Skip to main content
Legal · Privacy

Privacy, sounded straight.

Last updated: June 21, 2026

Segment360, LLC designs, builds, and operates agentic AI inside each client's own cloud. The single most important fact about our privacy posture is this: the operational and end-user data those agents process stays inside our client's cloud. We do not copy it out, we do not store it on our own systems, we do not sell or share it, and we access it only through least-privilege roles the client grants and can revoke. This policy explains the limited personal information Segment360 itself handles, which is mainly about the people who visit this website and the business contacts who talk to us.

1. Who we are & the scope of this policy

Segment360, LLC ("Segment360," "we," "us," or "our") is a business-to-business company headquartered in San Ramon, California, USA. We design, build, and operate agentic AI systems that run inside each client's own cloud environment on Google Cloud, AWS, or Microsoft Azure.

This policy describes the personal information we handle as a controller: information about visitors to this website, people who fill in our contact and Diagnostic forms, and the business contacts we communicate with in the ordinary course of running our company. It applies to this website and our direct business communications.

This policy does not govern how any individual client chooses to configure or use the agents we operate for them. Where we act on a client's behalf inside that client's cloud, the client's own privacy notice and the data processing terms in our agreement with that client govern, not this page.

2. Our roles: controller and processor

We act in two distinct capacities, and it matters which one applies to a given piece of data.

  • As a controller. For website-visitor and business-contact data, we decide why and how the data is processed. Sections 3 through 13 describe this data.
  • As a processor. For data our agents read or act on inside a client's cloud, the client is the controller and decides the purposes and means. We process only on the client's documented instructions. Section 3 explains why this data does not sit on our systems at all.

3. The data we DO and do NOT process

This distinction is the heart of how Segment360 works, so we want it to be unmistakable.

3.1 Website & business-contact data (we are the controller)

When you browse this site, contact us, or run our Diagnostic, we receive a small amount of personal information about you: the details you submit, plus standard analytics and technical data. We control that information, and this policy describes it in full.

3.2 Client, operational & end-user data (we are a least-privilege processor)

The data our agents read and act on for a client, including its end-user records, operational data, and anything derived from them, lives entirely inside that client's own cloud. On this data the client is the controller and we are a processor. Specifically:

  • We do not collect, copy, export, retain, sell, or share client, operational, or end-user data on Segment360 systems.
  • The data never leaves the client's cloud as part of normal operation. Our agents run where the data lives.
  • We access it only through least-privilege, client-granted roles, scoped to the work, audited, and revocable by the client at any time.
  • The client decides what its agents may touch, sets the retention, and remains responsible for the lawful basis and notices owed to its own end users.

In short, the strongest privacy guarantee we can give about operational and end-user data is structural: it is not ours to hold, and our architecture keeps it that way.

4. Categories of website & contact data we collect

When you interact with us, we may collect the following:

  • Identity and contact details: name, work email, company, and job role.
  • Message content: anything you write in a contact form, Diagnostic, or email.
  • Usage and analytics data: pages viewed, referrer, session activity, and interaction events.
  • Device and connection data: IP address, browser type, operating system, device type, and approximate location inferred from IP.
  • Communication records: a log of correspondence and meetings related to a business inquiry.

We do not ask for special-category data through this site, and we ask that you do not send it to us in free-text fields.

5. How we use this information

  • To respond to your inquiries and follow up on a conversation you started.
  • To run our Diagnostic and share the resulting assessment with you.
  • To operate, secure, maintain, and improve this website and understand how it is used.
  • To carry out proportionate business development and relationship management.
  • To protect against fraud, abuse, and security incidents.
  • To meet our legal, accounting, and regulatory obligations.

We do not use the information you give us through this site to train AI models, and we do not use it for purposes incompatible with the ones listed here without telling you first.

6. Legal bases for processing (GDPR)

Where the EU or UK GDPR applies, we rely on one or more of these legal bases:

  • Consent: for non-essential cookies and optional analytics, where consent is required. You can withdraw it at any time.
  • Contract: to respond to a request that is a step toward, or part of, a business relationship.
  • Legitimate interests: to run and secure our site, understand demand, and pursue business development in a proportionate way, balanced against your rights and freedoms.
  • Legal obligation: where the law requires us to keep or disclose information.

