ENTRADA AI, INC. – GLOBAL PRIVACY POLICY

Effective Date: February 25, 2026
Last Updated: February 25, 2026

1. INTRODUCTION & CONTROLLER IDENTITY

Entrada AI, Inc. (“Entrada AI”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Global Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website https://entrada.ai (the “Website”) or otherwise interact with us.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and other applicable data protection laws, Entrada AI, Inc., headquartered at:

548 Market Street, San Francisco, CA 94104, United States

is the Data Controller of your personal data.

2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

In the preceding twelve (12) months, we may have collected the following categories of personal information:

2.1 Identifiers

Full name
Email address
Telephone number
Company or organization name
(Collected only when you voluntarily submit information through contact forms or direct communications.)

2.2 Internet or Network Activity

IP address
Browser type and version
Device identifiers
Pages viewed and interaction data
(Collected only after affirmative consent via our cookie consent mechanism.)

2.3 Sensitive Personal Information

We do not collect sensitive personal information as defined under the CPRA or GDPR, including but not limited to:

Government-issued identification numbers
Health or biometric data
Precise geolocation data
Financial account information

3. PURPOSES OF PROCESSING & LEGAL BASES (GDPR ARTICLE 6)

We process personal data only where a valid legal basis exists:

3.1 To Provide Services and Respond to Inquiries

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR), or Legitimate interests (Article 6(1)(f) GDPR).
Description: We process information submitted through our contact forms or communications tools (e.g., CRM platforms such as HubSpot) to respond to inquiries, provide requested information, and manage business communications.

3.2 Website Analytics and Performance Measurement

Legal Basis: Consent (Article 6(1)(a) GDPR).
Description: Analytics and similar technologies are deployed only after you explicitly opt in via our consent management platform.

3.3 Artificial Intelligence Training Disclaimer

Entrada AI does not use personal data, business information, website interaction data, or tracking data collected through this Website to train, fine-tune, or otherwise develop proprietary artificial intelligence or machine learning models.

4. COOKIES, TRACKING TECHNOLOGIES & COMMUNICATION PRIVACY

To comply with the GDPR, ePrivacy Directive, and the California Invasion of Privacy Act (CIPA), Entrada AI employs a strict prior-consent architecture:

No Automatic Loading: No non-essential cookies, analytics tools, marketing pixels, or similar tracking technologies are deployed upon page load.
No “Pen Register” Functionality: No routing or addressing information (including IP addresses) is recorded or transmitted to third parties before consent is obtained.
Strict Opt-In: Tracking technologies activate only after you affirmatively select “Accept” or “Allow” on our cookie banner.
Withdrawal: You may withdraw or modify consent at any time via the “Cookie Settings” link in the Website footer.

5. NOTICE TO CALIFORNIA RESIDENTS (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the CPRA:

Right to Know and Access personal information collected about you.
Right to Delete personal information.
Right to Correct inaccurate personal information.
Right to Opt-Out of Sale or Sharing of personal information.
Right to Non-Discrimination for exercising your privacy rights.

“Do Not Sell” Statement: We do not sell personal information for monetary consideration. However, sharing IP addresses with analytics providers may constitute “sharing” under CPRA; you may opt out of this by declining cookies.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control (GPC) signals. When detected, GPC is treated as a valid opt-out request, and non-essential tracking technologies are automatically disabled.

6. NOTICE TO EEA, UK & SWISS RESIDENTS (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to:

Access your personal data.
Rectify inaccurate data.
Request erasure (“right to be forgotten”).
Restrict processing.
Data portability.
Object to processing.

6.1 International Data Transfers

Personal data may be transferred to the United States. Such transfers are safeguarded using:

European Commission Standard Contractual Clauses (SCCs); and/or
Service providers certified under the EU-U.S. Data Privacy Framework (DPF).

6.2 EU Representative (Article 27 GDPR)

Our EU establishment is: Entrada AI Sp. z o.o., Szlak 77/222, 30-153 Kraków, Poland. Email: privacy (AT) entrada.ai

6.3 Supervisory Authority Complaints

You have the right to lodge a complaint with your local Data Protection Authority (DPA).

7. DATA SHARING AND DISCLOSURE

We do not sell personal data. We may share personal data only with vetted service providers, including cloud hosting and CRM providers, who:

Act solely on our instructions.
Are bound by Data Processing Agreements (DPAs).
Are prohibited from using data for independent purposes.

8. DATA RETENTION

We retain personal data only for as long as necessary for the purposes described in this Policy:

Data Category	Retention Criteria
Contact inquiries	For the duration of our business relationship plus the applicable statute of limitations for legal claims.
Marketing communications	Until you withdraw consent (opt-out) or request deletion.
Analytics data	According to the default retention settings of our analytics providers (e.g., Google Analytics), typically up to 14 months.
Security and access logs	Retained on a rolling basis for a period strictly necessary for security monitoring and incident investigation.
Legal/compliance records	Retained for the mandatory period prescribed by applicable tax, accounting, or other laws.

9. SECURITY MEASURES

We implement appropriate technical and organizational security measures, including encryption, access controls, and internal policies designed to protect personal data against unauthorized access, alteration, or disclosure.

10. DATA PROVISION REQUIREMENTS

Providing personal data is voluntary. However, failure to provide certain information (e.g., contact details) may prevent us from responding to inquiries or providing requested services.

11. AUTOMATED DECISION-MAKING

Entrada AI does not engage in automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.

12. DATA PROTECTION OFFICER

Entrada AI is not required to appoint a Data Protection Officer under Article 37 GDPR.

13. CONTACT INFORMATION & EXERCISING YOUR RIGHTS

To submit a privacy request or ask questions regarding this Policy:

Email: privacy (AT) entrada.ai

Mail:
Entrada AI, Inc.
Attn: Legal & Privacy Department
548 Market Street
San Francisco, CA 94104, USA

We will respond to all verifiable requests within statutory timeframes (generally within 30 days, and no later than 45 days where legally permitted).

All other feedback, comments, requests for technical support, and other communications relating to the Website should be directed to: info (AT) entrada.ai.

This website is operated by Entrada AI, Inc. (the data controller), which is a Delaware corporation.