5010AI Privacy Policy

5010AI LLC (“5010AI,” “we,” or “us”) is a U.S.-based analytics platform provider committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use and share it, and your rights regarding that data. It applies when you use our platform, website, and any related services (collectively, the “Service”). We comply with applicable data protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act). If you have any questions about this Policy or how we handle your personal data, please contact us at triage@5010ai.com.

Who We Are and How to Contact Us

We are 5010AI LLC, a company located at 82 Wendell Ave., STE 100, Pittsfield, MA 01201, USA. We provide an AI-powered analytics platform for business and professional users (for example, in the drug development industry).

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can reach us by email at triage@5010ai.com. You may also contact us by mail at the address above. We are the data “controller” responsible for your personal data when you use our Service (meaning we determine how and why your personal data is processed).

Personal Data We Collect

We limit the personal information we collect to what is necessary to create and support your user account and to operate our Service. This includes:

  • Contact Information: First name, last name, email address, job title, and company name. We collect this information when an account is created for you (either you provide it to us directly, or your employer or our client provides it to set up your user access).

  • Account Credentials: When your account is provisioned, you set a password (which we store in a securely hashed form). You log in through our authentication system (which utilizes a secure third-party identity provider for single sign-on), so we collect the information needed to verify your identity (such as your username or email address and password).

  • Login and Usage Data: We automatically collect certain technical data when you access the Service. This may include the date and time you log in or use specific features, your IP address, device and browser type, and other details provided by our systems and integrated third-party tools. For example, this can include login timestamps and device information from our identity management service, usage events from our embedded analytics dashboards, or queries you submit to our AI features. We use this usage data to help secure the Service and to understand and improve how it is used.

  • Cookies and Tracking Information: We use cookies and similar technologies to manage your login sessions and to collect information about how you navigate our site. For example, cookies help keep you logged in and help us understand usage patterns in aggregate. (See Cookies and Tracking Technologies below for more details.)

We do not intentionally collect any sensitive personal information (such as financial information, government-issued identifiers, health data, or special categories of data under GDPR like racial or ethnic origin). Moreover, our platform is not designed to receive or store user-provided content that contains personal data. Please do not upload or share sensitive personal data through our Service.

We also do not knowingly collect information from children. Our Service is intended for business and professional use by adults. If you are under the age of 13 (or under 16 in the EU/UK), please do not use the Service or provide any personal data. If we learn that we have inadvertently collected personal data from a child in those age groups, we will delete it promptly.

How We Use Your Personal Data

We use the personal data we collect for the following purposes, relying on the legal bases noted (as required under GDPR):

  1. Providing and Operating the Service: We use your contact and account information to create and maintain your user account, to authenticate you at login, and to enable you to access the features of our platform (including analytics dashboards and other tools). We also use technical and usage data to maintain and secure the Service (for example, logging sign-in attempts to prevent fraud or unauthorized access). Legal basis: This processing is necessary to perform our contract with you (or with the organization that authorized your access) and for our legitimate interest in securing and delivering our services.

  2. Communication and Support: We use your email address and other contact information to send essential communications about the Service, such as account setup instructions, important system or account notices, and responses to support inquiries. Legal basis: Performance of a contract (for service-related communications) and our legitimate interests in providing effective customer service.

  3. Newsletters and Updates: With your consent (or as otherwise permitted by law), we may occasionally send informational newsletters or product updates to your email. These communications provide information about new features, industry insights, or improvements to our platform. We do not engage in aggressive or unsolicited marketing, and you can opt out of these communications at any time by using the unsubscribe link provided or by contacting us. Legal basis: Your consent (where required by GDPR or other applicable laws) or our legitimate interest in keeping customers informed about our products and services (always subject to your right to opt out).

  4. Analytics and Improvements: We analyze usage data (e.g., page visits, feature usage frequency, login trends, query logs) to understand how our platform is performing and to improve our Service’s functionality and user experience. For example, we might track which features or pages are most frequently used to guide future enhancements or fix issues. Legal basis: Our legitimate interests in analyzing and improving our services. Where required by law (for instance, for certain analytics cookies in some jurisdictions), we will obtain your consent for these analytics activities.

