Privacy Policy

Introduction

Mezza AI, Inc., a Delaware corporation with its principal place of business in Las Vegas, Nevada, United States ("Mezza AI," "we," "us," "our," or "Company"), operates the Investment Science as a Service™ platform, including but not limited to the Drakkar platform and associated services, applications, and technologies (collectively, the "Services"). This Privacy Policy ("Policy") governs the collection, use, disclosure, processing, and protection of information, including personal data as defined under applicable data protection laws, by Mezza AI in connection with the provision of our Services to institutional investors, asset managers, hedge funds, registered investment advisers, broker-dealers, and other professional financial services entities and their authorized personnel (collectively, "Users" or "you").

This Policy is incorporated by reference into our Terms of Service and constitutes a legally binding agreement between you and Mezza AI. By accessing, using, or otherwise interacting with our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any provision of this Policy, you must discontinue use of our Services immediately. This Policy applies to all information collected through our Services, whether provided directly by you, collected automatically through your use of our Services, or obtained from third-party sources in accordance with applicable agreements and legal requirements.

For purposes of this Policy, "personal data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy and data protection regulations. This Policy is designed to comply with applicable data protection laws while enabling Mezza AI to provide innovative AI-powered investment analytics and research services to our institutional clients.

Information Collection and Processing

Information Provided by Users

In the course of providing our Services, we may collect and process various categories of information that you provide directly to us, including but not limited to account registration information, professional credentials, institutional affiliations, contact details, and other information necessary for the provision of our Services. This may include, without limitation, your name, email address, telephone number, company name, job title, professional qualifications, institutional identifiers, and other information required for account creation, service delivery, and regulatory compliance purposes.

Additionally, you may provide us with financial data, investment strategies, portfolio information, risk parameters, trading preferences, and other proprietary or confidential information in connection with your use of our Services. Such information may be processed by our AI systems to generate analytics, insights, and recommendations as part of our service offering. You acknowledge and agree that the provision of such information is necessary for the proper functioning of our Services and that you have obtained all necessary consents and authorizations for the disclosure of such information to Mezza AI.

Automatically Collected Information

Our Services automatically collect and process certain technical and usage information to ensure optimal performance, security, and user experience. This information may include, but is not limited to, Internet Protocol (IP) addresses, browser type and version, operating system information, device identifiers, access timestamps, session duration, feature usage patterns, query logs, performance metrics, error reports, and other technical data necessary for service operation, security monitoring, and system optimization.

We may also collect and process aggregated, anonymized, or de-identified information derived from your use of our Services for analytical purposes, service improvement, and business intelligence. Such information is processed in a manner that does not identify individual users and is used solely for legitimate business purposes, including but not limited to platform optimization, feature development, and market analysis.

Third-Party Information Sources

In providing our Services, we may access, process, and integrate information from various third-party sources, including but not limited to financial data providers, market data vendors, alternative data sources, regulatory databases, and other authorized information providers. Such information may include market data, financial instruments data, economic indicators, news feeds, regulatory filings, and other publicly available or licensed information sources.

The collection and processing of such third-party information is subject to applicable agreements with data providers and is conducted in accordance with relevant licensing terms, regulatory requirements, and industry standards. You acknowledge that such third-party information may be processed by our AI systems as part of our service offering and that the accuracy, completeness, and timeliness of such information is subject to the terms and conditions of the respective data providers.

Use of Information

Mezza AI processes the information collected through our Services for various legitimate business purposes, including but not limited to service delivery, platform operation, security maintenance, regulatory compliance, and business development. The specific purposes for which we use your information include, without limitation, the provision and maintenance of our AI-powered investment analytics platform, processing and analysis of financial data to generate insights and recommendations, delivery of personalized investment research and risk management tools, provision of customer support and technical assistance, and compliance with applicable legal and regulatory requirements.

Additionally, we may use your information for AI and machine learning purposes, including but not limited to training and improving our AI models using aggregated and anonymized data, developing new features and capabilities for our platform, optimizing model performance and accuracy, and generating predictive analytics and market insights. Such processing is conducted in accordance with applicable data protection laws and industry best practices, with appropriate safeguards to protect individual privacy and data security.

