Privacy Policy

This Website Privacy Policy outlines the practices of Permutation Labs (referred to as "CompanyDNA AI", "we", "us", or "our") regarding the collection, storage, usage, sharing, disclosure, and transfer (collectively referred to as "Processing") of data that can identify an individual or is linked to an identifiable person, as recognized by applicable data protection legislation ("Personal Data"), pertaining to visitors ("Visitors" or "you") of the CompanyDNA AI websites that mention or are linked to this Privacy Policy. Additionally, it informs you about your rights concerning the Processing of your Personal Data.

Scope of the Website Privacy Policy

This Privacy Policy is relevant solely to the handling of Visitors' Personal Data connected to their use of our Website. Any processing of data by CompanyDNA AI concerning our products is subject to the guidelines of our Platform Privacy Policy.

Use of APIs

General Principles

CompanyDNA integrates with various third-party services via APIs to enhance functionality and efficiency within our platform. These APIs facilitate seamless data integration, enabling us to deliver a broad range of services tailored to our clients' business needs.

Data Usage and Purpose

The data accessed through these APIs is utilized solely to provide specific services requested by our clients. We do not use this data to develop, improve, or train generalized AI and/or ML models. Our use of data through APIs is purpose-specific and intended exclusively to support the functionalities our clients have engaged CompanyDNA to perform.

Data Isolation and Integrity

Data obtained from APIs is managed with the highest standards of care to ensure that it remains segregated from other datasets and is used strictly in accordance with the terms of service of the respective service providers. We employ rigorous data management practices to maintain the integrity and confidentiality of this data at all times.

Compliance and Transparency

CompanyDNA adheres strictly to all applicable laws and regulations regarding data usage. We commit to transparency in our data handling practices, and our use of APIs is conducted ethically and in compliance with our legal obligations. Our privacy policy and terms of service are designed to provide clear information on how we manage and safeguard data, ensuring our clients' confidence in the security and privacy of their information.

Who holds accountability for the management of your personal information?

CompanyDNA AI holds the responsibility for the management of your Personal Data.

In the context of the Personal Data Processing activities outlined in this Website Privacy Policy, CompanyDNA AI is recognized as the Data Controller or Business, in accordance with definitions provided by relevant data protection legislation.

Should you have inquiries regarding this Website Privacy Policy or our data protection measures as stipulated by Article 27 of the General Data Protection Regulation (“GDPR”), we welcome you to reach out to us. Details for contacting us are provided below.

What types of Personal Information do we collect from you and in what manner?

CompanyDNA AI gathers and handles both types of Personal Data: those that explicitly identify you (such as name, email address, contact information, etc.) and those that identify you indirectly (like unique identifiers, patterns of behavior, etc.), sourced from a variety of origins.

Direct Provision of Personal Data by You; when you get in touch with us, seek information, or offer feedback through our website, we collect the following types of Personal Data directly from you:

Identification and Contact Information

This encompasses your first and last name, email address, and phone number.

Professional or Employment Information

This includes details like your job title, place of employment, and the sector you work in.

Other Voluntarily Provided Personal Data

This refers to any additional Personal Data you opt to provide us, such as information requested or feedback given through our website.

Indirect Provision of Personal Data by You; Personal Data may also be collected indirectly about you via third parties. For details on this collection method, please consult our Platform Privacy Policy.

Automatic Collection of Personal Data During Website Use; as you navigate or interact with our Website, we automatically collect the following types of Personal Data through cookies and similar technologies:

Unique Identifiers

This includes IP addresses, cookie identifiers, device identifiers, and the use of technologies like web beacons, pixels, and similar tracking technologies, as detailed in our “Cookies Policy".

Device and Technical Information

Information about the server domain, type of device, operating systems, browsers used to access our site, local and language settings; details on session logs, heat maps, and scrolls; screen resolution, internet service provider, pages that referred or led you away from our site, and the date and time of your visit.

Digital Behavior Information

Details on how you interact with web pages (including clicks, browsing habits, zooms, and other actions), the referring page/source that brought you to our Website, and data on how your device or browser interacts with our Website.

