Global Data Privacy Policy

1.1 Scope. This Policy applies to information we process in connection with the Service, including when you visit our website, create or administer an account, access the Service as an Authorized User, interact with our customer support, or otherwise communicate with us. This Policy does not apply to third-party websites, applications, or services that we do not control, even if they are linked from the Service.

1.2 Definitions. For clarity:

• ●"Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) to an identified or identifiable natural person.
• ●"Customer" means the organization or entity that has entered into a License Agreement or otherwise uses the Service.
• ●"Authorized User" means an individual natural person authorized by a Customer to access and use the Service.
• ●"Customer Data" means electronic data, files, and information submitted to the Service by or for a Customer (including content uploaded into document or AI features), excluding Tera Data.
• ●"Tera Data" means the proprietary datasets, maps, geospatial information, analytics, ratings, company profiles, and other content owned, licensed, or aggregated by Tera and made available through the Service.

1.3 Our roles (controller vs. processor). Depending on the context, we process data in different legal capacities. When we act as a controller, we are typically a controller for website visitors, sales/procurement contacts, account administrators, billing contacts, marketing communications, security monitoring and abuse prevention, and certain product telemetry and analytics relating to use of the Service. When we act as a processor/service provider, we are typically a processor (or service provider) for Customer Data that a Customer or its Authorized Users submit to the Service (including documents, prompts, and other content); in these cases, the Customer is responsible for determining the purposes and legal bases for processing Customer Data and for providing appropriate notices to, and obtaining any necessary consents from, its Authorized Users and other individuals whose Personal Data may be included in Customer Data. Mixed contexts may occur (e.g., an Authorized User’s account information used to provide access and also used for security logging and compliance).

1.4 Contracting/operating entity. The specific Tera entity responsible for the Service may vary by geography, customer relationship, and operational considerations. The Tera entity identified in your License Agreement (or other governing agreement) controls for contracting purposes. If you are using the website without a License Agreement, the operator of the website for your region will be the relevant entity for that activity.

1.5 Business users and professional context. The Service is intended for professional use by organizations and their Authorized Users. You must not use the Service in any unlawful manner, including in violation of any person’s privacy rights. Where the Service includes professional contact details (e.g., business emails and phone numbers), those details are provided for legitimate professional purposes and subject to contractual restrictions and applicable law.

2.1 Overview. We may collect and process the categories of Personal Data described below. The specific data we collect depends on how you interact with the Service, which features you use (including API and AI/document features), and what your organization configures.

2.2 Account, identity, and access data. We may process:

1. (i)name, professional title/role, organization/company name, business email address, and business phone number;
2. (ii)username, password hashes or authentication tokens, multi-factor authentication status, and SSO identifiers (if enabled);
3. (iii)account settings, workspace/team membership, permission levels, and administrative actions.
4. (iv)NOTE: Where permitted by law, we may require additional information to verify identity and prevent fraud or abuse (e.g., verifying domain ownership or administrator authority).

2.3 [Professional intelligence and contact data]({{PRODUCT_PEOPLE}}) (People/Professionals Database). The Service may include professional profile data and business contact details for individuals acting in a professional capacity ("Professional Data"), such as:

1. (i)name, current employer/affiliation, role, seniority, and professional specialization or market segment;
2. (ii)professional contact information such as business email addresses and business telephone numbers;
3. (iii)professional social profile links (e.g., business networking profiles) and related professional metadata.
4. (iv)We do not intend to provide personal consumer contact information (e.g., personal email accounts or personal phone numbers).

2.4 Customer Data and content you submit. We may process Customer Data submitted by or for Customers, which may include:

1. (i)uploaded documents and files (including legal, technical, permit, diligence, and other materials);
2. (ii)user-generated notes, tags, saved searches, reports, exports, and queries;
3. (iii)AI/chat prompts and inputs, and outputs generated in response (to the extent such inputs or outputs include Personal Data).