We may also use your information for business operations purposes, including but not limited to payment processing and billing management, sending important service updates and security notifications, conducting research and development to improve our services, and complying with legal and regulatory requirements applicable to financial services providers and technology companies operating in the investment and financial technology sectors.

AI and Automated Processing

Our Services utilize advanced artificial intelligence, machine learning algorithms, and automated processing systems to analyze financial data, generate insights, and provide investment recommendations. These systems process large volumes of data from multiple sources, including market data, alternative data, news feeds, and other information sources, to identify patterns, correlations, and trends that may be relevant to investment decision-making.

The automated processing conducted by our AI systems includes, but is not limited to, data analysis and pattern recognition across multiple data sources, risk assessment and portfolio analysis, signal generation and investment recommendation development, and market trend analysis and prediction. Such processing is designed to augment human decision-making capabilities and provide institutional investors with sophisticated analytical tools and insights.

It is important to note that while our AI systems provide automated analysis and recommendations, all final investment decisions remain the responsibility of the user. Our AI tools are designed to support and enhance human decision-making processes, not to replace human judgment or decision-making authority. Users should exercise appropriate due diligence and professional judgment in evaluating and acting upon any recommendations or insights generated by our AI systems.

For users subject to the General Data Protection Regulation (GDPR) or similar privacy laws, we acknowledge that you may have rights regarding automated decision-making processes. However, our AI systems are designed to provide analytical support rather than to make decisions that have legal or similarly significant effects on individuals. In the event that any automated processing does have such effects, appropriate safeguards and human oversight mechanisms are in place to ensure compliance with applicable legal requirements.

Information Sharing and Disclosure

Mezza AI does not sell, rent, or trade your personal information to third parties for marketing or commercial purposes. However, we may share your information with certain third parties in specific circumstances as described in this Policy and in accordance with applicable legal requirements and regulatory obligations.

We may share your information with service providers and business partners who assist us in providing our Services, including but not limited to cloud infrastructure providers, data storage and processing services, analytics and monitoring tools, customer support platforms, and other technology service providers necessary for the operation of our platform. Such service providers are contractually obligated to protect your information and use it solely for the purposes specified in our agreements with them.

Additionally, we may share your information with financial data providers, market data vendors, and other authorized information sources as necessary for the provision of our Services and in accordance with applicable licensing agreements and regulatory requirements. Such sharing is conducted in accordance with the terms and conditions of our agreements with such providers and applicable legal requirements.

We may also disclose your information when required by law, regulation, or legal process, including but not limited to responses to lawful requests from government authorities, regulatory bodies, or courts of competent jurisdiction. Such disclosures may be made to comply with applicable laws, regulations, or legal processes, to protect our rights, property, or safety, or that of our users, or to enforce our Terms of Service or other agreements.

In the event of a merger, acquisition, sale of assets, or other business transaction involving Mezza AI, your information may be transferred as part of the transaction. In such circumstances, we will provide notice of any such changes and ensure that appropriate safeguards are in place to protect your information in accordance with applicable legal requirements.

Data Security and Protection

Mezza AI implements comprehensive technical, organizational, and administrative security measures to protect your information against unauthorized access, use, disclosure, alteration, or destruction. Our security program is designed to comply with applicable industry standards and regulatory requirements, including but not limited to ISO 27001, SOC 2 Type II, and other relevant security frameworks.

Our technical security measures include, but are not limited to, encryption of data in transit and at rest using industry-standard protocols, implementation of role-based access controls and multi-factor authentication systems, deployment of network security measures including firewalls and intrusion detection systems, regular security assessments and penetration testing, and comprehensive data backup and disaster recovery procedures.

We also implement organizational security measures, including but not limited to employee training on data protection and security practices, regular security audits and assessments, incident response procedures for data breaches and security incidents, vendor security assessments and contractual security requirements, and ongoing monitoring and review of security practices and procedures.

Despite our implementation of comprehensive security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security and you acknowledge that you provide information to us at your own risk.

