excedeTM

Privacy Policy

Last updated: February 2026

1. Introduction

excede ("we," "our," or "us") operates the excede platform and related services (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect personal information in accordance with applicable U.S. federal and state laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other state privacy laws where applicable. We are committed to protecting your privacy and handling your data in a transparent, secure manner consistent with standard security and privacy frameworks.

2. Information We Collect

We collect information that you provide directly (e.g., account registration, profile, communications) and information we obtain automatically (e.g., usage data, device and log information). Categories of personal information we may collect include:

  • Identifiers (e.g., name, email address, IP address, unique identifiers)
  • Account and authentication data (e.g., credentials, OAuth tokens)
  • Commercial information (e.g., subscription and billing information)
  • Internet or network activity (e.g., usage of the Service, logs)
  • Professional or employment-related information (e.g., organization, role)
  • Inferences drawn from the above (e.g., preferences, analytics)

We do not sell personal information. We may share personal information with service providers and as described in this policy. We collect and use this information for business and operational purposes, including providing the Service, security, compliance, and improving our offerings.

2.1. Data We Process on Behalf of Our Customers ("Customer Data")

In providing the Service, you and your users will submit or upload data into our platform ("Customer Data"). This Customer Data is processed by us on your behalf, and you are the "business" or "data controller" with respect to this data. We act as a "service provider" or "data processor."

Our processing of Customer Data is governed by the agreement between us and the customer organization you represent. We will only process Customer Data to provide, secure, and monitor the Service as instructed by you and will not use, disclose, sell, or retain Customer Data for any other commercial purpose.

3. How We Use Your Information

This section describes how we use information collected about our users for our own business purposes. For information on how we process data you submit into the Service, see Section 2.1 above.

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service
  • Authenticate users and manage accounts and organizations
  • Process payments and manage subscriptions
  • Communicate with you about the Service and support
  • Detect, prevent, and address security incidents and fraud
  • Comply with legal obligations and enforce our terms
  • Conduct analytics and improve user experience (consistent with your choices)

We retain personal information only as long as necessary to fulfill these purposes or as required by law. We apply data minimization and implement retention schedules aligned with our security and compliance programs.

4. Security and Confidentiality

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our practices are aligned with commonly recognized frameworks for security and confidentiality (e.g., principles consistent with SOC 2 and ISO 27001). We use encryption in transit and at rest where appropriate, access controls, and monitoring. We require our service providers to protect personal information under contractual obligations.

In the event of a data incident that affects your personal information, we will notify affected individuals and regulators as required by applicable law (e.g., state breach notification laws).

5. Sharing and Disclosure

We may share personal information with: (a) service providers that assist in operating the Service (e.g., hosting, analytics, payment processing, identity providers), under contracts that limit use to our instructions and confidentiality; (b) professional advisors and as required by law or to protect rights and safety; (c) affiliates and in connection with a merger, sale, or other transfer of assets, with notice as required by law. We do not sell or share personal information for cross-context behavioral advertising as defined under CCPA/CPRA.

6. Your Rights (U.S. State Privacy Laws)

Depending on your state of residence, you may have the right to: know what personal information we collect and how it is used and disclosed; request access to or a copy of your personal information; request correction of inaccurate information; request deletion of your personal information; opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising); limit use and disclosure of sensitive personal information; and not receive discriminatory treatment for exercising these rights.

To submit a request, contact us at the email below. We will verify your identity and respond within the timeframes required by applicable law. You may designate an authorized agent; we may require proof of authorization. California residents may also use the link "Do Not Sell or Share My Personal Information" if we offer it on our website or in the Service.

7. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies for authentication, security, preferences, and analytics. You can manage cookie preferences through your browser or device settings. Some features may depend on these technologies.

8. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us so we can delete it.

9. International Data Transfers

The Service is hosted and operated in the United States. If you are using the Service from outside the United States, your personal information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Changes

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we will provide additional notice as required by law (e.g., by email or a prominent notice in the Service). Your continued use of the Service after the effective date constitutes acceptance of the updated policy to the extent permitted by law.

11. Contact Us

For privacy-related questions, requests, or complaints, contact us at: privacy@excede.ai. You may also write to us at the address we publish for legal notices. California residents may contact us regarding CCPA/CPRA rights and can request a list of categories of personal information we have disclosed to third parties for a business purpose in the preceding 12 months.