GRADIENT PRIVACY POLICY

Version 1.2

Effective date: April 21, 2025

Gradient Technologies (“Gradient,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you interact with us or use our services, including our website (www.gradient.tech) and StealthMFA™ product.

By using our services, you agree to the terms of this Privacy Policy.

1. Introduction

Who This Applies To

This policy applies to visitors of our website and users of our services, including our StealthMFA passwordless authentication platform.

Our Role

We act as the data controller for personal information we collect directly. When we provide services to customers who control the data (e.g., in authentication use cases), we act as a processor or sub-processor.

Scope

This policy does not apply to data collected and processed by our enterprise customers. Contact your organization directly for questions related to their handling of your information.

2. Information We Collect

We may collect the following categories of information:

  • Business Contact Information: Name, job title, employer, business address, work email and phone number. If you, an employer, or a partner choose to provide us with other information, like your personal email address, telephone number or mailing address, then Gradient will collect what you provide.
  • Technical and Device Information: Device name, model, OS version, biometrics capability presence (but not biometric data), serial number, BIOS version, MAC/IP address, and other technical details. Diagnostic logs may include installed apps or software.
  • Audio/Visual Data: Recordings of webinars or calls you attend, event photos, and any avatars or profile images you provide.
  • Cookies and Analytics: We use cookies and similar technologies for functionality, analytics, and personalization. See our Cookie Policy.
  • Feedback and Community Input: Comments, posts, surveys, and other feedback you share voluntarily.

California (CCPA) Disclosures – Personal Information Collected in the Last 12 Months:

  • Identifiers (name, business email, corporate address, phone)
  • Commercial data (transaction records; note: no PCI)
  • Internet/network activity (IP, device ID, browser, other device details)
  • Geolocation data (approximate location via IP)
  • Audio/visual recordings from events

Sources of Collection

We collect this information:

  • Directly from those who provide it
  • Automatically through service use (e.g., authentication transactions, logs, cookies)
  • From partners, service providers, and public sources

3. How We Use Your Information

We use your data to:

  • Deliver, maintain, support, and improve our services
  • Authenticate users and ensure secure access
  • Respond to inquiries and communicate with your requests
  • Send you product updates and marketing (if you opt in)
  • Personalize your experience
  • Analyze trends and usage to improve our platform
  • Prevent fraud and secure our services
  • Fulfill legal and regulatory obligations

Legal Bases for Processing (EEA Users):

  • Consent
  • Contractual necessity
  • Legal obligation
  • Legitimate interest

You can withdraw consent at any time.

4. Sharing Your Information

We may share your personal data with:

  • Service Providers (e.g., cloud hosting, analytics, marketing)
  • Third-Party Integrations at your request (e.g., SSO providers)
  • Affiliates or Subsidiaries
  • Business Transactions (e.g., mergers or acquisitions)
  • Government Authorities if required by law or to protect rights and safety

We do not sell your personal information. We may share aggregated or de-identified data for analytics or research.

5. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy, or as required by law. When no longer needed, we securely delete or anonymize it.

6. Data Security

We implement safeguards like encryption, access controls, and audits to protect your information. No method is 100% secure, but we work diligently to minimize risk. If a breach occurs, we’ll notify you as required by law.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold
  • Correct or update inaccuracies
  • Delete your data
  • Object to certain processing
  • Restrict processing under specific conditions
  • Receive your data in a portable format
  • Withdraw your consent

To exercise any rights, email us at privacy@gradient.tech. We’ll respond within the legally required time.

California Residents (CCPA):

You may request access or deletion of personal information and opt-out of data sharing (though we do not sell data).

8. Children’s Privacy

Our services are not intended for children under 13. If we learn that we have inadvertently collected such data, we will delete it promptly.

9. International Transfers

We may transfer your information across borders (e.g., to AWS data centers or partners in other countries). We use recognized safeguards such as Standard Contractual Clauses to ensure data protection.

10. Cookies and Tracking

We use cookies to improve functionality and user experience. You can manage preferences through your browser or device settings. Read our Cookie Policy for more details.

11. Updates to This Policy

We may modify this policy periodically. We will post the updated version on our website and notify users where required.

12. Contact Us

If you have questions or want to exercise your rights:

Email: privacy@gradient.tech

Address: 68 Harrison Avenue, PMB 78610, Suite 605, Boston MA 02111-1929, USA

Phone: +1 (617) 249-4020