2.5 Usage, device, and log data. We may automatically collect information about how the Service is accessed and used, including:

1. (i)IP address, approximate location derived from IP (e.g., city/country), device identifiers, browser type, operating system, and language/time zone;
2. (ii)timestamps, pages/screens viewed, features used, search parameters, clickstream data, session duration, and error logs;
3. (iii)audit logs and event records related to access, exports, API calls, permissions changes, and security events.

2.6 API data. If you use the API or developer platform, we may process:

1. (i)API keys, scopes, authentication credentials, and workspace identifiers;
2. (ii)API request metadata (e.g., endpoint, timestamps, response codes, latency) and usage metrics for rate limiting, billing, abuse prevention, and service improvement;
3. (iii)content submitted through the API, to the extent it constitutes Customer Data.

2.7 Sales, support, and communications data. If you contact us, request a demo, or receive support, we may process:

1. (i)contact details and communications content (emails, messages, call notes);
2. (ii)support tickets, troubleshooting data, and technical logs associated with resolving issues;
3. (iii)meeting metadata (e.g., calendar invitations) and feedback you provide.

2.8 Billing and transaction data. For enterprise procurement and billing, we may process:

1. (i)billing contact details, invoice information, tax-related identifiers where required, and payment status;
2. (ii)purchase/contract metadata (e.g., subscription tier, seats, term, renewal dates);
3. (iii)records necessary for accounting, compliance, and dispute resolution.

2.9 Cookies and similar technologies. We may use cookies, pixels, local storage, and similar technologies on our website and potentially within the Service to:

1. (i)enable core functionality (e.g., session management, security);
2. (ii)remember preferences;
3. (iii)measure performance and improve user experience;
4. (iv)support marketing communications where permitted.
5. (v)Where required by law, we will provide a cookie consent mechanism and honor relevant choices.

2.10 Sensitive data. The Service is not designed for, and you should not submit, special categories of personal data (e.g., health, biometrics, precise geolocation, government identifiers) unless expressly requested by a written agreement. If such data is submitted to the Service, it will be treated as Customer Data and processed only as necessary to provide and secure the Service, subject to applicable law.

3.1 From you and your organization. We may collect Personal Data directly from you or your organization when you create or administer an account, use the Service, submit Customer Data, use AI/document features, use the API, request a demo, communicate with us, or otherwise interact with the Service.

3.2 From public and professional sources. For Professional Data and market-intelligence context, we may obtain information from public and professional sources, such as:

1. (i)company websites, press releases, regulatory or corporate filings, and other publicly available sources;
2. (ii)professional directories and business networking profiles;
3. (iii)industry publications and other commercially available sources.

3.3 From licensed partners and third-party data providers. We may receive Professional Data and other business-intelligence data from third parties under license or other contractual arrangements. In some cases, we may act as a vendor of third-party data (including when we incorporate third-party datasets into the Service). The availability, scope, and permitted uses of such data may be subject to contractual restrictions and applicable law. We may combine data received from different sources to improve accuracy, enrich records, and reduce duplicates. We may take reasonable steps to validate or update Professional Data, but we do not guarantee completeness or timeliness.

3.4 From users (including user submissions and corrections). Authorized Users may submit information to the Service, including suggested updates to professional profiles, corrections, relationship mappings, and other intelligence. We may also receive information when users export data, share reports, or otherwise interact with collaboration features, subject to applicable permissions.

3.5 Automatically from devices and systems. We may collect usage, device, and log data automatically when you access the Service, including through cookies and similar technologies where applicable. We also generate security and audit logs to protect the Service, enforce license restrictions, maintain integrity, and investigate suspected misuse.

3.6 From customers’ integrated tools (as instructed). If a Customer integrates third-party applications or internal systems with the Service (e.g., via API or single sign-on), we may receive data from those systems as instructed by the Customer and as necessary to provide the Service.

