Privacy Policy
Last Updated: August 26, 2025
1. Introduction and Scope
This Privacy Policy describes how Ekyam.ai, Inc. ("Ekyam", "we", "us", or "our") processes data when providing our website located at www.ekyam.ai (the "Website"), our AI-powered retail operations Platform and related services (all of the foregoing are collectively referred to herein as "Services").
This policy is intended for the business clients who have entered into a Master Services Agreement with us and their authorized employees and representatives ("Authorized Persons", "you", or "your") who use the Services and for other users of our Website (collectively, such clients and users, "Clients").
Important Note on Data Processing Roles: In the context of our Services, our Client is the Data Controller of the data they and their Authorized Persons provide. This means the Client determines the purposes and means of processing the data. Ekyam acts as a Data Processor (or "Service Provider"), processing this data on behalf of and under the instruction of our Client, as stipulated in our Master Services Agreement. This policy primarily explains our role and obligations as a Data Processor.
This policy is intended for the business clients who have entered into a Master Services Agreement with us and their authorized employees and representatives ("Authorized Persons", "you", or "your") who use the Services and for other users of our Website (collectively, such clients and users, "Clients").
Important Note on Data Processing Roles: In the context of our Services, our Client is the Data Controller of the data they and their Authorized Persons provide. This means the Client determines the purposes and means of processing the data. Ekyam acts as a Data Processor (or "Service Provider"), processing this data on behalf of and under the instruction of our Client, as stipulated in our Master Services Agreement. This policy primarily explains our role and obligations as a Data Processor.
2. Information We Process
We process several categories of information on behalf of our Clients, which may include Personal Information. "Personal Information" is any information that identifies or can be used to identify an individual, such as a name or email address
Business Contact and Account Information:
- We collect names, email addresses, usernames, and encrypted passwords of Authorized Persons to create and manage user accounts for the Platform.
Client Data:
- This is the primary data we process on our Client's behalf. It is owned by the Client and may include Personal Information about the Client's own customers, employees, or business partners.
- This data includes information from integrated ERP, WMS, OMS, and e-commerce systems, such as:
- Inventory, SKU, vendor, and transaction details.
- Order processing and fulfillment data.
- Inputs, queries, and prompts provided by Authorized Persons to the Platform and its AI features.
Usage and Technical Information:
- We automatically collect and store information about how Authorized Persons interact with our Services, such as features used and clicks, pages or screens viewed, how long spent on a page or screen, browsing history, navigation paths between pages or screens, information about activity on a page or screen, access times, and duration of access, and whether Authorized Persons have opened our marketing emails or clicked links within them ("Usage Data").
- We also collect log data, device information, and IP addresses to maintain and secure the platform.
Cookies and Tracking Technologies:
- We use cookies and similar technologies to provide and support our Services.
- Essential Cookies:Required for platform functionality, user authentication, and security.
- Performance Cookies:Help us collect Usage Data to analyze and improve platform performance.
- Functionality Cookies:Remember your settings and preferences to enhance your experience.
- You can manage your cookie preferences through your browser settings. Disabling essential cookies may impair the functionality of the Services.
3. How We Use Information
Our use of information, particularly Client Data, is governed by our agreement with our Client. We act solely on their instructions
To Provide the Services to Our Client:
- Our primary use of information is to perform our contractual obligations. This includes:
- Operating, administering, maintaining, operating and providing all features of the Platform.
- Integrating systems and synchronizing data across the retail supply chain.
- Providing AI-powered features, including processing data for AI optimization, tokenization, and vectorization to power the Retail Knowledge Graph and AI Agents
- Updates, security alerts and support and administrative messages.
For Security and Support:
- We use information to prevent or address technical problems , troubleshooting, testing and research, provide customer support at the Client's request , and enforce our agreements.
Important AI Processing Limitation:
- While we process Client Data to optimize our AI models for the benefit of the Client, we will not use Client Data to train public models or for any purpose beyond delivering the contracted Services.
4. How We Share and Disclose Information
We only share information as instructed by our Client or as necessary to provide our Services.
- With AI Subprocessors:We engage third-party subprocessors for AI infrastructure, including model hosting (e.g., OpenAI, Google VertexAI/Gemini) and other specialized services. We will disclose these subprocessors to our Client and provide 30 days' notice before material changes, during which the Client may object for reasonable cause.
- With Other Service Providers:We share information with our hosting provider and other vendors who perform services on our behalf. These vendors are bound by confidentiality and security obligations.
- Professional Advisors:We share personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
- Affiliates:We share personal information with other companies in the Ekyam group, including our corporate subsidiaries and affiliates, for purposes consistent with this Privacy Policy.
- As Required by Law:We may disclose information if compelled by law or a valid legal process, such as a subpoena, or to defend ourselves against legal claims or dispute. Where legally permissible, we will notify our Client to allow them to intervene.
- Business Transfers:If we are involved in a merger, acquisition, or sale of assets, we may transfer information as part of that transaction, in accordance with the terms of our MSA.
5. Your Rights and Choices
Your ability to exercise rights depends on your relationship with us and our Client.
For Authorized Persons:
- Because Ekyam is a Data Processor, you should direct any requests to access, correct, or delete your Personal Information to our Client (the company that grants you access to our Services). They are the Data Controller and are responsible for handling your request.
- You can typically manage your own account information, such as your password, directly within the Platform settings.
For Our Clients:
- As the Data Controller, our Client retains full ownership and control over its Client Data.
- Clients have the right to request an export of their data at any time and upon termination of the agreement. Upon termination, we will delete all Client Data after the final export is complete.
- Do Not Track:Some web browsers may transmit "Do Not Track" signals. At this time, we do not have a mechanism to respond to such signals.
- Cookies:For information about cookies we use and how to control them, see our [Cookie Policy].
6. Data Security and Retention
- Security:We implement commercially reasonable technical, administrative, and physical measures to protect the security, confidentiality, and integrity of data. This includes safeguards to protect against unauthorized tool access and other AI-specific risks. We will promptly notify our Client of any security compromise we become aware of.
- Retention:We retain data for as long as our Client instructs us to and as necessary to provide the Services. Upon termination of our agreement, we securely delete the Client Data as described above.
7. International Data Transfers
Our Services are hosted and operated in the United States. If you or our Client are located outside the U.S., your information will be transferred to, stored, and processed in the U.S.
8. Governing Law
This Privacy Policy and any disputes related to it shall be governed by the laws of the State of New York. All legal proceedings shall be brought in the state or federal courts located in New York.
9. Changes to This Privacy Policy
We may update this policy from time to time. We will notify our Clients of any material changes through the means specified in our Master Services Agreement.
10. Contact Us
If you have questions about this Privacy Policy, please contact us. However, for any requests regarding your Personal Information, please contact the Ekyam Client (your organization) that has provided you with access to the Services.
Ekyam.ai, Inc. Contact for Privacy Inquiries:
Email: [email protected]