Master Terms of Service & Privacy Policy · v1.0
Effective May 15, 2026 · Last updated May 18, 2026
These Master Terms of Service (the “Terms”) govern access to and use of the symmitri platform and related services (the “Service”) provided by symmitri, Inc., a Delaware corporation (“symmitri,” “we,” “us,” or “our”). The Service is provided to business customers (“Customer,” “you,” or “your”) under the terms set out below. By signing an order form, executing a separately negotiated agreement that incorporates these Terms by reference, or otherwise accepting these Terms in writing, you agree to be bound by them.
If you are accepting these Terms on behalf of a Customer organization, you represent that you have the authority to bind that organization. The Service is not offered to individuals for personal, family, or household use.
symmitri provides a software platform that deploys Agents bound to designated Principals, calibrates those Agents to Customer's Ethos, makes them reachable through Customer's authorized channels (such as email, calendar, messaging, and meeting intelligence), and operates the underlying infrastructure on Customer's behalf. The specific scope of the Subscription, including the number of Principals, integrations, and any custom-build engagements, is set out in the applicable Order Form.
The Service is hosted on dedicated single-tenant infrastructure operated by symmitri on third-party data-center facilities, hardware, and racking provided by qualified hosting providers and physically located within the United States unless otherwise agreed in writing. symmitri may change hosting providers from time to time, provided that any change does not materially degrade the security, isolation, or jurisdictional commitments described in these Terms.
We may modify, update, or discontinue features of the Service from time to time. We will not materially diminish core functionality without reasonable advance notice to Customer.
We may make pre-release, beta, or experimental features available to Customer. Such features are provided as-is, without warranty, and may be modified or discontinued at any time.
The natural person executing the Order Form or accepting these Terms on Customer's behalf represents that they are an authorized representative of Customer and that Customer's use of the Service has been duly authorized by Customer's governing body or authorized officers.
Customer designates one or more Principals in the Order Form. Customer is responsible for: (a) selecting and removing Principals; (b) ensuring each Principal complies with these Terms and any reasonable usage policies published by symmitri; (c) the acts and omissions of Principals and any other persons accessing the Service through Customer's account; and (d) protecting credentials and revoking access when a Principal leaves the organization.
Customer authorizes symmitri to access third-party services on Customer's behalf to the extent Customer expressly enables those integrations (for example, calendar, email, messaging, document, and meeting-intelligence providers). Customer represents that it has the authority to grant such access.
Fees are set out in the Order Form. Recurring subscription fees, one-time installation fees, custom-build engagement fees, and any other amounts owed are processed through Stripe, Inc. (“Stripe”) or, if symmitri changes payment processors, a successor processor of comparable standing. Stripe processes payment instruments directly under its own terms applicable to payers; symmitri receives only limited payment information as described in our Privacy Policy.
Unless otherwise specified in the Order Form, recurring subscription fees are billed in advance on a monthly basis and charged automatically to the payment instrument Customer has on file with Stripe; manual invoicing is not provided for recurring fees. One-time fees are invoiced upon execution of the Order Form with payment due on receipt. All fees are stated in U.S. dollars and exclusive of applicable taxes. Customer is responsible for keeping a valid payment instrument on file during the Subscription term.
Customer is responsible for all sales, use, value-added, withholding, and similar taxes assessed on Customer's use of the Service, other than taxes on symmitri's net income.
We may suspend access to the Service after sixty (60) days of nonpayment following written notice, without prejudice to our other rights. The parties will work in good faith to resolve any bona fide billing dispute before suspension.
Except as expressly stated in these Terms or required by applicable law, fees are non-refundable.
The Service may, in the future, enable Agents to initiate payments and purchases on behalf of Principals through Stripe or successor payment infrastructure (“Agent-Initiated Transactions”). These Terms do not authorize Agent-Initiated Transactions. Any future enablement of Agent-Initiated Transactions will be governed by a separate written amendment to these Terms that defines authorization scope, spending limits, reversibility, the merchant of record, and applicable Stripe terms. Customer's use of any such functionality will be subject to that amendment and to Stripe's then-current terms.
As between symmitri and Customer, Customer retains all right, title, and interest in and to Customer Data and Customer IP, including the Ethos. Customer Data and Customer IP are not symmitri's property.
At the application, runtime, and primary-storage layers, Customer Data is isolated from the data of other customers on dedicated single-tenant infrastructure. Certain operational systems shared across symmitri's customer base — including the backup and recovery system, aggregated and de-identified telemetry, error-monitoring, and internal support tooling — may process Customer Data outside that per-tenant isolation. In those systems, Customer Data remains subject to the confidentiality, security, and no-training obligations of these Terms.
Customer grants symmitri a limited, non-exclusive, worldwide license to access, host, process, transmit, store, and otherwise use Customer Data and Customer IP solely for the purposes of providing, securing, supporting, and improving the Service for Customer during the term of the Agreement. This license terminates as described in Section 12 (Term and Termination).
symmitri will not, and will not permit any Sub-processor to, use Customer Data or Customer IP to train, fine-tune, or otherwise improve any artificial intelligence model that will be made available to any third party or to symmitri's other customers. symmitri will require, by contract or by Sub-processor configuration, that frontier-model providers and other AI Sub-processors that receive Customer Data not retain that data for model training and not use it to train, fine-tune, or evaluate models that benefit third parties. This restriction is a material term of these Terms.
The Service may record meetings, calls, and similar communications when Customer or a Principal enables this functionality. Customer is responsible for: (a) determining whether recording is lawful in the relevant jurisdiction(s); (b) obtaining all consents required by applicable law from all participants before recording begins; (c) providing any notices required by applicable law; and (d) configuring the Service's recording features in a manner consistent with those obligations. symmitri provides the technical means to record, transcribe, and process meetings, but Customer is solely responsible for consent and notice.
Customer represents and warrants that: (a) it has all rights, consents, and authority necessary to provide Customer Data and Customer IP to symmitri and to grant the licenses in this Section 5; (b) Customer Data does not infringe the intellectual property, privacy, or other rights of any third party; and (c) Customer's use of the Service complies with all applicable laws.
symmitri may generate aggregated and de-identified data derived from operating the Service (for example, anonymized telemetry, error rates, integration latency, and skill usage patterns that cannot be linked to any identifiable Customer, Principal, or organization). symmitri may use such aggregated and de-identified data for any lawful purpose, including improving the Service and the platform. We will not re-identify such data or attempt to do so.
symmitri retains all right, title, and interest in and to: the symmitri platform and its software, the Agent runtime, the skill library, the Ethos engineering methodology, the management product, the symmitri name and brand, and all improvements, derivatives, and intellectual property created or acquired by symmitri (collectively, the “symmitri IP”). Nothing in these Terms transfers any ownership of symmitri IP to Customer.
Subject to Customer's compliance with these Terms, symmitri grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license during the term of the Agreement to access and use the Service solely for Customer's internal business purposes.
Customer will not, and will not permit any Principal or third party to: (a) copy, modify, or create derivative works of the Service or symmitri IP; (b) reverse engineer, decompile, or disassemble the Service except to the extent applicable law expressly permits; (c) resell, sublicense, lease, or otherwise commercially exploit the Service; (d) use the Service to develop a competing product; (e) circumvent or attempt to circumvent any security or access controls; or (f) remove or alter any proprietary notices.
If Customer or a Principal provides suggestions, ideas, or feedback regarding the Service (“Feedback”), Customer grants symmitri a perpetual, irrevocable, worldwide, royalty-free license to use the Feedback for any purpose, provided that symmitri's use of Feedback will not identify Customer or any Principal.
symmitri engages Sub-processors to provide portions of the Service. As of the effective date of these Terms, symmitri's Sub-processors include:
A current detailed Sub-processor list is available on written request to legal@symmitri.ai. symmitri will provide Customer with at least fifteen (15) days' advance notice by email to Customer's authorized contacts before adding or replacing a Sub-processor that processes Customer Data. If Customer reasonably objects to a new Sub-processor on data-protection grounds within ten (10) days of notice, Customer may terminate the affected Subscription for cause and receive a prorated refund of prepaid, unused fees.
symmitri remains responsible for the acts and omissions of its Sub-processors with respect to Customer Data. symmitri imposes data-protection and confidentiality obligations on Sub-processors that are no less protective than those in these Terms, including the no-training restriction in Section 5.3.