4.1 General. We use Personal Data to operate, provide, maintain, secure, and improve the Service; to administer customer relationships; to conduct sales and marketing activities where permitted; to comply with legal obligations; and to protect our rights, users, and business.

4.2 Provide and operate the Service. We use Personal Data to create, administer, and manage accounts, workspaces, and Authorized User access; authenticate users, enforce permissions, and support enterprise controls (including SSO where applicable); deliver core functionality, including the grid map, asset/company/people intelligence modules, reports, exports, and related workflows; and process Customer Data submitted to the Service (including documents and AI/chat inputs) as necessary to provide the requested features and outputs.

4.3 AI / conversational intelligence and document workflows. Where you use AI-enabled features, we may process prompts, queries, uploaded documents, and related context to generate responses and to provide the feature. We may also use technical telemetry (e.g., error logs, latency, safety events) to maintain reliability and prevent misuse, and (to the extent permitted by law and contract) we may use de-identified and/or aggregated information derived from feature usage to improve the Service, including model performance and user experience. Customers remain responsible for what they submit into AI features. You should not submit information you are not authorized to share or that is subject to heightened legal protections unless permitted by a written agreement.

4.4 Professional Data and market-intelligence context. We use Professional Data and related business-intelligence information to compile and provide professional profiles and business contact details in the Service for legitimate professional use; improve data quality, resolve duplicates, validate accuracy, and maintain currency; link professionals to companies, assets, transactions, and market activity indicators to provide contextual intelligence; and respond to requests to correct, update, or suppress Professional Data where required or appropriate.

4.5 Security, integrity, and compliance (including usage monitoring). We use Personal Data to monitor, record, and analyze usage of the Service to maintain security, performance, and availability; detect, investigate, and prevent fraud, abuse, unauthorized access, scraping, credential compromise, and other violations of our Terms of Use or License Agreements; maintain audit logs for administrative, compliance, and security purposes; and enforce license restrictions and support accurate billing (e.g., seat usage, export behavior, and API rate limit compliance).

4.6 Communications, support, and customer relationship management. We use Personal Data to respond to inquiries, provide support, troubleshoot issues, and deliver customer success services; send service-related communications (e.g., security alerts, technical notices, policy updates, and account notifications); and manage procurement, contracting, billing, renewals, and relationship administration.

4.7 Analytics and improvement. We may use usage and technical data to understand feature adoption, improve workflows, and optimize performance; develop new features, datasets, and capabilities; and generate aggregated and de-identified statistics and insights for business operations, reporting, and marketing (provided individuals are not identified).

4.8 Marketing and business development. Where permitted by law, we may use Personal Data to send marketing communications, newsletters, event invitations, and product updates; personalize outreach and evaluate campaign effectiveness; and identify and pursue potential customer relationships and partnerships. You may opt out of marketing emails at any time via the unsubscribe mechanism included in the message, subject to certain service/transactional communications that are necessary to provide the Service.

4.9 Legal, compliance, and protection of rights. We may use Personal Data to comply with applicable laws, lawful requests, and legal process; establish, exercise, or defend legal claims and resolve disputes; and protect the rights, property, and safety of Tera, our customers, Authorized Users, and the public.

5.1 General approach. Our legal basis for processing Personal Data depends on (i) the purpose of processing, (ii) the nature of our relationship with you or your organization, (iii) applicable law in your jurisdiction, and (iv) whether we act as a controller or processor for the relevant data.

5.2 EEA/UK/Switzerland (GDPR/UK GDPR) legal bases (where applicable). When we act as a controller and GDPR/UK GDPR applies, we rely on one or more of the following legal bases:

1. (i)Performance of a contract (Article 6(1)(b)). To provide the Service, administer accounts, and perform our obligations under a License Agreement or Terms of Use.
2. (ii)Legitimate interests (Article 6(1)(f)). To operate and improve the Service; maintain security; prevent fraud, abuse, and unauthorized access; conduct B2B marketing and relationship management; and maintain the Professional Data database for legitimate professional use. Where we rely on legitimate interests, we consider and balance potential impacts on individuals’ rights and freedoms and implement safeguards where appropriate.
3. (iii)Compliance with legal obligations (Article 6(1)). To meet legal, regulatory, tax, accounting, and compliance requirements.
4. (iv)Consent (Article 6(1)(a)). Where required for certain cookies/marketing or other activities; consent may be withdrawn at any time (without affecting processing before withdrawal).
5. (v)Establishment, exercise, or defense of legal claims and related purposes (including as part of our legitimate interests or legal obligations).

