Privacy Policy

Effective Date: September 21, 2025
Serona Data, Inc. (“Serona,” “we,” “us,” or “our”)

 

1. Introduction; Scope of this Policy

This Privacy Policy explains in detail how Serona collects, uses, discloses, and protects information when business users and enterprise clients access our websites, dashboards, datasets, APIs, software, documentation, support channels, and related services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and agree that the practices described herein are reasonable.

Your use of the Services is also subject to the Serona Terms of Use and to any master subscription, evaluation, proof-of-concept, or data license agreement executed between Serona and your organization (each, an “Agreement”). In the event of a direct conflict between this Privacy Policy and an executed Agreement, the Agreement will govern to the extent permitted by law, except with respect to information rights that are non-waivable under applicable law.

Serona provides enterprise Services exclusively to organizations and their authorized personnel. We do not offer consumer products and do not knowingly collect personal information directly from individual consumers for consumer purposes.

 

2. Roles; Relationship to Your Organization

Serona’s role depends on the context:

  • For contact, account, and usage information we collect directly from enterprise users to operate the Services, Serona generally acts as an independent controller (or “business” under certain U.S. state privacy laws).

  • For data we process on behalf of a customer pursuant to an Agreement (for example, customer-provided inputs, files, or configuration data routed into the Services), Serona acts as a processor (or “service provider”) and will process such data only on the customer’s documented instructions and in accordance with the data processing terms in the applicable Agreement or Data Processing Addendum (“DPA”).

Where Serona acts as a processor/service provider, the customer is responsible for providing any legally required privacy notices to its own end users and for honoring data subject requests that pertain to customer-controlled data.

 

3. Information We Collect

We endeavor to collect only what is reasonably necessary to deliver, secure, and improve the Services. Categories include:

3.1 Business Contact and Account Data

When enterprise personnel register accounts, request a demo, sign into dashboards, obtain API keys, or communicate with us, we may collect business contact details (such as name, business email, business phone, employer and role), authentication information, single sign-on identifiers, organization affiliation, subscription tier, and user management metadata.

3.2 Service Usage and Technical Data

When users interact with the Services, we may collect log and telemetry information such as IP address, device and browser attributes, date/time, pages or endpoints accessed, request/response metadata, performance diagnostics, feature utilization, and other standard usage analytics. If you install or interact with a Serona SDK, connector, or integration, we may receive limited diagnostic information to support performance, security, and reliability.

3.3 Support, Feedback, and Communications

If you contact us for support, take part in training or onboarding, join a screen-share, or provide feedback, we may receive the content of your communications and associated metadata. Where training calls or sessions are recorded for quality assurance or enablement, we will notify participants in advance and honor reasonable objections or alternative arrangements.

3.4 Payment and Billing Data

For paid offerings we may collect billing contacts, purchase order details, tax IDs, and transaction records. Payment card data, where applicable, is handled by compliant third-party processors; Serona does not store full card numbers.

3.5 Customer-Provided Inputs (Processor Context)

Customers may provide files, configuration parameters, or other inputs for processing under an Agreement. Serona processes such customer-provided inputs solely to deliver the Services, in accordance with the Agreement/DPA, and consistent with customer instructions. Customers must ensure they have a lawful basis for submitting any data to Serona and must implement appropriate internal controls and disclosures.

3.6 Public or Enterprise-Open Sources

If customers opt into specific connectors, we may ingest business-public resources (e.g., company press rooms or permitted RSS feeds) to power features, subject to customer configuration.

3.7 Sensitive Data

We do not seek to collect sensitive categories of personal data (such as health, biometric, or government-issued identifiers) unless expressly agreed in writing. Customers must avoid submitting such data unless strictly necessary and lawfully authorized.

 

4. How We Use Information

We use information to:

  • Provide, secure, and improve the Services

  • Administer and enforce Agreements

  • Enable authentication, provisioning, and entitlements

  • Deliver dashboards, analytics, APIs, and alerts

  • Provide technical support and training

  • Monitor service health, performance, and security

  • Prevent abuse, fraud, or misuse

  • Improve features, user experience, and accuracy

  • Communicate service notices, enablement materials, and enterprise-relevant marketing

  • Manage billing and account relationships

  • Exercise or defend legal claims

  • Comply with audit, regulatory, and record-keeping obligations

We may aggregate or de-identify information so that it no longer reasonably identifies a person or device. We may use such aggregated or de-identified information for any lawful purpose, including analytics, benchmarking, capacity planning, and service improvement. We do not attempt to re-identify aggregated or de-identified information and require the same of our service providers.

