Privacy Policy

• Account Information: Name, email address, password, organization name, job title, billing address, and payment details.
• Service Data: Data, files, text, images, building models, equipment data, sensor readings, telemetry, or other materials you upload to or generate within the Services. This includes building information models (BIM), CAD files, maintenance records, work orders, and IoT/BAS telemetry data. You are solely responsible for the accuracy, completeness, legality, and quality of all Service Data.
• Communications: Messages sent to Syyclops through support channels, surveys, or feedback forms.

• Usage Data: Features used, session duration, actions taken, pages viewed, search queries, and interaction patterns.
• Log Data: IP address, browser type, operating system, device identifiers, referring URLs, and date/time stamps.
• Location Data: Approximate geographic location derived from IP address only. We do not collect precise geolocation unless you explicitly enable it and may disable it at any time.
• Cookies and Similar Technologies: See Section 11 (Cookies and Tracking).

• Integrations: Data received from third-party services you connect to the Services, including SSO providers, building automation systems (BAS), CMMS platforms, IoT gateways, and payment processors. Syyclops is not responsible for the privacy practices of third-party services.
• Public Sources: Information from publicly available databases or professional networks, as permitted by applicable law.

The Services may receive real-time or periodic data from IoT devices, BACnet gateways, and building sensors installed at your facilities. This telemetry data (temperature readings, equipment status, energy consumption, occupancy data, etc.) is classified as Service Data and governed accordingly. Syyclops does not control, operate, or maintain on-premise IoT devices or gateways; responsibility for their security, maintenance, and proper configuration rests with the Subscriber. Syyclops's obligations are limited to data received after secure transmission to the Services.

The Services incorporate artificial intelligence and machine learning capabilities (“AI Features”) to provide analytics, recommendations, anomaly detection, predictive maintenance insights, natural language interfaces, and other functionality. AI Features may include large language models (LLMs), machine learning classifiers, computer vision, and other algorithmic analysis.

Syyclops discloses that the following categories of AI Features are currently embedded in the Services:

• Analytics and Insights: AI-driven analysis of building performance, equipment health, and energy consumption patterns.
• Natural Language Processing: AI chatbots and query interfaces for interacting with facility data.
• Anomaly and Fault Detection: Automated identification of deviations from expected system behavior.
• Predictive Maintenance: Forecasting of equipment failures and maintenance needs based on historical and real-time data.

The specific AI Features available may vary by subscription tier and are described in the applicable Documentation.

Certain AI Features are powered by third-party AI providers, which may include OpenAI, Anthropic, Google, or other providers as updated from time to time. When data is processed by third-party AI providers: (a) we share only the minimum data necessary to deliver the requested feature; (b) we anonymize and de-identify inputs where technically feasible; (c) we contractually prohibit third-party AI providers from using your data for purposes other than delivering the requested service; and (d) such providers process data under their own terms and privacy policies. A current list of third-party AI providers is available upon written request to [email protected].

Syyclops may use de-identified and aggregated Service Data and Usage Data to train, improve, and develop AI models that power the Services. Such data will be processed so that it cannot reasonably identify any individual Subscriber, Authorized User, or data subject. Syyclops will not use identifiable Service Data to train or fine-tune AI models without the Subscriber's prior written consent. Subscribers who wish to opt out of all AI processing of their Service Data (including de-identified and aggregated use) may submit a written request to [email protected]; Syyclops will honor such requests, provided that opting out may limit or disable certain AI-powered features.

AI-generated outputs, including analytics, recommendations, predictions, and insights, are provided for informational purposes only and are not guaranteed to be accurate, complete, or reliable. AI Features are tools to assist human decision-making and do not replace professional engineering judgment, building code compliance analysis, or qualified expert assessment. Syyclops disclaims all liability for decisions made or actions taken based on AI-generated outputs. Subscribers are solely responsible for independently verifying AI outputs before relying on them for operational, maintenance, safety, or compliance decisions.

The quality, accuracy, and reliability of digital twin outputs depend entirely on the quality, accuracy, and completeness of the data provided by the Subscriber, including building information models, sensor feeds, maintenance records, and system configurations. Syyclops does not independently verify the accuracy of Subscriber-provided data and assumes no responsibility for errors, omissions, or inaccuracies in such data or any resulting digital twin outputs.

