1. Introduction

Sirius AI (“Company”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal information of individuals who visit our website (www.siriusai.com, the “Website”) or use our services (“Services”). This Privacy Policy explains how we collect, use, disclose, retain and protect your personal information in compliance with:

• U.S. consumer privacy laws (including but not limited to the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and the federal FTC Act)
• India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Information Technology laws and rules
• Our internal Information Security Management System (ISMS), aligned to ISO/IEC 27001 standards.
  By accessing our Website or using our Services, you accept the practices described in this Policy. If you do not agree, please do not use the Website or provide us personal information.

2. Scope

This Policy applies to:

• Visitors of the Website
• Prospective and existing clients, partners, vendors, and candidates whose personal data we process in the course of our business. It does not apply to personal data processed on behalf of our clients in a “data processor” capacity under a separate contractual agreement (e.g., Master Services Agreement or Data Processing Addendum).
• Our internal Information Security Management System (ISMS), aligned to ISO/IEC 27001 standards.
  By accessing our Website or using our Services, you accept the practices described in this Policy. If you do not agree, please do not use the Website or provide us personal information.

3. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Sensitive Personal Data” (India) means the categories defined under the DPDP Act.
• “Processing” means any operation or set of operations performed on Personal Data (collection, storage, use, disclosure, transfer, deletion, etc.).
• “Data Principal” (India) means the individual whose personal data is processed.
• “Controller / Processor” terminology is used as applicable under U.S. state and Indian law.

4. Information We Collect

4.1 Information You Provide

We may collect:

• Identifiers: name, email address, phone number, company name, job title, business address
• Professional information: resumes, LinkedIn profile, skills
• Communication data: messages, feedback, inquiries, surveys
• Job application data and related documents (if you apply for a role)
• Billing/payment information (if and when required)

4.2 Usage & Technical Information

Automatically collected information when you visit our Website or interact with Services includes:

• Device and browser type/version, operating system, IP address, device identifiers, geolocation (approximate)
• Pages visited, time spent, referring URL, clicks, session duration
• Cookies, web beacons, pixels, local storage

4.3 Information from Third-Parties

We may receive personal information from third-party sources such as publicly available databases, social media platforms, recruitment agencies or data providers.

5. Purpose & Legal Basis for Processing

We process personal information for the following purposes, with the corresponding legal basis:

We will only collect personal data for the purposes specified or compatible with these purposes.

7. Disclosure & Sharing of Information

We may share your personal information in the following circumstances:

• Service Providers / Sub-processors: We engage vendors (hosting, analytics, email, recruitment platforms, marketing services) who assist us in providing the Website/Services. They are contractually bound to protect your data in line with our ISMS.
• Affiliates / Subsidiaries: For legitimate internal business purposes.
• Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets or financing, we will notify you of changes in control and data transfer.
• Legal & Regulatory Disclosures: When required by law, regulation, court or governmental order, or to protect rights, safety or property.
• With Consent: When you specifically authorize us to share your personal information.
  We do not sell your personal information as defined under U.S. privacy laws (e.g., CCPA § 1798.140(ad)).

8. Cross-Border Transfers

Because we operate globally and may engage partners, your personal data may be transferred to, stored in, or processed in jurisdictions including the United States, India or others.

Because we operate globally and may engage partners, your personal data may be transferred to, stored in, or processed in jurisdictions including the United States, India or others.

9. Data Retention

We retain your personal information only for as long as necessary to fulfil the purpose for which it was collected, comply with legal obligations, resolve disputes or enforce our agreements.

Data is reviewed and securely deleted or anonymized in accordance with our ISMS and internal Data Retention Schedule aligned with ISO/IEC 27001 Clause A.8.3.

10. Security & ISMS Compliance

We maintain an Information Security Management System (ISMS) certified or aligned to ISO/IEC 27001 standard. Our security framework includes:

• Encryption of personal data in transit and at rest
• Access control, role-based privileges and least-privilege principle
• Regular vulnerability assessments, penetration testing and audits
• Business continuity and incident response procedures
• Employee training and confidentiality obligations While we apply industry-standard measures, we cannot guarantee absolute security. You are encouraged to treat any online transmission of data accordingly.

11. Your Rights

A. U.S. Residents

Depending on state law, you may have the following rights (subject to verification and permissible under law):

• Right to Know / Access: Request categories and specific personal information collected about you (e.g., CCPA § 1798.100)
• Right to Deletion: Request deletion of personal information (e.g., CCPA § 1798.105)
• Right to Correction: Request correction of inaccurate personal information (e.g., CPRA § 1798.106)
• Right to Data Portability: Receive your personal information in a portable format (e.g., CCPA § 1798.130)
• Right to Opt-Out of Sale or Sharing: Opt out of sale or sharing of personal information (e.g., CCPA § 1798.120)
• Right to Limit Use of Sensitive Information: Where applicable (e.g., CPRA § 1798.121)

Requests may be submitted to: contactus@siriusai.com We will verify your identity as required by law and provide response within the legally mandated timeframe.

B. Indian Data Principals

Under the DPDP Act, you may:

• Request access to your personal data we hold
• Request correction or erasure of your personal data
• Withdraw consent (if processing is based on consent)
• Lodge a grievance with our Grievance Officer (see Section 14) Requests should be sent to: contactus@siriusai.com with subject “DPDP – [Your Name]”. We will acknowledge and respond within 30 days (unless law permits longer).

12. Cookies & Tracking Technologies

We use cookies, web beacons, pixels, local storage, analytics tools (such as Google Analytics) and other similar technologies for:

• Technical operation, remembering preferences & login status
• Functionality & personalization
• Analytics: understanding user behavior and improving our Website/Services
• Marketing: personalized advertising and retargeting You may manage cookies via your browser settings or via our cookie banner/consent mechanism. For Indian residents and other jurisdictions requiring explicit consent, we provide opt-in mechanisms consistent with applicable law.

13. Children’s Privacy

Our Website and Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware of having collected information from a minor without consent (where required), we will delete it promptly.

14. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, applicable laws or regulatory expectations. The “Last Updated” date will reflect when changes were made.

15. Contact Information & Grievance Redressal

If you have questions or complaints regarding this Policy or our data practices, you may contact us at:

• Email: contactus@siriusai.com
• US Address: Sirius AI Inc., 111 Town Square Place, Suite 1203, Jersey City, NJ 07310, USA
• India Address: Sirius AI Pvt. Ltd., 2nd Floor, Augusta Point, Golf Course Rd, DLF Phase 5, Sector 53, Gurugram, Haryana 122002, India