Ciroos Privacy Policy

Last Revised: June 9, 2026

1. Introduction

Ciroos, Inc. (“Ciroos,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website located at https://ciroos.ai (the “Website”), our product Ciroos AI SRE Teammate, and related services (collectively with the Website, the “Services”). Our Services operate as an intelligent layer that integrates with our customers’ data sources such as observability, incident management, collaboration, ticketing and other tools to help detect, diagnose, and remediate production issues.

Ciroos primarily offers its Services to businesses and other organizations (each, a “Customer”). This Privacy Policy describes how we handle personal information that we collect in our own right, such as from visitors to our Website, individuals who request a demo, and authorized users who access our Services or customer portal. Where we process information contained within a Customer’s systems, telemetry, or operational data in order to provide the Services, we generally do so as a service provider or processor on that Customer’s behalf, and the Customer’s own privacy policy governs that information. See “Our Role: Controller and Processor” below.

By accessing and using our Website and Services, you consent to the collection, use, and disclosure of your personal information as set out in this Privacy Policy.

2. When We Collect Information

We may collect personal information when:

  • You visit or interact with our Website.
  • You request a demo, download a resource, or otherwise submit information through our Website.
  • You register for, log in to, or use our Services or customer portal.
  • You interact with us on social media, such as by liking, commenting on, or messaging our profiles.
  • You contact us for sales, support, or other inquiries.
  • Your organization configures the Services to connect to its observability, monitoring, incident management systems or other tools.

3. Categories of Personal Information We Collect

Information you provide:

We collect personal information that you provide directly when you use our Website and Services. This may include:

  • Contact and Business Information: name, business email address, phone number, company name, job title, and country, including information you provide when you request a demo or contact us.
  • Account Information: name, business email address, username, password, and related credentials when an account is created for you to access the Services or customer portal.
  • Communication Data: information you provide when you contact us for sales or support, respond to surveys, or interact with our customer service, including the contents of your messages.
  • Configuration and Integration Data: connection details, credentials, and settings you or your organization provide to integrate the Services with third-party observability and incident management tools.

Information we automatically collect:

  • Usage Information: IP address, device and browser information, pages visited, and interactions when you use our Website or Services.
  • Cookies & Tracking Data: information collected through cookies and similar tracking technologies, as described below.

Information processed through the Services on a Customer’s behalf:

To deliver the Services, we ingest and process operational and telemetry data from a Customer’s environment, such as logs, metrics, traces, alerts, system and infrastructure events, configuration data, and incident records. This data is primarily technical and is not intended to identify individuals. It may, however, incidentally contain limited personal information (for example, the name or email address of an engineer associated with a system change, commit, alert, or incident record). We process this data to provide the Services and at the direction of the relevant Customer, as further described under “Our Role: Controller and Processor.”

Information from third parties:

When you interact with our Website or our brand on a social media platform, we may collect information you make available to us, such as your social media account identifier, your interactions with our content, and click-throughs to our Website. We may also receive contact and business information from marketing, sales-intelligence, or data-enrichment providers.

4. How We Use Your Information

We use the information collected for the following purposes:

  • Service Provision & Enhancement: to operate, maintain, improve, and personalize our Services, including to provide AI-powered incident detection, cross-domain correlation, root cause analysis, and remediation features.
  • Account Management: to create and administer accounts and provide access to the Services and customer portal.
  • Communication: to respond to inquiries and send updates, security notices, and service-related announcements (subject to your preferences).
  • Security & Fraud Prevention: to protect against unauthorized access, fraud, and abuse, and to secure our Website and Services.
  • Customer Support: to respond to inquiries and provide support to our users.
  • Marketing: to send promotional content and otherwise market our Services, subject to applicable law and your preferences.
  • Legal Compliance: to comply with applicable laws, legal obligations, and lawful requests, to enforce our agreements, to collect amounts owed to us, and to maintain business records.
  • With Consent: we may otherwise use your information with your consent.

We may use de-identified, aggregated, or anonymized information for any purpose. Such information does not identify specific individuals and is not combined with other personal information.

