1. Our Commitment to Data Protection

Ceedpods LLC (“Ceedpods,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data processed through our Agentic AI Sales CRM platform. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy regulations. This document outlines our data protection practices, your rights, and how we ensure compliance with global privacy standards.

2. Data Controller and Processor Roles

When you use Ceedpods Services, different data protection roles apply depending on the type of data being processed. Ceedpods acts as a Data Controller for information we collect directly from you (account information, usage data, billing information). Ceedpods acts as a Data Processor for Customer Data you upload, store, or process through our platform (your customer records, lead information, sales data). You act as the Data Controller for your Customer Data and are responsible for ensuring lawful processing and compliance with applicable privacy laws.

3. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds under GDPR Article 6. Contract Performance when processing is necessary to provide our Services under our Terms of Service. Legitimate Interests for improving our Services, security monitoring, fraud prevention, and business analytics, provided these interests do not override your fundamental rights. Legal Obligation when required to comply with applicable laws and regulations. Consent when you explicitly consent to specific processing activities, such as marketing communications. Vital Interests in rare cases where processing is necessary to protect someone’s life or physical safety.

4. Types of Personal Data We Process

We process various categories of personal data depending on how you interact with our Services. Identity Data includes name, job title, company name, and professional contact information. Contact Data includes email address, telephone numbers, and business address. Technical Data includes IP address, browser type, device information, and usage patterns. Transaction Data includes billing information, payment details, and subscription history. Marketing Data includes communication preferences and marketing consent status. Customer Data includes any personal data you upload or process through our CRM platform on behalf of your customers.

5. How We Collect Personal Data

We collect personal data through several methods. Directly from You when you create an account, contact us, or use our Services. Automatically through cookies, analytics tools, and system logs when you interact with our platform. From Third Parties through legitimate sources such as business contact databases or social media platforms. Through Integrations when you connect third-party services to our platform. AI Learning from aggregated, anonymized patterns to improve our AI agents’ performance.

6. Purposes of Data Processing

We process personal data for specific, legitimate purposes. Service Provision including account management, CRM functionality, AI agent operations, and customer support. Platform Improvement through usage analytics, performance monitoring, and AI model enhancement. Communication for service updates, support responses, and administrative notices. Marketing when you consent to receive promotional materials and product updates. Legal Compliance to meet regulatory requirements and respond to legal requests. Security and Fraud Prevention to protect our platform and users from threats.

7. Data Sharing and International Transfers

We may share personal data in limited circumstances with appropriate safeguards. Service Providers who assist with platform hosting, payment processing, customer support, and analytics. Business Partners when necessary for service provision or with your explicit consent. Legal Authorities when required by law or to protect rights and safety. Business Transfers in case of merger, acquisition, or asset sale. International Transfers may occur to countries with adequate protection or using appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or certification schemes.

8. Your Rights Under GDPR

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have specific rights regarding your personal data. Right of Access to request copies of your personal data and information about how we process it. Right to Rectification to correct inaccurate or incomplete personal data. Right to Erasure (Right to be Forgotten) to request deletion of your personal data in certain circumstances. Right to Restrict Processing to limit how we process your personal data in specific situations. Right to Data Portability to receive your personal data in a structured, machine-readable format. Right to Object to processing based on legitimate interests or for marketing purposes. Right to Withdraw Consent for processing based on your consent. Rights Related to Automated Decision Making including profiling by our AI systems.

9. Data Retention Policies

We retain personal data only as long as necessary for the purposes outlined in this policy. Account Data is retained for the duration of your account plus 7 years for legal and tax purposes. Customer Data is retained according to your subscription terms and deleted upon account termination unless legally required to retain. Usage and Analytics Data is retained for up to 3 years for platform improvement purposes. Marketing Data is retained until you withdraw consent or object to processing. Financial Data is retained for up to 7 years to comply with accounting and tax regulations. Legal Hold Data may be retained longer when required by law or legal proceedings.