  5. Legal Compliance and Enforcement: We may process your personal data as needed to comply with our legal obligations and regulations, or to respond to lawful requests and legal processes. For instance, we might retain certain records to meet tax, accounting, or audit requirements, or disclose information if required by a court order or subpoena. We may also process personal data as necessary to establish or defend legal claims, to enforce our Terms and Conditions, or to investigate and prevent fraud, security incidents, or other misuse of our Service. Legal basis: Compliance with a legal obligation, and/or our legitimate interests in protecting our legal rights, preventing fraud, and ensuring the security of our services.

  6. AI Features and Model Improvement: If you use our AI-driven features, we process the information you input (such as questions or prompts) in order to generate relevant responses and provide you with answers. We may also analyze these interactions to refine and improve our domain-trained AI model’s accuracy and capabilities over time. For example, understanding common queries can help us adjust the AI to better meet user needs and prevent misuse. Legal basis: Our legitimate interests in providing and enhancing the AI features of our Service, as well as the performance of a contract (since processing your queries is necessary to deliver the functionality you have requested).

We will use your personal data only for the purposes outlined above, or for closely related purposes that are compatible with the original reasons we collected it. If we need to use your data for any purpose that is materially different from the purposes listed, we will update this Privacy Policy and, if required, notify you or seek your consent.

Domain-Trained AI Features and Data Use

Our Service includes certain artificial intelligence features that are trained on domain-specific resources (for example, collections of regulatory documents and expert-curated content) rather than on personal information. These domain-trained AI capabilities allow you to ask questions within the platform and receive context-aware, informative answers related to our areas of expertise. Importantly, we do not use any personal data from our users to train or feed these AI models; the training relies on industry and domain data, not on your individual information.

When you interact with the AI features (for instance, by entering a query or prompt), the content of your query and the AI-generated response are processed by our systems to provide you with the requested information. We may log these AI interactions (including your query and the AI’s answer) for a limited period in order to monitor the feature’s performance, debug issues, and improve the accuracy of our AI model. Any such interaction logs are treated with the same care as other usage data and are retained only as long as necessary for these purposes, in accordance with our retention policies (see Data Retention below).

We do not use the AI system to make any decisions about you that have legal or significant effects. The AI features are provided as a tool to assist with information retrieval and analysis; they do not autonomously take actions that affect your personal data or your rights. Additionally, we do not profile you or alter your personal information based on your use of the AI features. The use of AI is strictly to enhance your experience with the Service, and any automated processing is used only to support the functions you engage with (such as answering your queries), not to make determinations about you as an individual.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform to provide and improve our Service. Cookies are small text files placed on your browser or device that store information. We use them for several reasons:

  • Authentication and Security: Certain cookies are essential for you to log in and remain authenticated. They help us recognize you as you navigate our platform and keep your session secure. For example, when you log in via our single sign-on service, a session cookie is set to maintain your logged-in status.

  • Preferences and Functionality: Some cookies remember your preferences and settings to enhance your experience. For instance, they may recall your interface settings or other customizations on the platform so you don’t have to reconfigure them each time.

  • Analytics: We use cookies and related third-party analytics tools to collect information about how users navigate and use our Service. This data (aggregated and anonymized where possible) helps us understand things like which pages or features are most popular, how long users spend on the site, and how we can improve performance. For example, our embedded analytics dashboards may use cookies or similar technology to gather usage statistics about your interactions with those dashboards.

All the cookies we use are related to the operation and improvement of our Service; we do not use any advertising cookies or share cookie data with third-party marketers.

Your Cookie Choices: When you first visit our site, you may see a notice or consent prompt about cookies (where required by law). You have the ability to control or delete cookies through your browser settings. Most web browsers allow you to refuse new cookies or delete existing cookies. However, please note that if you disable or reject certain cookies, some parts of the Service (especially features that require login authentication) may not function properly.

“Do Not Track” Signals: Some browsers offer a “Do Not Track” (DNT) setting that indicates a preference not to be tracked across different websites. Currently, there is no universally accepted standard for how to interpret DNT signals. Accordingly, our Service does not alter its practices or respond differently when a DNT signal is received. Nevertheless, as described in this Privacy Policy, we only use your data for the purposes outlined and we do not track your online activity across unrelated third-party sites.

