1. Introduction

Cirkadis (“Cirkadis,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit cirkadis.com or any related Cirkadis website, request information, submit a form, sign up for email communications, request a quote, or otherwise interact with us (collectively, the “Site” and “Services”).

Cirkadis is the data controller responsible for your personal information. Our principal place of business is 2680 Orbiter Street, Brea, California 92821, United States.

This Policy applies to information we collect through the Site and our Services. It does not apply to personal information collected from job applicants or employees, which is governed by separate notices, or to information processed strictly for business-to-business transactions and contract administration where personal information about individual representatives of business counterparties is incidental to that processing.

2. Information We Collect

The categories of personal information we may collect about you depend on how you interact with the Site and what you choose to share with us.

Information You Provide Directly

  • Contact and identifier information — name, business email address, phone number, employer name, job title, mailing or facility address.
  •  Inquiry content — the text of messages, quote requests, demo requests, RFP details, asset descriptions, and any other information you include in forms or correspondence.
  •   Account or registration information — if we offer a portal, dashboard, or gated content, the username and credentials you create, and any preferences you set.
  • Marketing preferences — your subscription status for newsletters, alerts, and other communications.

Information Collected Automatically

  • Device and connection data — IP address, browser type and version, operating system, device identifiers, language settings, and referring URL.
  • Usage data — pages viewed, links clicked, time spent on pages, search terms entered on the Site, and similar interaction data.
  • Cookies and similar technologies — see Section 7 (Cookies and Tracking) for details.

Information from Third Parties

  • Service providers — analytics, marketing, hosting, and security vendors that help us operate the Site may share aggregated or pseudonymous data with us.
  • Public sources — publicly available business directories, professional networking platforms, and industry databases used to verify or supplement information you provide for legitimate business communication.

Sensitive Personal Information

We do not intentionally collect categories of sensitive personal information as defined under the California Privacy Rights Act (CPRA) — such as Social Security numbers, government identifiers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, health or genetic information, biometric identifiers, or contents of mail, email, or text messages — through the Site. Please do not submit sensitive personal information to us through web forms or email.

3. How We Use Your Information

We use personal information for the following business purposes:

  • To respond to your inquiries, quote requests, and demo requests.
  • To provide our Services and fulfill engagements you request.
  • To send marketing communications you have subscribed to, including newsletters, product updates, and event invitations — with the right to unsubscribe at any time.
  •  To operate, maintain, secure, and improve the Site, including troubleshooting, analytics, and performance monitoring.
  •  To prevent fraud, abuse, and unauthorized access, and to protect the rights, property, and safety of Cirkadis, our users, and the public.
  • To comply with legal obligations, including applicable export controls, tax, accounting, and recordkeeping requirements, and to respond to lawful requests by public authorities.
  • To enforce our terms and agreements, including our Hardware Sales Terms and Hardware Purchase Terms.

4. How We Share Your Information

We do not sell or rent personal information. We share personal information only as described below:

  • Service providers and processors. We share information with vendors that perform services on our behalf — including hosting, email delivery, customer relationship management, analytics, marketing automation, security, and professional services. These vendors are bound by contractual obligations that require them to use personal information only as instructed by Cirkadis and to protect it appropriately.
  • Affiliates. We may share information among Cirkadis affiliates and subsidiaries for the purposes described in this Policy.
  • Business transfers. If Cirkadis is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify you and provide an opportunity to exercise applicable rights when required by law.
  • Legal and compliance disclosures. We may disclose information when required to comply with a subpoena, court order, regulatory inquiry, or other legal process; to enforce our terms; to protect against fraud or security threats; or to protect the rights, property, or safety of Cirkadis, our users, or others.
  • With your consent or at your direction. We may share information when you direct us to do so or when you have given consent.

No Sale or Sharing of Personal Information

Cirkadis does not sell personal information for monetary or other valuable consideration. Cirkadis does not share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

5. Your California Privacy Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know. You have the right to request that we disclose what personal information we have collected, used, disclosed, and sold or shared about you, including the categories and specific pieces of information.
  • Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (for example, where we need to keep information to complete a transaction, comply with a legal obligation, or detect security incidents).
  • Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Personal Information. You have the right to request that we limit the use and disclosure of any sensitive personal information we collect to what is necessary to provide the Services. As described in Section 2, Cirkadis does not intentionally collect sensitive personal information through the Site, so this right ordinarily has no application.
  • Right to Opt Out of Sale or Sharing. You have the right to opt out of the sale or sharing of your personal information. As described above, Cirkadis does not sell or share personal information.
  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you Services, charge you a different price, or provide a different level of quality because you exercised your rights.

To exercise any of these rights, contact us using the methods in Section 12 (Contact and Requests). We will verify your request before responding, which may involve confirming information you previously provided to us. You may use an authorized agent to submit a request on your behalf, subject to verification. We will respond within the timeframes required by law (generally 45 days, with one 45-day extension where reasonably necessary).