5.3 Customer Data processed on behalf of Customers. When we process Customer Data as a processor, the Customer is the controller and is responsible for determining and documenting an appropriate legal basis and providing required notices. We process such Customer Data only as necessary to provide the Service, as instructed by the Customer through its use/configuration of the Service, and as otherwise permitted by the governing agreement and applicable law.

5.4 Other jurisdictions. In jurisdictions that do not use the GDPR legal-basis framework, we process Personal Data on grounds recognized under applicable law, such as to perform a contract with you or your organization; for legitimate business purposes and operational necessity (including security and service integrity); to comply with legal obligations and respond to lawful requests; and with consent where required. We may provide additional notices for specific jurisdictions where required (e.g., certain US states or China).

5.5 Professional Data. Because the Service is designed for B2B market intelligence, we generally process Professional Data to support legitimate professional networking, sourcing, and market research activities, and to provide the Service to Customers. We will honor legally required requests to access, correct, delete, or suppress Professional Data, subject to verification and applicable exemptions. If you believe your Professional Data should not appear in the Service or is inaccurate, you may contact us at com*******@teraintel.com.

6.1 General. We may disclose Personal Data to the categories of recipients described below for the purposes set out in this Policy. We do not disclose Personal Data except as permitted by law and consistent with this Policy.

6.2 Service providers and subprocessors. We may disclose Personal Data to third parties that perform services on our behalf, such as hosting, content delivery, analytics, security monitoring, customer support tooling, communications services, payment and invoicing support, and other business operations ("Service Providers"). Service Providers are authorized to process Personal Data only as necessary to provide services to us and are contractually required to protect the data and process it in a manner consistent with this Policy. Depending on the customer and configuration, data may be processed in multiple regions (including the EU, the United States, and Asia).

6.3 Affiliates and corporate administration. We may disclose Personal Data to our affiliates and related entities for purposes consistent with this Policy, including internal administration, security, auditing, compliance, and business operations. Where we operate through different entities in different jurisdictions, your data may be accessed by personnel within our group on a need-to-know basis.

6.4 Customers and Authorized Users. Professional Data and other intelligence content made available through the Service may be disclosed to Customers and their Authorized Users consistent with their subscription tier, permissions, and applicable contractual restrictions. Customers are responsible for ensuring their Authorized Users comply with applicable law and contractual restrictions when accessing and using Professional Data and other content.

6.5 Third-party applications and integrations (at Customer instruction). If a Customer chooses to use third-party applications or integrations with the Service, we may disclose data to the third party as instructed by the Customer. The third party’s processing is governed by its own terms and privacy practices. Tera is not responsible for third parties’ privacy practices, and Customers should evaluate third-party services before enabling integrations.

6.6 Legal process and protection of rights. We may disclose Personal Data if we reasonably believe disclosure is necessary to:

1. (i)comply with applicable law, regulation, legal process, or lawful governmental request;
2. (ii)enforce our Terms of Use, License Agreements, and other agreements;
3. (iii)protect the rights, property, or safety of Tera, our customers, Authorized Users, or others;
4. (iv)detect and investigate security incidents and fraud.

6.7 Business transfers. We may disclose Personal Data in connection with a corporate transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of all or part of our business or assets. Any recipient will be required to honor reasonable confidentiality and security obligations. Where required by law, we will provide notice of a material change in control or data practices.

