CEPWA Privacy Policy

Last updated: July 29, 2025

Prosilient Systems Inc. (“Prosilient,” “we,” “us,” or “our”) operates the CEPWA website, demo, and subscription platform (collectively, the “Services”). This Privacy Policy explains what data we collect, why we collect it, how long we keep it, and the choices you have.

1. Scope

This Privacy Policy applies to the following categories of users:

User Type Examples
Website Visitors Anyone who browses cepwa.com.
Demo Users Individuals who register with an email to try Amber, CEPWA’s AI assistant.
Sales-Call Bookers Prospects who schedule a call with our sales team.
Account Admins / Paying Customers HR or other staff who create a CEPWA company account, add employees, manage billing, and access the dashboard.
Employees / End-Users Workers invited by their employer to take well-being voice sessions with Amber.

2. Personal Information We Collect

The information we collect depends on how you interact with CEPWA. We obtain data (a) directly from you, (b) automatically when you use our Services, and (c) from your employer or authorized account administrator.

Website Visitors

We collect limited technical data—such as IP address, browser type, and basic device information—for site functionality and security logging.

Demo Users

When you register for a demo, we collect your email and any demographic details you choose to share (preferred name, age range, gender, pronouns, or sexual orientation). During the voice session, Amber asks well-being questions (e.g., “How was your day?”). Your spoken responses are processed in real time to create Session Notes for future personalization.

Sales-Call Bookers

If you schedule a call, we collect your name, email, and (optionally) company name solely to arrange and follow up on the meeting.

Account Admins / Paying Customers

When a company creates an account, we collect the admin’s contact details, organization name, office locations, and employee roster (names and work or personal emails). Payment information is processed and stored securely by our payment processor; we retain only a token and the last four digits for invoicing.

Employees / End-Users

Employees create their own login (ideally a personal email). During well-being sessions, Amber may ask about mood, routines, or workplace experience. You may also provide demographic details (e.g., gender, pronouns). Raw audio is deleted after 30 days, but Session Notes (text summaries and well-being scores) remain linked to your account so your well-being journey can continue—even if you switch employers that also use CEPWA. Aggregated, anonymized metrics power the employer dashboard and cannot identify individuals.

3. How We Use Your Data

  • Provide and improve the Services. Schedule calls, run AI voice sessions, generate dashboards, process payments, and troubleshoot issues.
  • Communicate with you. Demo follow-up, onboarding, product updates, and marketing offers (you can unsubscribe at any time).
  • Analytics & Product Development. Anonymized usage patterns help refine Amber’s question flows and dashboard features.
  • Legal & Compliance. Fraud prevention, dispute resolution, and compliance with lawful requests.

4. No Medical or Therapeutic Service & AI Disclaimer

Amber combines our proprietary EVARS framework with advanced large-language-model (LLM) technology to deliver concise well-being reflections and micro-habits. Neither Amber nor CEPWA is a licensed healthcare provider, counselor, or therapist. The Service does not diagnose, treat, or cure any medical or mental-health condition and should not replace professional advice. Always consult a qualified professional for serious or urgent concerns.

We continuously test and refine our systems, but automated responses may occasionally be incomplete, contextually inappropriate, or—on rare occasions—objectionable. If you encounter content that appears inaccurate or offensive, please disregard it and notify us at support@prosilient.com so we can improve.

5. AI & Third-Party Processing

Raw audio and text may be transmitted to secure, industry-standard cloud infrastructure and advanced AI language-model providers for real-time processing.

We never use your personal data to train or fine-tune any machine-learning or large-language model, and we contractually prohibit our service providers from doing so.

We do not publicly name these vendors to preserve operational flexibility, but each must implement robust security, confidentiality, and cross-border safeguards (e.g., Standard Contractual Clauses for EU data).

Vendors may access data only to provide contracted services and must delete or return data upon our instruction.

6. Data Retention

Data Type Retention Period Deletion Method
Raw Audio (Demo & Employees) Auto-deleted 30 days after the session unless the data subject requests a review, in which case it is kept only for the duration of that investigation and then deleted promptly. Secure purge from storage
Session Notes (Demo) Retained until user requests deletion (earliest requestable at 30 days) Manual deletion upon verified request
Session Notes (Employee) Retained while the individual account exists; user may request deletion anytime Manual deletion upon verified request
Aggregated Company Metrics Retained while customer account is active; purge on company request Data overwritten or deleted
Admin & Billing Records Life of the account + 7 years (tax & audit) Secure archival deletion
Technical Logs Up to 12 months Rolling deletion
Marketing Emails Until you unsubscribe Removal from mailing list within 5 business days

7. Your Rights

Depending on your jurisdiction (e.g., EU GDPR, UK DPA 2018, California CCPA/CPRA), you may have the right to:

  • Access, correct, or delete personal data we hold about you.
  • Object to or restrict certain processing.
  • Port your data to another service.
  • Withdraw consent for marketing communications.
  • Lodge a complaint with a supervisory authority.

To exercise any right, email privacy@prosilient.com. We respond within one calendar month (or sooner if legally required).

8. Security

  • • TLS encryption in transit and at‑rest encryption for stored data.
  • • Strict access controls, audit logging, and least‑privilege principles.
  • • Regular vulnerability assessments and staff training.
  • • Incident‑response plan aligned with GDPR/CPRA breach‑notification timelines.

9. Cross‑Border Transfers

We are a U.S.‑based company. When processing personal data of residents outside the U.S. (including the EU/EEA or UK), we rely on Standard Contractual Clauses (SCCs) or another adequacy mechanism, along with supplemental security measures such as encryption, pseudonymization, and strict access controls.

10. Children’s Privacy

CEPWA is intended for adults 18 years or older. We do not knowingly collect data from minors. If you believe a child has provided us data, please contact us for immediate deletion.

11. Changes to This Policy

We may update this Policy to reflect legal, technological, or operational changes. We will post the new version with a revised “Last updated” date and provide a prominent notice (e.g., banner or email) if changes are material. Continued use of the Services after the effective date signifies acceptance.

12. Contact Us

Prosilient Systems Inc.

251 Little Falls Drive

Wilmington, DE 19808, USA

privacy@prosilient.com