Privacy Policy

Effective Date: October 14, 2025
Last Updated: May 11, 2026

This Privacy Policy explains how Octelligence Inc. ("Octelligence", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use our corporate record management platform, website, and related services (collectively, the "Service"). It also describes the rights available to individuals in various jurisdictions.

On this page
1. Who We Are 2. Scope & Our Role 3. Information We Collect 4. How We Use Information 5. Legal Basis for Processing 6. How We Share Information 7. Service Providers & Sub-Processors 8. International Data Transfers 9. Data Storage & Security 10. Data Retention 11. Data Breach Notification 12. Your Privacy Rights 13. EU, EEA & UK Rights 14. California Privacy Rights 15. Other U.S. State Rights 16. Canadian Privacy Rights 17. Children's Privacy 18. Automated Decision-Making 19. Cookies & Analytics 20. Marketing Communications 21. Changes to This Policy 22. Contact

1. Who We Are

Octelligence is a software-as-a-service platform for digital corporate records, share certificates, cap tables, and related governance and compliance workflows.

The data controller responsible for processing personal information described in this Policy is:

2. Scope & Our Role

This Policy applies to information processed in connection with the Service, our marketing websites, and our communications with you.

Octelligence acts in different capacities depending on the data:

  • Controller: For information we collect directly about our customers, account administrators, billing contacts, prospective customers, and website visitors (for example, account registration, billing, support, marketing, and analytics).
  • Processor (or Service Provider): For corporate records, governance documents, share registers, cap tables, and any personal information about our customers' directors, officers, shareholders, employees, or other individuals that customers upload, generate, or manage in the Service ("Customer Data"). In this role, our customer is the controller and we process Customer Data on their behalf and in accordance with their instructions and our agreement with them.
If you are an individual whose personal information is processed in the Service by one of our customers (for example, you are listed in a customer's cap table or director register), please direct privacy requests to that customer. We will support our customer in responding to your request.

3. Information We Collect

We collect information needed to operate the Service and support your account, including:

  • Account information, such as name, email address, organization, role, and authentication credentials.
  • Billing information required to process subscriptions, including billing contact details and payment method information handled through our payment processor.
  • Customer Data that customers upload, generate, or manage in the Service, including corporate records, governance documents, share registers, cap tables, and related metadata. Customer Data may include personal information about directors, officers, shareholders, employees, advisors, or other individuals.
  • Usage and technical data, such as IP address, browser type, device identifiers, operating system, language preferences, referring URLs, pages visited, and interaction logs.
  • Communications, such as emails, support requests, survey responses, and feedback you send to us.
  • Marketing and event information, such as your responses to marketing communications and webinar registrations.

4. How We Use Information

We use information we collect to operate and improve the Service, including to:

  • Provide, maintain, secure, and support the Service.
  • Process subscriptions, billing events, and account administration.
  • Authenticate users, manage permissions, and prevent unauthorized access.
  • Improve product performance, reliability, and usability.
  • Communicate account notices, service updates, security advisories, and support responses.
  • Send marketing communications where permitted, with the ability to opt out at any time.
  • Detect, prevent, and investigate fraud, abuse, security incidents, or violations of our Terms of Service.
  • Meet legal, regulatory, accounting, audit, or contractual obligations.

Where applicable law (such as the EU/UK General Data Protection Regulation) requires a specific legal basis for processing, we rely on the following:

  • Performance of a contract: to provide the Service to you or to take steps you request before entering into a contract.
  • Legitimate interests: to maintain, secure, and improve the Service, to develop our business, to communicate with customers, and to prevent fraud or misuse, balanced against your rights and interests.
  • Compliance with legal obligations: to meet tax, accounting, regulatory, and similar legal requirements.
  • Consent: where required, such as for certain cookies, marketing communications, or processing of sensitive personal information. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6. How We Share Information

We do not sell or "share" personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

We may disclose information in the following circumstances:

  • Service providers and sub-processors that operate the Service on our behalf under contractual confidentiality and data protection obligations (see Section 7).
  • At your direction, such as when you invite a collaborator, share a document, or integrate with a third-party service.
  • Corporate transactions, such as in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality safeguards.
  • Legal compliance and protection, when we believe in good faith that disclosure is required by law, regulation, court order, subpoena, or lawful government request, or is necessary to enforce our agreements, protect our rights, or protect the safety of our customers, users, or the public.

