Exosite Data Privacy Policy

Effective Date: March 30, 2026

Exosite LLC ("Exosite," "We," "Us," or "Our") is committed to protecting your privacy and ensuring the security of your personal information. This Data Privacy Policy explains how we collect, use, store, share, and protect your data when you use our website, software products, services, related documentation and tools (collectively, the "Services").

This policy applies to all users of our Services, including visitors to our website, customers, and end users of our IoT platform and solutions.

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our Services.

1. Processing Roles: Controller vs. Processor.

Exosite operates in two capacities depending on the data involved:

  • Exosite as a Controller: We are the "Controller" for the data we collect about you as a user (e.g., your registration email, your navigation on our website, and your billing info).
  • Exosite as a Processor: For the vast majority of IoT data (device data, asset configuration, etc.) that you and your customers provide to Exosite products, you are the Controller and we are the Processor.

2. Information We Collect.

We collect information to provide you with optimal service and to improve our offerings. The types of data we collect include:

2.1  Information You Provide Directly

You provide data directly when you engage in activities such as submitting a contact request, registering for a demo, creating an account, or contacting our support team. This data typically includes:

  • Account Information: First name, last name, business email address, company name, and phone number
  • Company Information: Organization name and business address
  • Financial Information: Billing address, payment method details (processed securely through third-party payment processors)
  • Communications: Information you provide when contacting our support team, submitting questions, requesting information, or participating in surveys
  • Profile Data: Preferences, settings, and customizations you make within our Services

2.2 Information We Collect Automatically

We obtain some data automatically when you interact with our website or Services. This data is collected through cookies, log files, error reports, and platform performance monitoring tools, and includes:

  • Usage Information: Information about how you interact with the website and Services, including pages viewed, features used, and time spent on the platform.
  • Device and Browser Information: IP address, device identifiers, browser type, operating system, and language preferences.
  • Log Data: System logs, error reports, and performance data from our monitoring tools.
  • Cookies and Tracking Data: Data collected via cookies and similar technologies to remember your preferences, track website activity, and for marketing purposes.

2.3 IoT Device and Application Data

When you use Exosite software products to connect devices and run applications, we process the following data on behalf of our customers:

  • Device Data: Information transmitted from connected devices, including, but not limited to, sensor readings, device stats, metadata, and log files.
  • Application Data: Device and Browser Information: IP address, device identifiers, browser type, operating system, and language preferences.
  • Integration Data: Information shared with our Services through third-party integrations you authorize.
  • User Data: First name, last name, email address, and phone number (optional) to receive rule based notifications you manage and configure.

3.  How We Use Your Information.

We process your data based on legitimate business interests, contractual necessity, or legal obligation:

  • Service Delivery: To provide, maintain, and improve our Services, including platform hosting, data processing, and technical support
  • Account Management: To create and manage your account, authenticate users, and provide personalized experiences
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
  • Product Improvement: We analyze usage patterns to enhance our Services and develop new functionality.
  • Billing and Payments: To process transactions, send invoices, and manage subscriptions
  • Communications: To send you service-related notifications, platform status updates, security alerts, and administrative messages
  • Marketing: To send you promotional materials, newsletters, and information about our products and services (with your consent where required)
  • Analytics and Improvement: To analyze usage patterns, measure performance, conduct research, and improve our Services
  • Security: To detect, prevent, and address fraud, security threats, and technical issues
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests

4. Legal Basis for Processing.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you and provide the Services you requested
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, fraud prevention, and network security
  • Consent: Processing based on your explicit consent, which you may withdraw at any time
  • Legal Obligations: Processing necessary to comply with our legal obligations

5. Data Sharing and Third Parties.

We do not sell your data. We share information only with trusted service providers who are contractually bound to protect it:

  • Infrastructure and Software Providers: AWS, MongoDB Atlas, RedisLabs, Auth0, Twilio (Cloud hosting and databases).
  • Operations: Zendesk, HubSpot, Google Workspace, ChargeOver, Quickbooks Online (Support, Communications, Invoicing).
  • Analytics: Google Analytics.
  • Legal: If required by law, we may disclose information to comply with a subpoena or similar legal process.

