Last Updated: September 07, 2025
Effective Date: September 07, 2025
At Behest Inc., doing business as Behest AI ("Behest AI," "Company," "we," "us," or "our"), a corporation incorporated under the laws of the State of Delaware and registered to do business in the State of California, we are steadfast in our conviction that Private AI is the only AI for enterprises. As pioneers in self-hosted, enterprise-grade AI solutions, we are dedicated to delivering the power of AI while ensuring uncompromising privacy, security, and control over your data. This Privacy Policy ("Policy") sets forth, in comprehensive detail, our practices regarding the collection, use, disclosure, storage, protection, and processing of Personal Information (as defined below) when you access our website at behest.ai (the "Website"), inquire about our products or services, or otherwise interact with us or our Services (as defined below).
This Policy applies to all visitors to our Website, prospective clients, enterprise users, and any individuals whose Personal Information we process in the course of our business activities (collectively, "you" or "your"). It does not apply to enterprise data processed within our self-hosted AI platform, which is deployed exclusively on your infrastructure and remains under your sole control. Behest AI does not access, store, process, or otherwise handle any such enterprise data, models, or outputs generated therefrom. All references herein to "Personal Information" pertain solely to data collected through our Website, business inquiries, or related interactions, and not to any client-deployed systems.
We are committed to compliance with all applicable data protection laws, including but not limited to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"); the EU General Data Protection Regulation 2016/679 ("GDPR") and its UK equivalent ("UK GDPR"); and other relevant international, federal, state, and local privacy laws, such as those in the Middle East (e.g., UAE Federal Decree-Law No. 45/2021 on Personal Data Protection) and Asia (e.g., Singapore's Personal Data Protection Act 2012). Where we process Personal Information as a controller (as defined under applicable laws), this Policy serves as our notice at collection. For EU/EEA and UK data subjects, additional details are provided in Section 12 below.
If you have any questions or concerns regarding this Policy or our privacy practices, or if you wish to exercise your rights hereunder, please contact us at info@behest.ai. Your continued use of our Website or Services constitutes your acknowledgment and acceptance of this Policy and our practices.
Table of Contents
1. Definitions
2. Scope and Applicability
3. Personal Information We Collect
4. How We Collect Personal Information
5. How We Use Your Personal Information
6. Legal Bases for Processing Personal Information
7. Disclosure and Sharing of Personal Information
8. Cookies and Similar Tracking Technologies
9. Data Retention
10. Data Security Measures
11. Data Breach Notification
12. Your Privacy Rights and Choices
13. Controls for Do-Not-Track Features and Global Privacy Signals
14. Specific Rights for California Residents Under CCPA/CPRA
15. Specific Rights for EU/EEA and UK Data Subjects Under GDPR/UK GDPR
16. Rights Under Other Jurisdictions
17. International Data Transfers
18. Third-Party Websites and Services
19. Children's Privacy
20. Changes to This Policy
21. Governing Law and Dispute Resolution
22. Contact Us
23. How to Review, Update, or Delete Your Personal Information
1. Definitions
For purposes of this Policy, the following terms shall have the meanings ascribed below, unless otherwise required by applicable law:
- Personal Information (or "Personal Data" under GDPR/UK GDPR): Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including but not limited to identifiers, professional information, internet activity, and inferences as detailed in Section 3.
- Sensitive Personal Information: Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning sex life or sexual orientation, as defined under CCPA/CPRA and GDPR/UK GDPR.
- Services: Our Website, self-hosted AI platform, and any related products, features, tools, or interactions provided by Behest AI.
- Processing: Any operation or set of operations performed on Personal Information, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
- Controller: The entity that determines the purposes and means of Processing Personal Information (Behest AI acts as controller for Website and inquiry data).
- Processor: An entity that Processes Personal Information on behalf of a controller.
- Data Subject: An identified or identifiable natural person to whom Personal Information relates.
2. Scope and Applicability
This Policy applies globally to all Personal Information we collect and process. In the event of a conflict between this Policy and applicable law, the more stringent requirement shall prevail to the extent of the conflict. For our B2B clients, separate Data Processing Agreements ("DPAs") may govern the Processing of any Personal Information shared under enterprise contracts, incorporating standard contractual clauses or equivalent safeguards where required. We do not sell or share Personal Information for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA.
As a proponent of Private AI, we design our Services with privacy by design and by default principles, ensuring data minimization, pseudonymization where feasible, and end-to-end encryption for transmissions.
3. Personal Information We Collect
We collect only the Personal Information necessary to provide our Services, respond to inquiries, and comply with legal obligations. Categories align with those under CCPA/CPRA and GDPR/UK GDPR.
a. Personal Information You Provide to Us
- Identifiers: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
- Customer Records Information: Name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information (limited to payment processing where applicable).
- Professional or Employment-Related Information: Company name, job title, industry, business needs, and organizational details.
- Commercial Information: Records of products or services considered or purchased, or other purchasing or consuming histories or tendencies.
- Other Provided Information: Any additional data you voluntarily submit, such as in forms, emails, or communications.
We do not collect Sensitive Personal Information unless explicitly provided by you for a specific, consented purpose (e.g., accessibility accommodations), and only where strictly necessary.
b. Personal Information Collected Automatically
- Internet or Other Electronic Network Activity Information: Browsing history, search history, information on interactions with our Website or advertisements.
- Geolocation Data: Approximate location derived from IP address (not precise geolocation).
- Audio, Electronic, Visual, or Similar Information: If you participate in calls or video interactions, recordings may be made with your consent.
- Inferences: Drawn from the above to create profiles reflecting preferences, characteristics, or behavior for tailored communications.
c. Personal Information from Third Parties
- From business partners, public databases, or professional networks (e.g., LinkedIn) to enhance client understanding, such as business contact details.
For our self-hosted AI Services: No Personal Information or enterprise data is collected, as all Processing occurs within your private network.
4. How We Collect Personal Information
- Directly from You: Via Website forms, emails, phone calls, events, or other interactions.
- Automatically: Through cookies, web beacons, pixels, and similar technologies (see Section 8). We use tools like Google Analytics for anonymized insights.
- From Third Parties: As noted in Section 3(c), always in compliance with applicable laws.
- Passive Collection: Log files and server logs capture usage data.
All collection adheres to data minimization principles—we collect no more than necessary.
5. How We Use Your Personal Information
We Process Personal Information solely for the following legitimate business purposes:
- To provide, maintain, and improve our Services, including responding to inquiries, scheduling demonstrations, and customizing proposals.
- To communicate with you, including sending administrative notices, updates, or marketing materials (with opt-out options).
- For internal analytics, research, and development, using aggregated or de-identified data only.
- To detect, prevent, and address security incidents, fraud, or illegal activities.
- To comply with legal obligations, enforce our terms, or protect rights, property, or safety.
- For other purposes disclosed at collection or with your consent.
We shall not use Personal Information for automated decision-making producing legal or similarly significant effects without human oversight or your explicit consent. No Personal Information is used for AI training, profiling, or unrelated secondary purposes.
6. Legal Bases for Processing Personal Information
Our Processing relies on the following legal bases under applicable laws (e.g., GDPR/UK GDPR):
- Consent: Where you have provided explicit, informed consent (revocable at any time).
- Contract Performance: Necessary to enter into or perform a contract with you.
- Legitimate Interests: For our or third parties' interests (e.g., marketing, security), balanced against your rights.
- Legal Obligation: To comply with laws or regulatory requirements.
- Vital Interests: In rare cases, to protect life or safety.
For Sensitive Personal Information, we rely on explicit consent or other strict bases.
7. Disclosure and Sharing of Personal Information
We do not sell, rent, or trade Personal Information. Disclosures are limited to:
- Service Providers and Processors: Trusted vendors (e.g., cloud hosting, analytics, payment processors) under binding contracts requiring confidentiality, security, and Processing only per our instructions. Categories include: cloud computing, data analytics, email delivery, website hosting, and marketing tools.
- Affiliates and Subsidiaries: For internal operations, subject to this Policy.
- Business Partners: With consent, for joint offerings.
- In Business Transfers: During mergers, acquisitions, or asset sales, with recipients bound to equivalent protections.
- Legal Requirements: To comply with laws, subpoenas, court orders, or government requests; to enforce rights; or in emergencies.
- With Consent: For any other disclosed purpose.
All recipients are required to implement appropriate safeguards, and we conduct due diligence on their compliance.
8. Cookies and Similar Tracking Technologies
We use cookies, pixels, and similar technologies for essential functionality, performance analytics, and targeted marketing. Essential cookies enable core features; analytics cookies (e.g., Google Analytics) provide anonymized insights. You may manage preferences via browser settings or our cookie banner. For details, see our separate Cookie Policy [link to be inserted]. We honor opt-out signals and do not track across third-party sites without consent.
9. Data Retention
We retain Personal Information only as long as necessary for the purposes described herein, or as required by law. Specific periods:
- Marketing and inquiry data: Up to 2 years from last interaction.
- Account or contract data: For the duration of the relationship plus 7 years for legal/tax purposes.
- Log data: Up to 1 year for security.
Upon expiration, data is securely deleted or anonymized. Backup copies may persist for up to 90 days.
10. Data Security Measures
We implement robust technical, administrative, and organizational measures to protect Personal Information, aligned with industry standards such as ISO/IEC 27001 and NIST frameworks:
- Encryption: Data in transit (TLS/HTTPS) and at rest.
- Access Controls: Role-based access, multi-factor authentication, least privilege principles.
- Network Security: Firewalls, intrusion detection/prevention systems, regular vulnerability scans and penetration testing.
