Privacy Policy

We use the personal information we collect for the following purposes:

• To respond to inquiries and schedule demonstrations — we use contact information you submit solely to follow up on your interest in our product.
• To communicate about our Services — with your consent or under a legitimate interest basis, we may send relevant product updates, security advisories, or event invitations to existing contacts. You can opt out at any time.
• To operate and improve the Site — we use aggregate, non-identifiable usage data to understand how the Site is used and to improve its content and performance.
• To comply with legal obligations — we may process or retain data as required by applicable law, regulation, or court order.
• To protect rights and prevent fraud — we may use information to detect and prevent security incidents, abuse, or violations of our Terms of Service.

We do not sell your personal information. We do not use it to serve behavioral advertising.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases under the GDPR or applicable equivalent legislation:

• Contractual necessity — processing required to fulfill a contract with you or to take pre-contractual steps at your request (e.g., onboarding a customer).
• Legitimate interests — we process certain contact and usage data for our legitimate business interests, such as responding to demo inquiries and improving our Site, provided those interests are not overridden by your rights.
• Legal obligation — processing required to comply with applicable laws.
• Consent — where we rely on consent (e.g., marketing communications), you may withdraw it at any time without affecting the lawfulness of prior processing.

We do not sell, rent, or trade your personal information. We may share it in the following limited circumstances:

• Service providers: We engage trusted third-party vendors to help operate the Site and our business (e.g., CRM software, email delivery, infrastructure hosting). These vendors are contractually restricted from using your data for any purpose other than providing services to us and are required to maintain appropriate security safeguards.
• Business transfers: If BastionGate is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before your data becomes subject to a materially different privacy policy.
• Legal requirements: We may disclose personal information if required to do so by law or in good-faith belief that such action is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or protect the safety of our users or the public.
• With your consent: We may share information with third parties when you have explicitly consented.

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Demo inquiries: 24 months from the date of submission, or until you request deletion, whichever comes first.
• Customer account data: For the duration of the customer relationship and 7 years thereafter for accounting and legal purposes, unless a shorter period is required.
• Email correspondence: Up to 3 years from the date of the last communication.
• Site analytics data: Aggregated and anonymized; no individual-level retention after 13 months.

We implement administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (TLS 1.2+), access controls, and regular security reviews.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

BastionGate is incorporated in the United States. If you are located outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum to ensure an adequate level of protection for personal information transferred from the EEA or UK.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to certain legal exceptions.
• Portability: Receive your personal information in a structured, commonly used, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
• Opt out of marketing: Unsubscribe from commercial emails at any time via the unsubscribe link in each email or by contacting us directly.

To exercise any of these rights, email privacy@bastiongate.ai. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling certain requests.

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you specific rights regarding your personal information:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, contact privacy@bastiongate.ai. You may designate an authorized agent to make a request on your behalf, subject to our verification requirements.

The Site may use strictly necessary cookies to ensure basic functionality (e.g., session management). We do not use advertising cookies or third-party tracking pixels for behavioral profiling.

If we introduce optional analytics or functionality cookies in the future, we will provide a consent mechanism and update this policy accordingly. You can control cookies through your browser settings; note that disabling cookies may affect site functionality.

The Site and Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at privacy@bastiongate.ai and we will delete it promptly.

The Site may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of third-party sites.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide additional notice (such as a banner on the Site or an email to known contacts).

Your continued use of the Site after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any privacy concerns. If you are not satisfied with our response, you may contact your applicable data protection authority.