Privacy Policy

1. INTRODUCTION

33 Bit Incorporated (“33bit,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our identity intelligence platform and corporate website (collectively, the “Services”).

This policy applies to information collected through our website (33bit.com), customer interactions, and our identity intelligence platform. For information processed through our platform on behalf of customers, our customers act as the data controller and this policy applies to 33bit’s role as a data processor.

2. INFORMATION WE COLLECT

2.1 Website and Business Information

When you interact with our website or business, we may collect:

Contact Information: Name, email address, phone number, organization, and job title
Communications: Inquiries, requests, and correspondence
Website Usage: IP address, browser type, pages visited, and referring URLs
Business Information: Company name, industry, contract details

2.2 Platform Data (Processed on Behalf of Customers)

Our identity intelligence platform may process the following categories of data at our customers’ direction:

Data Category	Description	Processing Location
Biometric Data	Facial embeddings, recognition vectors (512-dimensional mathematical representations)	Edge devices (local)
Vehicular Data	License plate information, vehicle signatures, TPMS data	Edge devices (local)
Signals Data	WiFi probe requests, Bluetooth beacons, RF signatures	Edge devices (local)
Location Data	Geographic coordinates, movement patterns	Edge devices (local)
Entity Profiles	Correlated identity information, behavioral baselines	Customer-controlled systems

Important: Platform data is processed at the edge on customer-controlled hardware. 33bit does not have access to or retain this data unless explicitly transmitted by the customer for support or analytical purposes.

3. HOW WE USE INFORMATION

3.1 Website and Business Information

Responding to inquiries and providing customer support
Processing contracts and orders
Sending relevant communications about our Services
Improving our website and Services
Complying with legal obligations

3.2 Platform Data

Platform data is processed solely at the direction of our customers for their authorized purposes, which may include:

Facility and perimeter security
Identity verification and access control
Threat detection and prevention
Law enforcement and national security operations
Pattern-of-life analysis for authorized investigations

Customers are responsible for ensuring their use complies with applicable laws and regulations.

4. LEGAL BASIS FOR PROCESSING

We process personal information based on:

Contract Performance: To fulfill our contractual obligations to customers
Legitimate Interests: For business operations, security, and service improvement
Legal Compliance: To comply with applicable laws and regulations
Consent: Where required by applicable law

For platform data, our customers determine the legal basis for processing as the data controllers.

5. DATA SHARING AND DISCLOSURE

We may share information with:

Service Providers: Vendors who assist with our operations under contractual obligations
Government Authorities: When required by law, subpoena, or government request
Business Transfers: In connection with mergers, acquisitions, or asset sales
With Consent: As otherwise disclosed at the time of collection

We do not sell personal information to third parties.

6. DATA SECURITY

We implement robust security measures aligned with federal standards:

Encryption in transit and at rest (AES-256, TLS 1.3)
Access controls and authentication mechanisms
Security monitoring and incident response procedures
Regular security assessments and penetration testing
Employee security training and background checks

Our security program is designed to comply with NIST 800-53, CMMC 2.0, and FedRAMP requirements.

7. DATA RETENTION

Website and Business Data: Retained for the duration of the business relationship plus any period required by law or for legitimate business purposes.

Platform Data: Retention is controlled by customers on their edge devices and systems. 33bit does not retain platform data unless explicitly provided by customers for support purposes, in which case it is deleted within 30 days of resolution.

8. INTERNATIONAL DATA TRANSFERS

Our Services are provided from the United States. Platform data processed on edge devices remains within the customer’s geographic control. For any data transferred to 33bit systems, we implement appropriate safeguards for international transfers where required.

9. BIOMETRIC DATA NOTICE

Our platform processes biometric information (facial recognition data) on behalf of customers. Key points:

Biometric processing occurs on edge devices controlled by customers
Facial data is converted to mathematical vectors (embeddings), not stored as images
33bit does not collect or store biometric data in our corporate systems
Customers are responsible for compliance with biometric privacy laws (BIPA, CCPA, etc.)
Customers must obtain appropriate consent or legal authorization before biometric processing

10. YOUR RIGHTS

Depending on your jurisdiction, you may have rights regarding your personal information:

Access: Request information about data we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your information
Portability: Request a copy of your information in a portable format
Objection: Object to certain processing activities

For platform data, individuals should contact the customer organization that deployed the 33bit platform.

To exercise rights regarding website or business data, contact us at privacy@33bit.com.

11. GOVERNMENT AND LAW ENFORCEMENT ACCESS

We may disclose information to government agencies and law enforcement when:

Required by valid legal process (subpoena, court order, warrant)
Necessary for national security or defense purposes
Required to protect the rights, property, or safety of 33bit or others

We will notify customers of legal demands for their data unless legally prohibited from doing so.

12. INCIDENT RESPONSE AND BREACH NOTIFICATION

In the event of a security incident affecting personal information:

We will investigate and contain the incident promptly
Affected customers will be notified within 72 hours of confirmation
We will cooperate with customer incident response procedures
Required notifications to regulators will be made in accordance with applicable law

13. CHILDREN’S PRIVACY

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. Customers using the platform must ensure compliance with laws regarding children’s data.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Material changes will be communicated via our website and, for customers, through direct notification. Continued use of the Services after changes constitutes acceptance of the updated policy.

15. CONTACT INFORMATION

For privacy-related inquiries or to exercise your rights:

33 Bit Incorporated
Privacy Officer
310 S Harrington St
Raleigh, NC 27601
Email: privacy@33bit.com
Phone: (888) 756-9519

16. REGULATORY COMPLIANCE

Our privacy practices are designed to support compliance with:

Federal Privacy Act of 1974 (for federal agency customers)
NIST Privacy Framework
California Consumer Privacy Act (CCPA)
Illinois Biometric Information Privacy Act (BIPA)
Other applicable state and federal privacy requirements