ITERIGHT

Privacy Policy

Last Updated: Jan 1, 2026

This Privacy Policy explains how Iteright, Inc. (“Iteright,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you access or use our websites, applications, and related services (collectively, the “Services”). It also describes your choices and rights.

This Privacy Policy is intended for:

  • Website visitors, including prospective customers and partners; and
  • Business customers and authorized users of the Iteright platform.

If you are using the Services on behalf of an organization (a “Customer”), your organization’s agreement with Iteright (such as a Master Services Agreement, subscription agreement, or Data Processing Addendum) may control how we process certain Customer information.

1. Scope and Roles (Controller vs. Processor)

1.1 When Iteright is a “Controller”

Iteright acts as a data controller when we process information for our own business purposes, such as:

  • Operating our websites;
  • Marketing and sales activities;
  • Recruiting and hiring;
  • Account administration for our direct relationships with Customers (e.g., billing contacts);
  • Security monitoring, fraud prevention, and compliance; and
  • Improving and maintaining our Services (as described below).
1.2 When Iteright is a “Processor”

Iteright acts as a data processor/service provider when we process Customer Content (defined below) on behalf of a Customer and in accordance with the Customer’s instructions, including as set forth in applicable agreements.

Customer Content generally includes information that a Customer or its authorized users submit to the Services, such as:

  • Business strategy materials and operational data;
  • Portfolio items, initiatives, roadmaps, evidence, and analysis artifacts;
  • Workspace content and user-generated content;
  • Integration data synced from Customer-connected systems (e.g., CRM, project management tools) where enabled by the Customer; and
  • Files, comments, and other data submitted into the platform.

If you have questions about how a Customer uses Iteright or exercises privacy rights related to Customer Content, please contact the Customer directly.

2. Information We Collect

We collect information in three primary ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties and integrations.

2.1 Information You Provide

Depending on how you interact with the Services, you may provide:

  • Contact information (e.g., name, email, phone number, job title, company name);
  • Account and authentication information (e.g., username, password, SSO identifiers);
  • Billing and transaction information (e.g., billing contact info; payment details are typically processed by our payment processors);
  • Communications (e.g., emails, meeting notes, support tickets, chat messages);
  • Customer Content (as described above); and
  • Event and marketing information (e.g., registrations, preferences, survey responses).
2.2 Information Collected Automatically

When you use our Services, we may automatically collect:

  • Device and usage data, such as IP address, browser type, device identifiers, operating system, approximate location derived from IP, referral URLs, pages viewed, features used, timestamps, and session information;
  • Log data, such as access logs and error logs;
  • Cookie and tracking data, as described in Section 6; and
  • Security-related data, such as information used to detect abuse, fraud, and suspicious activity.
2.3 Information from Third Parties and Integrations

We may receive information from:

  • Our Customers, when they provision accounts for their users (e.g., corporate email, name, role);
  • Identity providers (e.g., SSO providers), when enabled by a Customer;
  • Integration providers, when a Customer connects third-party tools (e.g., CRM, project, analytics, collaboration systems) to the Services and authorizes syncing; and
  • Service providers, such as analytics or event registration providers, to help us operate our business.

3. How We Use Information

We use information for the following purposes:

3.1 Provide and Operate the Services
  • Create, administer, and secure accounts;
  • Provide core product features, including workspace collaboration and reporting;
  • Enable authorized integrations and data sync;
  • Provide support, training, and customer success services; and
  • Process transactions and manage subscriptions.
3.2 Improve, Maintain, and Secure the Services
  • Monitor performance and reliability;
  • Debug, troubleshoot, and improve functionality;
  • Conduct research and develop new features;
  • Prevent fraud, abuse, and security incidents; and
  • Enforce our terms and policies.
3.3 Communications
  • Respond to inquiries and support requests;
  • Send administrative messages, service notifications, and security alerts;
  • Provide onboarding and product communications; and
  • Send marketing communications where permitted by law (you can opt out as described in Section 10).
3.4 Compliance and Legal Obligations
  • Comply with applicable laws and regulations;
  • Respond to lawful requests and legal process;
  • Protect rights, safety, and property; and
  • Maintain business records and audit trails.

4. AI, Machine Learning, and Automated Processing

Iteright may provide features that use AI and machine learning to help users analyze information, generate summaries, structure frameworks, identify themes, propose recommendations, and support decision-making workflows.

4.1 We Do Not Train General AI Models on Customer Data

Iteright does not train generalized AI or foundation models on Customer Content.
Customer Content is not used to develop, train, or improve general-purpose AI models.

4.2 AI as Decision Support

AI features are designed to provide decision support and productivity assistance. Customers and users remain responsible for:

  • Reviewing outputs;
  • Exercising appropriate judgment; and
  • Validating results prior to business decisions.
4.3 Use of AI Service Providers

We may use vetted third-party service providers to enable AI-powered functionality. When we do, we:

  • Limit data shared to what is necessary to provide the feature;
  • Use contractual controls to protect confidentiality and restrict use of data; and
  • Implement technical and organizational safeguards.
4.4 No Sensitive Data Requirements

Customers should not submit information to the Services that they do not have the right to use, or information that is prohibited by their agreements, applicable law, or internal policies. Unless expressly agreed in writing, the Services are not designed for:

  • Protected health information regulated by HIPAA;
  • Card payment data subject to PCI DSS requirements; or
  • Other highly sensitive regulated data.

