DRAFT

This policy is a draft pending legal review by Inventus. Treat it as informational; it is not yet a binding commitment. The published version will replace this page once review is complete.

LEGAL

Privacy Policy

Effective date: pending publication · Last updated: 4 June 2026

Published by: Glyphzero, Inc., a Delaware corporation
Address: 131 Continental Drive, Suite 305, Newark, DE 19713, United States of America
Contact: [email protected]

1. Introduction

Glyphzero, Inc. ("Glyphzero," "we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, share, and protect information about you when you visit glyphzerolabs.com (the "Site"), engage with our marketing, contact us, or participate in evaluations or pilots of our products and services, including SURADAR.

This policy applies to Glyphzero, Inc. as the data controller. Where Glyphzero KK (Japan) processes personal data of Japanese data subjects, that processing is governed by a separate Personal Data Protection Policy compliant with Japan's Act on the Protection of Personal Information (APPI).

2. Information We Collect

2.1 Information you provide directly

  • Contact information — name, email address, company name, job title, and phone number when you fill out a contact form, request a demo, subscribe to a newsletter, or otherwise communicate with us.
  • Conversation content — the substance of emails, LinkedIn messages, or other communications you initiate with us.
  • Engagement information — your role at your organization, your interest in our products, and information you provide during evaluation or pilot conversations.

2.2 Information collected automatically

  • Usage data — the pages you visit on the Site, time spent on the Site, links clicked, and approximate geographic location derived from IP address.
  • Device and browser information — device type, operating system, browser type and version, screen resolution.
  • Log data — IP addresses, timestamps, and referring URLs.

2.3 Cookies and similar technologies

The Site uses cookies and similar technologies for functionality, analytics, and limited tracking. See our Cookie Policy for details.

2.4 Information from third parties

We may receive information about you from third-party sources such as professional networking platforms (e.g., LinkedIn), publicly available business directories, and warm introductions from mutual contacts, where you have made such information available or where you have consented to such sharing.

2.5 Information NOT collected through the Site

Glyphzero is a business-to-business infrastructure provider. We do not knowingly collect personal data from consumers, children under the age of 13 (or 16 where higher standards apply), or individuals who are not authorized representatives of their organization in a business context.

3. How We Use Information

We use personal data for the following purposes and on the following legal bases:

  • Responding to inquiries, demo requests, and pilot conversations — legitimate interest in serving prospective customers.
  • Providing product evaluations, pilots, and proofs-of-concept where you have requested them — performance of a contract or pre-contractual steps.
  • Sending marketing communications about our products and services, where you have opted in — consent.
  • Improving the Site, our products, and our services — legitimate interest in product development.
  • Complying with legal obligations, including tax, accounting, and regulatory requirements — legal obligation.
  • Protecting the rights, property, and safety of Glyphzero, our customers, and the public — legitimate interest.
  • Enforcing our Acceptable Use Policy, terms of service, or other agreements — legitimate interest.

We do not use personal data for automated decision-making that produces legal or similarly significant effects without your explicit consent.

4. How We Share Information

4.1 Service providers

We use third-party service providers to host the Site, process communications, manage marketing, and operate analytics. These service providers are contractually obligated to process personal data only on our instructions and to protect it consistent with this policy. Categories include:

  • Hosting and content delivery (e.g., Cloudflare)
  • Email and communications (e.g., Google Workspace)
  • Customer relationship management
  • Analytics
  • Professional services (legal, accounting, tax)

A current list of our material sub-processors used in customer engagements is available upon request to [email protected].

4.2 Business transfers

If Glyphzero is involved in a merger, acquisition, reorganization, financing, sale of assets, or transfer of substantially all our equity, your personal data may be transferred or disclosed in connection with that transaction, subject to standard confidentiality protections.

4.3 Legal compliance and protection

We may disclose personal data when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Glyphzero, our customers, or the public.

4.4 Affiliates

We may share personal data with Glyphzero, Inc.'s wholly-owned subsidiaries, including Glyphzero KK (Japan) once operational, for the purposes described in this policy and subject to equivalent protections.

4.5 With your consent

We may share personal data for any other purpose with your consent.

4.6 What we do NOT do

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes. We do not engage in cross-context behavioral advertising as defined under CCPA.

5. International Data Transfers

Glyphzero, Inc. is headquartered in the United States, and our founder and operations are based in Japan. Personal data we collect may be transferred to, stored in, and processed in the United States, Japan, and other countries where our service providers operate.

When we transfer personal data of EU/EEA, UK, or Swiss data subjects outside those regions, we rely on appropriate safeguards including, where applicable, the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and Swiss-equivalent transfer mechanisms. A copy of these safeguards is available upon request.

When personal data of Japanese data subjects is transferred outside Japan, we comply with applicable cross-border transfer requirements under APPI, including obtaining consent or providing required notices where applicable.

6. Data Retention

  • Contact form submissions and direct inquiries — retained for 2 years after last contact, unless the inquiry becomes an active business relationship.
  • Newsletter subscriptions — retained until you unsubscribe or 3 years of inactivity.
  • Pilot and evaluation conversations — retained for the duration of the engagement plus 3 years.
  • Tax, accounting, and regulatory records — retained per applicable legal retention requirements (typically 4-7 years).
  • Anonymized or aggregated data — may be retained indefinitely.

When retention is no longer required, we delete or anonymize personal data using reasonable measures.

7. Your Rights

7.1 Rights under GDPR (EU/EEA, UK, Switzerland)

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

7.2 Rights under CCPA / CPRA (California)

  • Right to know what personal information we collect, use, share, and sell
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising your rights

7.3 Rights under Japan APPI

  • Right to disclosure of retained personal data
  • Right to correction, addition, or deletion of retained personal data
  • Right to cessation of use or third-party provision
  • Right to request a record of third-party provision

7.4 Exercising your rights

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA, with limited extensions where permitted). We may require verification of your identity before responding.

8. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS / TLS), access controls, employee training, and contractual safeguards with service providers.

No method of data transmission or storage is perfectly secure. We cannot guarantee absolute security but we work to maintain security commensurate with the sensitivity of the data and current industry standards.

If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.

9. Cookies and Tracking Technologies

See our standalone Cookie Policy for the categories of cookies in use, how to control them, and our commitments around behavioral tracking.

10. Children's Privacy

The Site is not directed to children, and we do not knowingly collect personal data from children under the age of 13 (or 16 where higher standards apply, such as under GDPR). If you believe we have inadvertently collected personal data from a child, please contact us at [email protected] and we will delete it.

11. Third-Party Links

The Site may contain links to third-party websites, services, or content. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party site you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice (such as by email or a notice on the Site).

13. Contact Us

For privacy-related questions, requests, or complaints:

Email: [email protected]
Mail:
Glyphzero, Inc.
Attn: Privacy
131 Continental Drive, Suite 305
Newark, DE 19713
United States of America

For Japan-related inquiries (once Glyphzero KK is operational), Japan-specific contact information will be added here.