5. Categories of Information We Disclose

We may disclose your information with your consent. We also disclose your information to our corporate affiliates and to vendors or service providers who:

  • Help us communicate with you and operate, host, and optimize our Website and Services.
  • Provide artificial-intelligence-powered features. Ciroos uses third-party artificial intelligence providers to enable certain features of our Services, including but not limited to OpenAI, Anthropic, and Google LLC. For more information about the practices of these providers, please refer to their respective terms of service and privacy policies, or email us at privacy@ciroos.ai.
  • Use third party subprocessors such as Amazon Web Services, Inc., Google LLC, Salesforce, Inc. among others. For a full list of the subprocessors we use and their intended purpose, please email us at privacy@ciroos.ai
  • Provide analytics, marketing, and advertising services (see “Use of Cookies and Tracking Technologies” for more information on your choices).

In addition, we may disclose your information:

  • To protect the legal rights of our company, employees, agents, and affiliates.
  • To protect the safety and security of our users and the integrity of our Services.
  • To detect, prevent, and protect against fraud and security incidents.
  • When required by law or to protect our rights and users (e.g., in response to lawful requests by public authorities, including to meet law enforcement requirements or a court order, subpoena, or other judicial, administrative, or investigative proceeding).
  • As part of a business transition, such as a merger, sale, financing, or transfer of assets.

We do not sell your personal information for monetary consideration. Where we process Customer operational or telemetry data to provide the Services, we do so solely as described in our agreement with the relevant Customer and do not use that data for our own independent purposes except to provide, secure, and improve the Services as permitted by that agreement and applicable law.

We may disclose de-identified, aggregated, or anonymized information for any purpose. Such information does not identify specific individuals and is not combined with other data.

6. Your Privacy Choices

Subject to applicable law, you have the right to exercise the following choices regarding our use of your personal information:

  • Access the personal information we maintain about you.
  • Delete the personal information we maintain about you. Note that we may be required by law to retain certain information to comply with accounting, tax, or other legal obligations.
  • Correct inaccurate personal information we maintain about you.
  • Opt out of certain uses of your personal information, including tailored advertising using cookies or marketing emails. Refer to the “Use of Cookies and Tracking Technologies” section below for your choices.

If your personal information is contained within data we process on behalf of a Customer, please direct your request to that Customer, and we will assist them as required by our agreement and applicable law. You can otherwise exercise these rights by contacting us at privacy@ciroos.ai.

7. Use of Cookies and Tracking Technologies

Like many companies, we use cookies, pixels, and similar tracking technologies to collect information about your browsing activities and your interactions with our Website and emails. These technologies help us authenticate users, remember your preferences, secure our Website, and analyze how our Website is used. We currently do not enable third-party pixel tags or cookies for advertising purposes but may do so in the future. Please check back periodically if you would like to review and/or opt out of these future uses. You can also set your browser to refuse some or all cookies, although certain features of our Website may not function properly as a result.

8. Retention

We will retain your personal information only for as long as necessary for the purposes of providing our Services or as otherwise described in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because the information is stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible. Customer operational and telemetry data is retained and deleted in accordance with our agreement with the relevant Customer.

9. Security Measures

We maintain reasonable administrative, technical, and organizational safeguards designed to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. Despite our efforts, no method of transmission or storage is completely secure, and we cannot guarantee that unauthorized access will never occur. It is important that you take steps to keep your information safe, including choosing a strong account password, keeping it confidential, and logging out of your account after use on shared devices.

10. Our Role: Controller and Processor

With respect to information we collect from visitors to our Website, individuals who request a demo, and the administration of our own accounts and business operations, we act as a “controller” (and a “business” under the CCPA, as defined below).

With respect to Customer operational and telemetry data that we ingest and process to provide the Services, we generally act as a “processor” (and a “service provider” under the CCPA) on behalf of the relevant Customer, which acts as the controller and business. In that capacity, we process such data only on the documented instructions of the Customer and as permitted under our agreement with the Customer and applicable law.

