Privacy Policy
1. Introduction and Scope of Policy
This Privacy Policy governs the collection, processing, and storage of information by AlphaBits Solutions (owner and operator of the Susea.ai platform, accessible at www.susea.ai), encompassing our logistics automation software, artificial intelligence agent diagnostic tools, Model Context Protocol (MCP) interfaces, and any associated application programming interfaces (APIs) provided on the platform.
We recognize that modern logistics requires the processing of highly sensitive commercial documentation alongside advanced generative AI capabilities. Consequently, AlphaBits Solutions treats all client data on the Susea.ai platform—including proprietary workflow intelligence, shipment routing information, and AI telemetry—with the utmost confidentiality.
This document explicitly outlines our practices in accordance with leading global data protection regulations, including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Digital Personal Data Protection Act (DPDP)
- Other applicable regional frameworks
By accessing or utilizing www.susea.ai, users accept the practices detailed within this policy and provide explicit consent for the processing of their information as described herein.
2. Exhaustive Taxonomy of Information Collected
To provide our suite of logistics and AI services, Susea.ai collects multiple categories of data. We strictly categorize this data to ensure appropriate security measures and retention schedules are applied to each distinct dataset.
| Data Category | Specific Elements Collected | Collection Mechanism and Operational Context |
|---|---|---|
| Identity and Account Information | First name, last name, corporate email address, contact numbers, corporate titles, company names, and secure account authentication credentials. | Voluntarily provided during account registration, onboarding, and through our contact form interfaces. |
| Logistics and Commercial Freight Data | Commercial invoices, Bills of Lading (BoL), customs clearance documentation, hazardous material declarations, routing preferences, and B2B deal cycle contracts. | Uploaded directly by users during shipment management or ingested via authorized third-party APIs. |
| Business Automation and Workflow Data | Proprietary workflow constraints, organizational team sizes, manual process bottlenecks, historical shipment volume metrics, and financial inefficiency reports. | Inputted by users actively utilizing the Susea Automation Calculator and associated diagnostic surveys. |
| AI Agent Telemetry and Diagnostic Data | Agent loop execution histories, context accumulation metrics, hallucination risk scores, API schema validations, token exposure metrics, and system prompt architectures. | Extracted passively and actively via the Susea AI Agent Diagnostic Tool when users connect agents. |
| System, Technical, and Usage Data | IP addresses, browser specifications, operating system versions, DecompressionStream load logs, session timestamps, and interface interaction patterns. | Collected automatically via server logs, application bootstrapping sequences, and operational cookies. |
User Responsibility: Users acknowledge that if they utilize Susea.ai to process information belonging to external third parties (e.g., consignees or independent freight drivers), the user assumes sole responsibility for obtaining explicit, legally binding written authorization and consent from those third parties prior to inputting their data into our systems.
3. Purposes of Processing and Established Legal Bases
In strict compliance with international data protection frameworks, AlphaBits Solutions maps every Susea.ai data processing activity to a clearly defined legal basis:
- Contractual Necessity: The processing of Identity, Logistics, Business Automation, and AI Agent Telemetry data is required to deliver our core contractual value propositions of logistics automation and multi-agent system diagnostics.
- Legitimate Business Interests: System, Technical, and Usage Data is leveraged to monitor platform stability, troubleshoot errors, analyze aggregate metrics, and proactively defend against cybersecurity threats. These interests never override the fundamental privacy rights of the data subject.
- Explicit Consent: For non-essential analytical tracking, targeted marketing, and exceptionally sensitive personal information, we rely exclusively on explicit consent. Users are presented with clear opt-in/opt-out choices via our Consent Management Platform.
- Legal Obligations: We reserve the right to process and retain specific historical data to comply with enforceable governmental requests, law enforcement subpoenas, and stringent global maritime/financial regulatory frameworks.
4. Artificial Intelligence and Machine Learning Data Governance
Susea.ai distinguishes itself by implementing enterprise-grade privacy safeguards specifically tailored for the artificial intelligence era. We explicitly guarantee an absolute zero-training policy for foundation models regarding user-submitted data.
- No Model Training: User inputs, B2B workflow constraints, commercial freight documents, and AI agent diagnostic telemetry will never be utilized to train Susea.ai's proprietary foundational Large Language Models.
- Enterprise API Routing: When leveraging third-party generative capabilities, we exclusively route data through secure commercial Enterprise APIs. Data transmitted is subject to strict zero-retention or maximum 30-day retention policies by sub-processors and is contractually prohibited from being absorbed into their upstream training pipelines.
- Siloed Vector Embeddings: When utilizing internal Retrieval-Augmented Generation (RAG) capabilities, all generated vector embeddings are strictly siloed within the client's isolated tenant architecture, cryptographically sealed, and permanently destroyed upon account deletion.
- De-identified User Feedback: Any user feedback (e.g., thumbs up/down ratings) used to improve system reliability is mathematically de-linked from identifiable user IDs. Users maintain the absolute right to disable these feedback mechanisms at the organizational level.