7. Service Providers & Sub-Processors

We use carefully selected third-party providers to operate and improve the Service. These providers process personal information on our behalf under contractual obligations to protect your data.

The current list of Sub-Processors, including each provider's purpose, the data processed, and processing locations, is maintained at /global/en/subprocessors/. Where we act as a processor of Customer Data, we will provide at least thirty (30) days' advance notice of any new or replacement Sub-Processor that processes Customer Data, and our customers will have a reasonable opportunity to object on legitimate data-protection grounds as described in our Data Processing Addendum. To subscribe to Sub-Processor change notifications, see the instructions on the Sub-Processors page.

8. International Data Transfers

Octelligence is designed with regional data residency for production Customer Data. The primary storage location is determined by the jurisdiction of the corporation whose records are being managed in the Service, not by the location of the Customer or its Authorized Users:

  • Canadian corporations: records stored in Canada.
  • European Union corporations: records stored in the European Union.
  • United States corporations: records stored in the United States.
  • Corporations from other jurisdictions: records stored in the United States.

Operational metadata, support communications, administrative records, billing data, and analytics may be processed in other jurisdictions, including the United States, where our service providers operate.

When personal information is transferred outside of the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary technical, contractual, and organizational measures. A copy of the relevant transfer mechanism is available on request from privacy@octelligence.com.

9. Data Storage & Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Security measures include:

  • Encryption in transit using TLS.
  • Encryption at rest within our hosting infrastructure.
  • Role-based access controls and the principle of least privilege.
  • Logical separation of customer data.
  • Activity audit logging within the platform.
  • Secure credential and secret management practices.
  • Regular review of access, vulnerability monitoring, and incident response procedures.
No security system is perfect. We continuously improve our controls but cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for promptly notifying us of any suspected unauthorized access.

10. Data Retention

We retain personal information only for as long as necessary to provide the Service and fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our general retention practices are:

Category Retention
Active account & Customer Data Retained while the customer's subscription is active.
Archived corporations Retained for the duration of the subscription; not active within the platform.
Deleted corporations & documents Recoverable for up to thirty (30) days after deletion, after which they are purged from production systems.
Encrypted backups Retained for up to thirty-five (35) days consistent with disaster-recovery practices.
Billing & tax records Retained for up to seven (7) years to meet financial, tax, and audit obligations.
Support & communications Retained for up to three (3) years after the last interaction.
Security & audit logs Retained for up to twelve (12) months, or longer if required for security investigations or legal obligations.
Marketing contacts Retained until you opt out or your contact information is no longer accurate, plus a short suppression period.

Where retention is required by law (such as for accounting, tax, dispute resolution, or compliance with corporate or securities regulations), we will retain the relevant data for the period prescribed.

11. Data Breach Notification

We maintain an incident response program designed to detect, investigate, and respond to security incidents. In the event of a confirmed personal data breach that affects your information, we will notify affected customers without undue delay, and in any event within the timeframes required by applicable law (including, where applicable, the seventy-two (72) hour notification window under the GDPR). Notifications will include the information reasonably available to us at the time and will be supplemented as additional information becomes available.

12. Your Privacy Rights

Depending on your jurisdiction, you may have rights with respect to your personal information, including the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of your personal information.
  • Obtain a portable copy of certain personal information.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications.
  • Lodge a complaint with a competent supervisory authority.

To exercise these rights, please contact us at privacy@octelligence.com. We will verify your identity before responding and will respond within the timeframes required by applicable law.

If you are an individual whose personal information appears in Customer Data (for example, you are listed in a customer's cap table or director register), please direct your request to the customer that controls that data. We will assist that customer in responding.

13. EU, EEA & UK Rights

If you are located in the European Union, the European Economic Area, or the United Kingdom, you have rights under the GDPR and UK GDPR including those listed in Section 12, as well as the right to:

  • Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.
  • Receive information about the legal basis for, and recipients of, our processing.
  • Be informed about international transfers and the safeguards applied.

14. California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), including:

  • Right to know the categories and specific pieces of personal information we have collected about you, the sources of that information, the business or commercial purposes for collecting it, and the categories of third parties to whom we disclose it.
  • Right to delete personal information we have collected from you, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. We do not sell personal information and we do not "share" personal information for cross-context behavioral advertising as those terms are defined by the CCPA/CPRA.
  • Right to limit the use and disclosure of sensitive personal information.
  • Right to non-discrimination for exercising your privacy rights.

Categories of personal information collected. In the twelve (12) months preceding the Last Updated date above, we have collected the categories of personal information described in Section 3, which may correspond to the following CCPA categories: identifiers; commercial information; internet or network activity; geolocation (general); professional or employment-related information; and inferences drawn from the foregoing. Sensitive personal information may include account login credentials.

How to exercise your rights. You or your authorized agent may submit a request by emailing privacy@octelligence.com. We will verify your identity using information reasonably necessary to confirm you are the person about whom we collected information.

Shine the Light. California Civil Code §1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

15. Other U.S. State Rights

Residents of certain other U.S. states (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive consumer privacy laws) may have rights similar to those described above, including rights to access, correct, delete, obtain a copy of, and opt out of certain processing of their personal information, and to appeal a denial of a privacy request.

To exercise these rights, contact us at privacy@octelligence.com. If we deny your request, you may appeal by replying to our response with the word "Appeal" in the subject line. We will respond to appeals within the timeframes required by applicable law.

16. Canadian Privacy Rights

If you are located in Canada, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial privacy legislation, including Quebec's Act respecting the protection of personal information in the private sector (Law 25), British Columbia's Personal Information Protection Act, and Alberta's Personal Information Protection Act.

You have rights to access and request correction of your personal information, to withdraw consent (subject to legal and contractual restrictions and reasonable notice), and to file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy regulator.

Our Privacy Officer is responsible for compliance with Canadian privacy law and can be reached at privacy@octelligence.com.

17. Children's Privacy

The Service is intended for use by businesses and corporate users and is not directed to children under the age of sixteen (16). We do not knowingly collect personal information from children. If you believe we have collected personal information from a child, please contact us at privacy@octelligence.com and we will take appropriate steps to delete it.

18. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling. We may use automated systems for security, fraud prevention, and product analytics, but those systems do not make final decisions that materially affect your rights without human involvement.

19. Cookies & Analytics

We use cookies and similar technologies to maintain user sessions, support platform functionality, improve user experience, and analyze usage patterns. Full details of cookies used, their purposes, and durations are described in our Cookie Policy.

We use Google Analytics to understand how users interact with our website and platform. Google Analytics may collect information such as IP address, device type, browser information, pages visited, and interactions. We use Google Analytics with IP-anonymization enabled where supported and have disabled Google signals and advertising features. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

You may control non-essential cookie preferences through our consent banner or your browser settings. Some features may not function properly if essential cookies are disabled.

We currently do not respond to "Do Not Track" browser signals because no industry standard for handling them has been finalized. We do honor recognized opt-out preference signals (such as the Global Privacy Control) where required by applicable law.

20. Marketing Communications

We may send marketing communications about Octelligence products, features, events, and updates. You can opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@octelligence.com. We will continue to send transactional and account-related communications regardless of your marketing preferences.

21. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this Policy. For material changes, we will provide additional notice, such as by email to account administrators or a prominent notice in the Service, before the change becomes effective. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

22. Contact

For privacy-related questions, requests, or complaints, please contact our Privacy Officer at:

  • Email: privacy@octelligence.com
  • Postal: Octelligence Inc., Attn: Privacy Officer, 8 The Green, Suite A, Dover, Delaware 19901, United States

If you are not satisfied with our response, you may have the right to contact your local data protection or privacy regulator.