Privacy Policy

Last Updated July 14, 2025

1. Introduction and Purpose

At FTSBN, Inc., dba pipIQ (‘Company,” “pipIQ,” “we,” “us,” or “our”) protecting your privacy and securing your personal data is fundamental to our business and operations. Our commitment to privacy extends to all data collected and processed through our artiﬁcial intelligence (AI) software-as-a-service (SaaS) platform, pipIQ. As a U.S.-headquartered company serving global markets, we ensure full compliance with major international privacy regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide. This Privacy Policy explains how your personal data is collected, processed, stored and protected when using our services.

2. Scope of This Privacy Policy

This Privacy Policy applies comprehensively to all services offered by our Company, including our websites, applications, and any associated services or products that reference this policy. It also governs any interactions with our customer service, support teams, or any communication channels where data may be exchanged or processed. By interacting with our services or providing us with your data, you consent to the practices described in this policy.

3. Principles of Data Privacy and Protection

Our Company adheres to internationally recognized privacy principles to ensure your data is handled with care, respect, and transparency. These principles include lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, conﬁdentiality, and accountability. These principles guide every aspect of our data processing practices, ensuring that we collect and handle your personal data responsibly, ethically, and legally.

4. Information Collection and Use

4.1 Personal Information We Collect

When you create an account, we collect personal information necessary for account registration and ongoing communication, including your full name, email address, job title, company name, and payment details necessary for processing transactions. We also collect content data explicitly provided by you, including text, images, audio, or video data, speciﬁcally for processing via our AI services to fulﬁll the services we provide. Any additional information you voluntarily provide during customer support interactions or inquiries is also collected to help us assist you efficiently.

4.2. Information We Automatically Collect

We collect aggregated and anonymized usage data, which helps us understand general user interaction with our services. This aggregated data includes general information such as feature usage, session duration, and page interactions. Importantly, this data is anonymized immediately upon collection and does not identify individual users or track individual user behavior across sites.

4.3. Information We Explicitly Do NOT Collect

To preserve your privacy at the highest level, we explicitly do not collect IP addresses, geolocation data, cookies, or persistent identiﬁers. Additionally, we refrain from device ﬁngerprinting or other intrusive tracking methods. We also avoid collection of any special category data, such as information regarding health, racial or ethnic origin, political opinions, religious beliefs, or similar sensitive data.

5. Purpose and Legal Basis of Data Processing

Under applicable privacy laws like GDPR, our legal basis for processing personal data is clearly deﬁned. We process your data primarily based on contractual necessity, as we use personal data strictly to deliver the services you have requested. In certain limited instances, processing may also be based on our legitimate interests, such as improving our services, conducting security analyses, or enhancing user experience, always balanced carefully against user privacy interests. When data processing relies explicitly on user consent, we clearly communicate this requirement, and you retain the right to withdraw your consent at any time. Additionally, we process data when required for compliance with legal obligations, such as responding to lawful data requests.

6. Data Retention Policy

We adhere to stringent data retention policies designed around principles of data minimization and privacy protection. Your personal account information is retained for the duration of your active use of our services and, upon termination of your account, for an additional reasonable period (usually 12 months) to comply with legal obligations, prevent fraud, or resolve disputes. Data explicitly submitted to our AI services is retained only as long as necessary to provide the intended AI service, after which such data is permanently deleted or irreversibly anonymized. Fully anonymized, aggregated data may be retained indeﬁnitely, as it poses no privacy risks.

7. Data Security Measures

7.1 Data Security & Certiﬁcations

At pipIQ, protecting your personal data and maintaining the integrity of our AI SaaS platform is paramount. We employ a rigorous, compliance-ﬁrst approach that includes multiple layers of sophisticated security measures, continuous monitoring, and comprehensive certiﬁcation programs designed to safeguard your data at all times.

7.2. Fully Segregated Environments

We provide fully segregated computing environments dedicated explicitly to each individual customer. This segregation includes isolated computing resources, secure storage infrastructure, and separate authentication systems. As a result, your data is never commingled with that of other customers, effectively eliminating risks of cross- contamination or accidental data exposure.

7.3. Locked-Down Access Controls & Real-Time Validation

Our systems operate on the principle of least privilege, ensuring employees, contractors, or other authorized individuals are granted only the minimum access necessary to fulﬁll their roles and responsibilities. This approach is reinforced by continuous real-time validation of all data requests, systematically verifying the legitimacy and authorization level of each interaction to prevent unauthorized data access or misuse.

7.4. Multi-Layered Protections

We have implemented multiple protective measures designed to reinforce security at every level. Our practices include comprehensive system hardening procedures, secure software development lifecycle (SDLC) practices, and robust code-level defenses. These defenses speciﬁcally address common security threats such as code injection attacks, data tampering, and exploitation of known vulnerabilities. Each protection layer is continuously updated and enhanced through proactive vulnerability management and security patching.

7.5. Isolated File Storage

To further ensure data security, all customer assets and ﬁles are stored within individually isolated, containerized storage environments. Containerization effectively encapsulates each customer’s data, preventing unauthorized access, leakage, or accidental sharing.

