Privacy Policy
We collect information you provide directly, information generated through your use of the platform, and limited technical data necessary to operate and improve Automation CoE. We do not sell personal data to third parties.
INFORMATION YOU PROVIDE
When you register an account, complete forms, or contact our team, we may collect:
- Name, job title, and business email address
- Company name, size, and industry
- Account credentials (passwords are hashed and never stored in plain text)
- Billing and payment information processed via our PCI-compliant payment provider
- Content of support messages, feedback submissions, and demo request forms
INFORMATION GENERATED BY PLATFORM USE
As you use Automation CoE, we automatically collect operational data necessary to deliver and improve the service:
- Usage logs: features accessed, actions performed, session duration
- Process videos and screen recordings uploaded to ARIA for analysis
- Automation metadata processed by AURA (bot identifiers, dependency maps, alert events)
- API request logs, error traces, and performance metrics
Customer Content — including process videos, generated PDDs, and automation data — is processed solely to deliver the Services. It is never used to train our AI models without your explicit, documented consent.
TECHNICAL & DEVICE INFORMATION
- IP address and approximate geographic region
- Browser type, version, and operating system
- Referrer URL and entry page
- Session identifiers and authentication tokens
We use collected information for specific, documented purposes. We do not use your data for purposes incompatible with those stated here.
SERVICE DELIVERY
- Operate, maintain, and improve ARIA, AURA, and the CoE platform
- Authenticate users, enforce access controls, and prevent unauthorized access
- Process customer content to generate requested outputs (PDDs, test cases, monitoring data)
- Provide customer support and respond to technical inquiries
COMMUNICATIONS
- Send transactional emails (account setup, password resets, invoice receipts)
- Notify you of material changes to the platform or this policy
- Share product updates, release notes, and security advisories
- Contact you regarding your account or contractual obligations
Marketing communications are only sent to users who have opted in. You may withdraw consent at any time by using the unsubscribe link in any email or by contacting privacy@automationcoe.io.
SECURITY & COMPLIANCE
- Monitor for unauthorized access, fraud, and abuse
- Fulfill legal obligations and respond to lawful requests from authorities
- Enforce our Terms & Conditions and contractual agreements
- Conduct security audits and maintain compliance certifications
Tecnoprism maintains a comprehensive information security program aligned with ISO 27001, SOC 2 Type II, and HIPAA requirements. Security is treated as an ongoing operational discipline, not a periodic audit exercise.
ENCRYPTION
- All data in transit is encrypted using TLS 1.2 or higher
- Data at rest is encrypted using AES-256
- Database backups are encrypted and access-controlled
- Encryption keys are managed through a dedicated key management service
ACCESS CONTROL
Access to customer data is restricted to personnel with a demonstrated need for that access. We enforce role-based access control, multi-factor authentication for all internal systems, and maintain comprehensive access logs reviewed on a regular cadence.
INFRASTRUCTURE
- Platform infrastructure is hosted on ISO 27001-certified cloud providers
- Annual third-party penetration testing with findings tracked to resolution
- Continuous vulnerability scanning across all production systems
- Incident response procedures with defined RTO and RPO targets
In the event of a data breach affecting your information, we will notify affected customers within 72 hours of becoming aware, consistent with GDPR Article 33 and applicable data breach notification laws.
We use cookies and similar tracking technologies to operate the platform, analyze usage patterns, and improve the user experience. You can control cookie preferences through your browser settings or our cookie consent mechanism.
TYPES OF COOKIES WE USE
- Essential cookies — required for authentication, session management, and security. Cannot be disabled.
- Functional cookies — remember your preferences, language settings, and display configuration.
- Analytics cookies — aggregate, anonymized usage data to understand feature adoption and improve the product.
- Marketing cookies — only set with your explicit consent; used to measure campaign effectiveness.
MANAGING COOKIES
You may disable non-essential cookies at any time through the cookie preferences panel accessible from any page footer. Disabling essential cookies will prevent platform login and core functionality from operating correctly.
We do not use cross-site tracking technologies or share cookie data with advertising networks. Analytics data is aggregated and anonymized before review.
We engage a limited number of third-party service providers to operate the platform. All providers are assessed for privacy and security practices and are bound by data processing agreements where required by law.
CATEGORIES OF SUB-PROCESS
- Cloud infrastructure and hosting (AWS, Azure) — data storage and compute
- Payment processing (Stripe) — billing and subscription management; we do not store card data
- Customer communications (transactional email delivery)
- Error monitoring and performance observability (anonymized technical diagnostics)
- Identity and access management (SSO and MFA providers)
We do not share personal data with advertising platforms, data brokers, or analytics companies that use data for behavioral profiling. A full list of current sub-processors is available upon written request.
LINKS TO THIRD-PARTY SITES
The platform may contain links to external websites. Tecnoprism is not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party site you visit.
Depending on your jurisdiction, you may have specific rights over your personal data. Tecnoprism respects and facilitates these rights regardless of whether your jurisdiction mandates them.
RIGHT AVAILABLE TO ALL USERS
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request erasure of your personal data, subject to legal retention obligations
- Portability — receive your data in a structured, machine-readable format
- Restriction — request that we limit processing of your data in specific circumstances
- Objection — object to processing based on legitimate interests or for direct marketing
- Withdrawal of consent — where processing is consent-based, withdraw at any time
To exercise any of these rights, contact privacy@automationcoe.io. We will respond within 30 days. Where requests are complex or numerous, we may extend this by a further 60 days with notice.
CALIFORNIA RESIDENTS(CCPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is sold or disclosed and the right to opt out of sale. Tecnoprism does not sell personal information. To submit a verifiable consumer request, contact our privacy team.
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, and to resolve disputes or enforce agreements.
RETENTION PERIODS
- Account data — retained for the duration of the active subscription plus 30 days post-termination
- Customer Content (process videos, PDDs, automation data) — retained during the subscription term; deleted within 30 days of termination unless export is requested
- Support communications — retained for 3 years from the date of last interaction
- Billing records — retained for 7 years to comply with financial reporting obligations
- Security and access logs — retained for 12 months for incident investigation purposes
- Anonymized, aggregated analytics data — retained indefinitely for product improvement
At the end of the retention period, data is securely deleted or anonymized. Customers may request early deletion of Customer Content at any time, subject to any legal hold obligations in effect.
Tecnoprism operates globally, with delivery teams in the United States, the United Arab Emirates, India, and Singapore. As a result, your data may be processed in jurisdictions outside of your home country.
LEGAL MECHANISMS
Where personal data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission as the legal transfer mechanism.
- EU–US transfers: governed by SCCs with supplementary technical measures
- UK transfers: governed by the International Data Transfer Agreement (IDTA)
- APAC transfers: subject to applicable local data transfer frameworks
DATA RESIDENCY OPTIONS
Enterprise customers may elect a preferred data residency region (US, EU, or APAC) at contract inception, ensuring primary storage of Customer Content remains within that region. Residency options are specified in your Order Form.
Automation CoE is an enterprise B2B platform. It is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18.
If you become aware that a minor has provided us with personal data without appropriate consent, please contact privacy@automationcoe.io and we will take prompt steps to delete such data.
If you have any questions, concerns, or requests regarding these Terms & Conditions, please contact our legal team using the information below. For enterprise customers, your dedicated account manager is also available to route legal inquiries appropriately.