Contact Sales – call or text 800-711-0790

Privacy Policy

This Cedar AI Privacy Policy (“Privacy Policy”) describes how we collect, use, share and otherwise process information relating to individuals (“Personal Data”), and your rights and choices regarding our processing of your Personal Data.

A reference to “Cedar AI,” “we,” “us” or “the Company” is a reference to Cedar AI, Inc.

1. Responsible Entity

Cedar AI is the controller and responsible for your Personal Data submitted through the Cedar AI products (the “Products”), www.cedarai.com and related websites (the “Sites”) or otherwise directly to us.

For the avoidance of doubt, this Privacy Policy does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers, including where we offer to our customers various products and services through which our customers collect, use, share or process Personal Data that they have collected.

For detailed privacy information in a situation where a Cedar AI customer is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy, as further described under Section 10.3 below.

2. Processing Activities Covered

This Privacy Policy applies to the processing of Personal Data collected by us when you:

  • Visit our websites that display or link to this Privacy Policy;
  • Visit our branded social media pages;
  • Visit our offices;
  • Receive communications from us, including emails, phone calls, texts or fax;
  • Use our Products and Sites as an authorized user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data;
  • Register for, attend and/or otherwise take part in our events, webinars or contests; or
  • Participate in community and open source development.

Our websites and Products may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by third parties’ Privacy Policies, which you should review to better understand those third parties’ privacy practices.

3. What Personal Data Do We Collect?

The Personal Data that we collect directly from you includes the following:

  • If you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event, webinar or contest, or download certain content, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
  • If you make purchases via our websites or register for an event or webinar, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information;
  • If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies, such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data (please see the “What device and usage data we process” section, below);
  • If you use and interact with our services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data (please see the “What device and usage data we process” section, below); and
  • If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contacting us” section below.

4. What Device and Usage Data We Process

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you..

4.1 Device and Usage Data

As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning.

In addition, we gather certain information automatically as part of your use of the Products and Sites. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, as well as to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities and for the security of Cedar AI generally (in addition to the security of our Products and Sites). Some of the device and usage data collected within the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers (where we act as a processor).

4.2 Cookies and Other Tracking Technologies

We use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.

When you visit our websites, we or an authorized third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customize your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our websites.

Please note that certain website tracking technologies may be subject to applicable state privacy laws, including the California Invasion of Privacy Act (CIPA). We obtain consent for non-essential tracking technologies where required by law. You may manage your tracking preferences through our cookie consent banner or by enabling a recognized Universal Opt-Out signal (such as Global Privacy Control) in your browser.

For a full list of cookies used on this site, including their purpose and duration, please see our Cookie Policy.

4.3 Universal Opt-Out Mechanisms

We recognize and honor Universal Opt-Out signals, including the Global Privacy Control (GPC), where required by applicable law. When we detect a valid opt-out signal from your browser or device, we will treat it as a request to opt out of the sale or sharing of your Personal Data for purposes of targeted advertising. You can enable GPC through supported browsers or browser extensions. Note that this opt-out applies to the specific browser or device from which the signal is sent.

5. Purposes for Which We Process Personal Data

We collect and process your Personal Data for the purposes and on the legal bases identified in the following:

  • Providing our Products and Sites: We process your Personal Data to perform our contract with you for the use of our Products and Sites and to fulfill our obligations under applicable terms of use/service; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites);
  • Promoting the security of our Products and Sites: We process your Personal Data by tracking use of our Products and Sites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
  • Providing necessary functionality: We process your Personal Data to perform our contract with you for the use of our Products and Sites; where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to provide you with the necessary functionality required during your use of our Products and Sites;
  • Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service;
  • Handling contact and user support requests: If you request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
  • Managing webinars, contests or promotions: If you register for a webinar, contest or promotion, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data. Participation in webinars, contests and promotions is purely voluntary and is not required in order to use our services;
  • Managing payments: If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you;
  • Developing and improving our Products and Sites: We process your Personal Data to analyze trends and to track your usage of and interactions with our Products and Sites to the extent it is necessary for our legitimate interest in developing and improving our Products and Sites and providing our users with more relevant content and service offerings, or where we seek your valid consent;
  • Assessing and improving user experience: We process device and usage data as described in Section 4.1 above, which in some cases may be associated with your Personal Data, in order to analyze trends and to assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your valid consent;
  • Reviewing compliance with applicable usage terms: We process your Personal Data to review compliance with the applicable usage terms in our customer’s contract to the extent that it is in our legitimate interest to ensure adherence to the relevant terms;
  • Assessing capacity requirements: We process your Personal Data to assess the capacity requirements of our services the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering;
  • Sending marketing communications: We will process your Personal Data and/or device and usage data, which in some cases may be associated with your Personal Data, in order to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent (please see the “Your rights relating to your Personal Data” section, below, to learn how you can control the processing of your Personal Data by Cedar AI for marketing purposes); and
  • Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.

