Heading to Blackhat? Let's talk.

Privacy Policy

1. Introduction

Modelsight (“we,” “us,” or “our”) operates the website located at https://modelsight.ai and provides an AI security visibility platform for enterprise organizations. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you visit our website, request a demo, or interact with our services.

By using our website or services, you agree to the practices described in this Privacy Policy.


2. Information We Collect

2.1 Information You Provide Directly

When you submit a demo request or “Get Started” inquiry, we collect:

  • Contact information: First name, last name, work email address
  • Professional information: Company name, job role (e.g., CISO, Security Engineer), company size
  • Free-form responses: Your message or description of your AI security challenge

2.2 Information Collected Automatically

When you visit our website, we and our third-party partners automatically collect:

  • Usage data: Pages viewed, time spent on pages, referring URLs, browser type and version, operating system, device type
  • Log data: IP address, access timestamps, HTTP request metadata
  • Cookie data: See Section 5 (Cookies and Tracking Technologies) for full details

2.3 Information from Our Platform (Product Customers)

If you use the Modelsight platform as an enterprise customer, we process AI usage telemetry and event data on your behalf under a separate data processing agreement. That processing is governed by your enterprise contract, not this Privacy Policy. The platform captures AI API traffic metadata (request counts, model identifiers, timing, user identifiers) through reverse proxy or CASB integrations (Cloudflare, Netskope, Zscaler, Microsoft M365). We act as a data processor for that data; your organization is the data controller.


3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis (GDPR)
Respond to demo requests and sales inquiriesLegitimate interests / Pre-contractual steps
Understand your needs and qualify potential use casesLegitimate interests
Send follow-up communications you have requestedLegitimate interests / Consent
Improve and analyze website performanceLegitimate interests
Serve targeted advertising on LinkedInConsent
Comply with legal obligationsLegal obligation
Detect and prevent fraud or abuseLegitimate interests

We do not sell your personal information to third parties.


4. How We Share Your Information

We may share your information in the following circumstances:

  • Service providers: We share data with trusted vendors who help us operate our website and business (e.g., hosting, CRM, analytics). These providers are contractually bound to process data only on our instructions.
  • Analytics partners: Google Analytics and LinkedIn (see Section 5).
  • Business transfers: If Modelsight is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via website notice or email.
  • Legal compliance: We may disclose your information when required by law, court order, or to protect the rights and safety of Modelsight, our customers, or others.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Below is a summary of the technologies in use:

5.1 Essential Cookies

Required for basic website functionality (e.g., CSRF protection on forms). These cannot be disabled without breaking site functionality.

5.2 Analytics Cookies — Google Analytics

We use Google Analytics via Google Tag Manager (Tag ID: GT-MJSBF7ZT). Google Analytics collects anonymized data about how visitors use our site, including pages visited, session duration, and device type.

5.3 Marketing / Retargeting Cookies — LinkedIn Insight Tag

We use the LinkedIn Insight Tag (Partner ID: 8808498) to measure the effectiveness of our LinkedIn advertising campaigns and enable retargeting of website visitors on LinkedIn. This tag collects URL, referrer, IP address (truncated), device and browser characteristics, and timestamp.

5.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect site functionality. For residents of certain jurisdictions, you may have additional rights to opt out of tracking as described in Section 7.


6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law:

  • Demo request / inquiry data: Retained for up to 3 years from last contact, or until you request deletion.
  • Website analytics data: Retained per Google Analytics and LinkedIn’s default retention settings (typically 14 months for Google Analytics user data).
  • Platform customer data: Governed by your enterprise agreement.

7. Your Rights

7.1 Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the right to:

Lodge a complaint — File a complaint with your local data protection authority.

Access — Request a copy of personal data we hold about you.

Rectification — Request correction of inaccurate data.

Erasure — Request deletion of your personal data (“right to be forgotten”).

Restriction — Request that we restrict processing of your data.

Data portability — Receive your data in a structured, machine-readable format.

Object — Object to processing based on legitimate interests or for direct marketing.

Withdraw consent — Where processing is based on consent, withdraw it at any time.

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know — Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Delete — Request deletion of your personal information, subject to certain exceptions.
  • Opt out of sale — We do not sell personal information. No opt-out is required.
  • Non-discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA), with extensions as permitted by law.


8. International Data Transfers

Our website and servers are operated in the United States. If you are visiting from outside the United States, your information will be transferred to and processed in the US, which may have different data protection laws than your country.

For EEA/UK residents, transfers to the US are made under appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by applicable law.


9. Children’s Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.


10. Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no internet transmission or electronic storage method is 100% secure. We encourage you to use caution when sharing information online.


Our website may contain links to third-party websites (e.g., integration partners such as Cloudflare, Netskope, Zscaler, or Microsoft). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.


12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. For material changes, we will provide additional notice (e.g., via email or a prominent notice on the website). Your continued use of our website following the posting of changes constitutes your acceptance of the updated Policy.