6. International Data Transfers.

Exosite is based in the United States and our service providers operate globally. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

When we transfer personal information from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers ensuring GDPR-level protection
  • Transfers to countries with adequacy decisions from the European Commission:

7. Cookie & Tracking Technologies.

We use cookies, web beacons, and similar tracking technologies to enhance your experience on our website and platforms. Cookies are small text files stored on your device.

7.1 Types of Cookies We Use.

  • Essential Cookies: Necessary for the website to function properly, including authentication and security
  • Performance Cookies: Collect information about how visitors use our website to help us improve functionality
  • Functional Cookies: Remember your preferences and personalize your experience
  • Advertising Cookies: Used to deliver relevant advertisements and track campaign effectiveness

7.2 Managing Cookies.

  • Consent Manager: When you first visit our site, you can choose which categories of cookies to allow via our Cookie Preference Center.
  • Global Privacy Control (GPC): Our systems automatically detect and honor GPC signals. If your browser is set to "Do Not Track" or GPC, we will treat this as a request to opt-out of all non-essential and marketing cookies.
  • Browser Settings: You can set your browser to refuse all or some cookies. However, disabling certain cookies may limit your ability to use some features of our Services.

8. Your Privacy Rights.

Depending on your location (e.g., California, EU, UK, or states like Indiana/Kentucky), you have the following rights:

  • Right to Know/Access: Request a copy of the data we hold about you.
  • Right to Correct: Update inaccurate or incomplete information.
  • Right to Delete: Request that we erase your personal data, subject to certain legal exceptions.
  • Right to Opt-Out of Profiling: You may opt out of automated processing used for "profiling" that produces legal or significant effects.
  • Global Privacy Control (GPC): Our website recognizes GPC signals. If your browser sends a GPC signal, we will treat it as a valid request to opt-out of "sharing" for targeted advertising.

9. Data Security.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data is encrypted at rest and in transit using industry-standard protocols
  • Access Control: Multi-Factor Authentication (MFA) is required for all administrative access.
  • Secure Development: Secure software development practices and code reviews.
  • Monitoring & Incident Response: Continuous monitoring of systems with incident response procedures.
  • Breach Notification: In the event of a data breach, we will notify affected users and relevant regulators within 72 hours of discovery, as required by law.

10. Artificial Intelligence.

Exosite uses Artificial Intelligence (AI) technology in limited and specific ways to improve our Services and internal operations.

10.1 How Exosite Uses AI.

  • Software Development: AI-assisted tools help our developers write, review, and optimize code for our products.
  • Internal Operations: AI tools assist with documentation, content creation, and operational efficiency improvements.

10.2 Data Protection.

  • Exosite does not use the information collected or data processed as defined in Section 2 to train AI models unless permission is explicitly granted.
  • Exosite does not share the information collected or data processed as defined in Section 2 with third-party AI providers for model training purposes unless permission is explicitly granted.
  • When AI tools are used for code development purposes, we do not input the information collected or data processed as defined in Section 2 or proprietary business information into these systems unless permission is explicitly granted.

10.3 Third Party AI Services

Exosite only uses third party AI providers for software development or internal operations that adhere to the following terms and conditions:

  • Data privacy and protection commitments that are at least as strict as Exosite’s.
  • Exosite maintains ownership over any generated output.
  • Any input provided by Exosite is not used by the third party AI provider for their own model training.

11. Data Retention.

We practice Data Minimization: we only collect the data necessary for the purposes described within this policy. We retain your Personal Data only as long as your account is active or as needed to provide you Services. Upon contract termination, we provide a 30-day window for data export, after which data is securely deleted or anonymized.

12.  Marketing Communications.

You can opt out of receiving marketing communications from us by:

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages.

13. Children’s Privacy.

Our Services are intended for a professional audience and are not directed to children under the age of 16. We do not knowingly collect personal information from minors. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@exosite.com.

14. Changes to This Policy.

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes we will update the “Effective Date” at the top of this policy and notify you of material changes via email or a prominent notice on our website before the changes take effect.

15. Contact Us.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: privacy@exosite.com.