Privacy Policy

Bladnir Tech LLC (“Bladnir Tech,” “we,” “us,” or “our”) operates the SynTraktX platform, a Decision Intelligence Infrastructure service that measures and reports on the quality of human oversight of automated workflows and AI-assisted systems. This Privacy Policy describes how we collect, use, store, share, and protect information when you access or use the SynTraktX platform, our website at bladnirtech.com, and any related services (collectively, the “Services”).

This Privacy Policy applies to all users of the Services, including account holders, authorized users, website visitors, and individuals whose Behavioral Decision Data may be processed through the Platform on behalf of our customers.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you are using the Services on behalf of an organization, you confirm that you have authority to bind that organization to this Privacy Policy.

1. Information We Collect

1.1 Account and Registration Information

When you create an account or register for the Services, we collect:

• Name and professional title
• Business email address
• Organization name and size
• Phone number (optional)
• Billing and payment information (processed by our payment processor)
• Account credentials (passwords are hashed and never stored in plaintext)

1.2 Customer Data

Our customers may upload or configure data within the SynTraktX platform to define workflows, decision rules, governance gates, and organizational structures. This “Customer Data” is processed on behalf of the customer pursuant to our Terms of Service and any applicable Data Processing Agreement.

1.3 Behavioral Decision Data

This is a category of data specific to the SynTraktX platform that warrants particular attention.

The SynTraktX platform is designed to measure the quality of human oversight over automated and AI-assisted decision-making. In the course of providing this service, the platform processes Behavioral Decision Data, which may include:

• Decision patterns and approval/rejection rates
• Response timing and decision latency metrics
• Interaction depth with decision materials (e.g., which fields were reviewed)
• Override frequency and patterns
• Decision consistency across similar cases
• Engagement authenticity indicators (e.g., rubber-stamping detection)
• Decision persona classifications (e.g., cautious, efficient, balanced)
• Knowledge concentration risk assessments
• Trust scores and automation stage progression

Behavioral Decision Data is derived from how individuals interact with the platform and is used to assess whether human oversight is genuine, substantive, and effective. This data is processed on behalf of the customer organization and is subject to the data handling provisions described in Sections 5 and 6 below.

1.4 Usage and Technical Data

When you use the Services, we automatically collect:

• IP address and approximate geolocation
• Browser type and version
• Operating system
• Device identifiers
• Pages visited and features used
• Referring URL
• Date and time of access
• Performance metrics and error logs

1.5 Communication Data

When you contact us, request a demo, or subscribe to communications, we collect the content of your communications, including email addresses, names, and any information you voluntarily provide.

2. How We Use Information

We use the information we collect for the following purposes:

2.1 Service Delivery

To provide, maintain, and improve the SynTraktX platform, including processing Customer Data and Behavioral Decision Data to generate trust metrics, decision intelligence reports, and governance insights for our customers.

2.2 Platform Improvement

To analyze usage patterns in aggregate to improve platform functionality, develop new features, and optimize performance. We may use aggregated, de-identified Behavioral Decision Data to improve our machine learning models and trust calibration algorithms.

2.3 Security and Fraud Prevention

To detect, prevent, and respond to security incidents, fraud, abuse, or other harmful activity. This includes using anomaly detection models to identify unusual patterns in platform usage.

2.4 Communications

To send you service-related notices, respond to your inquiries, and, where you have opted in, to send marketing communications about our products and services. You may opt out of marketing communications at any time.

2.5 Legal Compliance

To comply with applicable laws, regulations, legal processes, or governmental requests, and to enforce our Terms of Service and protect the rights, property, and safety of Bladnir Tech, our customers, and others.

3. Legal Bases for Processing

For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for processing personal data, we rely on the following:

Contract Performance: Processing necessary to provide the Services you or your organization have contracted for, including processing Account Information and Customer Data.

Legitimate Interests: Processing necessary for our legitimate interests, including improving the Services, ensuring security, and conducting analytics, where those interests are not overridden by your data protection rights.

Consent: Where you have provided explicit consent, such as for marketing communications or optional data collection. You may withdraw consent at any time.

Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject.

Behavioral Decision Data: The processing of Behavioral Decision Data is conducted on behalf of the customer organization (the data controller) pursuant to a Data Processing Agreement. The legal basis for this processing is determined by the customer in accordance with their obligations under applicable data protection law.

4. Information Sharing and Disclosure

We do not sell personal information. We share information only in the following circumstances:

4.1 Service Providers and Sub-Processors

We engage third-party service providers to perform functions on our behalf, such as cloud hosting, payment processing, and analytics. These providers are contractually bound to use personal data only as necessary to provide services to us and are subject to confidentiality obligations. A current list of sub-processors is available at bladnirtech.com/sub-processors.

4.2 Customer Organizations

Behavioral Decision Data and related insights are provided to the customer organization that controls the relevant SynTraktX deployment. Individual users should direct questions about how their organization uses this data to their employer or the relevant organizational privacy contact.

