Behavioral Signals Product Privacy Policy

Last Modified: May 26, 2026

This Product Privacy Policy explains how Behavioral Signal Technologies, Inc. (“Behavioral Signals,” “BST,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information in connection with our public websites, APIs, dashboards, web applications, desktop applications, developer tools, demos, documentation, support services, and related products or services that link to this policy (collectively, the “Services”).

1. Scope and Important Limitations

Behavioral Signals offers both public or self-service products and private enterprise solutions.

This Product Privacy Policy describes our general privacy practices for the Services, including public or self-service products such as our API, developer portal, demos, dashboards, desktop applications, documentation, and support services.

Some enterprise solutions, private deployments, professional services, pilots, evaluations, or customer-specific projects may be governed by separate agreements, order forms, statements of work, data processing agreements, security addenda, privacy terms, or other written terms. Where separate terms apply, those terms govern the relevant enterprise solution or customer project and control over this Product Privacy Policy to the extent of any conflict.

When we process content submitted by business customers through the Services, including audio, video, recordings, files, metadata, or generated outputs, we generally process that content on behalf of the customer under the applicable customer agreement, product terms, API terms, order form, statement of work, and/or data processing agreement. The customer is generally responsible for determining whether and how to collect, disclose, and process that content, including providing any required notices and obtaining any required consents.

This Product Privacy Policy does not apply to third-party websites, products, or services that we do not control.

2. Information We Collect

We may collect or process the following categories of information in connection with the Services.

Account and contact information. This may include name, business email address, company name, job title, username, password or authentication information, billing contact, subscription details, and communications with us.

Service usage and technical information. This may include API keys, access tokens, endpoint calls, dashboard activity, desktop application telemetry, request and response metadata, timestamps, IP address, device and browser information, operating system information, logs, errors, latency data, usage volumes, and project identifiers.

Customer-submitted content. Depending on the Service used, customers or users may submit, upload, stream, or import audio, video, recordings, media files, speech data, call recordings, metadata, project names, file names, labels, or other content.

Generated outputs. The Services may generate outputs such as API responses, reports, diarization, speech activity, speaker characteristics, language detection, emotion recognition, interaction metrics, behavior recognition, deepfake or synthetic-media indicators, confidence scores, labels, analytics, and related metadata.

Support and troubleshooting information. This may include support tickets, emails, chat messages, diagnostic information, screenshots, logs, attachments, recordings, or files submitted for debugging or support.

Website, demo, and communications information. This may include form submissions, demo requests, product inquiries, survey responses, preferences, marketing interactions, and cookie or similar technology data.

Depending on the nature of the data submitted to or generated by the Services, customer-submitted content and generated outputs may include personal information.

3. How We Use Information

We may use information to:

  • provide, operate, maintain, and improve the Services;
  • process customer-submitted content and return, display, or make available generated outputs;
  • create, administer, authenticate, and secure accounts;
  • manage subscriptions, billing, invoices, usage limits, and product entitlements;
  • provide support, onboarding, documentation, product updates, and service communications;
  • monitor performance, reliability, latency, availability, and usage trends;
  • troubleshoot errors and debug issues;
  • detect, prevent, and investigate security incidents, fraud, abuse, unauthorized access, or misuse;
  • enforce our agreements, policies, and acceptable-use requirements;
  • comply with applicable law and respond to lawful requests; and
  • send administrative, transactional, and, where permitted, marketing communications.

 

Where we process customer-submitted content on behalf of a business customer, we process that content according to the applicable agreement, documented customer instructions, and any applicable data processing agreement.

4. Customer Content, Model Improvement, and Product Development

Customer-submitted content may include audio, video, recordings, files, metadata, or other data submitted to the Services. Generated outputs may include scores, labels, reports, analytics, predictions, classifications, or other results produced by the Services.

We do not use identifiable customer-submitted content to train, adapt, or develop our models, algorithms, or new products. Customer content is processed to provide the Services to the customer and may be retained for service operation, security, troubleshooting, and as otherwise described in the applicable customer agreement.

We may use aggregated, anonymized, or de-identified information derived from the Services — including statistical patterns, performance metrics, and other derived information that does not identify any individual, customer, or end user — to evaluate, improve, and develop our products, services, models, and technologies.

Customers acknowledge that voice and video recordings may constitute biometric or sensitive personal information under applicable law. Customers are responsible for ensuring that they have the rights, notices, consents, authorizations, and lawful bases necessary to submit content to the Services and to permit the processing described in this Product Privacy Policy and any applicable terms.

5. Customer Responsibilities

Customers are responsible for their own collection, use, disclosure, and submission of data to the Services. This includes responsibility for:

  • providing legally required privacy notices;
  • obtaining consent where required by law or contract;
  • complying with call-recording, telecommunications, biometric, employment, AI, consumer-protection, and other applicable laws;
  • responding to requests from individuals whose information is included in customer-submitted content, unless otherwise agreed;
  • ensuring that use of the Services and generated outputs is lawful and appropriate for the customer’s use case; and
  • not using the Services for prohibited, unlawful, discriminatory, deceptive, or harmful purposes.

 

Customers must not submit personal information relating to children under the age of 13, sensitive data, biometric data, health data, financial data, or other regulated data unless expressly permitted by the applicable agreement and applicable law.

6. How We Disclose Information

We may disclose information to:

Service providers and subprocessors. We use vendors and service providers that help us provide hosting, cloud infrastructure, storage, security, monitoring, logging, analytics, customer support, billing, communications, and other operational services. These providers are contractually restricted to processing personal information only as necessary to provide services to Behavioral Signals and are prohibited from selling, sharing, or using the information for their own purposes.

Customers and authorized users. We may make account information, usage information, customer-submitted content, and generated outputs available to the relevant customer and its authorized users according to account settings, permissions, product functionality, and instructions.