6.8 Aggregated and de-identified data. We may create and disclose aggregated, de-identified, or anonymized data (such as usage statistics, feature adoption rates, performance metrics, and market insights) for product improvement, business operations, marketing, and industry reporting, provided such data does not identify an individual.

7.1 Global operations. We operate globally and may process and store Personal Data in multiple jurisdictions, including (as operationally necessary) the European Union, the United States, and Asia. Where you access the Service from one jurisdiction, your information may be transferred to and processed in another jurisdiction with different data protection laws.

7.2 Safeguards for transfers (EEA/UK/Switzerland). Where applicable law requires a lawful transfer mechanism, we implement appropriate safeguards, which may include the European Commission’s Standard Contractual Clauses ("SCCs") (including with the UK addendum where applicable), contractual/technical/organizational measures designed to protect Personal Data during cross-border processing, and transfer impact assessments or similar evaluations where required.

7.3 China and other jurisdictions with cross-border requirements. Where Chinese law (including the Personal Information Protection Law, "PIPL") or other local laws impose restrictions on cross-border transfers, we will take steps intended to comply with applicable requirements, which may include processing arrangements and contractual safeguards, data localization or regional hosting options where commercially and technically feasible, and additional notices, consents, certifications, assessments, or filings where required.

7.4 Customers’ choices and configurations. Depending on your subscription and configuration, some data may be processed in one or more regions. Customers may be able to select certain processing or storage preferences. Not all options are available for all features, and certain processing may be necessary to provide the Service (e.g., security monitoring and resilience).

8.1 General retention principles. We retain Personal Data for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, enforce our agreements, and protect our legitimate interests, unless a longer retention period is required or permitted by law.

8.2 Customer Data. We retain Customer Data in accordance with the applicable License Agreement and the Customer’s instructions as reflected in their use/configuration of the Service. Upon termination or expiration of a Customer’s subscription, we may delete or return Customer Data in accordance with the governing agreement and applicable law. We may retain limited copies of Customer Data for a reasonable period for backup, security, audit logging, dispute resolution, and legal compliance, provided such data is protected and access-restricted.

8.3 Logs and security records. We may retain security logs, audit logs, and related records for purposes such as detecting and preventing abuse and unauthorized access; investigating incidents and enforcing contractual restrictions; and meeting legal and compliance requirements.

8.4 Professional Data. We retain Professional Data for so long as it remains relevant to the Service’s market-intelligence purpose, subject to our data quality practices and legally required deletion/suppression requests. We may retain suppression lists to ensure we honor opt-outs and deletion requests. Retention may vary by jurisdiction and by the nature of the data source (public/professional, licensed, or user-submitted).

8.5 Aggregated/de-identified data. We may retain aggregated and de-identified data for longer periods, as it is used to improve and evolve the Service and does not identify individuals.

9.1 Overview. We use cookies and similar technologies (collectively, "Cookies") on our public website and, where applicable, within the Service. Cookies are small text files or similar identifiers that are stored on your device when you visit a website or use an application. They help enable functionality, security, and certain preferences, and they may allow us (and our Service Providers) to recognize your browser or device over time.

9.2 Types of Cookies. Depending on your configuration and jurisdiction, we may use the following categories of Cookies:

9.2.1 Strictly necessary Cookies (always on). These Cookies are required to operate the website and/or Service and cannot be switched off in our systems. They are typically set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms. We use strictly necessary Cookies for:

1. (i)security and fraud prevention (including detection of automated scraping and abusive traffic);
2. (ii)authentication and session management;
3. (iii)load balancing and basic performance routing;
4. (iv)remembering privacy choices in jurisdictions where this is required.