Sharing Your Personal Data (Subprocessors and Third Parties)

We do not sell or rent your personal information to third parties. We only share your data in the following circumstances:

  • Service Providers (Subprocessors): We use trusted third-party companies to help us operate, maintain, and support our Service. These providers process personal data only as needed to perform their tasks on our behalf and are contractually obligated to protect it. Key subprocessors include:

    • Identity and Account Management: We rely on a secure third-party platform to provide identity management for user login (single sign-on) and to help manage user accounts and customer relationships. This means that your login authentication and account details (such as your credentials and profile information) are processed through that provider’s secure systems.

    • Analytics Platform: We integrate a third-party analytics platform to power and embed interactive data dashboards on our Service. When you access analytics features, this platform may process certain user information (for example, confirming your authentication status or recording your interactions with a dashboard) in order to display content and gather usage insights.

    • Cloud Hosting Provider: We host our platform and store data on secure cloud-based infrastructure in the United States. Our hosting provider maintains our servers and databases, and stores data on our behalf, but it does not access your personal data except as needed for routine hosting and maintenance operations.

    • Email/Communication Tools: If we send newsletters, system alerts, or other emails, we utilize a third-party email service provider to distribute those communications. As a result, your name and email address may be stored with that provider solely for the purpose of sending you the communications you have signed up for or that are necessary for using the Service (such as password reset emails).

  • Legal Requirements and Protection: We may disclose personal data if we are required to do so by law or in response to valid legal requests (such as a subpoena, court order, or government demand). We may also share information when we believe it is necessary to enforce our Terms and Conditions or other agreements, to protect the rights and property of 5010AI, to protect the safety of our users or others, or to investigate and prevent fraud or security issues. For example, if required and appropriate, we might provide certain information to law enforcement authorities to comply with a legal report or to address a security breach.

  • Business Transfers: In the event that 5010AI undergoes a business transaction such as a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor or acquiring entity as part of that transaction. If such a transfer occurs, we will ensure that your personal data remains subject to protections consistent with this Privacy Policy. We will also notify you (for example, by email and/or by placing a prominent notice on our website) if the transfer results in any material changes to how your personal data is used.

Note on Third-Party Links: Our website may contain links to third-party websites or services that we do not own or control (for example, a link to our company page on a social media platform). If you choose to click on those links and navigate to an external site, any information you provide on the external site is governed by that third party’s privacy policy, not this one. We are not responsible for the privacy practices or content of external websites, and we encourage you to review the privacy policies of any third-party sites you visit.

Data Storage and International Transfers

All personal data collected by 5010AI is stored on secure servers located in the United States (primarily in the Eastern U.S. region). We utilize reputable, modern cloud infrastructure to host our applications and databases. By keeping data in facilities with robust security practices, we aim to ensure your information is maintained safely (see Data Security below for more on our protection measures).

International Users: We provide our Service to users around the world, including in the European Union, United Kingdom, and other regions. If you are located outside of the United States, please be aware that the personal information you provide will be transferred to and processed in the United States. The data protection laws in the U.S. may differ from those of your home country, but we take steps to ensure that your privacy is protected in line with this Policy. When we transfer personal data from the EU/EEA, UK, or other regions with data transfer restrictions, we rely on legally approved mechanisms to safeguard the data. For example, we may implement the European Commission’s Standard Contractual Clauses (SCCs) or similar safeguards to ensure an adequate level of protection for personal data transferred to the U.S. (and we comply with UK-specific requirements for international transfers as applicable).

By using our Service or providing us with personal data, you acknowledge that your information will be transferred to our U.S.-based systems and you consent to this transfer, storage, and processing. Regardless of where your data is processed geographically, we will handle it as described in this Privacy Policy and in accordance with applicable laws.

Data Security

5010AI is committed to protecting the security of your personal data. We employ a combination of administrative, technical, and physical safeguards to guard against unauthorized access, alteration, or disclosure of data. We implement measures such as:

  • Access Controls: Restricting access to personal data only to employees and contractors who need that information to operate or support the Service.

  • Encryption: Using encryption for data in transit (for example, HTTPS for web traffic) and encrypting data at rest where appropriate, to prevent interception or unauthorized reading of data.