Customer and Principals will not use the Service to: (a) violate any applicable law; (b) infringe any third-party right; (c) transmit malware or harmful code; (d) interfere with or disrupt the Service; (e) gain unauthorized access to any system or data; (f) harass, threaten, or harm any person; (g) generate or distribute content that is unlawful, defamatory, discriminatory, or sexually explicit involving minors; or (h) circumvent usage limits or technical controls. We may suspend access to the Service immediately upon notice if we reasonably determine that continued use creates a material risk to symmitri, the Service, or any third party, and we will work in good faith to restore access once the risk is resolved.
“Confidential Information” means non-public information disclosed by one party (the “Discloser”) to the other (the “Recipient”) that is identified as confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure. Customer Data and Customer IP are Customer's Confidential Information. symmitri IP, pricing, and product roadmaps are symmitri's Confidential Information.
Recipient will: (a) use Confidential Information only as necessary to perform under the Agreement; (b) protect Confidential Information using at least the same degree of care it uses to protect its own confidential information, and in no event less than a reasonable degree of care; and (c) limit access to those of its personnel, contractors, and Sub-processors who need it and who are bound by confidentiality obligations no less protective than those in this Section 9.
Confidential Information does not include information that is: (a) publicly available through no fault of Recipient; (b) lawfully in Recipient's possession before disclosure; (c) lawfully obtained from a third party without confidentiality restrictions; or (d) independently developed by Recipient without use of Discloser's Confidential Information.
Recipient may disclose Confidential Information to the extent required by law or legal process, provided that (where lawful) Recipient gives Discloser prompt notice and reasonable cooperation to permit Discloser to seek a protective order.
symmitri maintains administrative, physical, and technical safeguards designed to protect Customer Data, including: dedicated single-tenant virtual machines on isolated bare-metal hosts for the application, runtime, and primary-storage layers; encryption in transit using current industry standards; encryption at rest for stored Customer Data; scoped OAuth credentials and credential rotation; access controls and multi-factor authentication for symmitri personnel; logging and monitoring; and regular review of security practices. Backup, observability, error-monitoring, and other operational support systems may process Customer Data in shared form; those systems are subject to the same confidentiality, security, and no-training obligations described in these Terms.
For Customers subject to GDPR, UK GDPR, CCPA/CPRA, or other comprehensive data-protection regimes, a Data Processing Addendum (“DPA”) forms part of the Agreement and is accepted by Customer at the same time as these Terms during subscription checkout. symmitri provides a copy of the DPA to each subscribing Customer. The DPA sets out the specific operational commitments that apply to processing of Personal Data, including incident notification timelines.
symmitri will notify Customer of any Personal Data Breach (as defined in the DPA, if executed, or as generally understood under applicable data-protection law) affecting Customer Data, without undue delay and within the timeline required by applicable law and any executed DPA. The notification will include reasonably available information about the nature of the incident, the categories and approximate volume of data affected, the actual or anticipated consequences, and the measures taken or proposed to address it.
Customer is responsible for: (a) the security of credentials issued to Principals; (b) configuring access controls within Customer's own organization; (c) the lawfulness of Customer Data and the bases for processing; and (d) compliance with applicable laws governing Customer's use of the Service.
Each party warrants that it has the legal authority to enter into the Agreement.
symmitri warrants that the Service will perform materially in accordance with its documentation. Customer's exclusive remedy and symmitri's sole liability for breach of this warranty is for symmitri to use commercially reasonable efforts to correct the non-conformity or, if symmitri is unable to do so within thirty (30) days of notice, to terminate the affected Subscription and refund prepaid, unused fees.
Customer acknowledges that the Service uses artificial intelligence systems, that AI outputs may contain inaccuracies, errors, or omissions, and that AI outputs should be reviewed by a qualified human before being relied on for decisions with material legal, financial, or operational consequences. symmitri does not warrant the accuracy of AI outputs.