9.2.2 Functional Cookies. These Cookies enable enhanced functionality and personalization. If you do not allow these Cookies, some or all of these services may not function properly. We may use functional Cookies to:

1. (i)remember preferences and settings (e.g., language selection);
2. (ii)support embedded content or interface enhancements;

9.2.3 Analytics/measurement Cookies. These Cookies help us measure traffic and usage patterns so we can improve the website and Service. We may use analytics Cookies to:

1. (i)understand how visitors navigate and interact with the website;
2. (ii)measure performance (e.g., page load times, error rates);
3. (iii)evaluate feature adoption and improve usability.

9.2.4 Marketing Cookies (where permitted). These Cookies may be set through our website by us or by partners to build a profile of your interests and show you relevant communications. Where required by law, we will obtain consent before setting marketing Cookies. We do not intend to use marketing Cookies within authenticated customer workspaces unless clearly disclosed and legally permitted.

9.3 Cookie consent and choices. Where required by law (including in many European jurisdictions), we will present a cookie consent banner that allows you to accept or reject certain categories of Cookies. Your selections may be stored via a consent Cookie so that we can remember your preferences. You can also manage Cookies through your browser settings; however, disabling certain Cookies may affect functionality.

9.4 Global Privacy Control and similar signals. Some jurisdictions recognize opt-out preference signals (such as Global Privacy Control). Where required by applicable law, we will honor such signals for relevant activities (for example, certain forms of targeted advertising).

9.5 Do Not Track. Some browsers incorporate a "Do Not Track" (DNT) signal. There is no uniform standard for DNT, and we may not respond to DNT signals unless required by law.

9.6 Device identifiers and similar technologies. We may use device identifiers, local storage, SDKs, and similar technologies (especially in mobile contexts, if applicable) for similar purposes as Cookies, including security, functionality, and measurement. Where required, we provide notice and obtain consent.

9.7 Third-party content. Some embedded content or integrations may set Cookies or use similar technologies. Those third parties’ use of Cookies is governed by their own privacy policies, and we do not control their practices.

10.1 Security program. We maintain administrative, technical, and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. Security measures are designed with regard to the nature of the data and the risks of processing, and may be updated over time.

10.2 Examples of safeguards. Depending on the Service and deployment, safeguards may include:

1. (i)access controls, least-privilege permissions, and role-based access management;
2. (ii)authentication measures, including multi-factor authentication and/or single sign-on options where available;
3. (iii)encryption in transit and encryption at rest where appropriate;
4. (iv)logging and monitoring for security and abuse prevention, including audit trails for key administrative actions;
5. (v)secure development practices, vulnerability management, and patching processes;
6. (vi)segmentation of environments and change management controls;
7. (vii)incident response and business continuity planning.

10.3 No guarantee. While we take reasonable steps to protect Personal Data, no security measures can guarantee absolute security. You are responsible for maintaining the confidentiality of your credentials and for using appropriate security controls in your environment, including promptly notifying us of any suspected unauthorized access.

10.4 Security incidents. If we become aware of a confirmed security incident affecting Personal Data, we will take steps we deem reasonable and appropriate to investigate, mitigate, and remediate the incident. Where required by applicable law and/or contract, we will provide notifications within legally mandated timeframes.

11.1 Overview. Depending on your jurisdiction and our role (controller or processor), you may have certain rights regarding your Personal Data. Some rights apply only in specific regions, and some may be limited by legal exceptions (e.g., security, fraud prevention, legal compliance, or protection of others’ rights).

11.2 GDPR/UK GDPR-style rights (where applicable). Subject to applicable law, you may have the right to:

1. (i)request access to your Personal Data;
2. (ii)request correction of inaccurate or incomplete Personal Data;
3. (iii)request deletion of your Personal Data;
4. (iv)request restriction of processing;
5. (v)object to processing, including processing based on legitimate interests and certain marketing activities;
6. (vi)request portability of Personal Data you provided to us (in structured, commonly used, machine-readable form) in certain circumstances;
7. (vii)withdraw consent where we rely on consent (without affecting processing before withdrawal);
8. (viii)lodge a complaint with a competent supervisory authority.