This architectural design signiﬁcantly mitigates risk and enhances data integrity.

7.6. Ephemeral Processing

Our platform employs ephemeral (short-lived) execution containers to process each individual user request. These containers are automatically instantiated at the initiation of each data processing task and immediately terminated upon completion, with no residual data or state persisted between sessions. This practice ensures that session-based data leaks or cross-session contamination cannot occur, providing additional protection and conﬁdentiality.

7.7. Robust Encryption Practices

Data security relies heavily on industry-standard encryption. To protect data during transit, we utilize Transport Layer Security (TLS) version 1.2 or higher, ensuring that all transmitted data remains securely encrypted and impervious to interception or tampering. Similarly, we protect data stored at rest using Advanced Encryption Standard (AES-256) encryption, recognized globally as a highly secure method for protecting sensitive data.

7.8. Regular Audits and Penetration Testing

We engage in regular third-party penetration testing, security assessments, and audits conducted by reputable and independent cybersecurity experts. These rigorous tests are designed to proactively identify potential vulnerabilities or weaknesses in our infrastructure, systems, and processes. We continuously apply ﬁndings from these assessments to enhance our security posture, ensuring compliance with global standards such as ISO/IEC 27001, SOC 2 Type II, and other applicable industry certiﬁcations.

7.9. Certiﬁcations and Compliance Frameworks

We maintain ongoing certiﬁcations demonstrating compliance with global privacy and security standards for information security management, operational security assurance, GDPR and CCPA compliance, and HIPAA standards (as applicable). These certiﬁcations validate our commitment to security and privacy, providing assurance to customers and stakeholders that their data is managed securely and responsibly.

8. AI Model Usage, Training, and Customer Data

8.1. Default Non-Usage for AI Model Training

By default, our Company does not use your personal or submitted content data to train, improve, or otherwise enhance our AI models or any associated technology. We respect your privacy and autonomy by ensuring your data is used solely for the intended AI service you requested.

8.2. Opt-In Consent for Model Improvement

Should we seek to use customer data for AI model training or enhancement purposes, explicit opt-in consent will always be requested from the user, clearly stating the purposes, methods, and protections involved. Users who consent to such usage retain the right to withdraw consent at any time, with immediate cessation of data usage and deletion of previously provided data upon request.

9. Data Sharing and Third Parties

Our commitment to privacy means we never sell, rent, or share your personal data for monetization or marketing purposes. Third-party engagements are strictly limited to service providers essential to delivering our services, such as cloud hosting or payment processing vendors. All third parties undergo rigorous privacy evaluations and are required to sign comprehensive Data Processing Agreements (DPAs) ensuring adherence to GDPR and CCPA requirements. Additionally, we maintain a publicly accessible, regularly updated list of third-party processors for full transparency.

10. Cross-Border Data Transfers

Because we are based in the United States and serve global users, international data transfers are necessary for our operations. We implement GDPR-compliant transfer mechanisms, including the use of Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, and additional supplementary safeguards, such as encryption and rigorous data protection impact assessments.

11. User Privacy Rights (GDPR, CCPA, and Global Privacy Rights)

Our users possess robust privacy rights guaranteed by privacy laws globally, including the GDPR and CCPA. You may exercise your rights by contacting our privacy team at the provided channels. Speciﬁcally, you have the right to request access to the personal data we hold about you, allowing you to understand exactly what information we store. You also have the right to rectify inaccuracies in your data, ensuring it remains up-to-date and accurate. Additionally, you may request the deletion (right to erasure) of your personal data, subject to certain legal exceptions. Furthermore, you have the right to data portability, enabling you to receive your personal data in a structured and commonly used electronic format for transfer to another service provider if desired. You also retain the right to object to or restrict speciﬁc processing activities if they conﬂict with your privacy preferences.

Under the CCPA, we guarantee that no discriminatory action will be taken against you for exercising any of your privacy rights.

12. Transparency and Accountability

Our Company is deeply committed to transparency and accountability regarding our data processing activities. To this end, we publish annual transparency reports outlining our data-handling practices, including summaries of requests received, incidents managed, audits conducted, and compliance milestones. We regularly conduct independent, third- party audits to validate our compliance with security and privacy standards. These reports and audits are available to our users upon request or through publication on our website, ensuring full transparency into our operations.

13. Incident Management and Notiﬁcation

Our incident response framework is structured to address security or privacy incidents swiftly, systematically, and transparently. Should an incident occur, we immediately implement our incident response plan, which includes comprehensive investigation procedures, rapid remediation actions, and timely notiﬁcations to all affected users and appropriate data protection authorities. Notiﬁcations are provided within legally required timelines (typically within 72 hours under GDPR guidelines) and include detailed information about the nature of the incident, potential impacts, remedial steps taken, and recommended user actions.

14. No Use of Cookies and Tracking Technologies

In line with our privacy-ﬁrst approach, we affirmatively do not use cookies, tracking pixels, device ﬁngerprinting, or other intrusive tracking technologies. We consciously avoid any technology that tracks individual behavior across different websites or services. Our commitment to privacy ensures users interact with our services without risking unwanted monitoring or tracking.

15. Children’s Privacy

We recognize and honor our responsibility to protect children's privacy. Our services are intended exclusively for individuals aged 16 years and older, and we do not knowingly collect personal data from individuals under the age of 16. In adherence to the Children's Online Privacy Protection Act (COPPA), GDPR, and similar regulations, should we discover inadvertent collection of such data, we take immediate action to permanently delete the information from our systems.

16. Updates to this Privacy Policy

As our services and legal obligations evolve, we may periodically update this Privacy Policy to reﬂect changes in practices, legal developments, or operational improvements. Users will receive clear, prominent notiﬁcations via email, in-service notiﬁcations, or website announcements whenever signiﬁcant updates to this policy are made. Each update will clearly specify the effective date, summary of changes, and rationale behind those changes to maintain transparency.

17. Contact and Data Protection Officer (DPO)

To ensure accountability and responsiveness in addressing privacy concerns or questions, we have appointed a dedicated Data Protection Officer (DPO). Users may directly contact our DPO to exercise privacy rights, submit inquiries or discuss privacy matters including for DSARs Please contact our DPO by Email: privacy@pipiq.com Mail: FTSBN, Inc., 3340 Peachtree Road NE, Suite 2300, Atlanta, GA 30326, USA

18. Disclaimer & Limitation of Liability

18.1. Disclaimer of Warranties

EXCEPT WHERE EXPRESSLY PROHIBITED BY APPLICABLE LAW, [Company Name] PROVIDES ALL SERVICES, INCLUDING OUR AI SAAS PLATFORM, ON AN "AS IS" AND "AS AVAILABLE" BASIS. WE EXPRESSLY DISCLAIM ALL WARRANTIES AND REPRESENTATIONS, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY OF RESULTS, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

WE DO NOT WARRANT THAT THE SERVICES OR PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR COMPLETELY FREE FROM DEFECTS OR SECURITY VULNERABILITIES, NOR DO WE GUARANTEE THAT THE AI SERVICES PROVIDED WILL MEET SPECIFIC USER EXPECTATIONS, PRODUCE SPECIFIC RESULTS, OR BE COMPATIBLE WITH ALL USER SYSTEMS OR APPLICATIONS.

18.2. Limitation of Liability

EXCEPT WHERE PROHIBITED BY LAW, UNDER NO CIRCUMSTANCES SHALL PIPIQ, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, CONTRACTORS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SERVICES OR THE PLATFORM. THIS LIMITATION INCLUDES, BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITIES, INTERRUPTION OF BUSINESS, LOSS OF GOODWILL, OR LOSS OF ANTICIPATED SAVINGS, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL LIABILITY TO YOU FOR ANY DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY, THE SERVICES, OR THE PLATFORM SHALL NOT EXCEED THE TOTAL AMOUNT YOU HAVE PAID TO [Company Name] IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

18.3. Applicability and Exclusions

THIS DISCLAIMER AND LIMITATION OF LIABILITY SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CERTAIN JURISDICTIONS MAY NOT ALLOW EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES OR LIMITATION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO SOME OR ALL OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IN SUCH CASES, OUR LIABILITY SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.

19. Governing Law and Jurisdiction

This Privacy Policy, as well as the processing of personal data under this policy, is governed by applicable U.S. federal and state laws, along with compliance obligations imposed by GDPR, CCPA, and other relevant global privacy regulations. By using our services, you agree to the exclusive jurisdiction of U.S. courts regarding disputes or legal questions relating to privacy or data protection, subject to your local privacy rights and regulatory protections under applicable laws.

20. Complaint Resolution and Regulatory Contacts

If you have unresolved privacy concerns, you have the right to lodge a formal complaint with the data protection authority or privacy regulator in your local jurisdiction. We encourage you ﬁrst to contact our DPO directly so we can attempt to promptly and amicably resolve your concerns. However, we fully respect your right to seek recourse with applicable regulatory bodies and will cooperate with any formal regulatory investigation or inquiry.

21. Compliance and Certiﬁcations

Our Company continuously maintains compliance with leading global data protection standards and regulations for information security management, operational effectiveness and all applicable regional and international requirements. Certiﬁcation and compliance documents validating these achievements are available to users or customers upon request to reinforce our commitment to transparent and veriﬁable privacy practices.

22. Detailed Appendix and Additional Documentation

For further detail and transparency, we provide comprehensive additional compliance documentation upon request, including but not limited to Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), and GDPR/CCPA compliance frameworks. Such documentation is readily available through our privacy portal or upon direct request to our DPO, ensuring full transparency and accountability in all data-processing operations.

23. User Consent and Acceptance

By accessing and using our AI SaaS services, you explicitly agree to and consent to the terms set forth in this Privacy Policy, including our data collection, usage, retention, security practices, and global data transfers as described herein. Should you disagree with any terms outlined in this policy, we request that you discontinue use of our services and promptly inform our DPO of your concerns so we may attempt to address them to your satisfaction.

This Privacy Policy reﬂects our comprehensive commitment to privacy and global compliance and is designed to clearly communicate our practices, your rights, and the protections we have in place to ensure the privacy, security, and ethical handling of your data at all times.