The Services create digital representations of physical building systems but do not directly control, operate, or modify any physical equipment, HVAC systems, electrical systems, plumbing, fire protection, or other building infrastructure. Any operational decisions or actions taken based on information provided through the Services are the sole responsibility of the Subscriber and its qualified personnel.

Where the Services require installation of on-premise hardware (e.g., BACnet gateways, IoT collectors), the Subscriber is solely responsible for: (a) physical security of the device; (b) network segmentation and access controls on the Subscriber's local network; (c) maintaining firmware updates as recommended by the device manufacturer; and (d) ensuring the device does not create unauthorized access to the Subscriber's building automation or IT systems. Syyclops's responsibility begins at the point of secure data transmission from the device to the Services.

All raw sensor, telemetry, and IoT data transmitted from the Subscriber's facilities to the Services constitutes Service Data and is owned by the Subscriber. Syyclops may use de-identified and aggregated telemetry data for the purposes described in Sections 3.4 and 4.

• Strictly Necessary: Required for authentication, security, and core functionality. Cannot be disabled.
• Functional: Remember preferences, settings, and dashboard configurations.
• Analytics: Help us understand usage patterns. May be provided by third-party analytics services.

We do not use advertising or behavioral tracking cookies. We do not engage in cross-context behavioral advertising.

You can control cookies through your browser settings. Disabling cookies may affect functionality. We honor Global Privacy Control (GPC) signals as a valid opt-out request for the sale or sharing of personal information in jurisdictions where required by law. We do not currently respond to Do Not Track (DNT) signals, as no uniform standard exists.

Depending on your jurisdiction, you may have some or all of the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion, subject to legal retention requirements and our legitimate interests.
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request a copy in a structured, commonly used, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdrawal of Consent: Where processing is based on consent, withdraw at any time.
• Non-Discrimination: Exercise rights without receiving discriminatory treatment.

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request deletion of personal information we have collected, subject to statutory exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations, internal uses reasonably aligned with your expectations).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell or share your personal information as defined under the CCPA. If this practice changes, we will provide a “Do Not Sell or Share My Personal Information” link on our website.
• Right to Limit Use of Sensitive Personal Information: We collect only the sensitive personal information necessary to provide the Services (such as account login credentials). We do not use sensitive personal information for purposes beyond those permitted under the CCPA.
• Right Regarding Automated Decision-Making Technology (ADMT): To the extent Syyclops uses ADMT to make significant decisions concerning you, you may have the right to opt out of such processing and to request information about the logic involved. Contact [email protected] for more information.
• Global Privacy Control (GPC): We honor GPC signals received from your browser as a valid opt-out request for the sale or sharing of personal information.

Categories of Personal Information Collected (preceding 12 months): Identifiers (name, email, IP address); commercial information (subscription records, payment history); internet/electronic activity (log data, usage data, cookies); geolocation data (approximate, from IP); professional/employment information (job title, organization); inferences drawn from the foregoing. Categories of sensitive personal information: account login credentials (username/password combination).

Categories of Recipients: Cloud infrastructure providers; payment processors; analytics providers; AI/ML providers; communications services; security monitoring services. All are service providers or contractors bound by CCPA-compliant written agreements. We do not disclose personal information to third parties for their own commercial purposes.

Verification: We will verify your identity before processing requests by matching the information you provide against our records. Authorized agents must submit proof of authorization (power of attorney or signed written permission).

Appeal Process: If we deny a request in whole or in part, you may appeal by emailing [email protected] with the subject line “Privacy Rights Appeal.” We will respond to appeals within forty-five (45) days. If the appeal is denied, you will be provided with instructions for contacting the California Attorney General's office.

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out. We will process requests from residents of these states in accordance with applicable law. Colorado residents may appeal denials by following the appeal process in Section 12.2. To submit a request under any state privacy law, email [email protected] specifying your state of residence.

We will respond to verified requests within forty-five (45) days (or thirty (30) days where required by applicable state law). We may extend the response period by an additional forty-five (45) days where reasonably necessary, with notice to you. We reserve the right to deny requests that are manifestly unfounded, excessive, or where exceptions under applicable law apply.