Privacy Policy

Last Updated: February 18, 2026

1. Who We Are

ClaygenticAI is operated by cDiscovery ("we," "us," or "our"). We provide an AI-powered digital associate platform designed for professional services operations, enabling organizations to streamline and automate operational execution tasks within their existing technology ecosystems.

If you have any questions or concerns about this Privacy Policy or our data practices, you may contact us at info@cdiscovery.io.

2. What This Policy Covers

This Privacy Policy applies exclusively to the ClaygenticAI marketing website (the "Website"). It describes how we collect, use, store, and protect information when you visit and interact with this Website.

The ClaygenticAI product platform, including its agent orchestration services, data processing capabilities, and enterprise integrations, is governed by separate customer agreements, data processing addenda, and platform-specific privacy documentation. If you are a customer or authorized user of the ClaygenticAI platform, please refer to your service agreement and the platform privacy notice provided during onboarding for information about how your data is handled within the product environment.

3. Information We Collect

3a. Automatically Collected Information

When you visit this Website, our hosting provider, Vercel Inc., automatically collects standard server log information as part of delivering web content to your browser. This information may include:

Your IP address (which may be truncated or anonymized by the hosting provider)
Browser type and version (e.g., Chrome 120, Firefox 121)
Operating system (e.g., Windows 11, macOS 14, iOS 17)
Referring URL (the page you visited immediately before arriving at our Website)
Pages visited on our Website and the order in which they were accessed
Date and time of each request (timestamps)
HTTP status codes and response sizes

This data is collected automatically by the hosting infrastructure and is used to serve web pages, monitor server health, and protect against malicious activity. We do not augment or enrich this server log data with information from other sources.

3b. Local Storage

We store your privacy consent preference in your browser's localStorage under the key claygentai_consent. This is a small piece of data that records whether you have accepted or declined non-essential data processing on this Website.

This data is stored entirely on your device. It is never transmitted to our servers, never shared with third parties, and never used for tracking, analytics, or advertising purposes. You can delete this data at any time by clearing your browser's localStorage or by using the "Your Privacy Choices" link in the footer of this Website to update your preference.

3c. Information You Provide

As of the date of this Privacy Policy, this Website does not contain any forms, account registration mechanisms, newsletter sign-up fields, or other means through which you would voluntarily submit personal information to us. We do not collect names, email addresses, phone numbers, or any other personally identifiable information that you actively provide through this Website.

If we add forms or data collection mechanisms to this Website in the future, we will update this Privacy Policy accordingly before activating those features.

3d. Third-Party Data

We do not receive, purchase, or otherwise obtain personal information about you from third-party data brokers, marketing partners, social media platforms, or any other external sources in connection with this Website.

All fonts used on this Website are self-hosted on our own infrastructure. We do not load fonts from Google Fonts, Adobe Fonts, or any other external font service. This means that your visit to our Website does not trigger font-related data transmissions to third-party servers.

4. Legal Basis for Processing (GDPR Article 6)

For visitors located in the European Economic Area (EEA) and the United Kingdom (UK), we process personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR) or the UK GDPR. The legal bases for our processing activities are as follows:

Server logs (IP address, browser data, access timestamps): Legitimate interest (Article 6(1)(f)). We have a legitimate interest in maintaining the security, availability, and performance of our Website. Server log processing is necessary to detect and prevent malicious activity (such as DDoS attacks, unauthorized access attempts, and vulnerability scanning), to diagnose technical errors, and to monitor infrastructure health. We have conducted a balancing test and concluded that this processing does not override your fundamental rights and freedoms, given that the data collected is limited, retention periods are short, and the data is not used for profiling or marketing purposes.
localStorage consent preference: Strictly necessary for the operation of our consent management functionality. Storing your consent preference locally on your device is essential for us to respect your privacy choices across page visits without repeatedly prompting you. This does not require consent under Article 6 because it falls within the "strictly necessary" exception under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC as amended).
Future analytics (if enabled): Consent (Article 6(1)(a)). If we introduce website analytics tools in the future, we will obtain your explicit, informed, and freely given consent before activating any analytics data collection. You will have the ability to withdraw consent at any time through the "Your Privacy Choices" mechanism on this Website.

5. How We Use Information

We use the information described in Section 3 for the following purposes:

Serve and operate the Website: Deliver web pages and static assets to your browser in response to your requests, ensure pages render correctly, and maintain Website availability.
Monitor for security threats: Detect, investigate, and prevent unauthorized access, denial-of-service attacks, vulnerability exploitation, and other malicious or fraudulent activity directed at our Website infrastructure.
Understand aggregate traffic patterns: Analyze server log data in aggregate (not on an individual basis) to understand overall visitor volume, popular pages, geographic distribution of traffic, and peak usage times. This helps us make informed decisions about content and infrastructure.
Improve Website performance: Identify slow-loading pages, server errors, broken links, and other technical issues so that we can optimize the Website experience for all visitors.

We do not use any information collected through this Website for automated decision-making, profiling, targeted advertising, cross-site tracking, or building individual user profiles.

6. Cookies and Similar Technologies

As of the date of this Privacy Policy, this Website does not set any cookies — neither first-party cookies nor third-party cookies. We do not use session cookies, persistent cookies, tracking cookies, advertising cookies, or any other type of HTTP cookie.

The only client-side storage mechanism we employ is the localStorage entry described in Section 3b, which records your privacy consent preference. Unlike cookies, localStorage data is not automatically sent to our servers with each HTTP request. It remains entirely within your browser and is only read by client-side JavaScript on this Website to determine your consent status.

We do not use web beacons, pixel tags, fingerprinting techniques, ETags for tracking, or any other similar tracking technologies on this Website.

For full details about our approach to cookies and client-side storage, including how to manage your preferences, please see our Cookie Policy.

7. Data Sharing and Third Parties

We share personal information only in the limited circumstances described below:

Vercel Inc. (hosting provider): Our Website is hosted on Vercel's infrastructure. As part of providing hosting services, Vercel processes server log data including IP addresses, request metadata, and access timestamps. Vercel acts as a data processor on our behalf and processes this data in accordance with their privacy policy and data processing agreement. You can review Vercel's privacy practices at vercel.com/legal/privacy-policy.

Beyond our hosting provider, we do not sell, rent, lease, trade, or otherwise disclose your personal information to any third party for any purpose. We do not share data with advertising networks, data brokers, social media platforms, or marketing partners.

We do not engage in the "sale" of personal information as that term is defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We do not engage in "sharing" of personal information for cross-context behavioral advertising as defined under the CPRA. We do not engage in "targeted advertising" as defined under the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), or other applicable state privacy laws.

8. International Data Transfers

Our hosting provider, Vercel Inc., is headquartered in the United States and operates a global edge network. When you access our Website, your request may be processed by Vercel infrastructure located in the United States or in other countries where Vercel maintains points of presence.

If you are accessing this Website from outside the United States, please be aware that your server log data (including your IP address) may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

We have implemented the following safeguards to ensure that any international data transfers comply with applicable data protection laws:

European Economic Area and United Kingdom: For transfers of personal data from the EEA or UK to the United States or other countries that have not received an adequacy decision from the European Commission or UK authorities, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) as the transfer mechanism. Where applicable, we also consider supplementary measures as recommended by the European Data Protection Board.
Japan: For transfers of personal data from Japan, we comply with the cross-border transfer requirements under the Act on the Protection of Personal Information (APPI), including ensuring that the recipient country provides an equivalent level of protection or that we have obtained your consent where required by applicable APPI provisions.
South Korea: For transfers of personal data from South Korea, we comply with the cross-border transfer provisions of the Personal Information Protection Act (PIPA). Where required, transfers are conducted with your informed consent or pursuant to other lawful transfer mechanisms recognized under PIPA.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Server logs: Server log data (including IP addresses, request metadata, and access timestamps) is retained by our hosting provider, Vercel Inc., in accordance with Vercel's data retention policies. As of the date of this Privacy Policy, Vercel's standard retention period for access logs is approximately 30 days, after which the data is automatically deleted. We do not independently store or archive server log data beyond what Vercel retains.
localStorage consent preference: Your consent preference persists in your browser's localStorage indefinitely until you take one of the following actions: (a) you clear your browser's site data or localStorage for this Website; (b) you change your preference using the "Your Privacy Choices" link in the footer of this Website; or (c) you uninstall or reset your browser. Because this data is stored locally on your device and is never transmitted to our servers, we have no ability to delete it on your behalf — you retain full control over its lifecycle.

10. Your Privacy Rights

Depending on where you are located, you may have certain rights regarding your personal information under applicable data protection and privacy laws. We are committed to honoring these rights and have outlined them below by jurisdiction.

10a. European Economic Area & United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or the UK, you have the following rights under the General Data Protection Regulation (EU) 2016/679 and the UK GDPR:

Right of access (Article 15): You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about the purposes, categories, recipients, retention periods, and safeguards applied.
Right to rectification (Article 16): You have the right to request that we correct any inaccurate personal data concerning you without undue delay.
Right to erasure (Article 17): You have the right to request the deletion of your personal data where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent, where you object to processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed.
Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data where you contest the accuracy of the data, where the processing is unlawful but you prefer restriction over erasure, where we no longer need the data but you need it for legal claims, or where you have objected to processing pending verification of whether our legitimate grounds override yours.
Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance, where the processing is based on consent or a contract and is carried out by automated means.
Right to object (Article 21): You have the right to object to the processing of your personal data that is based on our legitimate interests. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to withdraw consent (Article 7(3)): Where our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data infringes the GDPR. For UK residents, you may contact the Information Commissioner's Office (ICO).

10b. California (CPRA / CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CPRA/CCPA"):

Right to know: You have the right to request that we disclose the categories of personal information we have collected about you, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting the personal information, the categories of third parties with whom we share personal information, and the specific pieces of personal information we have collected about you.
Right to delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted under the CPRA/CCPA (such as data necessary to complete a transaction, detect security incidents, or comply with a legal obligation).
Right to correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to opt-out of sale/sharing: You have the right to opt out of the "sale" of your personal information and the "sharing" of your personal information for cross-context behavioral advertising. As stated in Section 7, we do not sell or share your personal information, so there is no sale or sharing from which to opt out. Nonetheless, we honor this right and will continue to refrain from such practices.
Right to non-discrimination: We will not discriminate against you for exercising any of your CPRA/CCPA rights. We will not deny you goods or services, charge you different prices or rates, provide you a different level or quality of goods or services, or suggest that you will receive a different price or level of quality for exercising your rights.
Right to limit use of sensitive personal information: You have the right to limit our use and disclosure of sensitive personal information to purposes that are necessary to perform the services or provide the goods you reasonably expect. We do not collect sensitive personal information as defined under the CPRA/CCPA through this Website.

Financial incentive disclosure: We do not offer any financial incentives, price differences, or service differences related to the collection, retention, or sale of personal information.

10c. Other US States

If you reside in a US state with a comprehensive consumer privacy law, you may have similar rights to those described for California residents. The following is a non-exhaustive list of states with applicable privacy legislation: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA), Montana (MCDPA), Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Minnesota, Maryland, Kentucky, and Rhode Island.

Under these laws, you generally have the right to:

Access: Confirm whether we are processing your personal data and obtain a copy of that data.
Delete: Request the deletion of personal data that you have provided to us or that we have obtained about you.
Correct: Request the correction of inaccuracies in your personal data.
Opt out: Opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
Data portability: Obtain a copy of your personal data in a portable and readily usable format.

We honor the Global Privacy Control (GPC) signal as a valid universal opt-out mechanism across all applicable US state jurisdictions. If your browser or a browser extension transmits a GPC signal when you visit our Website, we will treat that signal as a valid request to opt out of the sale of personal information, sharing for cross-context behavioral advertising, and targeted advertising under all applicable state laws. No further action on your part is required. See Section 12 for additional details.

10d. Asia-Pacific

Japan (Act on the Protection of Personal Information — APPI): If you are located in Japan, you have the right to request disclosure of your personal information that we hold, the right to request correction, addition, or deletion of your personal information if it is inaccurate, and the right to request that we cease using or providing your personal information if it was acquired improperly or is no longer necessary for the purpose of use. You may also request notification of the purpose of use of your personal information.

South Korea (Personal Information Protection Act — PIPA): If you are located in South Korea, you have the right to withdraw your consent to the collection, use, or provision of your personal information at any time. You also have the right to request access to your personal information, to request correction or deletion of inaccurate personal information, and to request suspension of processing. We will act on such requests without undue delay in accordance with PIPA.

Australia (Privacy Act 1988): If you are located in Australia, you have the right to request access to the personal information we hold about you under Australian Privacy Principle (APP) 12 and the right to request correction of that information under APP 13. If we refuse your request, we will provide a written explanation of our reasons and information about how you may complain about the refusal.

Singapore (Personal Data Protection Act — PDPA): If you are located in Singapore, you have the right to request access to your personal data that we possess or control, the right to request correction of any error or omission in your personal data, and the right to withdraw your consent to the collection, use, or disclosure of your personal data. We will process your request in accordance with the PDPA and will inform you of the likely consequences of withdrawing consent.

