Privacy Policy

This policy is published by SegOps AI (“SegOps”, “we”, “us”). It describes how we handle information when you use our marketing site, sign up for a workspace, or integrate our SDKs and APIs.

For questions about this policy or to exercise your data rights, contact us at [email protected].

We distinguish two categories of information:

• Customer data — events, user profiles, and product records you push to SegOps through our SDKs, REST endpoints, or imports. You decide what to send. You own it; we process it on your behalf as described in our DPA.
• Operational data — information we collect to operate the service: account details, billing data via Stripe, server logs, product analytics, and support communications.

On the marketing site, we collect minimal analytics necessary to understand usage and improve content. We do not sell personal information.

• To provide, operate, and improve the SegOps platform.
• To authenticate users, enforce workspace isolation, and detect abuse.
• To bill, invoice, and account for usage under your plan.
• To respond to support requests and security disclosures.
• To send service notices and material product updates.
• To meet legal obligations and respond to lawful requests.

We process customer data only to provide the service to you, in accordance with our DPA and your documented instructions.

We do not train foundation models on your customer data. Our AI features (the AI Rule Studio, AI Copilot, entity extraction, AI page generation, and product embeddings) use third-party LLM and embedding APIs — Anthropic Claude and OpenAI — under their zero-retention or no-training enterprise terms where available.

The AI Rule Studio is schema-aware by design: the model receives column names, data types, and aggregates from your schema, but does not see raw row-level event data.

You can disable specific AI features per workspace. If your environment requires bring-your-own inference, contact us.

We use a small set of vetted subprocessors to deliver the platform. Current list:

• Google Cloud Platform — hosting, storage, the event stream, and the analytics warehouse.
• Stripe — billing, subscriptions, and metered usage invoicing.
• Anthropic — LLM inference for AI features (Claude).
• OpenAI — embedding generation for product and search features.
• Resend / Postmark — transactional and product email.
• Sentry — application error monitoring.

We notify customers of material changes to this list. Contact [email protected] to subscribe to subprocessor updates.

Customer data is encrypted in transit (TLS 1.2+) and at rest. Workspaces are isolated by tenant identifiers enforced across the application, the event stream, and the analytics warehouse. Secrets and credentials at rest are encrypted with Fernet keys managed in a KMS.

We operate principle-of-least-privilege access controls, log administrative actions, and conduct vulnerability scans. SOC 2 Type II is on our roadmap; reach [email protected] for the latest posture documentation.

Customer data is retained for as long as your workspace is active. On termination, we retain customer data for up to 30 days to allow account recovery and export, after which it is purged from primary systems. Backups are rotated on a 90-day cycle.

You can delete individual users and events at any time via the API. Aggregate usage data required for billing is retained as needed to meet financial obligations.

We process data in the United States and the European Union. When we transfer personal information across regions, we rely on Standard Contractual Clauses (SCCs) and equivalent mechanisms. Enterprise customers can request a regional deployment of the analytics warehouse.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port personal information about you. To exercise these rights, contact [email protected]. We respond within 30 days.

If you are an end-user of a SegOps customer (e.g. their website visitor), please direct your request to that customer in the first instance — they are the data controller for their workspace.

California residents have additional rights under the CCPA/CPRA, including the right to know what we collect and to direct us not to sell or share personal information. We do not sell or share personal information.

The marketing site uses cookies for session continuity and essential functionality, plus minimal product analytics to understand which content is useful. We do not run third-party advertising trackers.

You can disable non-essential cookies in your browser without losing access to public pages.

SegOps is a B2B platform and is not directed at children. We do not knowingly collect information from anyone under 16. If you believe a child has provided us with information, contact us and we will delete it.

We may update this policy from time to time. We will post the updated version here and update the “Last updated” date. For material changes, we will provide reasonable advance notice to active customers by email or in-app.

Questions, requests, or concerns? Email [email protected]. For security disclosures, please use [email protected].