7. Disclosures & service providers

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We disclose the limited website and contact data above only to vendors who help us run the business, and only as needed. By category, these are:

  • Cloud hosting and infrastructure providers that serve this website.
  • Analytics providers that help us measure site usage.
  • Email, scheduling, and communication tools we use to reply to you.
  • Customer-relationship and business-operations tools we use to manage inquiries.
  • Professional advisers, such as legal, accounting, and security advisers.

These providers act as our processors under written contract and may use your data only to provide their service to us. We may also disclose information when required by law, valid legal process, or to protect our rights and safety, and in connection with a merger, financing, or acquisition, subject to this policy.

8. International transfers

We operate from the United States, and our service providers may process data in the United States or elsewhere. Where we transfer personal information out of the EEA, the UK, or other regions with transfer rules, we rely on an appropriate safeguard such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision, together with supplementary technical and organizational measures where needed. You may contact us for more information about these safeguards.

9. Data retention

We keep personal information only as long as we need it for the purpose we collected it, or as long as the law requires. Contact and Diagnostic records are kept for the life of the conversation and a reasonable follow-up period; analytics data is retained on a shorter, rolling basis. When information is no longer needed, we delete it or anonymize it. Retention of client, operational, and end-user data is set and controlled by the client inside its own cloud, as described in section 3.

10. Security

Our security model is architecture-first. The strongest protection for client, operational, and end-user data is that it never leaves the client's own cloud and we access it only under least-privilege, scoped, revocable roles. For the website and contact data we do hold, we apply encryption in transit, access controls, logging, and data minimization: we collect as little as we can and keep it no longer than we must.

  • We are not currently SOC 2, HIPAA, or ISO 27001 certified. Several of these programs are in progress, and we will not claim a certification we do not hold.
  • For healthcare clients, Segment360 will sign a Business Associate Agreement (BAA) before any work involving protected health information.
  • No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work to protect your information using reasonable safeguards.

11. Your privacy rights

Depending on where you live, you may have some or all of the rights below over the personal information we control. To exercise any of them, contact us using section 16. We will verify your request and respond within the time the law allows. You may use an authorized agent where the law permits, and we will not discriminate against you for exercising your rights.

11.1 If you are in the EU or UK (GDPR)

  • Access a copy of your personal information.
  • Correct inaccurate data and complete incomplete data.
  • Erase your data where there is no overriding reason to keep it.
  • Port your data to another provider in a portable format.
  • Object to or restrict processing based on legitimate interests.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with your local supervisory authority.

11.2 If you are in California (CCPA / CPRA)

  • Know what personal information we collect, the sources, and how we use it.
  • Delete personal information we hold about you, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information, so there is nothing to opt out of, but the right stands.
  • Limit the use of sensitive personal information, which we do not collect through this site.
  • Be free from discrimination for exercising any of these rights.

11.3 Rights requests about client data

For client, operational, or end-user data that lives inside a client's cloud, please direct any rights request to that client, who is the controller. We will support our clients in honoring those requests as their processor.

12. Cookies & similar technologies

We use a small set of cookies and similar technologies to run the site and, with your consent where required, to measure usage. You can read the detail and manage your choices on our cookie policy.

13. Children

This is a business website, and our services are not directed to children. We do not knowingly collect personal information from anyone under 18, or under 16 where that is the local threshold. If you believe a child has given us personal information, contact us and we will delete it.

14. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing of the website and contact data we control.

Any agentic or automated processing that our AI systems carry out for a client happens inside that client's cloud, under the client as controller and on the client's configuration and instructions. Questions about automated processing of end-user data should be directed to the relevant client, whose own notices govern it.

15. Changes to this policy

We may update this policy as our practices, technology, or the law change. When we do, we will revise the date at the top of this page, and for material changes we will give a more prominent notice. Continued use of the site after an update means you have seen the current version.

16. Questions?

If you have a question about this policy or want to exercise a privacy right, write to us at privacy@segment360.com. We are Segment360, LLC, based in San Ramon, California, USA, and this policy is governed by the laws of the State of California, USA. This page is a clear statement of our practices, not legal advice; for a binding agreement, please refer to the contract between us.