Legal, compliance, and safety recipients. We may disclose information to comply with law, legal process, regulatory requests, court orders, subpoenas, or government requests, or to protect the rights, property, security, or safety of Behavioral Signals, our customers, individuals, or others.

Business transaction parties. We may disclose information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, subject to appropriate safeguards.

Others with consent or instruction. We may disclose information when directed by the customer or with the relevant individual’s consent.

We do not sell or share your personal information. We do not sell or share customer-submitted content, generated outputs, account information, or any other personal information processed through the Services, including as the terms “sell” and “share” are defined under the California Consumer Privacy Act (as amended by the CPRA) and other U.S. state privacy laws.

7. Retention and Deletion

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and fulfill the purposes described in this Product Privacy Policy or the applicable customer agreement.

Retention periods may differ depending on the Service, customer settings, subscription plan, product configuration, API configuration, written agreement, or documented customer instructions. Enterprise customers may have custom retention, deletion, hosting, backup, or data-return terms in their applicable agreement. Where those terms apply, they control over the general retention descriptions in this policy.

Customers may request deletion of customer-submitted content as described in the applicable agreement, product functionality, account settings, or by contacting us at [email protected].

8. Security

We use technical, organizational, and administrative measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit, access controls, authentication safeguards, least-privilege access policies, logging and monitoring, network and infrastructure security controls, vulnerability management, backup and recovery procedures, confidentiality obligations, and incident-response procedures.

Behavioral Signals maintains a SOC 2 examination covering the Services. Information about the scope of our SOC 2 examination, and a copy of the current report subject to a confidentiality agreement, may be requested from your Behavioral Signals account team or by contacting [email protected].

No method of transmission or storage is completely secure. Customers are responsible for safeguarding their own API keys, credentials, accounts, systems, integrations, local files, desktop environments, and access permissions, and for promptly notifying us of any suspected compromise.

9. International Data Transfers

Behavioral Signals is based in the United States and processes personal information primarily in the United States. Where personal information is transferred to the United States from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or the Swiss adaptation of the SCCs, as applicable.

Where required by applicable law, individuals may request information about these safeguards by contacting us at [email protected] with “[Privacy]” in the subject line.

10. Privacy Rights and Requests

Depending on applicable law and location, individuals may have rights with respect to their personal information, including the rights to access, correct, delete, receive a copy of, restrict or object to certain processing of, or port their personal information. Individuals may also have rights relating to consent, to limit the use of sensitive personal information, and to opt out of certain uses such as the sale or sharing of personal information, targeted advertising, or profiling that produces legal or similarly significant effects.

Requests directed to Behavioral Signals. For personal information that Behavioral Signals processes for its own business purposes — such as account, contact, support, and usage information — individuals may submit a request by emailing [email protected] with “[Privacy]” in the subject line. We will respond within the time periods required by applicable law. We may need to verify the requester’s identity before responding and may request additional information for that purpose. Where permitted by law, individuals may use an authorized agent to submit a request on their behalf, subject to verification of the agent’s authority.

Requests relating to customer-submitted content. For personal information contained in customer-submitted content that we process on behalf of a business customer, individuals should contact the relevant customer directly. The customer determines the purposes and means of processing that content and is responsible for responding to such requests. We will assist the customer in responding to verified requests as required by applicable law and the applicable data processing agreement.

Appeals. If we deny a privacy rights request in whole or in part, individuals may appeal that decision by replying to our response or contacting us at [email protected] with “[Privacy Appeal]” in the subject line. We will review the appeal and respond within the time periods required by applicable law.

Automated decision-making. The Services produce automated inferences and outputs based on customer-submitted content. Where a business customer uses these outputs to make automated decisions about individuals, the customer is the controller of that decision-making, and individuals should contact the relevant customer to exercise rights relating to automated decision-making or profiling.

Complaints. Individuals in the European Economic Area, the United Kingdom, or Switzerland have the right to lodge a complaint with their local data protection supervisory authority. We encourage individuals to contact us first so we can address the concern directly.

Non-discrimination. We will not discriminate against individuals for exercising privacy rights where prohibited by applicable law.

11. Cookies, Local Storage, and Similar Technologies

Our websites, developer portals, documentation, dashboards, demo environments, and web applications may use cookies, pixels, local storage, or similar technologies to operate the Services, authenticate users, remember preferences, analyze usage, improve performance, and secure the platform.

Desktop applications may store local settings, logs, cached files, authentication tokens, or other operational data on the user’s device as necessary to provide functionality, maintain sessions, troubleshoot errors, or improve performance.

Where required, we obtain consent for non-essential cookies or provide choices through cookie settings.

12. Children’s Privacy

Customers must not submit personal information relating to individuals under the age of 13 — including voice, video, audio recordings, images, or other media — through the Services, unless the submission is expressly authorized in a written agreement with Behavioral Signals and complies with all applicable laws governing children’s data.

If we become aware that personal information relating to a minor has been submitted to the Services without proper authorization, we may delete the information, suspend the relevant account, or take other appropriate action. If you believe that personal information relating to a minor has been submitted in violation of this Policy, please contact us at [email protected].

13. Changes to this Policy

We may update this Product Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by posting the updated policy, updating the “Last Modified” date, emailing account administrators, or providing notice through the Services.

The updated Product Privacy Policy will be effective as of the date stated unless otherwise indicated.

14. Contact Us

If you have questions about this Product Privacy Policy or our privacy practices, please contact us at:

Behavioral Signal Technologies, Inc.
BST, Inc., 4470 W Sunset Blvd, Suite 94260, Los Angeles, CA 90027, US Attn: Privacy


Email: [email protected] (please prepend [Privacy] to the subject line)
Website: https://behavioralsignals.com