Privacy Policy

This Privacy Policy describes how DARTRi Solutions ("we," "us," or "our") collects, uses, stores, shares, and protects information obtained from users ("you" or "your") of our websites, applications, products, consulting services, and any other services we provide (collectively, "Services"). By accessing or using any of our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of all Services immediately.

We collect information through various means depending on how you interact with our Services. This includes information you provide directly, information collected automatically, and information obtained from third parties:

• Identity information: name, email address, phone number, company name, job title, and mailing address provided during account creation, project onboarding, or correspondence
• Account credentials: usernames, passwords, and authentication tokens necessary to access our platforms and deliverables
• Financial information: billing addresses, payment method details, tax identification numbers, and transaction records, processed and stored through PCI-DSS compliant third-party payment processors
• Project data: files, documents, specifications, source code, databases, communications, and any materials you provide or generate in the course of a service engagement
• Communications: emails, messages, call recordings (with consent), support tickets, and any correspondence between you and our team
• Device and technical information: IP addresses, browser type and version, operating system, device identifiers, screen resolution, referring URLs, and access timestamps
• Usage data: pages visited, features used, session duration, click patterns, error logs, and interaction data collected through analytics tooling
• Cookies and similar technologies: session cookies, preference cookies, and analytics identifiers as described in Section 9

We process personal information under one or more of the following legal bases, depending on the context:

• Contractual necessity: processing required to fulfill a service agreement, statement of work, or other contract with you
• Legitimate interests: processing necessary for the operation, improvement, and security of our Services, where those interests are not overridden by your rights
• Consent: processing based on your explicit, informed, and freely given consent, which you may withdraw at any time
• Legal obligation: processing required to comply with applicable laws, regulations, court orders, or legal processes
• Vital interests: processing necessary to protect the vital interests of any natural person, in rare emergency circumstances

We use collected information strictly for the following purposes. We do not sell, rent, lease, or trade your personal information to any third party for any reason. We do not monetize your data. Period.

• To provide, deliver, and maintain the Services you have requested or contracted for
• To communicate with you regarding projects, deliverables, invoices, support requests, and service updates
• To authenticate your identity and manage account access
• To process payments, issue invoices, and maintain financial records
• To detect, investigate, and prevent security incidents, fraud, abuse, or violations of our terms
• To monitor, analyze, and improve the performance, reliability, and user experience of our Services
• To comply with applicable legal obligations, regulatory requirements, and lawful government requests
• To enforce our Terms of Service, service agreements, and other legal rights
• To send you service-related announcements, updates, and security alerts (not marketing unless you opt in)

We do not sell your data. We share personal information only in the following limited circumstances:

• Service providers: trusted third-party vendors who perform services on our behalf (hosting, payment processing, analytics, email delivery) under strict contractual obligations to protect your data and use it only as directed
• Legal requirements: when required by law, regulation, subpoena, court order, or governmental request. We will notify you unless legally prohibited from doing so
• Business protection: to enforce our agreements, protect our rights, property, or safety, or that of our users or the public, where permitted by law
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets. Your data would remain subject to the promises made in this Privacy Policy
• With your consent: in any other case, only with your explicit prior consent

We implement comprehensive technical, administrative, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction:

• TLS 1.3 encryption for all data in transit across all Services
• AES-256 encryption at rest for all stored personal and project data
• Role-based access controls with least-privilege principles enforced across all systems
• Multi-factor authentication required for all internal access to production environments
• Regular vulnerability scanning, penetration testing, and security audits
• Automated intrusion detection and real-time monitoring of all production infrastructure
• Employee security training and background checks for personnel with data access
• Incident response procedures with defined detection, containment, and notification timelines

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, satisfy legal or regulatory obligations, resolve disputes, and enforce our agreements. Specific retention periods:

• Account information: retained for the duration of the service relationship plus 12 months after termination, unless deletion is requested sooner
• Project data: retained per the terms of your service agreement, typically returned or destroyed within 90 days of project completion unless otherwise agreed
• Financial records: retained for 7 years as required by tax and accounting regulations
• Communications: retained for 3 years after the last interaction for support and audit purposes
• Usage and analytics data: retained in anonymized/aggregated form indefinitely; identifiable usage data is deleted within 24 months
• Security and access logs: retained for 12 months for incident investigation purposes

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. We honor these rights regardless of where you are located to the maximum extent practicable: To exercise any of these rights, contact us using the information in Section 15. We will respond within 30 days. We may request verification of your identity before processing your request.

• Right to access: request a copy of the personal information we hold about you
• Right to rectification: request correction of inaccurate or incomplete information
• Right to deletion: request erasure of your personal information, subject to legal retention requirements
• Right to restriction: request that we limit processing of your information in certain circumstances
• Right to data portability: receive your data in a structured, machine-readable format and transfer it to another provider
• Right to object: object to processing based on legitimate interests, including profiling and direct marketing
• Right to withdraw consent: withdraw previously given consent at any time without affecting the lawfulness of prior processing
• Right to non-discrimination: exercise any of these rights without receiving discriminatory treatment
• Right to lodge a complaint: file a complaint with a supervisory authority in your jurisdiction

We use minimal cookies and similar technologies strictly necessary for the operation of our Services. We do not use third-party advertising cookies, social media tracking pixels, cross-site tracking, fingerprinting, or behavioral advertising technologies of any kind. You may control cookies through your browser settings. Disabling non-essential cookies will not affect core functionality. We do not honor "Do Not Track" browser signals because we do not engage in cross-site tracking in the first place.

• Essential cookies: required for authentication, security, and basic site functionality. Cannot be disabled without breaking core features
• Preference cookies: store your settings such as theme preference and language. Optional and can be cleared through browser settings
• Analytics cookies: collect anonymized usage data to help us improve our Services. We use privacy-respecting analytics that do not track individuals across sites

Our primary infrastructure is located in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable, and we evaluate the data protection laws of destination countries.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland: we process your data in compliance with the General Data Protection Regulation (GDPR) and UK GDPR. You have all rights described in Section 8. Our lawful bases for processing are described in Section 3. You may contact your local data protection authority if you believe your rights have been violated. Our designated point of contact for GDPR inquiries is legal@dartri.com

For California residents: we comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell personal information. We do not share personal information for cross-context behavioral advertising. You have the right to know what information we collect and how we use it, the right to delete your information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. We will not discriminate against you for exercising any of these rights. To submit a verifiable consumer request, contact us using the information in Section 15.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under 18. If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will provide at least 30 days' advance notice via email to your account address and/or a prominent notice on our website before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically. Previous versions are available upon request.

For privacy questions, data subject requests, or to exercise any of your rights under this policy, contact us at legal@dartri.com. For urgent matters, you may also reach us by mail at: DARTRi Solutions, Attn: Privacy, Denver, CO. We aim to respond to all inquiries within 30 days.