Except as expressly stated in this Section 11, the Service is provided “as is” and “as available,” and symmitri disclaims all other warranties, whether express, implied, or statutory, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
The Agreement begins on the effective date set out in the Order Form and continues for the term specified there. The Subscription renews automatically for successive renewal terms of the same length as the initial term, unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current term.
Either party may terminate the Agreement for cause if the other party materially breaches the Agreement and fails to cure the breach within thirty (30) days after written notice describing the breach. symmitri may also terminate immediately for non-payment if Customer fails to pay undisputed fees within sixty (60) days after the due date and a written cure notice.
Upon termination or expiration of the Agreement: (a) Customer's right to access the Service ceases; (b) Customer may, within thirty (30) days of termination, request export of Customer Data in a commercially reasonable format, and symmitri will provide reasonable assistance with such export; (c) symmitri will delete Customer Data from the Service within sixty (60) days of termination, except for copies retained in backups (which will be deleted in the ordinary course of backup rotation) and copies retained as required by law; and (d) any prepaid fees for the unused portion of the terminated Subscription are non-refundable unless termination is by Customer for symmitri's uncured material breach, in which case symmitri will refund the prepaid, unused portion.
Sections 1, 4 (with respect to amounts accrued before termination), 5.1, 5.6, 6.1, 6.3, 6.4, 9, 11.4, 12.3, 12.4, 13, 14, 15, 16, 17, and any other provisions that by their nature should survive, will survive termination.
symmitri will defend Customer and its directors, officers, and employees against any third-party claim alleging that Customer's use of the Service as authorized under the Agreement infringes the intellectual property rights of a third party, and will indemnify Customer for damages and reasonable attorneys' fees finally awarded against Customer (or paid in settlement with symmitri's prior written consent) on such a claim.
symmitri has no obligation under this Section 13.1 for any claim arising from: (a) use of the Service in combination with materials not provided by symmitri, where the alleged infringement would not have occurred but for the combination; (b) modifications to the Service not made by symmitri; (c) Customer Data; or (d) Customer's use of the Service in violation of the Agreement or applicable law. If a claim of infringement is made or appears likely, symmitri may, at its option, procure a license to continued use, modify the Service to be non-infringing, or, if neither is commercially reasonable, terminate the affected Subscription and refund prepaid, unused fees. This Section 13.1 states symmitri's entire liability and Customer's exclusive remedy for any IP infringement claim.
Customer will defend symmitri and its directors, officers, and employees against any third-party claim arising from: (a) Customer Data, including any claim that Customer Data violates third-party rights or applicable law; (b) Customer's or any Principal's breach of Section 5.4 (Meeting recordings and consent), Section 5.5 (Customer responsibilities), or Section 8 (Acceptable Use); or (c) Customer's use of the Service in violation of the Agreement or applicable law. Customer will indemnify symmitri for damages and reasonable attorneys' fees finally awarded against symmitri (or paid in settlement with Customer's prior written consent) on such a claim.
The indemnified party will: (a) give the indemnifying party prompt written notice of the claim (provided that failure to give prompt notice does not relieve the indemnifying party except to the extent it is materially prejudiced); (b) give the indemnifying party sole control of the defense and settlement (provided that the indemnifying party may not settle a claim in a manner that imposes a non-financial obligation on the indemnified party without consent); and (c) provide reasonable cooperation.
To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenues, goodwill, or data, arising out of or relating to the Agreement, even if advised of the possibility of such damages.
To the maximum extent permitted by law, each party's total cumulative liability arising out of or relating to the Agreement will not exceed the total fees paid or payable by Customer to symmitri under the Agreement in the twelve (12) months immediately preceding the event giving rise to liability.
The limitations in Sections 14.1 and 14.2 do not apply to: (a) a party's indemnification obligations under Section 13; (b) Customer's payment obligations under Section 4; (c) a party's gross negligence, willful misconduct, or fraud; (d) breach of Section 5.3 (No training on Customer Data) by symmitri; or (e) breach of Section 6.3 (Restrictions) or Section 8 (Acceptable Use) by Customer.
The parties acknowledge that the limitations in this Section 14 are a material part of the consideration for the Agreement and would not enter into the Agreement without them.
Before initiating arbitration, the parties will attempt to resolve any dispute through good-faith discussions for thirty (30) days after written notice of the dispute.
Any dispute, claim, or controversy arising out of or relating to the Agreement that is not resolved under Section 15.1 will be resolved by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules then in effect. The arbitration will be conducted by a single arbitrator. The seat of arbitration will be Columbus, Ohio. The language of the arbitration will be English. Judgment on the award may be entered in any court of competent jurisdiction.
The parties agree that any arbitration or proceeding will be limited to the dispute between the parties individually. To the maximum extent permitted by law, the parties waive any right to participate in any class, collective, or representative action. If this Section 15.3 is held unenforceable, the entirety of Section 15.2 will be null and void, but the remainder of the Agreement will remain in effect.
Notwithstanding Section 15.2, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights, Confidential Information, or to prevent irreparable harm.
The Agreement is governed by and construed under the laws of the State of Ohio, without regard to its conflict-of-laws principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.
Neither party is liable for any delay or failure to perform (other than payment obligations) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, labor disputes, internet outages, governmental action, public health emergencies, and failures of third-party services.
Neither party may assign the Agreement without the other party's prior written consent, except that either party may assign without consent to a successor in a merger, acquisition, or sale of substantially all of its assets, provided that the assignee assumes the assignor's obligations. Any attempted assignment in violation of this Section is void.
The parties are independent contractors. The Agreement creates no agency, partnership, joint venture, or employment relationship.
Notices to symmitri must be sent to symmitri, Inc., 330 Rush Alley, Suite 210, Columbus, OH 43215 with a copy by email to legal@symmitri.ai. Notices to Customer will be sent to the address and email on the Order Form. Notices are deemed given on receipt for hand delivery and reputable overnight courier, or three days after deposit in the U.S. mail for certified or registered mail.
Neither party may use the other party's name, logos, or trademarks in marketing or publicity materials without the other party's prior written consent (which may be granted by email).
If any provision of the Agreement is held unenforceable, the remaining provisions remain in full force and effect, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable while preserving the parties' intent.
No waiver of any term of the Agreement is effective unless in writing and signed by the waiving party. A failure or delay in enforcing a right is not a waiver.
The Agreement (these Terms together with any Order Form and DPA) constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior or contemporaneous understandings. In the event of a conflict between documents, the order of precedence is: (a) the Order Form; (b) the DPA, if executed; and (c) these Terms.
We may update these Terms from time to time. Material changes will not apply to existing Subscriptions until renewal, except where required by law. We will provide reasonable advance notice of material changes (by email to the Customer's notice contact, by notice in the Service, or by posting on symmitri.ai).
Questions about these Terms may be sent to legal@symmitri.ai.
This Privacy Policy explains how symmitri, Inc. (“symmitri,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when:
This Policy is written to support symmitri's current enterprise B2B offering. It is not a contract; the contractual relationship with Customers is governed by the Master Terms of Service (Part A above) and any executed Order Form and Data Processing Addendum (“DPA”). Operational commitments — including specific timelines for incident notification — are set out in the Master Terms of Service and DPA, not in this Policy.
For data protection purposes, when symmitri processes personal information on behalf of a Customer in operating the Service for that Customer's Principals (for example, processing meeting recordings, calendar entries, and business documents the Customer authorizes us to access), symmitri acts as a processor (or “service provider” under CCPA/CPRA) and the Customer is the controller (or “business”).
When symmitri processes personal information for its own purposes (for example, operating the Site, managing Customer relationships, billing, securing the Service against abuse, and complying with law), symmitri acts as a controller (or “business”).
This Policy describes both. Where the Customer is the controller, the Customer's own privacy notices and lawful bases govern the underlying processing; this Policy describes symmitri's role as processor.
When a Customer engages symmitri and designates Principals, the Customer provides, and we collect:
When a Customer authorizes symmitri to access third-party services on its behalf, we receive and process the data those services make available pursuant to the authorization. Categories may include:
We access these integrations only to the extent the Customer has expressly enabled them, using scoped OAuth credentials wherever possible.
