Privacy Policy

Effective date: January 13, 2026
Company: CloudWorks AI, Inc. (doing business as “SecureOS”)
Address: 505 Montgomery St, Suite 1100, San Francisco, CA 94111 
Contact: privacy@secureos.co (or support@secureos.co)

1. Overview

This Privacy Policy explains how SecureOS collects, uses, discloses, and protects information when you:

  • visit our website (the “Site”), and/or
  • use our products and services (the “Services”).

If you have questions, contact us at privacy@secureos.co.

2. What we collect

A) Information you provide

We may collect information you submit through forms, cookies, demo requests, chat, email, or other interactions, such as:

  • name, work email, phone number
  • company name, role/title
  • messages, questions, and other information you provide

B) Information collected automatically (Site)

When you visit the Site, we may automatically collect:

  • IP address, device type, browser, operating system
  • pages viewed, referral URL, and basic usage logs
  • approximate location derived from IP

C) Information processed in the Services (Customer Data)

When a customer uses SecureOS, we may process data on their behalf, which can include:

  • organizational data (users, roles, systems inventory, configurations)
  • compliance artifacts (policies, evidence, audit materials)
  • security and integration metadata (connectors, logs, control results)
  • vendor and risk-related information (as configured by the customer)

Important: For most Service use, SecureOS acts as a processor/service provider and the customer acts as the controller/business for Customer Data. Our processing is governed by customer agreements (including any DPA).

3. How we use information

We use information to:

  • provide and operate the Site and Services
  • respond to requests (e.g., demos, support, inquiries)
  • secure the Services, prevent abuse, and troubleshoot issues
  • improve features, reliability, and user experience
  • communicate product updates, security notices, and administrative messages
  • comply with legal obligations

We do not sell personal information.

4. Legal bases (EEA/UK, where applicable)

If GDPR/UK GDPR applies, we rely on:

  • contract (to provide the Services)
  • legitimate interests (security, fraud prevention, service improvement)
  • consent (where required for certain cookies/marketing)
  • legal obligation (compliance requests)

5. How we share information

We may share information with:

  • Service providers/subprocessors (hosting, analytics, customer support tooling) to run the Site/Services
  • Professional advisors (legal, accounting) as needed
  • Authorities if required by law or to protect rights, safety, and security
  • Business transfers (e.g., merger, acquisition) subject to standard protections

We only share what’s necessary for the stated purpose.

6. Cookies and analytics

We may use cookies and similar technologies to:

  • keep the Site working (essential cookies)
  • understand traffic and improve performance (analytics)
  • remember preferences

You can control cookies through browser settings. Where required, we’ll request consent for non-essential cookies.

7. Data retention

We retain information only as long as needed to:

  • provide the Site/Services
  • meet contractual and legal requirements
  • resolve disputes and enforce agreements

Customer Data retention and deletion follow customer contracts and instructions.

8. Security

We use administrative, technical, and organizational safeguards designed to protect information. No system is 100% secure, but we work to prevent unauthorized access, disclosure, or loss.

9. International transfers

If you access the Site/Services from outside the United States, your information may be processed in the U.S. or other locations where we or our providers operate. Where required, we use appropriate transfer mechanisms (e.g., Standard Contractual Clauses).

10. Your rights and choices

Depending on where you live, you may have rights to:

  • request access, correction, deletion, or portability
  • object to or restrict processing
  • withdraw consent (where processing is based on consent)
  • opt out of marketing emails (unsubscribe link or contact us)

For Customer Data: if SecureOS processes your data on behalf of a customer organization, please direct requests to that organization first; we’ll support them as required.

11. Children’s privacy

The Site and Services are not intended for children under 13 (or the age required by local law). We do not knowingly collect information from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” will reflect the latest version. Material changes may be communicated via the Site or the Services.

13. Contact us

CloudWorks AI, Inc. (SecureOS) 

505 Montgomery St, Suite 1100, San Francisco, CA 94111 

Email: privacy@secureos.co