BurnsideProject Logo
Legal

Privacy

Privacy Policy

Our commitment to protecting your privacy and data

1. INTRODUCTION

1.1 Overview

Burnside Project LLC ("Burnside Project," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information when you interact with our websites, applications, services, and products (collectively, the "Services").

1.2 Scope

This Privacy Policy applies to:

  • Visitors to our websites, including burnsideproject.ai and related domains
  • Users who create accounts or use our Services
  • Individuals who communicate with us via email, forms, or other channels
  • Developers who integrate with our APIs or platforms

1.3 Not Covered by This Policy

This Privacy Policy does not apply to:

  • Customer Data processed on behalf of business customers. When we process data as a service provider or data processor for our business customers, our Data Processing Addendum (DPA) and the customer's own privacy policy govern. End users should contact the relevant business customer directly regarding their data.
  • Third-party websites, services, or applications linked to or integrated with our Services. We are not responsible for the privacy practices of third parties.
  • Aggregated or de-identified data that cannot reasonably be used to identify any individual.

1.4 Agreement

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not use the Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information you voluntarily provide, including:

CategoryExamplesAccount InformationName, email address, password, username, job title, organization nameProfile InformationProfessional role, preferences, profile photoPayment InformationBilling address, payment method details (processed securely by our payment processor; we do not store full payment card numbers)CommunicationsMessages, support requests, feedback, survey responsesUser ContentFiles, data, configurations, queries, or other content you upload or submitDeveloper InformationAPI keys, integration configurations, technical contact informationMarketing PreferencesConsent signals, subscription preferences, communication opt-ins

2.2 Information Collected Automatically

When you use the Services, we automatically collect certain information, including:

CategoryExamplesDevice InformationDevice type, operating system, browser type and version, unique device identifiersUsage InformationPages visited, features used, actions taken, session duration, referral URLsLog DataIP address, access times, error logs, performance data, crash reportsLocation InformationApproximate geographic location inferred from IP address (we do not collect precise geolocation without explicit consent)Cookies and Similar TechnologiesInformation collected via cookies, pixels, web beacons, and similar tracking technologies (see Section 8)

2.3 Information from Third Parties

We may receive information from third-party sources, including:

SourceInformationAuthentication ProvidersAccount information from identity providers (e.g., Google, GitHub) when you choose to authenticate via these servicesPayment ProcessorsTransaction confirmation and limited billing information from Stripe or other payment processorsBusiness PartnersContact information from partners with whom you have an existing relationship and who are authorized to share such informationPublic SourcesPublicly available business information

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or biometric data) unless:

  • You voluntarily provide such information for a specific purpose
  • It is necessary to provide a feature you have requested
  • We have obtained your explicit consent
  • It is required or permitted by applicable law

If we collect sensitive personal information, we will apply additional safeguards as required by law.

2.5 Information We Do Not Collect

  • We do not knowingly collect personal information from children under 13 years of age (or the applicable age of consent in your jurisdiction)
  • We do not collect payment card numbers directly; all payment processing is handled by PCI-compliant third-party processors

3. HOW WE USE INFORMATION

3.1 Purposes of Processing

We use the information we collect for the following purposes:

Service Delivery and Operations

  • Create, maintain, and secure your account
  • Provide, operate, and improve the Services
  • Process transactions and send related information
  • Respond to your inquiries and provide customer support
  • Authenticate users and prevent unauthorized access

Security and Fraud Prevention

  • Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
  • Monitor and protect the security and integrity of our systems
  • Enforce our Terms of Service and other agreements

Communications

  • Send transactional communications (e.g., account confirmations, invoices, security alerts, service updates)
  • Send marketing communications where you have provided consent or where otherwise permitted by law
  • Respond to your requests and inquiries

Product Development and Improvement

  • Analyze usage patterns to improve functionality and user experience
  • Develop new features, products, and services
  • Conduct research and analytics

Legal and Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from government authorities
  • Establish, exercise, or defend legal claims
  • Enforce our agreements and protect our rights

3.2 Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or another jurisdiction requiring a legal basis for processing, we rely on the following:

Legal BasisExamplesContractProcessing necessary to provide the Services you requested, manage your account, and fulfill our contractual obligationsLegitimate InterestsProcessing for security, fraud prevention, product improvement, and business operations, where our interests do not override your rightsConsentProcessing based on your explicit consent, such as marketing communications or optional features (you may withdraw consent at any time)Legal ObligationProcessing necessary to comply with applicable laws and regulations

4. AI AND AUTOMATED PROCESSING

4.1 AI-Powered Features

Certain Services may incorporate artificial intelligence, machine learning, or automated processing capabilities. When you use these features:

  • Your content is processed solely to deliver the requested functionality
  • Processing occurs in secure, access-controlled environments
  • We implement technical and organizational safeguards to protect your data

4.2 Model Training

We do not use your content to train machine learning models unless you or your organization explicitly opt in.By default:

  • Your content is not used for model training
  • Your content is not shared with third-party AI providers for their training purposes

4.3 Aggregated and De-Identified Data

We may use aggregated, anonymized, or de-identified data derived from usage patterns to:

  • Improve system reliability and performance
  • Conduct research and develop new features
  • Generate industry benchmarks and insights

Such data cannot reasonably be used to identify any individual.

4.4 Human Review

In limited circumstances, authorized personnel may review content for:

  • Safety and abuse prevention
  • Quality assurance
  • Legal compliance

Human review is subject to strict access controls, confidentiality obligations, and data minimization principles.

4.5 Automated Decision-Making

We do not use automated decision-making that produces legal effects or similarly significant effects on individuals without human involvement, unless:

  • Required for contract performance
  • Authorized by applicable law
  • Based on your explicit consent

You have the right to request human review of automated decisions where required by law.

5. HOW WE SHARE INFORMATION

5.1 No Sale of Personal Information

We do not sell your personal information. We do not exchange personal information for monetary or other valuable consideration.

5.2 Categories of Recipients

We may share personal information with the following categories of recipients:

Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

FunctionProviders (Examples)Cloud InfrastructureAmazon Web Services (AWS), Google Cloud PlatformPayment ProcessingStripeEmail and CommunicationsAmazon SES, SendGridAuthenticationFirebase, Auth0AI InfrastructureAWS Bedrock, Google Vertex AIAnalyticsInternal analytics systemsCustomer SupportSupport ticketing systems

Service providers are contractually obligated to:

  • Process data only on our instructions
  • Maintain appropriate security measures
  • Not use data for their own purposes
  • Delete or return data upon termination

Professional Advisors

We may share information with attorneys, accountants, auditors, and consultants who need access to provide professional services.

Business Transfers

In connection with any merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or transition of service to another provider, personal information may be transferred as part of the transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

Legal Requirements and Protection of Rights

We may disclose information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request
  • Enforce our Terms of Service and other agreements
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect the rights, property, or safety of Burnside Project, our users, or the public

With Your Consent

We may share information with third parties when you direct us to do so or provide consent.

5.3 No Sharing for Cross-Context Behavioral Advertising

We do not share personal information with third parties for cross-context behavioral advertising unless you have explicitly opted in.

6. DATA RETENTION

6.1 Retention Principles

We retain personal information only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Provide the Services and maintain your account
  • Comply with legal, regulatory, and contractual obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records as required by law

6.2 Retention Periods

Data CategoryRetention PeriodAccount InformationDuration of account plus 3 years after deletion request or account closureTransaction Records7 years (for tax and legal compliance)Communications and Support3 years after resolutionUsage Logs and Analytics2 years (or shorter if aggregated/anonymized)Marketing PreferencesUntil consent is withdrawnSecurity and Fraud LogsUp to 7 years (for investigation and legal purposes)

6.3 Customer-Configurable Retention

Business customers may configure retention periods for certain data types within the Services, subject to minimum legal requirements.

6.4 Deletion

When retention periods expire or upon valid deletion request:

  • Active data is deleted or anonymized within 30 days
  • Backup copies are deleted in accordance with our backup rotation schedule (typically within 90 days)
  • Certain data may be retained longer if required by law or to protect our legal interests

7. YOUR RIGHTS AND CHOICES

7.1 Rights Under Applicable Law

Depending on your jurisdiction, you may have the following rights regarding your personal information:

RightDescriptionAccessRequest confirmation of whether we process your personal information and obtain a copyCorrectionRequest correction of inaccurate or incomplete personal informationDeletionRequest deletion of your personal information, subject to legal exceptionsPortabilityReceive your personal information in a structured, commonly used, machine-readable formatRestrictionRequest that we restrict processing of your personal information under certain circumstancesObjectionObject to processing based on legitimate interests or for direct marketing purposesWithdraw ConsentWithdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing)Opt-Out of Sale/SharingDirect us not to sell or share your personal information (we do not engage in such practices)Non-DiscriminationExercise your rights without discriminatory treatment

7.2 How to Exercise Your Rights

To exercise your rights:

We will verify your identity before processing your request. Verification may require you to:

  • Confirm information associated with your account
  • Respond to a verification email
  • Provide government-issued identification (in limited circumstances)

We will respond to verified requests within the timeframes required by applicable law (generally 30-45 days, with extensions where permitted).

7.3 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide:

  • Signed written authorization from you
  • Proof of their identity

We may require you to verify your identity directly and confirm the agent's authority.

7.4 Appeals

If we deny your request, you may appeal by contacting us at privacy@burnsideproject.ai with the subject line "Privacy Appeal." We will respond to appeals within the timeframe required by applicable law.

7.5 Communication Preferences

Marketing Communications: You may opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Note that you may continue to receive transactional and service-related communications.

Push Notifications: You may disable push notifications through your device settings.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Technologies We Use

We use cookies and similar technologies, including:

TechnologyPurposeCookiesSmall text files stored on your device to remember preferences, authenticate sessions, and analyze usagePixels/Web BeaconsSmall graphics that track page visits and email opensLocal StorageBrowser storage for application data and preferencesDevice FingerprintingCollection of device attributes for security and fraud prevention

8.2 Categories of Cookies

CategoryPurposeRequiredStrictly NecessaryEssential for site operation, authentication, and securityYesFunctionalRemember preferences and enhance functionalityNoAnalyticsUnderstand usage patterns and improve performanceNoMarketingDeliver relevant advertising (only with consent)No

8.3 Your Cookie Choices

You may manage cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies. Note that blocking certain cookies may affect functionality.
  • Cookie Preferences: Visit [burnsideproject.ai/cookie-settings] to manage your preferences.
  • Do Not Track: We honor Do Not Track (DNT) signals where technically feasible.

8.4 Third-Party Cookies

Third-party service providers may set cookies on our Services. These cookies are governed by the third party's privacy policy.

9. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

9.1 Applicability

This section applies to California residents and supplements the rest of this Privacy Policy.

9.2 Notice at Collection

We collect the following categories of personal information for the purposes described in Section 3:

CategoryCollectedDisclosed to Service ProvidersSoldShared for AdvertisingIdentifiers (name, email, IP address)YesYesNoNoCustomer records (account, billing)YesYesNoNoCommercial information (transactions)YesYesNoNoInternet/network activity (usage data)YesYesNoNoGeolocation (approximate)YesYesNoNoProfessional information (job title, org)YesYesNoNoInferences (preferences, analytics)YesYesNoNoSensitive personal informationLimitedLimitedNoNo

9.3 Your California Rights

As a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell
  • Delete your personal information, subject to exceptions
  • Correct inaccurate personal information
  • Opt-Out of the sale or sharing of personal information (we do not sell or share)
  • Limit Use of sensitive personal information (we do not use sensitive information for purposes beyond those permitted without opt-in consent)
  • Non-Discrimination for exercising your rights

9.4 How to Exercise California Rights

  • Submit a request at [burnsideproject.ai/privacy-request]
  • Email privacy@burnsideproject.ai
  • Call [insert toll-free number if applicable]

9.5 Financial Incentives

We do not offer financial incentives for the collection, sale, or deletion of personal information.

9.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.

10. INTERNATIONAL DATA TRANSFERS

10.1 Processing Locations

We are based in the United States. Your personal information may be processed in the United States and other countries where we or our service providers operate.

10.2 Transfer Safeguards

When we transfer personal information from the EEA, UK, or Switzerland to countries not deemed to provide adequate protection, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Addendum where applicable
  • Supplementary measures as required based on transfer impact assessments

10.3 Your Acknowledgment

By using the Services, you acknowledge that your personal information may be transferred to and processed in the United States and other jurisdictions, which may have different data protection laws than your jurisdiction.

11. DATA SECURITY

11.1 Security Measures

We implement and maintain reasonable technical, administrative, and organizational measures to protect personal information, including:

Technical Safeguards

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure authentication mechanisms
  • Network segmentation and firewalls
  • Intrusion detection and monitoring
  • Regular security assessments and penetration testing

Administrative Safeguards

  • Access controls based on least-privilege principles
  • Employee background checks for personnel with data access
  • Security awareness training
  • Incident response procedures
  • Vendor security assessments

Organizational Safeguards

  • Written information security policies
  • Regular policy reviews and updates
  • Audit logging and monitoring
  • Business continuity and disaster recovery planning

11.2 No Absolute Security

Despite our efforts, no security measures are completely impenetrable. We cannot guarantee the absolute security of your information. You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Enabling multi-factor authentication where available
  • Notifying us promptly of any suspected unauthorized access

11.3 Security Incidents

If we become aware of a security incident affecting your personal information, we will:

  • Investigate the incident promptly
  • Take appropriate remedial measures
  • Notify you and applicable authorities as required by law

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

The Services are not directed to children under 13 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children.

12.2 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@burnsideproject.ai. We will take steps to delete such information promptly.

12.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws. If we learn that we have collected personal information from a child without verifiable parental consent, we will delete that information.

13. THIRD-PARTY LINKS AND SERVICES

13.1 Third-Party Websites

The Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

13.2 Third-Party Integrations

If you choose to connect third-party services to your account (e.g., cloud providers, authentication services), you authorize us to access and process information from those services as necessary to provide the requested functionality. Your use of third-party services is governed by their respective terms and privacy policies.

13.3 Social Features

If you interact with social features or share content through third-party social networks, information may be collected by both us and the third-party platform.

14. DO NOT TRACK AND GLOBAL PRIVACY CONTROLS

14.1 Do Not Track

We honor Do Not Track (DNT) browser signals where technically feasible. When we detect a DNT signal, we limit tracking to essential, strictly necessary functions.

14.2 Global Privacy Control

We recognize and honor Global Privacy Control (GPC) signals as opt-out requests for the sale or sharing of personal information under applicable law.

15. CONTACT INFORMATION

15.1 General Inquiries

Burnside Project LLC Email: privacy@burnsideproject.ai Website: https://burnsideproject.ai

15.2 Data Protection Inquiries

For questions about data protection or to exercise your rights:

Email: privacy@burnsideproject.ai Online: [burnsideproject.ai/privacy-request]

15.3 EEA/UK Representative

For users in the European Economic Area or United Kingdom, we will appoint a local representative if required by applicable law. Details will be posted at [burnsideproject.ai/legal].

15.4 Supervisory Authority

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority.

16. CHANGES TO THIS PRIVACY POLICY

16.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

16.2 Notification

If we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post a notice on our website
  • Send notification via email to registered users (for significant changes)

16.3 Continued Use

Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the Services.

17. RELATED DOCUMENTS

  • Terms of Service
  • Cookie Policy
  • Data Processing Addendum (DPA)
  • Sub-Processor List
  • Security Practices

18. ADDITIONAL JURISDICTION-SPECIFIC DISCLOSURES

18.1 Virginia, Colorado, Connecticut, Utah, and Other U.S. State Privacy Laws

If you are a resident of a U.S. state with comprehensive privacy legislation (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA), you may have rights similar to those described in Section 7 and Section 9. To exercise your rights, contact us as described in Section 7.2.

18.2 Brazil (LGPD)

If you are a resident of Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including access, correction, deletion, portability, and information about sharing. Contact us at privacy@burnsideproject.ai to exercise your rights.

18.3 Canada (PIPEDA)

If you are a resident of Canada, your personal information is handled in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. You have rights to access and correct your personal information.

ACKNOWLEDGMENT

By using the Services, you acknowledge that you have read and understood this Privacy Policy.