Privacy Policy

1. Introduction

Nsight Intelligence, Corp. (dba Cepien AI) ("Nsight," "Cepien," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes in detail how we collect, use, disclose, store, and safeguard data when you use our platform. It applies to all services provided by Nsight and any associated subdomains or applications. Our privacy practices are grounded in principles of transparency, accountability, and security.

2. Data Collection

We do not collect personally identifiable information such as names, home addresses, email addresses, government IDs, or financial data unless explicitly required for account management and with your consent. However, we collect the following categories of data:

  • Usage Data: Includes platform activity such as feature use, timestamps, performance metrics, crash reports, and interaction patterns.

  • Customer Data: Any data transmitted through our platform or via integration, such as support logs, transcripts, product feedback, and behavioral analytics.

  • Metadata: Includes IP addresses, browser type, device information, language preferences, session duration, and similar technical data.

  • Third-Party Integration Data: Information synced via integrations with platforms such as Jira, Figma, Zendesk, Slack, Mixpanel, and others. This data may include anonymized or pseudonymized identifiers.

Our platform is not intended for minors (individuals under the legal age), and we do not knowingly collect or process data from minors.

Legal Basis for Data Processing (GDPR Compliance)
We process user data primarily based on the following legal grounds as defined by GDPR Article 6:

  • Legitimate Interests: For platform enhancement, performance optimization, identifying user issues, and limited AI training to improve accuracy and user experience.

  • Consent: Explicit consent obtained for specific scenarios such as opting into specialized services or integrations.

  • Contractual Necessity: To fulfill obligations to users, such as providing requested services or technical support.

3. Data Usage

We process collected data for the following purposes:

  • To provide, operate, and maintain our services.

  • To improve performance and reliability through internal analytics and monitoring.

  • To analyze user interactions, discover issues, tag relevant insights, and generate personalized product and experience recommendations.

  • To train models and improve platform accuracy using aggregated, anonymized, or pseudonymized data. As outlined in our Data Processing Agreement, we never use identifiable personal data for model training unless explicitly authorized in writing by the customer.

  • To provide customer support, onboarding, and troubleshooting.

  • To maintain compliance with legal obligations and support audits or regulatory inquiries.

Automated Decision-Making and Profiling

Cepien AI employs automated synthesis, data tagging, and analysis methods to provide meaningful insights and recommendations to Customers. These processes do not produce legal effects or significantly impact individuals' rights or freedoms. Should our practices change to include significant profiling or decision-making affecting users, we will explicitly notify users and offer options to review, contest, or request human intervention.

Alternative Tracking Technologies
In alignment with our commitment to privacy, we do not use cookies, local storage, fingerprinting, or other persistent tracking technologies. All analytics data is processed internally and does not rely on device-level tracking.

Consent for AI Model Training
We may use limited user data for training AI models aimed at improving platform accuracy, insights, and overall user experience. Users have full control and may explicitly opt-out of having their data used for AI training by notifying us at contact@cepien.ai. Once a request is received, we will cease using your data for AI model training within 30 days.

We do not share, sell, or disclose user data to third parties. We also do not use cookies or third-party tracking technologies—our analytics are built within our platform.

4. Data Retention and Storage Practices

We retain data in accordance with the following policies:

  • Frozen Accounts: If a customer account is frozen, data remains in active storage for up to 90 days to support reactivation. After 90 days, data is moved to encrypted archival storage for up to 3 years.

  • Terminated Accounts: If an account is terminated, data remains in active storage for 30 days, then transitions to archival storage for 3 years.

  • Deletion Requests: If a user or customer requests full data deletion, we retain data for up to 30 days to support reactivation, then fully delete it from our systems, including backups.

All stored data is encrypted both in transit and at rest using AES-256 and TLS 1.3 protocols. Data is stored primarily in U.S.-based regions, including Microsoft Azure US-East and Heroku US-East.

5. Data Security Measures

We implement a multi-layered security strategy that includes:

  • End-to-end encryption and secure storage.

  • Role-based access control (RBAC) and single sign-on (SSO) via Auth0 and/or WorkOS.

  • Infrastructure monitoring and logging via Datadog.

  • Security policies aligned with GDPR best practices.

  • Confidentiality agreements and background checks for all employees and contractors with access to sensitive systems.

In the event of a data breach, we will notify affected customers promptly and report the incident to appropriate authorities within 72 hours, in compliance with applicable regulations.

6. Your Rights & Choices

As a data subject or authorized user, you have the following rights:

  • Access: You may request a copy of any data we hold about you or your workspace.

  • Correction: You may request changes to inaccurate or outdated data.

  • Deletion: You may request erasure of your data, subject to legal exceptions.

  • Portability: You may request a machine-readable export of your data.

  • Restriction/Objection: You may restrict or object to certain types of processing.

You may exercise these rights by contacting us at contact@cepien.ai

We will respond to all verifiable requests within the legally required timeframe, typically 30 days.

7. Third-Party Sub-Processors

Nsight partners with authorized sub-processors to support core functionality. All sub-processors are contractually obligated to adhere to strict data protection and security standards. As of the last update, we use:

  • Heroku, Azure: Infrastructure and hosting.

  • OpenAI, Google (Gemini), Llama: AI model APIs (pseudonymized or aggregated input only).

  • Unified: Integration infrastructure provider.

  • Datadog, Microsoft Clarity: Monitoring and analytics.

  • Auth0, WorkOS: Authentication and identity.

  • SendGrid: Email communications.

We notify customers at least 10 days in advance of engaging new sub-processors and provide the opportunity to object to any additions on reasonable grounds.

8. International Data Transfers

Data processed by Cepien AI may be transferred to and stored in countries outside of your own, including the United States. For users in the EU, UK, and Switzerland, such transfers are governed by Standard Contractual Clauses (SCCs), the UK Addendum, and supplementary measures to ensure a level of protection equivalent to that under the GDPR.

9. Compliance with Privacy Laws

Nsight is committed to full compliance with applicable privacy regulations, including but not limited to:

  • General Data Protection Regulation (GDPR) – EU/UK

  • California Consumer Privacy Act (CCPA)

  • Virginia Consumer Data Protection Act (VCDPA)

  • Swiss Federal Act on Data Protection

While we are not yet officially SOC2 certified, we are actively aligning our internal frameworks with these standards and have adopted robust contractual, technical, and organizational measures as defined in our Data Processing Agreement.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. If we make material changes, we will notify you via email or prominent platform notice prior to the update taking effect.

Contact Us
If you have any questions about this Privacy Policy, your rights, or how we process data, please contact us at:

Email: contact@cepien.ai
Company: Nsight Intelligence, Corp. (dba Cepien AI)

———

By continuing to use Cepien AI, you acknowledge and accept the practices described in this Privacy Policy.

October 27, 2025