(If you do support any of the above under contract, we can tighten/adjust this section accordingly.)

5. How We Share Information

We do not sell your personal information. We share information only as described below.

5.1 Service Providers (Processors)

We may share information with vendors that help us operate our business and provide the Services, such as:

  • Cloud hosting and infrastructure;
  • Analytics and monitoring;
  • Customer support systems;
  • Email delivery and communications tools;
  • Security and fraud prevention tools; and
  • AI service providers for feature enablement (as described in Section 4).

These providers are authorized to process information only to perform services for us and must protect it under contractual obligations.

5.2 Customers and Authorized Users

If you are a user in a Customer workspace, information associated with your account and activity may be visible to:

  • Your workspace administrators; and
  • Other authorized users, depending on workspace settings and permissions.
5.3 Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of some or all assets, information may be transferred as part of that transaction. We will provide notice where required by law.

5.4 Legal, Safety, and Security

We may disclose information if we believe disclosure is reasonably necessary to:

  • Comply with law or legal process;
  • Respond to lawful requests by public authorities;
  • Protect the rights, property, and safety of Iteright, our Customers, users, or the public; and
  • Detect, prevent, or address fraud, security, or technical issues.

6. Cookies and Tracking Technologies

We use cookies and similar technologies (such as pixels, SDKs, tags, and local storage) to operate, secure, and improve our Services.

6.1 Types of Cookies We Use
  • Strictly necessary cookies: required for core functionality (e.g., authentication, security).
  • Analytics cookies: help us understand usage and improve the Services.
  • Preference cookies: remember settings and choices.
  • Marketing cookies (where used): help measure campaign effectiveness and deliver relevant communications.
6.2 Your Choices

You can control cookies through your browser settings. If we use a cookie consent banner in certain jurisdictions, you can manage preferences through that tool as well. Disabling certain cookies may impact functionality.

7. Data Retention

We retain information only as long as necessary for the purposes described in this Privacy Policy, including to:

  • Provide the Services;
  • Comply with legal obligations;
  • Resolve disputes; and
  • Enforce agreements.

Customer Content is retained according to the applicable Customer agreement and the Customer’s configuration choices, subject to legal requirements.

We may retain certain information longer where required or permitted by law, including for security, fraud prevention, and audit purposes.

8. Security

We take security seriously and maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction.

Safeguards may include, as appropriate:

  • Access controls and least-privilege principles;
  • Encryption in transit and at rest (where applicable);
  • Logging and monitoring;
  • Secure development practices; and
  • Incident response procedures.

No method of transmission or storage is 100% secure. However, we work to continuously improve our security posture and controls.

9. International Data Transfers

Iteright is based in the United States and may process information in the United States and other countries where we or our service providers operate. Where required by law, we use appropriate safeguards for cross-border data transfers, such as standard contractual clauses or other lawful mechanisms.

10. Your Rights and Choices

10.1 Marketing Communications

You can opt out of marketing emails by using the unsubscribe link in our messages or contacting us at support@iteright.com. You may still receive non-marketing communications (e.g., billing, security notices).

10.2 GDPR / UK GDPR Rights (Where Applicable)

Depending on your location and circumstances, you may have rights to:

  • Access, correct, or delete your personal information;
  • Object to or restrict processing;
  • Request data portability; and
  • Withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with your local data protection authority.

10.3 U.S. State Privacy Rights (Including California, Where Applicable)

Depending on your state of residence and the nature of our processing, you may have rights to:

  • Know what personal information we collect, use, and disclose;
  • Access, correct, or delete certain personal information;
  • Opt out of certain “sharing” for targeted advertising (if applicable); and
  • Not be discriminated against for exercising privacy rights.

We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising in a manner that constitutes a “sale” under applicable laws. If that changes, we will update this policy and provide required choices.

10.4 Requests Related to Customer Workspaces

If you are an authorized user of a Customer workspace, please direct privacy requests regarding Customer Content to your workspace administrator. We may assist Customers in fulfilling such requests consistent with applicable agreements and law.

10.5 How to Exercise Rights

To exercise applicable privacy rights, contact us at support@iteright.com. We may verify your request and require additional information to confirm identity and protect against unauthorized access.

11. Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or a higher age where required by law). If you believe a child has provided personal information to us, please contact us and we will take appropriate steps.

12. Third-Party Services and Links

The Services may link to third-party websites or services, or allow Customers to enable integrations. This Privacy Policy does not apply to third-party practices. We encourage you to review the privacy policies of those third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date above. If changes are material, we will provide notice as required by law (for example, through the Services or via email).

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Email: support@iteright.com
Mail: Iteright, Inc., 802 E Whiting St, Tampa, FL 33602, United States

ITERIGHT
OverviewPricingContact
PRODUCT
Product OverviewUse CasesUser Guide
GET STARTED
Log InSchedule Demo
Copyright © 2025 Iteright, Inc. All rights reserved.
Privacy Policy       |      Terms of Service