6. Who Do We Share Personal Data With?

We may share your Personal Data as follows:

  • With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing and customer support for the purposes and pursuant to the legal bases described above, although such service providers are bound to treat your Personal Data confidentially and only to use it for the uses described in this Privacy Policy;
  • If you use our services as an authorized user, with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
  • With sponsors of contests or promotions for which you register; and
  • If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by third party, with such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

We may also share anonymous usage data with Cedar AI’s service providers for the purpose of helping Cedar AI in such analysis and improvements. Additionally, Cedar AI may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.

For further information on the recipients of your Personal Data, please contact us by using the information in the “Contacting us” section, below.

7. International Transfer of Personal Data

Your Personal Data may be collected, transferred to and stored by us in the United States and by the third-party service providers disclosed in Section 6, above, that are based in other countries. Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

8. Children

Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16, or treat as sensitive the data of minors under the age of 18 where required by applicable law. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “Contacting us” section, below, and we will take steps to delete such Personal Data from our systems.

9. How Long Do We Keep Your Personal Data?

We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data” section, above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). As a general guide, we apply the following retention periods: contact and account information is retained for the duration of our relationship with you and up to three (3) years thereafter; financial and billing records are retained for seven (7) years in accordance with applicable legal requirements; usage and log data is retained for up to twelve (12) months; and marketing communication records are retained for three (3) years from the date of last contact. These periods may be extended where required by law or shortened where you exercise your right to erasure.

After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

For further information on applicable data retention periods, please contact us by using the information in the “Contacting us” section, below.

10. Your Rights Relating to Your Personal Data

10.1 Your Rights

You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the European Economic Area (EEA) or a U.S. state with applicable privacy legislation (including California, Colorado, Connecticut, Virginia, Texas, Oregon, and others), these rights may include:

  • To access your Personal Data held by us (right to access);
  • To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to rectification / correction);
  • To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
  • To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing);
  • To transfer your Personal Data to another controller, to the extent possible (right to data portability);
  • To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • To opt out of the sale or sharing of your Personal Data, or its use for targeted advertising or profiling, to the extent applicable under your state’s privacy law;
  • Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our websites or in our services.Where our ARMS platform uses automated analysis to generate operational recommendations or outputs, such outputs are intended to support — not replace — human decision-making by our customers. Our customers retain responsibility for how they act on platform outputs. We do not make fully automated decisions about individuals that produce legal or similarly significant effects without human review.
  • To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

If you are a resident of California, under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our websites. Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another visitor to our websites.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your Personal Data. In addition to the rights described above, you have the right to:

  • Know what Personal Data we collect, use, disclose, and sell about you;
  • Delete Personal Data we have collected from you (subject to certain exceptions);
  • Correct inaccurate Personal Data;
  • Opt out of the sale or sharing of your Personal Data for cross-context behavioral advertising;
  • Limit the use and disclosure of sensitive Personal Data;
  • Non-discrimination for exercising your privacy rights — we will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your rights under the CCPA/CPRA.

Cedar AI does not sell Personal Data as that term is defined under the CCPA/CPRA. However, certain sharing of data with advertising or analytics partners may constitute “sharing” under California law. To exercise your California rights, please contact us using the information in the “Contacting us” section below. We will respond to verifiable requests within 45 days, with an optional 45-day extension where reasonably necessary.

10.3 How to Exercise Your Rights

To exercise your rights, please contact us by using the information in the “Contacting us” section, below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Cedar AI customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.

Some registered users may update their user settings, profiles and organization settings by logging into their accounts and editing their settings or profiles.

10.4 Your Rights Relating to Customer Data

As described above, we may also process Personal Data submitted by or for a customer to our Products and Sites. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of a customer (and/or its affiliates) who is the responsible controller of the Personal Data concerned (see the “Responsible Entity” section above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Policy. If your data has been submitted to us by or on behalf of a Cedar AI customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Cedar AI customer who submitted your data to us. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.

10.5 Your Preferences for Email Marketing Communications

If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Cedar AI by clicking on the “unsubscribe” link located on the bottom of Cedar AI marketing emails.

You may also turn off push notifications on Cedar AI applications on your device.

Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions, service announcements or security information.

11. Automated Decision-Making and AI-Powered Features

Cedar AI’s ARMS platform uses machine learning and automated analysis to process operational data and generate recommendations for rail operations, including shipment tracking, terminal management, and logistics optimization. This processing is intended to assist our customers’ human operators and decision-makers—not to replace human judgment.

To the extent our platform processes Personal Data as part of automated analysis (for example, user activity data to personalize the platform experience), we take reasonable steps to ensure such processing is accurate, limited to stated purposes, and subject to human oversight. We do not use automated processing to make decisions about individuals that produce legal or similarly significant effects without an opportunity for human review.

Where required by applicable law (including California’s ADMT regulations effective January 1, 2026), users may have the right to opt out of automated processing used for profiling or significant decisions, and to request human review of automated outputs that affect them. To exercise these rights, please contact us using the information in the “Contacting us” section below.

12. How We Secure Your Personal Data

We take precautions including organizational, technical and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites or services, please contact us by using the information in the “Contacting us” section, below.

13. Changes to This Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements and other factors. If we do, we will update the “effective date” at the top of this Privacy Policy. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.

14. Contacting Us

To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Policy or our privacy practices please email us at privacy@cedar.ai.

Cedar AI We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory a