Legal

DBR77 Privacy Policy

Effective date: 2026-03-25 Controller for website and account-administration matters: DBR77 Robotics Inc.

1. Scope

This Privacy Policy explains how DBR77 Robotics Inc. (DBR77, we, us, or our) processes personal data in connection with:

  • www.dbr77.com and DBR77 marketing or product landing pages,
  • account creation, authentication, and account administration,
  • demo requests, marketing, sales, and business communications,
  • support, onboarding, implementation, and commercial administration,
  • product use to the extent DBR77 acts as controller for account, billing, security, and business-operations data.

Where DBR77 processes customer-submitted data on behalf of a business customer, DBR77 generally acts as a processor or service provider, and that processing is governed by the applicable contract, including the dpa.md where incorporated.

2. Who we are

DBR77 operates the websites and products covered by this policy. Our principal business address is 9319 Robert D. Snyder Road, Charlotte, NC 28262, USA.

For privacy questions or rights requests, contact privacy@dbr77.com.

3. Categories of personal data we process

Depending on the context, we may process:

  • identity and business contact data, such as name, email address, title, company, billing contact, and postal details,
  • account and organization data, such as usernames, tenant membership, role assignments, seat status, and administrator actions,
  • authentication and device data, such as login timestamps, IP address, browser type, device identifiers, session identifiers, MFA events, and security metadata,
  • communications and support data, such as emails, meeting notes, support tickets, implementation records, and customer-success communications,
  • billing and commercial data, such as subscription records, invoices, contract metadata, payment status, and tax-related business information,
  • website and product usage data, such as pages viewed, clickstream, referral source, feature usage, and performance telemetry,
  • content submitted by users, such as form entries, uploads, prompts, workflow records, ticket attachments, or other business data submitted through our sites or products.

We do not intentionally collect sensitive personal data unless it is necessary for the service, deliberately submitted by the customer, or otherwise required by law or contract.

4. How we use personal data

We may use personal data to:

  • operate, secure, maintain, and improve our websites, platforms, APIs, and services,
  • create and manage user accounts, authenticate users, and administer access rights,
  • respond to requests, provide support, deliver onboarding or implementation services, and communicate with customers,
  • administer subscriptions, contracts, billing, collections, renewals, and related business operations,
  • detect, investigate, prevent, and remediate fraud, abuse, security events, and unlawful or prohibited activity,
  • analyze service usage, reliability, and performance,
  • comply with legal obligations, enforce our agreements, and establish, exercise, or defend legal claims,
  • send marketing or event communications where permitted by law and subject to available opt-out rights.

5. Controller and processor roles

DBR77 generally acts as a controller for:

  • website operations and analytics,
  • lead-generation, sales, and marketing communications,
  • account administration and identity management,
  • billing, collections, support operations, and security logging,
  • compliance, corporate, and legal administration.

DBR77 generally acts as a processor or service provider for customer-submitted data processed within the contracted product environment on behalf of a business customer. When DBR77 acts in that capacity, the relevant customer remains responsible for determining the lawful basis and permitted uses of that data.

6. Legal bases

Where applicable law requires a legal basis, DBR77 may rely on:

  • performance of a contract or steps taken at the request of the individual before entering into a contract,
  • legitimate interests in operating, securing, improving, marketing, and administering our business and services,
  • compliance with legal obligations,
  • consent, where required by law.

Where consent is the basis for processing, it may be withdrawn at any time, but withdrawal does not affect processing that occurred before withdrawal.

7. Sources of personal data

We may collect personal data:

  • directly from the individual,
  • from the individual’s employer, customer organization, or account administrator,
  • from integrations or identity providers used to provision access,
  • from service providers that support analytics, hosting, billing, communications, or security,
  • automatically through cookies, logs, telemetry, and similar technologies.

8. Sharing and recipients

We may disclose personal data to:

  • our personnel, affiliates, contractors, and advisors on a need-to-know basis,
  • hosting, infrastructure, analytics, communications, support, security, and other service providers acting on our behalf,
  • payment processors, insurers, auditors, and professional advisors,
  • counterparties and participants in an actual or proposed merger, financing, acquisition, reorganization, or asset sale,
  • law enforcement, regulators, courts, or other third parties where required by law, lawful process, or to protect rights, safety, or security.

We do not sell personal data provided through our business products in the ordinary course of our operations. We also do not use customer-submitted product data to train our own or third-party AI models unless the relevant customer expressly agrees otherwise in writing.

9. International transfers

DBR77 may process personal data in the United States and other jurisdictions depending on hosting model, support model, subprocessor location, and product architecture. Where required by law, DBR77 uses an appropriate transfer mechanism, such as Standard Contractual Clauses or another lawful safeguard.

Product-specific data residency or regional hosting commitments, if any, must be stated in the applicable order form, deployment addendum, or product schedule.

10. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this policy, including to:

  • provide and administer the service,
  • maintain account, billing, and security records,
  • comply with legal, tax, accounting, and retention obligations,
  • preserve backups and disaster-recovery copies in the ordinary course,
  • resolve disputes and enforce agreements.

Retention periods vary depending on the nature of the data, the applicable product, contractual requirements, and legal obligations. Backup copies may remain until they are overwritten in the ordinary backup cycle.

11. Security

DBR77 applies technical and organizational measures appropriate to the nature of the service and the risk profile of the data involved. These may include encryption in transit, encryption at rest where supported, role-based access controls, audit logging, monitoring, backup controls, and incident response procedures.

No system is completely secure, and DBR77 does not guarantee absolute security or uninterrupted operation.

12. Your privacy rights

Depending on applicable law, individuals may have rights to request:

  • access to personal data,
  • correction of inaccurate data,
  • deletion of personal data,
  • restriction of processing,
  • portability of data,
  • objection to certain processing,
  • withdrawal of consent where processing is based on consent.

Requests may be sent to privacy@dbr77.com. We may need to verify identity before responding. If DBR77 processes the relevant data on behalf of a business customer, we may direct the request to that customer or ask the requester to submit the request through that customer.

Depending on applicable law, individuals may also have the right to lodge a complaint with a competent supervisory authority.

13. Cookies and similar technologies

DBR77 uses cookies and similar technologies as described in the Cookie Policy. Non-essential technologies should be used only in accordance with applicable consent requirements.

14. Children’s data

Our websites and business products are intended for business and professional audiences and are not directed to children. We do not knowingly collect personal data from children in a manner that requires parental consent under applicable law.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version and revise the effective date above. If required by law, we will provide additional notice for material changes.