India (Digital Personal Data Protection Act, 2023 — DPDP Act): If you are located in India, you have the right to obtain a summary of your personal data and the processing activities undertaken, the right to request correction and completion of inaccurate or incomplete personal data, the right to request erasure of personal data that is no longer necessary for the purpose for which it was collected, and the right to grievance redressal. You may nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act.

11. How to Exercise Your Rights

To exercise any of the privacy rights described in Section 10, please submit your request by email to info@cdiscovery.io. In your email, please include:

Your full name and the email address associated with your request
Your country or state of residence (so that we can determine which rights apply to you)
A specific description of the right you wish to exercise (e.g., "I would like to request access to my personal data" or "I would like to request deletion of my personal data")
Any additional information that may help us locate and verify your identity

Identity verification: Before processing your request, we will take reasonable steps to verify your identity to protect against unauthorized access to personal data. We may ask you to confirm certain information or provide additional documentation depending on the nature of your request and the sensitivity of the data involved.

Response timelines:

GDPR / UK GDPR requests: We will respond to your request without undue delay and in any event within 30 days of receipt. If we need to extend this period due to the complexity or volume of requests, we will inform you within the initial 30-day period and explain the reasons for the extension. Extensions will not exceed an additional 60 days.
CPRA / CCPA requests: We will acknowledge receipt of your request within 10 business days and will provide a substantive response within 45 days of receipt. If we need an extension, we will notify you within the initial 45-day period, and any extension will not exceed an additional 45 days.
Other jurisdictions: We will respond within the timeframe required by the applicable law or, if no specific timeframe is prescribed, within 30 days.

Appeals: If we deny your request or you are dissatisfied with our response, you may submit an appeal to the same email address (info@cdiscovery.io). We will review your appeal and respond within the timeframe required by applicable law. If your appeal is denied, we will provide you with information on how to contact the relevant regulatory authority to lodge a complaint.

There is no fee for submitting a privacy rights request. We will not require you to create an account with us in order to exercise your rights.

12. Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) signal as a valid, user-initiated opt-out preference. GPC is a browser-level or extension-level setting that communicates your privacy preferences to websites you visit through an HTTP header (Sec-GPC: 1).

When we detect a GPC signal from your browser, we will:

Treat the signal as a valid request to opt out of the "sale" or "sharing" of personal information under the California Privacy Rights Act (CPRA).
Treat the signal as a valid universal opt-out mechanism under all applicable US state privacy laws that recognize such signals, including but not limited to the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Montana Consumer Data Privacy Act (MCDPA), the Oregon Consumer Privacy Act (OCPA), the Delaware Personal Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Data Privacy Act, the Nebraska Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Maryland Online Data Privacy Act, and any other state law that requires recognition of universal opt-out signals.
Automatically disable any non-essential data processing that may be introduced on this Website in the future, without requiring any additional action from you.

The GPC signal applies to the specific browser and device from which it is sent. If you use multiple browsers or devices, you will need to enable GPC on each one. You do not need to contact us separately to opt out if you have GPC enabled — the signal is processed automatically upon each visit.

13. Children's Privacy

This Website is designed for and directed at business professionals and is not intended for use by individuals under the age of 16. We do not knowingly collect, solicit, or maintain personal information from children under the age of 16. We do not knowingly allow children under the age of 16 to register for or use any service offered through this Website.

If we become aware that we have collected personal information from a child under the age of 16, we will take prompt steps to delete that information from our systems. If you are a parent or guardian and believe that your child under the age of 16 has provided personal information to us through this Website, please contact us at info@cdiscovery.io so that we can investigate and take appropriate action.

For purposes of the Children's Online Privacy Protection Act (COPPA) in the United States, this Website does not target children under the age of 13 and does not knowingly collect personal information from children under 13.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes to this Privacy Policy, we will revise the "Last Updated" date at the top of this page.

If we make material changes that significantly affect how we collect, use, or share your personal information, we will provide a conspicuous notice on this Website prior to the change becoming effective. Material changes include, but are not limited to: introducing new categories of personal information collection, sharing personal information with new categories of third parties, using personal information for new purposes not previously disclosed, or significantly reducing the privacy protections described in this policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of this Website after any changes to this Privacy Policy constitutes your acknowledgment of the updated policy. If you do not agree with any changes, you should discontinue your use of this Website.

15. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us:

Email: info@cdiscovery.io
Subject line: Please include "Privacy Inquiry" in your email subject line so that your request is routed appropriately.

For GDPR-related inquiries, if you are not satisfied with our response, you have the right to contact your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. For UK residents, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.

We aim to respond to all privacy-related inquiries within a reasonable timeframe and will work with you in good faith to resolve any concerns.