Privacy Policy

This Privacy Policy explains how Dromos, Inc. ("Dromos", "we", "us") collects, uses, and protects information when you visit our websites, join a waitlist, or use our products and services (the "Service"). It applies globally; specific regional rights are described below.

1. Information we collect

Information you give us

• Contact information — name, email, phone number, company, role, when you join a waitlist, contact us, sign up, or opt in to SMS.
• Account and billing information — login credentials, subscription tier, payment details (handled by our payment processor; we do not store full card numbers).
• Content and configuration — prompts, agent configurations, permission scopes, and tokens or credentials you connect for third-party tools so the Service can act on your behalf.
• Support communications — anything you send us when you contact support.

Information collected automatically

• Operational logs — limited request metadata (timestamps, IP address, user agent, status codes) needed to operate, troubleshoot, and secure the Service.
• Cookies — strictly necessary cookies for authentication and session management; no advertising cookies.
• Observability data — only when you explicitly enable observability features. Detailed traces of agent actions, inputs, and outputs are recorded only with your consent and on your tenant.

Information from third parties

• When you connect a third-party tool (for example email or productivity), we receive the data and permissions you authorize that tool to share with us, scoped to what your agents are configured to do.

2. How we use information

• To provide, secure, and improve the Service;
• To respond to inquiries and send you transactional notices (sign-up confirmation, security alerts, billing);
• To send waitlist or product updates you have opted in to (email or SMS);
• To detect, prevent, and address abuse, fraud, or security incidents;
• To comply with legal obligations.

3. What we don't do

• We don't sell your personal data — including your email or phone number — to anyone, ever. This includes "sharing" for cross-context behavioral advertising under California's CPRA.
• We don't train Dromos models on your Customer Data.
• We don't rent or trade your contact information.
• We don't use SMS data or consent for marketing purposes outside the explicit purpose you opted in for.

4. Third-party LLMs and tools

The Service may route prompts and actions through third-party large language model providers (such as OpenAI, Anthropic, Google) and other third-party tools you connect. Those providers may store inputs and outputs, and some may use them to improve their models, in accordance with their own privacy policies and the controls they offer. Where the provider supports it, we surface or default to options that minimize this (for example, opting out of training on inputs). You should review the policies of any provider you select.

5. SMS and phone communications

If you provide a phone number and opt in to SMS, we use it to send the messages you requested (such as one-time codes, alerts, or updates). Message frequency varies. Message and data rates may apply from your carrier.

• Opt out: Reply STOP to any SMS to stop.
• Help: Reply HELP for assistance, or email support@dromos.ai.
• Carrier: Carriers are not liable for delayed or undelivered messages.
• Provider: We deliver SMS through Telnyx and other vetted telecom providers, who process phone numbers and message content solely to deliver and secure the messages.
• No sharing: Your phone number and SMS opt-in consent will never be shared with third parties for their own marketing.

6. Cookies

We use only strictly necessary cookies (for example, to keep you signed in). We do not use advertising or cross-site tracking cookies. If we add analytics, we will use a privacy-preserving provider and update this policy first.

7. Data retention

We keep personal data only as long as needed for the purpose it was collected — to operate the Service, meet legal and accounting obligations, and resolve disputes. Specifically:

• Waitlist contact info: kept until you ask us to delete it or for a reasonable period after the launch you signed up for.
• Account data: kept while your account is active and for a limited period after closure for legal and billing requirements.
• Operational logs: short retention (typically 30–90 days), longer only when required for security investigations.
• Observability traces: only retained when you've enabled them, and per the retention you configure.

8. How we protect data

We use industry-standard administrative, technical, and physical safeguards: encryption in transit (TLS) and at rest, scoped access controls, principle-of-least-privilege for engineers, audit logging, and vendor reviews. No system is perfectly secure; if a breach occurs we will notify affected users in line with applicable law.

9. Sub-processors and service providers

We use a small number of vetted vendors to operate the Service — for example cloud hosting, payment processing, email delivery, and SMS delivery (Telnyx). They process data only on our instructions and under contractual confidentiality and security obligations. We will maintain a current list of sub-processors at privacy@dromos.ai on request.

10. International transfers

We operate globally; personal data may be transferred to and processed in countries other than your own, including the United States. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

11. Your rights

Everyone

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete data we are not required to keep.
• Withdraw consent (such as opting out of SMS or marketing) at any time.
• Lodge a complaint with a supervisory authority.

EEA / UK (GDPR)

You also have the right to data portability and to object to or restrict certain processing. Our lawful bases are: contract (operating the Service for you), consent (marketing or SMS opt-ins), and legitimate interests (security, fraud prevention, basic operations).

California (CCPA / CPRA)

You have the right to know, delete, correct, and limit use of sensitive personal information, and to opt out of sale or sharing — although we do not sell or "share" personal information for cross-context behavioral advertising. Authorized agents may submit requests on your behalf.

To exercise any of these rights, email privacy@dromos.ai. We will respond within the time required by applicable law.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe we have, contact us and we will delete it.

13. Changes to this Policy

We will update this Policy when our practices change. The "Last updated" date at the top reflects the latest revision. If changes are material, we'll notify you (for example by email or in-product notice) before they take effect.

14. Contact

Privacy questions or requests:

• Email: privacy@dromos.ai
• Postal: Dromos, Inc. — address available on request.

This is a general template, not legal advice. Have counsel review before relying on it for compliance with TCPA, CTIA/carrier rules, GDPR, CCPA, or other regulations.