While operating the Service, we generate and process:
When a visitor uses symmitri.ai, we automatically collect:
Prospects who contact us through forms, voice memos, or referrals provide names, work email, phone, company, role, and any information they share during sales conversations. We may record sales calls with consent, and we may receive meeting notes generated by our own internal use of meeting-intelligence software (operated for our own purposes, separate from any Customer's deployment).
Payments are processed by Stripe, Inc. Stripe collects payment-card or bank-account information directly and acts as the controller of that information under its own privacy policy. We receive limited information about payment status and the last four digits of the payment instrument, but not full payment-card numbers.
We do not seek to collect sensitive personal information (such as government identifiers, precise geolocation, biometric identifiers used for identification, health information, or information about racial or ethnic origin, religious or philosophical beliefs, or sex life or sexual orientation). The Customer is responsible for determining whether such information appears in Customer Data it provides and for ensuring it has the lawful basis to do so.
We use personal information to:
We use personal information to:
We do not, and we will not permit any Sub-processor to:
The no-training restriction is flowed down by contract or by Sub-processor configuration to frontier-model providers and other AI Sub-processors that receive Customer Data.
We may generate aggregated and de-identified information derived from operating the Service (for example, anonymized telemetry, integration latency, and skill usage patterns that cannot be linked to any identifiable Customer, Principal, or organization). We may use such information for any lawful business purpose, including improving the Service. We will not attempt to re-identify such information.
Where the EU GDPR or UK GDPR applies, our legal bases for processing as a controller include: performance of a contract (account management, billing); legitimate interests (improving the Service, securing the platform, business operations); consent (marketing communications where required); and legal obligation. Where we act as a processor, the Customer is the controller and provides the lawful basis.
We engage Sub-processors to provide portions of the Service. Categories include hosting and racking, network infrastructure, frontier AI model providers, meeting-intelligence providers, productivity and communications integrations, payment processing, and operational support tooling. A current detailed Sub-processor list is available on written request to legal@symmitri.ai. Each Sub-processor is bound by contractual obligations no less protective than those in our Master Terms of Service, including the no-training restriction.
Customer Data is accessible to authorized Principals and other persons the Customer designates within its own organization. Sharing across Principals within a Customer is configured by the Customer.
We share limited personal information with service providers that support our internal operations (for example, our own accounting, CRM, and HR systems). These providers are bound by confidentiality and data-protection obligations.
We may disclose personal information when we believe in good faith that disclosure is required to comply with applicable law, valid legal process (such as a subpoena or court order), or government request, or to protect the rights, property, or safety of symmitri, our Customers, or others. Where lawful and not prohibited, we will provide the Customer with prior notice and a reasonable opportunity to object before disclosing Customer Data in response to legal process.
If symmitri is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction. Any successor will be bound by privacy commitments no less protective than those in this Policy with respect to information transferred.
We may share personal information for other purposes with the relevant individual's or Customer's consent.
The Service is currently hosted and operated in the United States, and Customer Data and personal information processed in connection with the Service is processed and stored in the United States unless otherwise agreed in writing. If a Customer or Principal is located outside the United States, personal information may be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your jurisdiction. For Customers subject to GDPR or UK GDPR, our DPA includes the appropriate transfer mechanisms (such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum).
We retain Customer Data for the duration of the Customer's Subscription as needed to provide the Service.
After termination of the Subscription, Customer Data is handled in accordance with the Master Terms of Service §12.3: Customer may, within thirty (30) days of termination, request export of Customer Data; symmitri will delete Customer Data from the Service within sixty (60) days of termination, except for (a) copies in backups, which are deleted in the ordinary course of backup rotation, and (b) information we are required by law to retain.
We maintain administrative, physical, and technical safeguards designed to protect personal information. These include:
No system can be made completely secure. We do not warrant that personal information will never be accessed, used, or disclosed in a manner inconsistent with this Policy. We notify Customers of any security incident affecting Customer Data in accordance with applicable law and the timelines set out in the Master Terms of Service and any executed Data Processing Addendum.