11.3 US state privacy rights (where applicable). Depending on your state of residence, you may have rights such as:

1. (i)to know/access certain information about our processing of Personal Data;
2. (ii)to request deletion of certain Personal Data;
3. (iii)to correct inaccurate Personal Data;
4. (iv)to opt out of certain processing (e.g., targeted advertising, certain disclosures characterized as "sales" or "sharing" under applicable law);
5. (v)to limit use and disclosure of "sensitive" Personal Data where applicable.
6. (vi)We provide additional US-specific disclosures in Section 12.

11.4 Marketing choices. You may opt out of marketing emails by using the unsubscribe mechanism in the message. Even if you opt out of marketing, we may still send you non-marketing communications that are necessary to provide the Service, such as security alerts, billing notices, and policy updates.

11.5 Professional Data requests (People/Professionals Database). If you are an individual whose Professional Data appears in the Service, you may request (as applicable):

1. (i)access to the Professional Data associated with you;
2. (ii)correction of inaccurate Professional Data;
3. (iii)deletion or suppression of Professional Data, where required or appropriate;
4. (iv)restriction of certain uses or disclosures, where required by law.
5. (v)We may maintain a suppression list to ensure your request is honored going forward.

11.6 Requests relating to Customer Data. If your Personal Data is included in Customer Data processed by us on behalf of a Customer (for example, documents uploaded by a Customer or your organization), you should direct your request to the relevant Customer (the controller). Where appropriate, we will support the Customer in responding to verified requests consistent with the governing agreement and applicable law.

11.7 How to submit a request. To submit a request, contact com*******@teraintel.com and include sufficient information for us to understand and evaluate your request. We may require verification of identity and authority (including verification that you are the relevant individual or an authorized representative). We may request additional information to verify your request or to prevent fraud. If you submit a request through an agent, we may require proof of the agent’s authority and additional verification. We may deny requests where permitted by law (e.g., where honoring the request would compromise security, reveal confidential information, or conflict with legal obligations).

11.8 Response timing. We will respond within the timeframe required by applicable law. Where we act as a processor, response timing may depend on coordination with the Customer and the governing agreement.

11.9 Non-discrimination. Where applicable law provides for non-discrimination rights, we will not discriminate against you for exercising your privacy rights.

12.1 Applicability. This section provides additional disclosures for residents of certain US states (including California) to the extent applicable. Because the Service is primarily a B2B platform, some consumer-oriented concepts may not apply to all interactions; however, we provide these disclosures for transparency where required.

12.2 Categories of Personal Data collected. In the last 12 months, we may have collected the categories described in Section 2, which may include:

1. (i)identifiers (e.g., name, business email, IP address);
2. (ii)commercial information (e.g., subscription/billing records);
3. (iii)internet or other electronic network activity information (e.g., usage logs, device data);
4. (iv)professional or employment-related information (e.g., professional profiles and roles);
5. (v)geolocation data (approximate location derived from IP);
6. (vi)inferences drawn from usage to improve and secure the Service (in aggregated/de-identified form where appropriate).

12.3 Purposes. We use these categories for the purposes described in Section 4 (including providing the Service, security, analytics, and business operations).

12.4 Disclosures to third parties. We may disclose the above categories to the recipients described in Section 6, including Service Providers, affiliates, and business transaction counterparties. We disclose information for business purposes such as hosting, security, analytics, customer support, communications, billing support, and operational administration. We do not knowingly sell Personal Data in the ordinary sense of exchanging Personal Data for money. However, certain jurisdictions define "sale" or "sharing" broadly to include certain disclosures for targeted advertising. Where applicable, you may have the right to opt out of such disclosures.

12.5 Sensitive Personal Data. We do not intentionally collect sensitive personal information as defined by certain state laws (such as government identifiers, precise geolocation, health information, or biometric information) for the purpose of inferring characteristics about individuals. If such data is provided to us, it is typically as part of Customer Data and processed only as necessary to provide and secure the Service, subject to applicable law and contract.