What is the reason for processing your Personal Information?

We utilize your Personal Data for a range of reasons, including managing our Website, enhancing its functionality and performance, addressing your inquiries, for reasons of our legitimate interest, and in order to comply with legal obligations, respond to regulatory bodies, or defend against legal actions.

Here is an overview of the reasons we use your Personal Data, along with the legal grounds for such processing:

Based on your agreement or justified interest.

Liaise with you to convey details about CompanyDNA AI’s products, services, and gatherings as detailed in the Platform Privacy Policy.

Necessitated by our genuine interest and the need to fulfill legal duties.

Oversee the security of our website, deter and scrutinize unauthorized or fraudulent activity.

Your authorization or our reasonable interest.

Evaluate, refine, and enhance the utilization, operation, and effectiveness of our website. Tailor your browsing to your preferences.

Our legitimate interest in providing requested information.

Cater to your requests and engage with your queries, such as dispatching a report you've solicited.

Obedience to legal requirements.

Uphold the rights, well-being, possessions, or activities of CompanyDNA AI, you, or third parties.

Obedience to legal requirements.

Attend inquiries from regulatory bodies, enforcement agencies, other public officials, or your requests regarding personal data.

Obedience to legal requirements.

Settle disputes and uphold legal defenses.

For what duration is your Personal Information retained by us?

Your Personal Information will be maintained by us and our service providers in line with relevant data protection legislation and guidance issued by data protection regulators to the degree required for the processing objectives outlined in this Website Privacy Policy. Following this, your personal information will be deleted in accordance with our Data Retention Policy or will be adequately anonymized, unless we are required by law to retain your personal data for a longer period (for instance, for compliance with legal, tax, accounting, or auditing obligations).

Summary of Data Retention for Each Processing Purpose:

Retained only for the duration needed to manage and secure our platforms, thereafter stored as stipulated by legal or regulatory requirements.

Manage and secure our website, detect and scrutinize fraudulent activities and other irregularities.

Kept for a period of 13 months.

Tailor or individualize your web interaction.

Held for 2 years following the submission of your request.

Meet your needs and address your questions, such as dispatching a report you have requested.

Preserved for 2 years from the time of your most recent interaction or until you indicate that you no longer wish to be contacted for these purposes.

Engage with you and update you about our promotional communications.

Maintained for a span of 13 months.

Assess, refine, enhance, and calibrate the usage, functioning, and efficiency of our website and tailor your browsing experience.

As required by applicable law or regulation

Protect the rights, safety, property, or operations of CompanyDNA AI, you, or others

Stored in accordance with what is necessitated by law or regulatory directives.

Safeguard the legal rights, welfare, assets, or operations of CompanyDNA AI, yourself, or other individuals.

Conserved for as long as necessary to adequately respond to the inquiry or direction and subsequently archived following legal or regulatory guidelines.

Address your requests regarding data privacy and any directives or inquiries from policing entities or public officials.

Under what circumstances and with which entities is your Personal Information shared?

We may share your Personal Data for business and operational reasons within CompanyDNA AI and with external entities like service providers. Additionally, if legally justified, we may provide such information to governmental, judicial, and law enforcement bodies.

In relation to one or more objectives mentioned in the previous sections, we may transfer your personal information to:

CompanyDNA AI subsidiaries and affiliates

For all the objectives specified in Section 5, your Personal Data might be exchanged with any future CompanyDNA AI subsidiaries and affiliate entities.

Service providers

Your Personal Data could be entrusted to external parties (including our affiliates) who deliver supplementary services to ours, such as hosting, data analysis, consulting, software development, assistance, along with marketing and security services. These service providers may carry out the tasks on our behalf, adhering to our directions and contractual terms while ensuring your personal data is secured with suitable measures. A catalog of these providers can be provided upon request.