The symmitri.ai website uses a limited set of cookies and similar technologies to operate the Site and to understand how visitors use it. We do not use the Site for behavioral advertising and do not share Site visitor data with advertising networks. Visitors can manage cookie preferences through their browser settings.
The rights available to an individual depend on where they live and on whether symmitri is acting as a controller or as a processor on behalf of a Customer.
If you are a California resident, you have the following rights with respect to personal information that symmitri processes as a business (controller):
To exercise these rights, contact legal@symmitri.ai or use the contact details in Section 12. We will verify your identity using reasonable means before responding.
Where symmitri processes personal information on behalf of a Customer (as a service provider), requests should be directed to the Customer. We will support the Customer in responding.
Where the GDPR or UK GDPR applies, you have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. Where symmitri acts as a processor, requests should be directed to the Customer; we will support the Customer in responding.
Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, Tennessee, Indiana, Iowa, and similar) have rights substantially similar to those described above, which may include the right to access, correct, delete, obtain a portable copy of, and opt out of certain processing of their personal information. Contact us as described in Section 12 to exercise these rights.
To submit a request under this Section 9, email legal@symmitri.ai with “Privacy Request” in the subject line and a description of the right you are exercising. We will acknowledge receipt and respond within the timelines required by applicable law (typically forty-five (45) days, with a permitted extension where reasonably necessary). We will take reasonable steps to verify your identity before responding and may decline a request that we cannot verify.
If we decline to take action on a request you submit under this Section 9, you may appeal that decision by emailing legal@symmitri.ai with “Privacy Appeal” in the subject line within a reasonable period after receiving our response. We will respond to appeals within sixty (60) days. If we deny your appeal, you may contact the attorney general of your state of residence (in particular, residents of Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Delaware, and other states that provide for AG escalation have that right under their state privacy laws).
Customer authorized contacts may update account information by emailing legal@symmitri.ai. To opt out of marketing communications, follow the unsubscribe instructions in any marketing email or contact us. Service-related communications (billing, security, legal notices) are not optional during an active Subscription.
The Service is intended for use by businesses and the adult Principals they designate. The Service is not directed to children under sixteen (16), and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it.
We may update this Policy from time to time. If we make material changes, we will provide reasonable advance notice (by email to Customer notice contacts, by notice on the Site, or by other appropriate means). The “Last updated” date at the top reflects the most recent revision.
For privacy questions, requests, or concerns:
For Customer requests under the Master Terms of Service or DPA, please use the contractual notice channels.
This Annex summarizes the personal information categories symmitri collects, retains, and discloses, intended to meet the disclosure requirements of CCPA/CPRA.
| Category | Examples | Source | Purpose | Retention |
|---|---|---|---|---|
| Identifiers | Name, work email, work phone, IP address | Customer; Principal; Site | Operate Service; Site analytics; security | During Subscription + up to 90 days; Site data per operational analytics retention |
| Commercial information | Subscription details, billing history | Customer; Stripe | Operate Service; billing | Up to 7 years (tax/accounting) |
| Internet activity | Browser, device, pages viewed | Site | Operate Site; security | Operational analytics retention |
| Professional / employment | Role, organization, business context | Customer; Principal | Operate Service | During Subscription + up to 90 days |
| Communications content | Email, calendar, messaging, meeting recordings & transcripts | Customer-authorized integrations | Operate Service | During Subscription + up to 90 days |
| Audio recordings | Meeting recordings where Customer enables and obtains consent | Customer-authorized meeting intel | Operate Service | During Subscription + up to 90 days |
| Inferences | Agent outputs derived from the above | Generated by the Service | Operate Service | During Subscription + up to 90 days |
Sale or sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising.
Sensitive personal information: We do not seek to collect sensitive personal information and do not use sensitive personal information for purposes that would trigger the right to limit under CPRA.
Backup retention. Where the table indicates “up to 90 days” or similar, copies of Customer Data may persist longer in encrypted backups, which are deleted in the ordinary course of backup rotation, and any information we are required by law to retain.
Master Terms of Service & Privacy Policy · v1.0 · Effective May 15, 2026