12.6 Retention. Please see Section 8 for retention principles. Retention depends on the purpose for which the data was collected, the nature of the relationship, and legal requirements.

12.7 Your rights. Subject to verification and applicable exceptions, you may have the right to:

1. (i)request access to certain information about our collection and use of Personal Data;
2. (ii)request deletion and/or correction of certain Personal Data;
3. (iii)opt out of certain processing, including targeted advertising and certain disclosures characterized as sales/sharing;
4. (iv)appeal certain decisions regarding your request (where required).

12.8 How to exercise rights. Contact com*******@teraintel.com. We may need to verify your identity and confirm which jurisdiction applies. If you use an authorized agent, we may require proof of authorization.

12.9 California Shine the Light. Where applicable, California residents may request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. You may submit such requests to com*******@teraintel.com. We may limit responses as permitted by law.

13.1 General. Certain jurisdictions (including China) impose specific requirements regarding notice, consent, and cross-border transfers. This section is intended to provide supplemental information where such requirements apply. If you are a Customer operating in a jurisdiction with additional requirements, you may be asked to execute supplemental terms or notices (including data processing agreements and/or transfer addenda).

13.2 China (PIPL) supplemental notice (where applicable). Where the Personal Information Protection Law ("PIPL") or related Chinese regulations apply, the following may be relevant:

1. (i)Personal information handler. The relevant Tera entity identified in the applicable agreement (or the operator of the Service for the region) acts as the personal information handler for controller activities described in this Policy.
2. (ii)Purposes and methods. We process personal information for the purposes described in Section 4 using methods such as collection through forms, automated logging, provision of platform functionality, and processing necessary to provide AI/document workflows and API services.
3. (iii)Cross-border transfers. If personal information is transferred outside China, we will take steps intended to comply with applicable requirements (which may include separate notices/consents, contractual mechanisms, security assessments, certifications, or other measures as required by law).
4. (iv)Retention. We retain personal information for the period necessary to achieve the purposes described in this Policy and as required by law, subject to Section 8.
5. (v)Your rights. Individuals may have rights to access, copy, correct, delete, withdraw consent (where applicable), request explanation of processing rules, and request account cancellation, subject to verification and legal exceptions.

13.3 Middle East and other regions. Some jurisdictions in the Middle East and elsewhere have emerging privacy frameworks that may require localized notices or specific consent mechanisms. We will provide additional disclosures or contractual terms where required by applicable law.

13.4 Conflict. If this section conflicts with the main Policy for a specific jurisdiction, this section controls for that jurisdiction to the extent required by law.

14.1 Not directed to children. The Service is not directed to children and is intended for professional use. We do not knowingly collect Personal Data from children under 13 (or under 16 where required by law).

14.2 If you believe a child has provided data. If you believe a child has provided us Personal Data, please contact com*******@teraintel.com so that we can take appropriate steps consistent with applicable law.

15.1 Updates. We may update this Policy from time to time at our sole discretion to reflect changes in the Service, our practices, or legal requirements. When we make changes, we will revise the "Last Updated" date at the top of this Policy.

15.2 Notice of material changes. If we make material changes, we may provide notice by posting an updated Policy on our website, through the Service, and/or by other reasonable means (including email), consistent with applicable law and our agreements. Your continued use of the Service after the effective date of an updated Policy constitutes your acknowledgment of the updated Policy to the extent permitted by law.

16.1 Privacy inquiries. If you have questions about this Policy, our privacy practices, or wish to exercise your rights, please contact us or email com*******@teraintel.com.

16.2 Security reports. If you believe you have discovered a security vulnerability or suspect unauthorized access to the Service, please contact us promptly via com*******@teraintel.com and include relevant details. For industry terminology related to electricity markets, visit our Electricity Market Glossary.

16.3 Complaints. Where applicable, you may have the right to lodge a complaint with a data protection authority or other regulator. We encourage you to contact us first so that we may address your concerns.