  • Network Security: Maintaining firewalls, intrusion detection systems, and network monitoring tools to help detect and block unauthorized access attempts or unusual activity on our systems.

  • Processes and Testing: Regularly reviewing and updating our security policies and procedures to address new threats or vulnerabilities, and conducting tests or audits of our security measures.

  • Secure Credential Storage: Storing passwords and other sensitive credentials using strong cryptographic hashing algorithms; we never store these details in plain text.

While we strive to use commercially acceptable means to protect your information, please understand that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, we continuously update and test our security safeguards to mitigate risks and protect your information to the greatest extent possible. If you have reason to believe that your interaction with us or your personal data may no longer be secure (for instance, if you suspect that your account has been compromised), please contact us immediately so that we can take appropriate steps to assist you and remediate the issue.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account Information: We keep your account profile information (such as your name, email, job title, and company) and account credentials for as long as your account is active. If your account is deactivated or your organization’s subscription ends, we will remove or anonymize your personal information within a reasonable time after account closure, unless we need to retain it for legitimate business or legal reasons.

  • Usage Logs: We retain certain log data (such as login records, audit logs, and usage analytics data) to monitor the security and performance of our Service. This includes information about how the Service is used, which may encompass interactions with our platform features (for example, records of dashboard usage or AI query logs). Basic log data is typically kept for a limited period (for example, a few months up to about a year). We may retain logs for a longer duration if necessary for security investigations, troubleshooting, or to comply with legal obligations.

  • Communications: If you correspond with us (for example, via email or support tickets) or if you subscribe to our newsletter or other updates, we may retain those communications and your contact details for as long as needed to address your inquiry or to provide the relevant service. If you opt out of receiving newsletters or marketing emails, we will stop sending them to you. However, we may keep your contact information on a suppression list to ensure we honor your opt-out request and do not send you further communications in error.

  • Legal and Business Purposes: We might retain certain data as necessary to comply with our legal obligations or for other legitimate business purposes. For instance, we may keep billing records or payment transaction data (which could include a business contact name and email) for tax, audit, and accounting purposes. Additionally, data that is stored in routine backups may persist until those backups are securely overwritten or deleted, which means some information could remain in archive for a short period beyond its active use.

When we no longer have a legitimate need to retain your personal data, we will securely delete it or anonymize it so that it can no longer be associated with you. If immediate deletion is not feasible (for example, because the data is contained in a backup archive that is not easily accessible), then we will isolate that data from any further active processing and will delete it as soon as it becomes practicable to do so.

Your Rights and Choices

You have certain rights and choices regarding your personal data. These rights may vary depending on your location and the applicable privacy laws. We honor all relevant rights, including those provided by the GDPR for EU/UK individuals and by the CCPA (as amended by CPRA) for California residents. Below is an overview of these rights and how you can exercise them.

Rights for EU/UK Individuals

If you are in the European Union, United Kingdom, or a jurisdiction with similar data protection laws, you have the following rights with respect to your personal data:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and to receive a copy of that data, along with additional information about how we use it.

  • Right to Rectification: You have the right to ask us to correct or update any inaccurate or incomplete personal data we hold about you, so that it is accurate and up to date.

  • Right to Erasure: You can request that we delete your personal data in certain circumstances (for example, if the data is no longer needed for its original purpose, or if you withdraw consent and we have no other legal basis to continue processing). This is sometimes called the “right to be forgotten.” We will honor valid deletion requests, provided that we do not have a legal obligation or other compelling reason to retain the data.

  • Right to Restrict Processing: You have the right to ask us to restrict or pause the processing of your personal data under certain conditions — for instance, while we are verifying the accuracy of data you have contested, or if you have objected to our processing and we are evaluating that objection.

  • Right to Data Portability: You have the right to obtain a copy of certain personal data in a commonly used, machine-readable format, and to have that information transmitted to another service provider (where technically feasible). This right typically applies to personal data that you have provided to us and that we process by automated means based on your consent or on a contract with you.

  • Right to Object: You may object to our processing of your personal data when we are relying on legitimate interests as our legal basis, if you feel that our processing impacts your rights. You also have an absolute right to object to your personal data being used for direct marketing purposes. If you object to processing, we will carefully consider your request and will either stop the processing in question or explain why we have a compelling legitimate interest to continue (except in the case of direct marketing, where we will always honor your objection and cease the marketing use).

  • Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you have given consent to receive our newsletter, you can unsubscribe at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, but it will mean that we stop the specific activities that were based on consent.

To exercise your EU/UK privacy rights, please contact us at triage@5010ai.com with your request. We may need to verify your identity before fulfilling the request—this step is to protect your privacy and ensure that we do not disclose or modify your data inappropriately at the request of someone else. We will respond to your request as soon as possible and, in any case, within 30 days, unless an extension is permitted by law (we would inform you if we need additional time). We do not charge a fee for you to exercise your rights, except in cases where requests are manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request and will explain why).

If you believe we have not handled your personal data properly or have not fulfilled your requests, you have the right to lodge a complaint with your local data protection authority. For example, EU individuals can contact the supervisory authority in the EU country where they live or work, and UK individuals can contact the UK Information Commissioner’s Office (ICO). We kindly ask that you consider contacting us first with any concerns, so we have the opportunity to address your issue directly.

Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA), as modified by the California Privacy Rights Act (CPRA). These include:

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, and disclose about you. This includes the categories of personal information we have collected, the categories of sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it. You also have the right to request a copy of the specific pieces of personal information we have collected about you in the past 12 months.

  • Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. Once we receive and confirm a verifiable deletion request, we will delete (and will instruct our service providers to delete) your personal information from our records, unless an exception applies. For example, we might retain information needed to complete a transaction you initiated, to detect security incidents or fraud, to comply with a legal obligation, or for other purposes allowed by law.

  • Right to Correct: You have the right to request that we correct any inaccurate personal information we hold about you. Upon verification of your identity and considering the nature of the personal information and the purposes for which it is processed, we will correct any inaccuracies in the information as directed by you.

  • Right to Opt-Out of Sale or Sharing: California law gives you the right to opt out of the “sale” of your personal information or the sharing of your personal information for cross-context behavioral advertising. Note: 5010AI does not sell personal information to third parties, and we do not share your personal information for cross-context behavioral advertising purposes. In the past 12 months, we have not sold any personal data. Because we do not engage in these practices, we do not include a “Do Not Sell or Share My Personal Information” link on our website. If our practices change in the future, we will update this Privacy Policy and implement appropriate opt-out mechanisms as required by law.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA. This means we will not deny you our services, charge you a different price, or provide a lower quality of service just because you exercised your privacy rights. The Service we offer to you will remain the same regardless of whether or not you choose to exercise these rights.

To exercise your California privacy rights, you (or an authorized agent acting on your behalf) can contact us at triage@5010ai.com with the subject line “California Privacy Rights Request,” and let us know the nature of your request (for example, whether you are seeking access to your information, deletion, correction, etc.). We will need to verify your identity (or the authority of your authorized agent) before processing your request. Typically, verification can be accomplished by confirming information we already have on file (such as your name and email address), though in some cases we might request additional proof of identity or authorization. If you submit a request through an authorized agent, we may require proof of the agent’s written authority to act on your behalf and will still verify your identity directly. We aim to respond to verifiable requests within 45 days, as required by California law. If we need more time to respond, we will inform you of the reason and extension period in writing.

Other Regions

If you are located in a region with its own privacy laws (for example, certain other U.S. states or other countries outside the EU/UK), you may have rights similar to those described above regarding access to your data, deletion of your data, correction of inaccuracies, or other rights. We will strive to honor all applicable privacy rights and will respond to any legitimate privacy requests in accordance with the relevant laws that apply to your information. If you have questions about your privacy rights in your jurisdiction, please contact us and we will do our best to assist you.

How to Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please do not hesitate to contact us:

5010AI LLC
82 Wendell Ave., STE 100
Pittsfield, MA 01201, USA
Email: triage@5010ai.com

We are here to help and will respond as promptly as possible to address your inquiry.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. If we make material changes, we will notify you by posting a prominent notice on our website or within the Service and/or by sending an appropriate email notification to registered users, prior to such changes becoming effective. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

This Privacy Policy is effective as of May 21, 2025. If we make any significant updates, we will indicate the date of the latest revision, and those changes will become effective when posted. Your continued use of our Service after any changes to the Privacy Policy signifies that you have read and understood the updated terms.