4.3 Legal Requirements

We may disclose information if required to do so by law or in the good faith belief that such disclosure is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

4.4 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify affected users of any change in ownership or control of their personal data.

4.5 Aggregated and De-Identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify any individual. This may include industry benchmarks, aggregate trust metrics, and platform usage statistics.

5. Data Security

We implement technical and organizational measures designed to protect the information we process, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Application-level column encryption for sensitive database fields
• HMAC-SHA256 tamper-evident audit log chains
• Role-based access control with API key authentication
• Multi-factor authentication (TOTP)
• Per-IP rate limiting and abuse detection
• Regular security assessments and vulnerability scanning
• PHI sanitization boundary enforcement at all data persistence points
• Containerized deployment with non-root execution and read-only filesystems

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

6.1 Retention Periods

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, or as required by law. Specific retention periods include:

• Account Information: retained for the duration of the account relationship plus 30 days after account closure
• Behavioral Decision Data: retained according to the customer’s configured retention policy (default: 730 days)
• Audit Logs: retained for a minimum of 90 days (configurable by the customer)
• Usage and Technical Data: retained for 12 months
• Communication Data: retained for 24 months after last interaction

6.2 Deletion

Upon expiration of the applicable retention period, or upon a valid deletion request, we will delete or anonymize personal data in accordance with our data retention procedures. Automated retention sweeps run on configurable schedules to enforce TTL-based data lifecycle policies.

6.3 Anonymization

In certain cases, we may anonymize personal data rather than delete it, so that it can no longer be associated with you. Anonymized data may be retained indefinitely for analytical and platform improvement purposes. For example, decision context records may be anonymized (actor identifiers replaced with “[REDACTED]”) to preserve the integrity of the Organizational Decision Genome while severing the personal identity link.

7. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data:

7.1 European Economic Area and United Kingdom (GDPR)

If you are located in the EEA or UK, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete personal data
• Erase your personal data (right to be forgotten)
• Restrict processing of your personal data
• Data portability (receive your data in a structured, commonly used format)
• Object to processing based on legitimate interests
• Withdraw consent at any time, without affecting the lawfulness of prior processing
• Lodge a complaint with your local data protection authority

The SynTraktX platform includes a GDPR Article 17 right-to-erasure capability that enables customer administrators to initiate erasure of an individual’s data across all platform subsystems.

7.2 California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Delete your personal information
• Opt out of the sale or sharing of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information

Bladnir Tech does not sell personal information as defined under the CCPA/CPRA.

7.3 Colorado, Connecticut, and Virginia

If you are a resident of Colorado, Connecticut, or Virginia, you have the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects.

7.4 Exercising Your Rights

To exercise any of the above rights, please contact us at kenneth_d@bladnirtech.com. We will respond to verified requests within the timeframe required by applicable law (generally 30 days for GDPR, 45 days for CCPA/CPRA).

If your personal data is processed through the SynTraktX platform on behalf of a customer organization, you should direct your request to that organization. We will assist the customer organization in fulfilling such requests in accordance with our Data Processing Agreement.

7.5 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We may require verification that the agent is authorized to act on your behalf.

8. International Data Transfers

Bladnir Tech is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, and any supplementary measures necessary to ensure an adequate level of protection.

9. Cookies and Tracking Technologies

Our website and platform may use cookies and similar tracking technologies to:

• Maintain session state and authentication
• Remember your preferences
• Analyze usage patterns and improve performance
• Provide security features

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of the Services.

We do not currently respond to Do Not Track (DNT) signals. We do not engage in cross-site tracking for advertising purposes.

10. AI Act Transparency

The SynTraktX platform uses machine learning models as part of its Decision Intelligence Infrastructure. In accordance with applicable AI transparency requirements, we provide the following information:

Purpose: Machine learning models are used to predict approval likelihood, estimate outcome success probability, and detect anomalous decision patterns. These models support human decision-making; they do not make autonomous decisions.

Processing Logic: Models are trained on historical decision event data provided by the customer organization. Features include temporal patterns, workload metrics, case complexity, and decision history. Models use gradient boosting, calibrated classification, and isolation forest algorithms.

Human Oversight: The platform is specifically designed to measure and ensure genuine human oversight. Automation levels are gated by trust metrics and require demonstrated reliability before progressing. Adversarial trust validation probes continuously test system integrity.

Data Subject Notification: Individuals whose Behavioral Decision Data is processed through the platform should be informed by their employer or the relevant customer organization, who is the data controller for such processing.

11. Children’s Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at kenneth_d@bladnirtech.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and, where required by law, by email or other direct communication. The “Effective Date” at the top of this policy indicates when it was last revised.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

13. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Bladnir Tech LLC

Winchester, Kentucky

Email: kenneth_d@bladnirtech.com

Web: bladnirtech.com

EU/UK Representative: Not yet appointed. If you are located in the EU or UK and have questions about our data practices, please contact us at the email address above while we establish a local representative.