Other third parties

We might reveal your Personal Data to external parties, which include official government or public authorities, the judiciary, or international organizations if necessary for legal proceedings or to safeguard life and safety. We would consider such sharing or access necessary in situations like:

  • Abiding by legal obligations, regulatory requirements, or responding to authorized requests;
  • Implementing or enforcing our contracts;
  • Safeguarding the interests, rights, property, or security of CompanyDNA AI, our clients, yourself, and others;
  • In matters related to legal claims, conflicts, or legal actions;
  • To defend against and prevent fraudulent, unauthorized, or illegal activities on the Website.

We undertake such sharing of information in good faith, under the belief that it is legally required or to assist in the prevention, investigation, or taking actions against suspected illegal activities, fraud, or other misconduct.

Global Personal Data Handling by CompanyDNA AI

CompanyDNA AI may manage your Personal Data across various countries, including those outside the European Economic Area (EEA), as part of our international operations.

To maintain a sufficient level of data protection, CompanyDNA AI has put in place certain protective measures for moving your Personal Data to non-EEA nations. These measures include:

  • A formal declaration of adequacy from the European Commission;
  • Adoption of the European Commission’s Standard Contractual Clauses for international Personal Data transfers.

Should you wish to know the specific countries where your Personal Data might be processed, this information can be requested. Please refer to the contact details provided below for more information.

Methods of Protecting Your Personal Information

Data obtained by companies from third-party applications are stored on their own AWS S3 storage. CompanyDNA AI has no direct connection with this data. CompanyDNA AI acts as a framework between data and artificial intelligence models.

We employ widely accepted physical, administrative, and technological safeguards to secure the Personal Information in our possession and in the hands of our service providers. Nonetheless, it's important to understand that the complete and utter safety and security of any Personal Information in our or third-party storage cannot be fully assured.

Your Data Privacy Rights and How to Use Them

You possess certain rights regarding the Personal Data that we handle pertaining to you. You have the option to object to how we process your Personal Data, limit our usage of it, remove, modify or correct your Personal Data, or gain access to it by reaching out to us.

In line with relevant data protection legislation, you are entitled to several privacy rights concerning the Personal Data we manage about you:

  • seek verification on whether your Personal Data is being processed by us;
  • obtain a duplicate of the Personal Data we possess about you;
  • have us update or rectify any of your Personal Data that is incorrect or incomplete;
  • impose restrictions on our usage of your Personal Data (for instance, if there is no lawful basis for its continued use, or if it is held inaccurately or unlawfully);
  • express objection to our processing of your Personal Data based on specific personal circumstances or in the event it is used for direct marketing purposes, and you can object to such use at any time;
  • revoke any consent you previously provided for the processing of your Personal Data, in cases where our processing is based solely on your consent;
  • request the removal of your Personal Data from our records;
  • file a grievance with the appropriate data protection regulatory body about how we process your Personal Data.

To act on any of the rights listed above, please get in touch with us as detailed in Section 12 that follows. Be aware that in order to fulfill your request as a data subject, we might need to gather more information and documents, including your Personal Data, to confirm and verify your identity. This additional information will subsequently be stored by us for legal reasons (such as to verify the identity of the individual making the request), consistent with the practices described in Sections 5 and 6 above.

Privacy for Minors

Our website is not intended for individuals below 16 years old. It is our policy not to intentionally gather Personal Information from minors. Should we discover that a user under the age of 16 has accessed our website, we will take immediate action to prevent further use and endeavor to quickly remove any Personal Information regarding that individual from our records. If you suspect we hold any information from or about someone under 16, please get in touch with us as described in Section 12.

How to contact us?

You may contact us regarding this Website Privacy Policy or our Processing of your Personal Data us at

Modifications and Updates to this Website Privacy Policy

At the top of this page, the "Effective Date" indicates the last time this Website Privacy Policy was updated. We reserve the right to periodically revise and make changes to this Website Privacy Policy. Such updates will take effect immediately upon their publication on this Website. The terms of the Website Privacy Policy available on our Website at the time of your access govern your use of the site. We recommend that you regularly check this Website Privacy Policy to stay informed about how we manage your Personal Information.

Links to Other Websites

We do not oversee the privacy protocols of external websites that may be linked from our Website. We advise you to be vigilant when transitioning from our Website to a third-party website or application and to thoroughly review the privacy statements of every site or service you engage with.