 

5. Legal Bases (EEA/UK)

Where required (e.g., EEA/UK), Serona relies on one or more of the following legal bases:

  • Performance of a contract (to provide the Services under an Agreement)

  • Legitimate interests (e.g., securing our platform, improving features, and communicating with business users about enterprise updates)

  • Consent (where we present an affirmative choice and you consent)

  • Compliance with legal obligations (e.g., tax, accounting, sanctions screening, and safety/security obligations)

 

6. Cookies, Analytics, and Similar Technologies

Our sites and dashboards may use:

  • Strictly necessary cookies for authentication and security

  • Functional and performance technologies to understand how enterprise users engage with features

Where required by law, we will present a consent mechanism allowing you to accept, reject, or manage categories of non-essential cookies. You can also adjust browser settings to limit cookies; however, disabling essential cookies may impair core functionality. We do not use consumer ad tech within the Services.

 

7. How We Share Information

We do not sell personal information. We disclose information only in the limited circumstances below:

  • Service Providers — vetted vendors that support hosting, infrastructure, security, analytics, communications, ticketing, and billing.

  • Affiliates and Corporate Transactions — sharing with affiliates under common control; transfers in mergers, acquisitions, reorganizations, or asset sales.

  • Compliance and Safety — disclosure to competent authorities or third parties if necessary to comply with law, enforce policies, protect rights/safety, or investigate security incidents.

  • Customer Direction — in the processor/service-provider context, disclosure of customer-controlled data according to customer’s documented instructions.

 

8. Data Minimization; Customer Responsibilities

Serona designs Services with data minimization and role-based access controls. Customers remain responsible for the lawfulness of data they submit, for implementing appropriate governance, and for ensuring their own users’ access is provisioned, monitored, and revoked when appropriate. Customers must not use the Services to attempt to identify or re-identify any individual from aggregated or de-identified information.

 

9. Security

We maintain administrative, technical, and physical safeguards appropriate to the nature of the information we process and the risks posed. These include encryption in transit, hardened environments, firewalls, monitoring, vulnerability management, and employee confidentiality obligations.

Customers remain responsible for maintaining the confidentiality of credentials, enabling MFA where available, applying least-privilege principles, and promptly notifying us of suspected compromise.

 

10. Retention

We retain information as long as necessary to:

  • Provide the Services

  • Fulfill the purposes described in this Policy

  • Comply with legal/audit requirements

  • Resolve disputes and enforce Agreements

  • Protect our rights

When information is no longer needed, we will delete or de-identify it, subject to any legal or contractual retention obligations.

 

11. International Transfers

Serona is headquartered in the United States and may process information in the U.S. and other jurisdictions. Where required, we implement safeguards for cross-border transfers, such as Standard Contractual Clauses (and, where relevant, the UK Addendum) and additional technical and organizational measures.

 

12. Your Privacy Rights

Depending on your location and our role, you may have rights such as access, rectification, erasure, restriction of processing, objection, portability, and withdrawal of consent.

  • EEA/UK: Direct requests to Serona where we act as controller; otherwise, to your organization where we act as processor.

  • U.S. States: Certain rights (access, delete, correct, opt-out of targeted ads/sale). Serona does not sell personal information or process for targeted ads.

  • Verification/Authorized Agents: We will verify requests and require evidence of authority for agent submissions.

 

13. Children

The Services are enterprise tools not directed to children, and we do not knowingly collect personal information from anyone under 16 years of age.

 

14. Third-Party Links and Integrations

The Services may link to or enable integrations with third-party sites, platforms, or tools. Those parties have their own policies. Serona is not responsible for third-party privacy/security practices.

 

15. Do Not Track; Preference Signals

Our Services do not respond to Do Not Track browser signals. Where applicable law recognizes browser-based opt-out preference signals, we will honor those signals.

 

16. Changes to this Policy

We may update this Privacy Policy from time to time. If material changes occur, we will provide reasonable notice by posting an updated version and revising the effective date. Continued use after the effective date constitutes acceptance.

 

17. Contact; Data Protection Queries

If you have questions about this Privacy Policy, our data practices, or your rights, please contact us:

Serona Data, Inc.
Attn: Privacy
alerts@seronadata.com