Privacy Policy - Petra Labs

Last Updated: October 16, 2025

Controller & Contact

Email: founders@petralabs.ai

Postal Address: 55 Suffolk St., New York, NY 10002

Scope & Updates
Personal Information We Collect
How We Use Personal Information
How We Disclose Personal Information
Your Choices & Rights
International Data Transfers
Retention of Personal Information
Security
Cookies & Tracking Technologies
Children's Privacy
Other Provisions
Contact

1) Scope & Updates

This Privacy Policy explains how Petra Labs ("Petra Labs," "we," "us," or "our") collects, uses, and shares personal information when you interact with our websites (including petralabs.ai), marketing pages, contact forms, events, and any other online or offline offerings that link to this Policy (collectively, the "Services").

Not in scope (Client/Customer Data). This Policy does not apply to personal information we process on behalf of our clients while delivering our services (e.g., analyses, advisory, AEO program work). For that data ("Client Data"), our client's privacy policy and our contract/DPA with that client govern.

Controller. For personal information we collect through the Services, Petra Labs is the "controller."

Updates. We may change this Policy from time to time. If changes are material, we'll notify you by posting an update on this page and/or via another appropriate method. The "Last Updated" date shows when the latest version took effect.

2) Personal Information We Collect

We collect personal information in three ways: you provide it, we collect it automatically, or we receive it from others.

A) Information you provide to us

Contact & Business Info: name, email, phone, company, role.
Forms & Inquiries: details you submit via contact/demo forms or email.
Content You Submit: URLs, documents, or data you share for audits, research, or AEO deliverables.
Account & Billing (if applicable): login credentials and limited billing details (processed by our payment processor; we don't store full card numbers).
Events: registrations, attendance, and preferences.
Careers: resume/CV, cover letters, and related application details.

B) Information collected automatically

Device/Log Data: IP address (and approximate location), browser, device type/IDs, pages viewed, referring/exit pages, timestamps, error logs.
Cookies & Similar Tech: identifiers that help us run the site, measure usage, remember preferences, prevent abuse, and (if enabled) support marketing/retargeting. You can control cookies in your browser; details appear in the Cookies section below.

C) Information from third parties

Service Providers (e.g., hosting, analytics, email): usage/engagement metrics and operational data.
Marketing/Ad Partners (if enabled): campaign and audience data tied to cookie or advertising IDs.
Public/External Sources: business contact info from public websites, social platforms (e.g., LinkedIn), or lead databases consistent with law.
Clients/Partners: if a client introduces you to us in the course of a project.

D) Inferences we create

Derived Insights: basic interest segments or likelihood-to-engage metrics created from the data above to improve outreach and Services.

We do not intentionally collect sensitive personal information (e.g., government IDs, precise geolocation, health data) through our website forms. If you think you submitted sensitive data by mistake, email founders@petralabs.ai and we'll address it.

3) How We Use Personal Information

We use the personal information described above to:

Provide & operate the Services. Run our website, respond to inquiries, schedule demos, provide support, and fulfill requests.
Communicate with you. Send transactional messages, updates, and service-related notices; if you opt in, send newsletters or marketing.
Improve & personalize. Diagnose issues, analyze usage, enhance performance, and remember preferences (e.g., language, form data).
Research & analytics. Measure site engagement and campaign performance; create aggregated or de-identified insights to improve our offerings.
Marketing (optional). If enabled, use cookies/IDs to show or measure ads and to build basic audience segments. You can opt out—see Your Choices and Cookies below.
Security & abuse prevention. Detect, investigate, and prevent fraud, spam, and misuse; protect the safety and integrity of our Services.
Legal & compliance. Comply with laws, enforce terms, and protect our rights.
AI tooling we use. We may use reputable AI service providers (e.g., for spam filtering, content drafting/classification, or analytics support) as our processors. They process personal information only to provide services to Petra Labs under contract; we do not permit them to use your personal information for their own purposes.

4) How We Disclose Personal Information

We disclose personal information to the categories below, only for the purposes described in this Policy:

Service providers (processors). Hosting, storage/CDN, email and communications, analytics/performance monitoring, security/fraud prevention, payment processing (if used), and AI tooling providers. These parties process data under contract, on our instructions, with confidentiality and security obligations.
Advertising/marketing partners (if enabled). Ad networks and measurement partners may receive limited identifiers (e.g., cookie/advertising IDs) to help deliver or measure ads. See Your Choices and Cookies for how to opt out.
Professional advisors & auditors. Lawyers, accountants, insurers, and similar advisors under confidentiality.
Affiliates. We may share with current or future Petra Labs affiliates for uses consistent with this Policy.
Legal, safety, and rights. To comply with law or lawful requests; to protect you, us, or others; to enforce our terms; or to investigate suspected wrongdoing.
Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets.
With your consent or direction. For example, when you ask for an introduction, provide a testimonial, or participate in a public case study.
Aggregated or de-identified data. We may share insights that do not identify you.

No selling of personal information. We do not "sell" personal information. If we use cookie-based advertising, that may be considered "sharing" for cross-context behavioral advertising under certain laws; you can opt out—see Your Choices.

AI vendor training. Where available, we disable provider model training on data we send to third-party AI services and prohibit providers from using your personal information for their own purposes.

5) Your Choices & Rights

A) Marketing communications

Opt out anytime. Use the unsubscribe link in our emails or email founders@petralabs.ai.
You'll still receive transactional or service-related messages.

B) Cookies & interest-based ads

Control cookies in your browser/device settings.
Platform tools (e.g., iOS/Android ad settings) and industry opt-out programs (DAA/NAI/EDAA) can reduce interest-based ads.
If we use advertising cookies, you can opt out—see your browser settings or email us.

