access and processing activities and conduct periodic reviews of our security practices.

5.3 Limitations. No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6.1 Access and Correction. You may request access to the personal information we hold about you and request corrections to any inaccuracies. Contact us at privacy@getsolaris.ai.

6.2 Deletion. You may request deletion of your personal information from our systems. We will comply within 30 days, except where retention is required by law or necessary to fulfill an active engagement.

6.3 Metadata Profile Deletion. Clients may request deletion of their Metadata Profiles at any time. Upon such request, we will delete all metadata associated with the Client's engagement within 30 days and provide confirmation.

6.4 Data Portability. Upon request, we will provide your personal information and any Metadata Profiles in a standard, machine-readable format.

6.5 Withdrawal of Consent. If we process your information based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

7.1 Portal and Contact Information. We retain Portal submissions and contact information for as long as necessary to provide our services and maintain our business relationship. If you request deletion, we will comply within 30 days.

7.2 Engagement Records. We retain records of consulting engagements (Statements of Work, invoices, deliverable records) for a period of seven (7) years after the engagement ends, as required for business and tax purposes.

7.3 Metadata Profiles. Metadata Profiles are retained indefinitely unless a Client requests deletion. These profiles contain no personally identifiable information.

7.4 Audit Logs. Data processing audit logs and Data Deletion Receipts are retained for a period of five (5) years.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. As stated in Section 4.1, we do not sell personal information. To exercise your CCPA rights, contact us at privacy@getsolaris.ai.

Our services are operated from the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our services, you consent to such transfer and processing.

We may update this Privacy Policy from time to time. Material changes will be communicated via the website or email. The "Last Updated" date at the top of this policy indicates the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy, data processing practices, or to exercise your rights, contact us at:

Solaris
Privacy inquiries: privacy@getsolaris.ai
General inquiries: hello@getsolaris.ai
Website: getsolaris.ai

For data deletion requests or Data Deletion Receipt inquiries, please include your company name and the approximate dates of your engagement.