10. Data Security Measures

We implement comprehensive technical and organizational measures to protect personal data. Technical Safeguards include encryption at rest and in transit using industry-standard protocols, secure access controls and multi-factor authentication, regular security monitoring and threat detection, secure development practices and code reviews, and network security including firewalls and intrusion detection. Organizational Safeguards include employee training on data protection and security, background checks for personnel with data access, incident response procedures and breach notification processes, regular security audits and compliance assessments, and data minimization and privacy by design principles.

11. AI and Automated Decision Making

Our platform uses AI agents for various automated processes. We are transparent about automated decision making that may significantly affect you. AI Processing includes lead scoring and routing, sales performance analysis, predictive analytics and forecasting, personalized content recommendations, and automated follow-up suggestions. Human Oversight remains available for all significant decisions, and you can request human review of automated decisions. AI Training uses aggregated, anonymized data patterns and does not create profiles that significantly affect individuals without appropriate safeguards. Profiling Transparency means we provide clear information about AI logic, significance, and consequences when automated decisions significantly affect you.

12. Children’s Data Protection

Our Services are not directed at children under 16 years of age, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will delete such information promptly. Parents or guardians who believe their child has provided personal data to us should contact us immediately.

13. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including new AI features, large-scale data processing, automated decision making with significant effects, processing of sensitive personal data, and systematic monitoring of individuals. DPIA results inform our privacy controls and risk mitigation measures.

14. Breach Notification Procedures

In the event of a personal data breach, we have established procedures to ensure timely notification. Supervisory Authority Notification within 72 hours of becoming aware of the breach, unless unlikely to result in risk to individual rights and freedoms. Data Subject Notification without undue delay when the breach is likely to result in high risk to individual rights and freedoms. Customer Notification for enterprise clients when Customer Data is affected, including details about the breach and remediation steps.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection activities and serve as a contact point for data protection matters. Our DPO monitors GDPR compliance, conducts privacy training, serves as a contact for supervisory authorities, and provides guidance on data protection matters.

Contact our DPO at dpo@ceedpods.com

16. Supervisory Authority Contact

You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with data protection laws. For EU residents, you can find your local supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en. For UK residents, contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/. For other jurisdictions, contact your local data protection authority.

17. Cookie Policy and Consent Management

We use cookies and similar technologies in compliance with applicable laws. Essential Cookies are necessary for platform functionality and do not require consent. Analytics Cookies help us understand platform usage and require consent. Marketing Cookies are used for advertising and require consent. You can manage cookie preferences through our consent management platform and browser settings.

18. Data Processing Agreements

For enterprise customers acting as Data Controllers, we provide comprehensive Data Processing Agreements (DPAs) that include processing purposes and categories, security measures and technical safeguards, subprocessor arrangements and notifications, international transfer mechanisms, data subject rights assistance procedures, audit rights and compliance monitoring, and incident notification and breach response procedures.

19. Regular Compliance Reviews

We conduct regular assessments to ensure ongoing compliance with data protection laws. Annual Privacy Audits by internal and external assessors. Security Assessments including penetration testing and vulnerability scans. Staff Training on data protection and privacy requirements. Policy Reviews to ensure alignment with evolving regulations. Technology Assessments for new features and AI capabilities.

20. Contact Information for Data Protection Matters

For all data protection inquiries, rights requests, or concerns, please contact us:

Data Protection Officer: dpo@ceedpods.com Privacy Team: privacy@ceedpods.com Legal Team: legal@ceedpods.com

Ceedpods LLC Address: [Your Legal Address] Phone: [Your Phone Number] Business Hours: Monday – Friday, 9:00 AM – 6:00 PM EST

21. Updates to This Policy

This Data Protection & GDPR Compliance document may be updated to reflect changes in our practices or applicable laws. Material changes will be communicated at least 30 days in advance through email notification or prominent website notices. Continued use of our Services after updates indicates acceptance of the revised terms.

22. Effectiveness

This Data Protection & GDPR Compliance policy is effective as of the date listed above and applies to all processing of personal data by Ceedpods. By using our Services, you acknowledge that you have read and understood our data protection practices and your rights under applicable privacy laws.

For the most current version of this document and our other privacy policies, please visit our website at www.ceedpods.com/privacy.