California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for those third parties’ direct marketing purposes. Cirkadis does not disclose personal information to third parties for their own direct marketing purposes.

Cirkadis’s Approach to CCPA Compliance

Cirkadis complies with applicable CCPA obligations and honors the rights described above. To the extent Cirkadis does not currently meet the statutory thresholds that make CCPA mandatory for a business, we voluntarily provide these rights to California residents as a matter of policy.

6. Opt-Out Preference Signals (Global Privacy Control)

If your browser or browser extension transmits a Global Privacy Control (GPC) signal, we treat that signal as a valid request to opt out of the sale or sharing of personal information for the browser session and any linked identifiers we maintain. Because Cirkadis does not sell or share personal information, this signal does not change how your information is processed; we honor it as a confirmation that no such activity occurs.

7. Cookies and Tracking Technologies

We and our service providers use cookies, web beacons, pixels, local storage, and similar technologies (collectively, “cookies”) to operate and improve the Site. The categories of cookies we use include:

  • Strictly necessary cookies. Required for the Site to function, including session management, security, and form submission. These cannot be turned off.
  • Performance and analytics cookies. Help us understand how visitors interact with the Site so we can improve content and performance. These may be set by third-party analytics providers.
  • Functionality cookies. Remember your preferences, such as language and region, so the Site behaves consistently across visits.
  • Marketing cookies. Where used, these support email marketing engagement tracking and content personalization. We do not use cookies for cross-context behavioral advertising.

You can control cookies through your browser settings, which generally allow you to block, delete, or be alerted to the presence of cookies. Blocking strictly necessary cookies may impair Site functionality. Where required by law, we will request your consent before placing non-essential cookies and provide a mechanism to manage your preferences.

8. Automated Decision-Making

Cirkadis does not use automated decision-making technology (ADMT) to make significant decisions about visitors to the Site — such as decisions concerning employment, credit, housing, healthcare, education, insurance, or essential goods and services — within the meaning of California or other applicable law. If this changes, we will update this Policy and provide any notices and choices required by law.

9. International Visitors and Data Transfers

Cirkadis is based in the United States. If you access the Site or interact with our Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your country.

Information for Visitors in the European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and the UK GDPR may apply to our processing of your personal data. For purposes of those laws, Cirkadis is the controller of your personal data.

Lawful Bases for Processing

We rely on the following lawful bases under the GDPR and UK GDPR:

  • Consent. Where you have given clear consent for us to process your personal data for a specific purpose — for example, to subscribe you to a marketing newsletter. You may withdraw consent at any time.
  • Contract. Where processing is necessary to take steps at your request prior to entering a contract or to perform a contract with you or your organization.
  • Legal obligation. Where we must process personal data to comply with a legal obligation, including export control, tax, and recordkeeping requirements.
  • Legitimate interests. Where processing is necessary for the legitimate interests of Cirkadis or a third party — such as operating and securing the Site, responding to business inquiries, preventing fraud, and conducting B2B marketing communications — except where those interests are overridden by your interests, rights, or freedoms.

Your Rights Under the GDPR and UK GDPR

Subject to the conditions and limitations set out in those laws, you have the right to: (i) access your personal data; (ii) request correction of inaccurate or incomplete data; (iii) request erasure of your data; (iv) restrict or object to processing; (v) request data portability; (vi) withdraw consent where processing is based on consent; and (vii) lodge a complaint with your local supervisory authority. To exercise these rights, contact us using the methods in Section 12. You also have the right to lodge a complaint with the data protection authority in your country of residence.

International Data Transfers

Where personal data is transferred from the EEA, United Kingdom, or Switzerland to the United States or another country that has not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards — including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary measures — to protect your personal data. You may request a copy of the relevant safeguards by contacting us.

10. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide our Services, comply with legal obligations (such as tax, accounting, and export-control recordkeeping), resolve disputes, and enforce our agreements. Retention periods vary by category of information and the purpose of collection. When personal information is no longer required, we securely delete or anonymize it.

11. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of transmission over the internet or electronic storage is fully secure, however, and we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the information in Section 12.

12. Contact and Requests

To exercise any of the rights described in this Policy, ask a privacy question, or report a concern, contact us:

Cirkadis
Attn: Privacy
2680 Orbiter Street, Brea, CA 92821
Email: [email protected]
Website: cirkadis.com/contact

We may need to verify your identity before fulfilling certain requests, particularly requests related to access, correction, or deletion of personal information.

13. Children’s Privacy

The Site is intended for business users and is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, provide additional notice (such as a banner on the Site or an email to subscribers). Your continued use of the Site after changes take effect constitutes acceptance of the updated Policy.