- Physical Security: Secure data centers with access restrictions.
- Employee Training: Mandatory privacy and security awareness programs.
- Incident Response: Comprehensive plan for detecting and mitigating breaches.
- Audits: Regular internal and third-party audits.
- Data Minimization and Pseudonymization: Applied where feasible.
While we strive for utmost security, no system is impenetrable. In B2B contexts, we offer DPAs detailing shared security responsibilities.
11. Data Breach Notification
In the event of a Personal Information breach (as defined under applicable laws), we shall notify affected individuals and relevant authorities without undue delay, typically within 72 hours of awareness under GDPR/UK GDPR, or as required by CCPA/CPRA (e.g., if the breach creates a reasonable risk of harm). Notifications will include breach details, impacted data, mitigation steps, and protective advice.
12. Your Privacy Rights and Choices
You have rights over your Personal Information, exercisable by contacting us at info@behest.ai with "Privacy Request" in the subject, providing identity verification. We respond within legally mandated timeframes (e.g., 30 days under GDPR, 45 days under CCPA/CPRA). Rights include:
- Access/Know: Obtain details of your Personal Information.
- Correction/Rectification: Amend inaccuracies.
- Deletion/Erasure: Request deletion, subject to exceptions (e.g., legal retention).
- Restriction: Limit Processing in certain cases.
- Portability: Receive data in a structured, machine-readable format.
- Objection: Object to Processing based on legitimate interests or for direct marketing.
- Withdraw Consent: At any time, without affecting prior lawfulness.
- Opt-Out of Automated Processing: Where applicable.
We do not discriminate against rights exercisers. Authorized agents may submit requests with proof of authorization.
13. Controls for Do-Not-Track Features and Global Privacy Signals
We honor Do-Not-Track ("DNT") signals, Global Privacy Control ("GPC"), and other universal opt-out mechanisms as required by law (e.g., under Colorado, Connecticut, Virginia privacy laws). Enabling these signals will opt you out of any potential sale/sharing or targeted advertising.
14. Specific Rights for California Residents Under CCPA/CPRA
As a Delaware-incorporated entity doing business in California, we comply fully with CCPA/CPRA. In the past 12 months:
- Collected Categories: As in Section 3.
- Sources: Direct, automatic, third parties.
- Purposes: As in Section 5.
- Disclosed Categories: Identifiers, professional info to service providers.
- Sold/Shared: None.
- Sensitive Personal Information: Not used beyond permitted inferences or with opt-out rights.
Rights: Know, delete, correct, opt-out (not applicable), limit sensitive use (not applicable), non-discrimination. Submit verifiable requests; we verify via email or ID.
15. Specific Rights for EU/EEA and UK Data Subjects Under GDPR/UK GDPR
We process as controller for Website data. Rights mirror Section 12, plus:
- Lodge complaints with supervisory authorities (e.g., ICO in UK).
- Automated decisions: Right to human intervention.
Our EU representative [to be appointed] and Data Protection Officer are reachable at info@behest.ai.
16. Rights Under Other Jurisdictions
For users in the Middle East (e.g., UAE) or Asia (e.g., Singapore), we comply with local laws, providing equivalent rights to access, correction, and withdrawal. Contact us for jurisdiction-specific details.
17. International Data Transfers
Personal Information is primarily processed in the United States. For transfers from EU/EEA, UK, or other regions without adequacy decisions, we use approved mechanisms:
- Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements.
- Binding Corporate Rules (if applicable).
- Consent or other derogations where necessary.
We ensure equivalent protection levels through vendor assessments and audits.
18. Third-Party Websites and Services
Our Website may link to third-party sites. We are not responsible for their privacy practices; review their policies independently.
19. Children's Privacy
Our Services are intended for business professionals and do not target individuals under 16 (or 13 in some jurisdictions). We do not knowingly collect Personal Information from minors. If discovered, we will promptly delete it.
20. Changes to This Policy
We may amend this Policy to reflect changes in practices, technology, or law. Material changes will be notified via email or Website posting, with a revised "Last Updated" date. Continued use post-update constitutes acceptance.
21. Governing Law and Dispute Resolution
This Policy is governed by Delaware law, without regard to conflicts principles. Disputes arising hereunder shall be resolved through binding arbitration in Delaware under American Arbitration Association rules, or in courts of competent jurisdiction if arbitration is unenforceable. You waive class action rights.
22. Contact Us
Behest Inc. d/b/a Behest AI
Email: info@behest.ai
23. How to Review, Update, or Delete Your Personal Information
As detailed in Section 12, email info@behest.ai to exercise rights. We facilitate prompt compliance.
At Behest AI, Private AI is not merely a commitment—it is the cornerstone of enterprise innovation, ensuring your data remains yours, your AI yours, and control unequivocally in your hands.
Copyright © 2025 Behest - All Rights Reserved.
Get your enterprise AI today!