11. U.S. State-Specific Notice

Some U.S. states have enacted comprehensive privacy laws. The California Consumer Privacy Act, as amended by the California Privacy Rights Act or “CPRA” (collectively, the “CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Oregon Consumer Privacy Act (“OCPA”), the Texas Data Privacy and Security Act (“TDPSA”), the Montana Consumer Data Privacy Act (“MTCDPA”), the Delaware Personal Data Privacy Act (“DEPDPA”), and similar laws in other states create additional privacy obligations for businesses and provide their residents with additional privacy rights.

Additional Privacy Rights:

In addition to the rights granted above, if you are a resident of one of these states, you may have the right to:

  • Opt out of the “sale” or “share” of your personal information for targeted advertising. We do not “sell” or “share” your personal information for monetary benefit. However, some third-party cookies placed on our Website may be considered a “sale” or “share” under these laws. You may opt out of such cookies as detailed in the “Use of Cookies and Tracking Technologies” section above.

Appeal:

If we deny your privacy request, you may appeal that decision by emailing us at privacy@ciroos.ai. We will respond to your appeal within a reasonable period of time and as required by law. If you are still unsatisfied with our response, you may have the right to file a complaint with your state attorney general.

Authorized Agent:

If you are an authorized agent submitting a request on behalf of another person, you must provide a copy of a lawful power of attorney or written authorization from the consumer (along with proof of your identity). Depending on the type of request, we may contact you or the consumer on whose behalf you claim to act to verify your authorization.

Right to Non-Discrimination:

We do not discriminate against individuals who exercise any of the rights described in this Privacy Policy.

Controller/Business Designation:

We operate as a “Controller” (and a “Business” under the CCPA) with respect to information we collect in our own right. In connection with the Services, we operate as a “Processor” (and a “Service Provider” under the CCPA) on behalf of our Customers, as described under “Our Role: Controller and Processor.”

You can exercise your rights under these laws by contacting us at privacy@ciroos.ai.

12. UK/EEA Residents’ Notice

Residents of the United Kingdom (“UK”) and the European Economic Area (“EEA”) are provided certain privacy rights under the UK and EU General Data Protection Regulations (“GDPR”).

Legal Basis:

Under the GDPR, we process Personal Data under the following legal bases:

Processing Activity
Legal Basis under GDPR
Providing the Website and Services
Contract Fulfillment, Legitimate Interest
Improving and personalizing the Website and Services
Legitimate Interest, Consent
Placement of cookies on our Website
Consent
Service-related communications
Contract Fulfillment
Customer support
Contract Fulfillment
Security and fraud prevention
Contract Fulfillment, Legitimate Interest
Marketing and promotional communications
Legitimate Interest, Consent

Controller Designation:

We operate as a “Controller” with respect to information we collect in our own right and as a “Processor” on behalf of our Customers in connection with the Services.

Cross-Border Data Transfers:

We may transfer to, and store the data we collect about you in, countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws. When we transfer your data internationally, we will protect it as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer.

If you are located in the EEA or UK, we will only transfer your Personal Data where the destination country has been granted an adequacy decision, or we have put in place appropriate safeguards (e.g., the Standard Contractual Clauses adopted by the European Commission together with any required additional safeguards), or the recipient is bound by binding corporate rules approved by a supervisory authority.

Additional Rights for UK or EEA Residents:

In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

13. Children’s Privacy

Our Website and Services are intended for businesses and are not directed to children. We do not intentionally collect personal information from children under the age of 18. If you believe we have obtained personal information associated with a child under the age of 18, please contact us at privacy@ciroos.ai and we will delete it.

14. Third-Party Links

Our Website and Services may contain links to other websites or services. We do not exercise control over the information you provide to, or that is collected by, these third-party websites. We encourage you to read the privacy policies of any other websites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as we update or expand our Website and Services. If we make material changes, we will post the updated Privacy Policy on this page with a “Last Updated” effective date. We encourage you to review this Privacy Policy periodically when you access our Website and Services.

16. Contact Information

For questions or concerns regarding this Privacy Policy, please contact:

Ciroos, Inc.

Email: privacy@ciroos.ai

© 2026 Ciroos, Inc. All rights reserved.
Terms of Service