5. Third-Party Sub-processors and Ecosystem Sharing
To deliver a highly available, globally distributed platform, Susea.ai integrates with a carefully vetted ecosystem of third-party service providers. We do not sell user data.
| Sub-processor Category | Operational Purpose and Data Shared |
|---|---|
| Cloud Infrastructure and Hosting | Providers (e.g., AWS, GCP) are utilized for application hosting, encrypted database storage, and edge content delivery networks. |
| Generative AI and API Providers | Frontier laboratories (e.g., Anthropic, OpenAI) utilized strictly via commercial APIs under Enterprise Data Processing Agreements prohibiting model training. |
| Logistics Execution Partners | Customs brokerages, ocean carriers, and cargo insurance agencies. Shared exclusively when the user initiates specific workflows requiring partner intervention. |
| Operational SaaS and Support | CRM platforms, electronic signature vendors, and customer support ticketing systems. Identity data is shared to maintain business continuity and resolve issues. |
AlphaBits Solutions reserves the right to share Susea.ai data internally across future subsidiaries to streamline service delivery. In the event of a structural transaction (merger, acquisition, or sale of corporate assets), user data will be transferred to the acquiring entity. Users will be notified prior to any transfer. We will also disclose information if reasonably necessary to enforce our Terms of Use, defend against liability claims, or comply with valid legal processes.
6. Data Lifecycle, Archival, and Retention Economics
Susea.ai implements a multi-tiered data retention protocol balancing data minimization with international trade compliance laws.
| Data Classification | Anticipated Retention Schedule | Post-Account Deletion and Archival Protocol |
|---|---|---|
| General Account Data | Retained strictly for the duration of the active software subscription. | Deleted or fully, irreversibly anonymized within 30 to 60 days following a confirmed closure request. |
| AI Session and Diagnostic Logs | Managed on a rolling 30-day retention window. | Instantly purged upon manual session termination or complete account deletion. |
| Opt-in Classifier Feedback | Retained for up to 5 years. | De-identified from the user ID and retained purely for the improvement of platform safety classifiers. |
| Commercial Freight Documents | Retained for the subscription duration plus an additional 5 years. | Retained securely in encrypted cold storage to guarantee compliance with financial and FMC auditing requirements. |
Disaster Recovery Notice: Due to the immutable nature of encrypted, distributed backup arrays, prior information is never instantaneously wiped from our deepest database structures upon a deletion request. Residual backup data is sequentially overwritten over a 90-day rolling window and is retained solely for emergency system restoration or the preservation of digital evidence.
7. Cross-Border Data Transfer Mechanisms
Given the global nature of supply chains, Susea.ai routinely processes and transfers data across international jurisdictions. Data collected from users within the European Economic Area (EEA), the United Kingdom, or the Asia-Pacific (APAC) region may be transferred to and hosted on secure servers located within the United States.
To legitimize these trans-border data flows, AlphaBits Solutions mandates the execution of Standard Contractual Clauses (SCCs) approved by the European Commission, relies on established adequacy decisions, and ensures all international sub-processors deliver a level of data protection fundamentally equivalent to the standards enforced within the user's origin jurisdiction.
8. Global Privacy Rights and Jurisdictional Nuances
Susea.ai guarantees robust privacy rights to all data subjects, regardless of geographic location:
- Right to Access and Portability: Users may request a structured, machine-readable copy of their data to port to alternative vendors.
- Right to Rectification: Users can autonomously review and alter inaccurate personal information directly within their account portals.
- Right to Erasure: Users may request the deletion of personal data, which we honor promptly, subject to the superseding 5-year regulatory retention requirements for commercial documents.
- Right to Restriction and Objection: Users may request a halt to processing or object to specific processing vectors, such as algorithmic analysis.
California Residents (CCPA/CPRA)
This policy strictly adheres to the CCPA and CPRA. AlphaBits Solutions explicitly declares that we do not sell personal information, nor do we share it for cross-context behavioral advertising. California residents may exercise their rights to know, delete, and opt-out without fear of discriminatory treatment.
Digital Tracking Controls
Users are encouraged to adapt, review, and erase cookies via their native browser settings. To exercise any of the above rights, users must submit a formal request to our compliance team. To protect platform integrity, Susea.ai may request additional verification documentation to conclusively confirm identity before fulfilling complex requests.
9. Security Posture and Incident Response
AlphaBits Solutions employs a comprehensive matrix of physical, technical, and administrative safeguards for the Susea.ai platform:
- In-Transit Encryption: All data transmitted between user clients and Susea.ai servers is encrypted using industry-standard Transport Layer Security (TLS/SSL) protocols.
- At-Rest Encryption: Data at rest is secured utilizing Advanced Encryption Standard (AES-256) cryptography across all cloud storage buckets and relational databases.
- Internal Access: We enforce strict Role-Based Access Controls (RBAC) and adhere to the principle of least privilege.
Despite these rigorous measures, no method of digital transmission is mathematically impenetrable. Users bear the fundamental responsibility for maintaining strict confidentiality of their account passwords, utilizing multi-factor authentication where available, and ensuring they sign out securely following the completion of their sessions.