Iron Rhino, LLC ("Iron Rhino," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (ironrhino.ai) or use the Victor AI assistant platform and related services (collectively, the "Services"). Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

1. Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you register for an account, request a demo, contact our support team, or otherwise interact with us. This may include your name, email address, company name, job title, and any other information you choose to provide.

Information Collected Automatically

When you access our Services, we may automatically collect certain technical data, including your IP address, browser type and version, operating system, referring URLs, pages viewed, and timestamps of activity. We use cookies and similar tracking technologies to facilitate this collection. You may configure your browser to refuse cookies, though some features of the Services may not function properly as a result.

Information Collected Through the Platform

When you use the Victor platform, we process data you and your organization upload, input, or generate through the Services, including conversation content, documents, knowledge base materials, and AI-generated outputs ("Customer Data"). Customer Data is processed on your behalf and remains your property. Iron Rhino acts as a data processor with respect to Customer Data in accordance with our Data Processing Agreement (DPA), which is available upon request.

Usage and Telemetry Data

We collect aggregated usage and performance data — such as token counts, response latencies, agent invocations, and feature engagement — to operate, improve, and secure the platform. This data is scoped to your tenant and business unit and is not shared with other customers.

2. How We Use Your Information

We use the information we collect to:

Provision, operate, and maintain the Services, including tenant and user account management

Authenticate users and enforce role-based and business-unit-level access controls

Process and respond to support requests and inquiries

Send transactional communications, such as account confirmations, security alerts, and product updates

Monitor platform performance, detect security incidents, and ensure system integrity

Comply with legal obligations and enforce our agreements

Improve our products and services through aggregated, de-identified analytics

We do not use Customer Data to train our AI models or to improve services offered to other customers.

3. How We Share Your Information

Iron Rhino does not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

Service Providers. We work with trusted third-party vendors to help us deliver the Services, including cloud infrastructure (Amazon Web Services), vector database services (Pinecone), AI model providers (Anthropic via AWS Bedrock), and authentication services. These providers are contractually bound to process data only as directed by Iron Rhino and in accordance with this policy.

Business Transfers. If Iron Rhino is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users before personal information is transferred and becomes subject to a different privacy policy.

Legal Requirements. We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

With Your Consent. We may share information with third parties when you have given us explicit consent to do so.

4. Data Isolation and Multi-Tenant Security

The Victor platform is built on a multi-tenant architecture. Each tenant's data is logically isolated through row-level security scoping, tenant-specific encryption keys, and business-unit-level access controls. We do not permit cross-tenant data access, and our systems are designed to prevent information leakage between customers. Tenant-specific encryption keys are rotated on a defined schedule.

5. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Customer Data is retained in accordance with the terms of your subscription agreement. Upon account termination, Customer Data is deleted or returned in accordance with the DPA.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your data, as well as the right to data portability. To exercise these rights, please contact us at privacy@ironrhino.ai. We will respond to verifiable requests within the timeframe required by applicable law.

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information).

If you are located in the European Economic Area (EEA) or United Kingdom, Iron Rhino processes your personal data in accordance with the General Data Protection Regulation (GDPR) or UK GDPR, as applicable. Our lawful basis for processing is typically contractual necessity or legitimate interests. You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

7. Security

We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest, role-based access controls, audit logging, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly.

9. Third-Party Links

Our website or platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies before providing any information to them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on our website prior to the change becoming effective. Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Iron Rhino, LLC 
Email: privacy@ironrhino.ai 
Website: ironrhino.ai