4. Personal Data We Process

A. Account and Identity Information

● Name

● Business email address

● Company name

● User identifiers

● Authentication and access credentials (stored securely)

B. Customer Content

Processed strictly on behalf of customers, which may include:

● Audio and video recordings

● Browser workflow recordings

● Text, images, and other content captured during workflows

● Data transmitted through customer-enabled integrations

C. Chrome Extension Data

When a user explicitly initiates a recording session, the Solidroad Chrome extension may process:

● Web page content necessary to capture the initiated workflow

● User interactions required to generate guides or simulations

The extension:

● Activates only after user action

● Captures only data required for the requested workflow

● Uses session-capture technology (including rrweb)

● Applies PII redaction

● Does not collect unrelated browsing history

● Does not operate in the background

D. Usage and Technical Data

● IP address

● Device and browser metadata

● Log files and audit logs

● Security and performance telemetry

5. How We Use Personal Data

Solidroad processes personal data solely for legitimate and limited purposes, including:

1. Service Delivery

○ Recording workflows, audio, and video at the user’s request

○ Generating AI-powered guides and simulations

○ Securely storing and synchronizing customer content

2. Account and Access Management

○ User authentication (including SSO and MFA)

○ Subscription and workspace administration

3. Customer-Directed Integrations

○ Processing data from third-party systems only when enabled by the customer

4. Security and Reliability

○ Preventing fraud and abuse

○ Maintaining system integrity and availability

○ Monitoring and logging

5. Customer Support

○ Responding to inquiries

○ Troubleshooting and issue resolution

6. Marketing and Communications

○ Sending service-related communications

○ Sending marketing communications where permitted by law

○ Users may opt out of marketing communications at any time

7. Legal and Compliance

○ Meeting contractual obligations

○ Complying with applicable laws and regulations

6. AI and Machine Learning

Solidroad does not use customer data to train generalized artificial intelligence or machine learning models. Customer data is used solely to generate outputs for that specific customer in accordance with contractual obligations and documented instructions.

7. Data Sharing and Subprocessors

Solidroad may engage third-party subprocessors to support delivery of the Services, including providers of:

● Cloud hosting

● Infrastructure

● Security

● Analytics

● Customer support

All subprocessors are subject to contractual obligations requiring appropriate confidentiality, security, and data protection safeguards.

Solidroad does not sell personal data and does not share personal data for advertising purposes.

8. International Data Transfers

Personal data may be processed in the United States and other jurisdictions where Solidroad or its subprocessors operate. Where required, Solidroad relies on lawful transfer mechanisms, including Standard Contractual Clauses and other recognized safeguards.

9. Data Retention

Solidroad retains customer data for the duration of the applicable customer contract.

Unless otherwise agreed or legally required:

● Customer data is deleted within 30 days following contract termination or upon verified deletion request

● Backup and log data may be retained for a limited period for security, compliance, and disaster recovery purposes

10. Data Subject Rights

Where Solidroad acts as a data processor, data subject requests should be directed to the relevant customer acting as data controller.

Where Solidroad acts as a data controller, individuals may request:

● Access to personal data

● Correction of inaccuracies

● Deletion

● Restriction or objection to processing

● Data portability, where applicable

Requests may be submitted to security@solidroad.com.

11. Security Measures

Solidroad maintains technical and organizational measures designed to protect personal data, including:

● Encryption in transit and at rest

● Access controls and least-privilege policies

● Audit logging and monitoring

● Incident response procedures

Solidroad maintains SOC 2 Type II and ISO/IEC 27001 certifications.

12. Children's Data

The Services are intended exclusively for adult business users. Solidroad does not knowingly process personal data of children.

13. Changes to This Privacy Policy

Solidroad may update this Privacy Policy from time to time. Material changes will be communicated through the Services or other appropriate channels.

Contact Information

If you have questions about this Privacy Policy or Solidroad's data practices, please contact us at security@solidroad.com