Custosa
See the demoRequest access
Legal

Privacy Policy

Last updated: June 13, 2026

Custosa Inc. ("Custosa", "we", "us", or "our") provides a runtime data-control plane for enterprise AI in regulated industries. This Privacy Policy explains how we handle personal information in connection with our website at custosa.com (the "Site") and our communications with prospective and current customers and partners. It does not govern data that the Custosa service processes on behalf of a customer; that is addressed in section 05 below.

01Who we are & how to contact us

Custosa Inc. is a Delaware corporation. For any privacy question or request, email hello@custosa.com. Our registered office is 131 Continental Drive, Suite 305, Newark, Delaware 19713, USA (c/o our registered agent, Legalinc Corporate Services Inc.).

02Information we collect

Information you provide

When you contact us, request access, or discuss a design-partner relationship, for example through a "Request access" link or by emailing us, we collect the information you choose to provide, such as your name, work email address, company, role, and the contents of your message.

Information collected automatically

When you visit the Site, our hosting infrastructure and standard web-server logs may record limited technical information such as your IP address, browser type and version, device and operating system, referring page, the pages you view, and the date and time of your visit. We use this for security, troubleshooting, and understanding aggregate usage.

Cookies and tracking

The Site does not use advertising cookies or cross-site tracking technologies, and we do not use third-party analytics or advertising services on it.

Fonts loaded from a third party

The Site loads typefaces from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser requests these fonts, Google may receive your IP address and request metadata. This is used to display the Site's typography and is governed by Google's own privacy policy.

03How we use information

We use personal information to respond to your inquiries and provide information you request; to evaluate, establish, and manage design-partner and customer relationships; to operate, secure, maintain, and improve the Site; to send communications you have requested or that relate to a relationship between us; and to comply with legal obligations and enforce our agreements.

04How we share information

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We disclose personal information only:

  • to service providers who process it on our behalf for the purposes above (for example, providers of website hosting and email or communications), under contracts that limit their use of the information;
  • when required by law, legal process, or a governmental request, or to protect the rights, safety, and security of Custosa, our users, or others; and
  • in connection with a merger, financing, acquisition, or sale of assets, in which case we will continue to protect personal information consistent with this policy.

05The Custosa service & customer data

When a customer deploys the Custosa service, Custosa inspects records in transit between the customer's data sources and the customer's AI systems, applies the customer's access and redaction policies, and produces evidence of each decision. In that role:

  • Custosa acts as a service provider / data processor and handles such data only on the customer's documented instructions, under the agreement (and, where applicable, data processing addendum) between Custosa and that customer. That agreement, not this policy, governs the processing of customer data.
  • The service is designed to minimize retention of record content: it evaluates records as they pass through, and its evidence ledger retains verdict metadata and cryptographic hashes, not the underlying record content.
  • The evidence records Custosa generates contain decision verdicts, policy identifiers, counts, timestamps, and cryptographic hashes and signatures, not the underlying record content or the personal data within it.

If you are an individual whose data may be processed through a customer's use of Custosa, please direct your privacy requests to that organization (the controller of your data); we will assist our customers as required under our agreements with them.

06Security

We use technical and organizational measures intended to protect personal information appropriate to its sensitivity, including access controls and least-privilege principles. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

07Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy: for example, to maintain our relationship with you, to operate and secure the Site, and to comply with our legal obligations. After that, we delete or de-identify it. Retention of customer data handled by the service is governed by the applicable customer agreement.

08Your choices & rights

You may contact us at hello@custosa.com to ask about the personal information we hold about you, to request access, correction, or deletion, or to opt out of non-essential communications. We will respond consistent with applicable law. Depending on where you live, you may have additional rights:

EEA / UK

If you are in the European Economic Area or the United Kingdom, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. Our legal bases for processing are typically our legitimate interests (operating and securing the Site and our business, and communicating with business contacts), your consent (where we ask for it), the performance of a contract, and compliance with legal obligations. You may lodge a complaint with your local data protection authority.

California

If you are a California resident, you may have rights under the CCPA/CPRA to know, access, correct, and delete personal information, and to limit certain uses. We do not sell or share personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.

To exercise any right, email hello@custosa.com; we may need to verify your identity before responding.

09International transfers

We are based in the United States and may process and store information in the United States and other countries. Where we transfer personal information from the EEA, the UK, or other regions, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

10Children's privacy

The Site and the Custosa service are intended for businesses and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

11Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above, and material changes will be reflected on this page. Your continued use of the Site after an update means you accept the revised policy.

12Contact

Questions or requests: hello@custosa.com.
Custosa Inc., 131 Continental Drive, Suite 305, Newark, Delaware 19713, USA.