C) "Do Not Track" & opt-out signals

Most browsers offer a DNT setting; there isn't a common response standard, so we don't currently respond to DNT.
We honor legally required opt-out preference signals (e.g., Global Privacy Control) for activities considered "selling," "sharing," or "targeted advertising," where applicable.

D) U.S. state privacy rights (where applicable)

Depending on where you live (e.g., CA, CO, CT, VA, UT), you may have rights to:

Access/know the personal information we maintain about you.
Correct inaccurate personal information.
Delete personal information.
Portability of certain information.
Opt out of (i) "sale" or "sharing" of personal information, (ii) targeted advertising, and (iii) profiling for decisions that produce legal or similarly significant effects (if we engage in any of these).

How to exercise: Email founders@petralabs.ai with your request.
Verification & agents: We may verify your identity and, where allowed, accept requests via an authorized agent with appropriate proof.
Appeals: If we deny your request, you may appeal by replying to our response; we'll explain our decision and how to contact your state AG if you remain unsatisfied.
Non-discrimination: We won't discriminate against you for exercising your rights.

E) EEA/UK GDPR rights (if you're in the EEA/UK)

You may have rights to:

Access, rectify, or erase your personal data.
Restrict or object to processing (including objection to processing based on legitimate interests or for direct marketing).
Data portability (receive your data in a structured, commonly used, machine-readable format).
Withdraw consent where processing is based on consent (withdrawal won't affect prior lawful processing).
Complain to a supervisory authority in your country of residence or work.

Contact: founders@petralabs.ai for requests; we're the controller for data collected via the Services.

6) International Data Transfers

We're based in the United States, and we may process personal information in the U.S. and other countries where we or our service providers operate. These locations may have privacy laws that differ from those in your jurisdiction.

If you are in the EEA, UK, or Switzerland, when your personal information is transferred outside your region we rely on appropriate safeguards, including:

EU Standard Contractual Clauses (SCCs) (2021/914) for EEA transfers;
The UK Addendum to the SCCs (or the UK IDTA) for UK transfers; and
Swiss-approved contractual safeguards for transfers from Switzerland.

We also implement supplementary measures such as encryption in transit and at rest, strict access controls, vendor due diligence, and contractual limits on how processors may use your data. We assess government access requests and, where appropriate, challenge requests that we believe are unlawful or overbroad.

If Petra Labs later participates in a recognized transfer framework (e.g., an EU–U.S. or UK–U.S. data transfer framework), we will update this Policy to reflect that participation and rely on it where applicable.

Request copies. You can request a copy of the relevant transfer safeguards (with commercial terms redacted) by emailing founders@petralabs.ai.

7) Retention of Personal Information

We keep personal information only as long as necessary for the purposes described in this Policy, to comply with legal/contractual obligations, and to resolve disputes. When data is no longer needed, we delete or de-identify it. Key factors we use to set retention include the type of data, why it was collected, legal/accounting requirements, and security needs.

Typical retention periods

Contact & CRM records (inquiries, demo requests): up to 24 months from your last interaction or until you opt out, whichever is sooner.
Transactional/contract records & invoices (if applicable): up to 7 years (tax, accounting, and audit requirements).
Support communications: up to 24 months after closure.
Website logs & security telemetry: up to 12 months (for troubleshooting, abuse prevention, and security).
Analytics & measurement data: generally up to 24 months, subject to tool configuration.
Cookie/ID data: per cookie lifespan (see Cookies); session cookies end when you close your browser; most persistent cookies are no more than 13 months.
Job applicant data: up to 24 months (or as required by law).

Backups. Deleted information may remain in encrypted backups for a limited period and will be purged per our backup rotation. We don't use backups to process data except for restoration and security.

You can request deletion at any time (see Your Choices & Rights). We may retain limited information where required by law, to protect our rights, or to maintain accurate business records.

8) Security

We use technical and organizational measures designed to protect personal information, including:

Encryption in transit, hardened infrastructure, and regular backups.
Access controls (least-privilege, MFA for admin systems) and vendor due diligence.
Monitoring & incident response procedures to detect, investigate, and remediate issues.

No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact founders@petralabs.ai.

9) Cookies & Tracking Technologies

We and our service providers may use cookies, pixels, local storage, and similar technologies (collectively, "Cookies") to operate and improve the Services.

Types of Cookies we may use

Strictly Necessary: enable core functions like page navigation, security, and form submissions.
Functional: remember preferences (e.g., language) and improve experience.
Analytics/Performance: measure traffic and usage to help us improve the Services.
Advertising/Retargeting (if enabled): help deliver and measure ads based on your interests. Use is limited and subject to opt-out controls.

Your choices

You can manage Cookies in your browser or device settings. Blocking some Cookies may limit certain features.

Where required by law, we will request your consent for non-essential Cookies and honor opt-out preference signals (e.g., Global Privacy Control) for activities considered "selling," "sharing," or "targeted advertising," where applicable.

10) Children's Privacy

The Services are not directed to children under 13 (or older, if required by local law), and we do not knowingly collect personal information from children. If you believe a child has provided personal information through the Services, contact founders@petralabs.ai and we will take appropriate steps to delete the information and, if applicable, terminate the account.

11) Other Provisions

Links to third parties. The Services may link to third‑party sites or services we don't control. Their privacy practices are governed by their own policies.

Automated decision-making & profiling. We do not use automated decision-making that produces legal or similarly significant effects about individuals via the website. If that changes, we will update this Policy and describe your related rights.

Supervisory authorities (EEA/UK). You may lodge a complaint with your local supervisory authority if you believe we process your data in violation of applicable law.

Non-discrimination. We will not discriminate against you for exercising your privacy rights.

12) Contact

Petra Labs