Data Retention and Deletion

Mezza AI retains your information for as long as necessary to provide our Services, fulfill the purposes described in this Policy, comply with applicable legal and regulatory requirements, and protect our legal rights and interests. The specific retention periods for different categories of information are determined based on various factors, including but not limited to the nature of the information, the purposes for which it was collected, applicable legal and regulatory requirements, and business needs.

Account information and user data are generally retained for the duration of your account relationship with us, plus an additional period as required for regulatory compliance, legal protection, and business continuity purposes. Financial analytics and investment data are retained in accordance with your subscription terms and applicable regulatory requirements, which may require retention for extended periods to comply with financial services regulations and audit requirements.

Communications and correspondence are typically retained for a period of three years or as required for legal purposes, whichever is longer. Technical logs and system data are generally retained for one year for security monitoring, performance analysis, and system optimization purposes. Aggregated and anonymized data may be retained indefinitely for analytical and business intelligence purposes, provided such data does not identify individual users.

Upon termination of your account or upon your request, we will delete or anonymize your personal information in accordance with our data retention policies and applicable legal requirements. However, certain information may be retained for longer periods if required by law, regulation, or to protect our legal rights and interests, including but not limited to information necessary for regulatory compliance, legal proceedings, or dispute resolution.

Your Rights and Choices

Depending on your jurisdiction and applicable data protection laws, you may have certain rights regarding your personal information. These rights may include, but are not limited to, the right to access your personal information, the right to correct inaccurate information, the right to delete your personal information, the right to restrict processing of your information, the right to data portability, and the right to object to certain processing activities.

For users subject to the General Data Protection Regulation (GDPR), you have additional rights, including but not limited to the right to withdraw consent where processing is based on consent, the right to lodge a complaint with a supervisory authority, and rights related to automated decision-making and profiling. For users subject to the California Consumer Privacy Act (CCPA), you have rights including but not limited to the right to know about personal information collected, used, and disclosed, the right to delete personal information, and the right to opt-out of the sale or sharing of personal information.

To exercise any of these rights, you may contact us using the information provided in this Policy. We will respond to your request in accordance with applicable legal requirements and within the timeframes specified by applicable law. We may need to verify your identity before processing your request, and we may charge a reasonable fee for processing requests that are manifestly unfounded or excessive.

Please note that certain rights may be limited or unavailable in specific circumstances, including but not limited to where the processing is necessary for the performance of a contract, compliance with legal obligations, protection of vital interests, or legitimate business interests that override your rights and freedoms. Additionally, the exercise of certain rights may impact our ability to provide our Services to you.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Such transfers may occur for various reasons, including but not limited to the location of our data centers, the use of cloud service providers, and the provision of services by our business partners and service providers located in different jurisdictions.

When we transfer your information internationally, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws. Such safeguards may include, but are not limited to, standard contractual clauses approved by relevant data protection authorities, adequacy decisions for certain countries, binding corporate rules, and other appropriate safeguards as required by applicable law.

For users subject to the General Data Protection Regulation (GDPR), we ensure that international transfers of your personal data are conducted in accordance with Chapter V of the GDPR, including the implementation of appropriate safeguards such as standard contractual clauses, adequacy decisions, or other appropriate safeguards as required by the GDPR.

Changes to This Policy

Mezza AI reserves the right to modify, update, or amend this Privacy Policy at any time and from time to time in our sole discretion. Such changes may be made to reflect updates to our Services, changes in applicable laws or regulations, technological developments, or other factors that may affect our privacy practices or legal obligations.

When we make material changes to this Policy, we will provide notice to you through various means, including but not limited to posting a notice on our platform, sending an email to your registered email address, or updating the "Last Updated" date at the top of this Policy. Material changes are those that significantly affect how we collect, use, or share your information or that affect your rights under this Policy.

Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree with any changes to this Policy, you must discontinue use of our Services immediately. We encourage you to review this Policy periodically to stay informed about our privacy practices and your rights.

This Policy is effective as of the date indicated at the top of this document and supersedes all prior versions of our Privacy Policy. Any disputes arising from this Policy or our privacy practices will be resolved in accordance with our Terms of Service and applicable law.