1. Introduction & Scope

SLAInsightAI Inc. ("Company," "we," "us," "our," or "SLAInsightAI") operates a cloud-based SLA compliance monitoring and predictive analytics platform. This Privacy Policy applies to personal information collected through our website (slainsightai.com), web application (app.slainsightai.com), APIs, and related services. We are committed to protecting your privacy and ensuring transparency about how we collect, use, disclose, and safeguard your information. This policy is compliant with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. Last Updated: January 2026.

2. Categories of Information We Collect

Account & Registration Information: When you create an account, we collect your full name, business email address, phone number, company name, job title, billing address, and authentication credentials (passwords are hashed and never stored in plaintext).

Service & Performance Data: Our platform processes service metrics, SLA compliance data, availability logs, response time statistics, error rates, incident logs, and other performance indicators you upload via API or integrate from your monitoring systems. This data is necessary to provide breach prediction and real-time monitoring.

Usage & Interaction Data: We automatically collect information about your platform interactions including login timestamps, feature access patterns, API calls made, reports generated, dashboard views, export requests, and system performance metrics for each user account.

Communication Data: When you contact our support team via email, chat, or phone, we collect all correspondence, including messages, attachments, case numbers, timestamps, and any information you provide to help resolve issues.

Technical & Device Data: We automatically collect IP addresses, browser type and version, operating system, device identifiers, cookie data, referral sources, and other technical information to ensure platform security and optimize performance.

3. Legal Basis for Processing

Contract Performance: We process personal data necessary to perform our services under your service agreement with SLAInsightAI, including account management, billing, and service delivery.

Legitimate Interests: We process data to improve platform functionality, prevent fraud, maintain security, analyze usage trends, develop new features, and understand how customers interact with our services. These interests are balanced against your privacy rights.

Legal Obligation: We may process data to comply with applicable laws, regulations, court orders, government requests, and regulatory investigations.

Explicit Consent: For non-essential data collection such as marketing communications, webinar invitations, and promotional content, we rely on your explicit, informed consent, which you can withdraw at any time.

4. How We Use Your Information

Service Delivery: Providing SLA monitoring, breach prediction, analytics, performance reporting, API integrations, customer support, and platform access management.

Account Administration: Creating and maintaining user accounts, managing billing and invoicing, processing payments, and handling account security.

Platform Improvement: Analyzing usage patterns, identifying performance bottlenecks, developing new features, conducting A/B testing, and optimizing user experience based on aggregate data.

Security & Compliance: Detecting and preventing unauthorized access, data breaches, fraud, abuse, malicious activity, and maintaining audit trails for compliance purposes.

Communications: Sending mandatory service notifications (account changes, billing updates, security alerts), system maintenance notices, and product updates. These are separate from optional marketing communications.

Marketing & Engagement: With your consent, sending newsletters, product updates, webinar invitations, case studies, and promotional offers. You can unsubscribe from marketing communications at any time.

5. Data Sharing & Third-Party Disclosure

Service Providers & Vendors: We share data with service providers who help operate our platform, including cloud hosting providers (AWS), payment processors (Stripe), email delivery services, and analytics providers. All vendors are contractually obligated to use your data only as necessary and are bound by Data Processing Agreements (DPAs).

Business Partners: If you sign up through a partner channel or reseller, we may share limited information with that partner for relationship tracking and support coordination.

Legal Requirements: We disclose information when required by law, court order, subpoena, government request, or to protect the rights, safety, or property of SLAInsightAI, our users, or the public.

Merger or Acquisition: If SLAInsightAI is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will notify affected users of any such change.

Aggregated & Anonymized Data: We may share anonymized, aggregated data that cannot identify individuals with business partners and the public to show platform trends and market insights.

6. International Data Transfers

SLAInsightAI is headquartered in Toronto, Ontario, Canada. Our primary infrastructure is located in North America. If you are located outside North America, your personal information will be transferred to, stored in, and processed in Canada and/or the United States. By using our services, you consent to this transfer. We implement appropriate safeguards including Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) to ensure your data is protected according to applicable privacy laws including GDPR Article 46. We conduct Data Transfer Impact Assessments (DTIAs) to ensure compliance with GDPR requirements.

7. Data Retention & Deletion

Account Data: We retain your account information for as long as your account is active. Upon account deletion or termination, we retain data for 30 days to process outstanding billing, resolve technical issues, and handle disputes. After 30 days, personal data is deleted or anonymized unless legal obligations require longer retention.

Service Data: SLA metrics, service performance data, and analytics are retained according to your subscription plan (24 months for Standard, unlimited for Professional/Enterprise). You can request data export at any time. Upon written request, we delete your service data within 30 days unless legal holds apply.

Technical Logs & Session Data: Technical logs, session data, and access logs are retained for 90 days for security, troubleshooting, and incident response purposes, then automatically deleted.

Backup Data: Deleted data may persist in backup systems for up to 90 days before permanent deletion. We cannot retrieve deleted data from backups after the retention period expires.

8. Your Privacy Rights

Right to Access: You have the right to request a copy of all personal information we hold about you in a portable, machine-readable format (GDPR Article 15, CCPA Section 1798.100).

Right to Correction: You can request that we correct or update inaccurate personal information associated with your account.

Right to Deletion: You have the right to request deletion of your personal data, subject to legal retention requirements and contract fulfillment obligations (GDPR Article 17, CCPA Section 1798.105).

Right to Object: You can object to our processing of your data for marketing purposes or legitimate interest processing (GDPR Article 21).

Right to Data Portability: You have the right to receive your data in a structured, commonly used format and transmit it to another service provider (GDPR Article 20, CCPA Section 1798.100).

Right to Withdraw Consent: You can withdraw consent for non-essential processing at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact [email protected]. We will verify your identity and respond within 30 days (or as required by applicable law).

9. Security Measures & Safeguards

We implement industry-leading security practices including encryption in transit (TLS 1.2+ with 256-bit keys), encryption at rest (AES-256), multi-factor authentication, role-based access controls, IP whitelisting, API key management, comprehensive audit logging, and intrusion detection systems. Our infrastructure achieves SOC 2 Type II certification, undergoes quarterly security assessments, and conducts annual penetration testing by independent third parties. Security patches are deployed within 24 hours of identification. However, no method of transmission or electronic storage is completely secure. If you believe your account has been compromised, immediately contact [email protected].

10. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to maintain your session, remember preferences, prevent fraud, analyze platform usage, and optimize performance. Essential cookies are required for platform functionality. Analytics cookies help us understand usage patterns. You can control cookie preferences through the cookie banner on our website. See our Cookie Policy for complete details.

11. Children & COPPA Compliance

Our services are designed for business professionals and are not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will immediately delete such information and terminate the child's account. For EU residents aged 13-16, parental consent may be required under GDPR Article 8 depending on jurisdiction.

12. Privacy Policy Updates & Notification

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email and by posting the updated policy with a new "Last Updated" date. We encourage you to review this policy regularly. Continued use of our services after updates constitutes acceptance of the revised policy.

13. Contact & Complaint Information

Privacy Officer: [email protected]

Data Protection Officer: [email protected]

Security Issues: [email protected]

Customer Support: [email protected] | +1-000-000-0000

Mailing Address: SLAInsightAI Inc., Toronto, ON M5H 2N2, Canada

If you have privacy concerns unresolved after contacting us, you may file a complaint with your local data protection authority. EU residents can contact their national DPA. California residents can contact the California Attorney General.

Last Updated: January 2026 | Version: 1.0 | Effective Date: January 1, 2026