Privacy Policy

Effective Date: April 16, 2026  ·  Last Updated: May 20, 2026

1. Introduction

34Five, Inc. ("34Five," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use our platform, products, services, and websites (collectively, the "Services"), including our AI Aura™ platform, which delivers personality-driven AI agents designed for teleconference and workplace environments.

Because our Services involve advanced technologies — including real-time voice analysis, facial expression recognition, behavioral profiling, and personality modeling — this Policy addresses those data practices with particular care. Please read it in full before using our Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

2. Who This Policy Applies To

This Policy applies to:

• Visitors who browse our websites or marketing materials
• Account holders who register for and access our platform
• Administrators who deploy or manage AI Auras™ within their organizations
• End users who interact with AI Auras™ during teleconferences, meetings, or other sessions
• Meeting participants whose voice, video, or behavioral data may be captured during a session in which an AI Aura™ is present

3. Information We Collect

We collect information in the following categories depending on how you interact with our Services.

3.1 Information You Provide Directly

• Account registration data: name, email address, organization name, job title, billing information, and account credentials
• Profile and configuration data: Aura™ setup preferences, personality parameters, organizational role definitions, and onboarding materials you provide to configure an Aura™
• Personality and assessment data: information you voluntarily submit related to CliftonStrengths assessments, Big Five personality frameworks, or similar tools used to personalize Aura™ behavior
• Communications: messages, feedback, support requests, and other communications you send to us

3.2 Information Collected Automatically During Sessions

When an AI Aura™ is active in a teleconference or interactive session, we may automatically collect:

• Audio data: voice recordings and real-time audio streams from session participants for purposes of transcription, tone analysis, and response generation
• Video and visual data: video feeds used for facial expression recognition and non-verbal communication analysis
• Biometric-derived data: voice tone patterns, pitch, speech cadence, and inferred emotional states derived from audio; facial expression patterns and emotional signals derived from video — collectively referred to as "Behavioral Biometric Data"
• Session transcripts: text records of conversations that occurred during a session
• Interaction patterns: how you and others engage with an Aura™, including response timing, topic focus, and conversation flow
• Device and technical data: IP address, browser type, operating system, session duration, and connection metadata

3.3 Personality and Behavioral Profile Data

A core feature of our Services is the construction and use of personality models to personalize Aura™ behavior. This may include:

• Inferences drawn from your interaction history with an Aura™
• Scores or profiles based on the Big Five personality model (Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism)
• CliftonStrengths-aligned behavioral tendencies
• Communication style preferences inferred from aggregated session data

This data is considered sensitive personal information and is subject to heightened protections described in Sections 7 and 10.

3.4 Information Collected from Third Parties

We may receive information about you from:

• Calendar and scheduling integrations (e.g., Google Calendar, Microsoft Outlook) used to invite Auras™ to meetings
• Communication platforms (e.g., Zoom, Microsoft Teams, Google Meet) through which our Services operate
• Identity verification providers to confirm the identity of users creating or managing Auras™
• Analytics and advertising partners (for website and marketing activities only)

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Operate Our Services

• Authenticate users and manage accounts
• Deploy, configure, and run AI Auras™ within sessions
• Generate real-time transcriptions and session summaries
• Personalize Aura™ responses based on user and participant personality profiles
• Enable voice synthesis, facial animation, and multi-modal interaction capabilities

4.2 Improve and Develop Our Platform

• Analyze aggregate patterns to improve model accuracy and Aura™ performance
• Conduct internal research and quality assurance
• Debug errors, resolve technical issues, and monitor platform health

4.3 Communicate with You

• Send transactional notices (account confirmations, password resets, service updates)
• Share product updates, feature announcements, and relevant educational content
• Respond to your support requests and inquiries

4.4 Legal and Safety Purposes

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of 34Five, our users, and the public
• Detect, investigate, and prevent fraud, abuse, and security incidents

4.5 Lawful Bases for Processing (GDPR / UK GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we rely on the following lawful bases:

5. Biometric and Sensitive Data — Special Notice

Our AI Aura™ platform may collect and process Biometric Data as defined under applicable laws, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifiers Act (CUBI), the Washington My Health MY Data Act, the EU General Data Protection Regulation (GDPR), and other applicable state and national laws.

What We Collect

• Voice biometrics: voice patterns, pitch profiles, and tone signatures derived from audio recordings
• Facial expression data: visual signals and emotional inference data derived from video feeds during active sessions

How We Use It

Behavioral Biometric Data is used exclusively to:

• Enable emotionally-aware, context-responsive Aura™ interactions during your session
• Infer emotional tone and communication dynamics in real time
• Build and refine your personality model (with your consent)

What We Do Not Do

• We do not sell Biometric Data.
• We do not share Biometric Data with third parties for their independent commercial purposes.
• We do not use Biometric Data to identify you in unrelated contexts outside your sessions.
• We do not retain voiceprints or facial expression models beyond the periods described in Section 8, except where required by law.

Consent and Opt-Out

Collection of Biometric Data requires your affirmative consent, which we obtain at the time of session enrollment or first use. You may withdraw consent at any time by contacting us at privacy@34five.ai or through your account settings. Withdrawal of consent may limit or prevent use of certain platform features.

Illinois Residents (BIPA)

If you are an Illinois resident, we comply with BIPA. We have a written policy governing the retention and destruction of biometric information, available upon request. We do not profit from your biometric data. You have the right to request deletion of your biometric identifiers.

6. Multi-Party Session Data and Third-Party Participants

When an AI Aura™ joins a meeting or teleconference, all participants in that session may have their voice, video, and behavioral data collected, even if they are not 34Five customers.

Obligations of Account Holders and Administrators

If you deploy an Aura™ in a meeting, you are responsible for:

• Notifying all participants that an AI system is present and may collect audio, video, and behavioral data
• Obtaining any consents required under applicable law before the session begins
• Ensuring that your use of our Services complies with applicable employment, privacy, and communications laws in your jurisdiction

34Five provides disclosure templates and notice mechanisms to help administrators fulfill these obligations. Contact us at legal@34five.ai for resources.

Our Role as Data Processor

In the context of enterprise deployments where you (the customer) control how the Aura™ is configured and deployed, 34Five acts as a data processor on your behalf under GDPR. We process participant data only according to your instructions as described in our Data Processing Agreement (DPA), available upon request.

7. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

7.1 Service Providers and Sub-Processors

We share data with trusted vendors who help us operate our platform, including:

• Cloud infrastructure providers (e.g., AWS, Google Cloud, Microsoft Azure) for hosting and storage
• AI and LLM providers (e.g., Anthropic, OpenAI, ElevenLabs, and others) for language model inference, voice synthesis, and related capabilities
• Video conferencing integrations (e.g., Zoom, Microsoft Teams) to enable Aura™ participation
• Analytics providers for aggregated usage insights
• Customer support platforms for ticket management

All sub-processors are subject to data protection agreements that prohibit independent use of your data and require appropriate security measures. A current list of sub-processors is available at 34five.ai/sub-processors or by request.

7.2 Business Transfers

If 34Five is acquired, merges with another company, or undergoes a significant corporate transaction, your information may be transferred as part of that transaction. We will notify you and provide options where required by law.

7.3 Legal Requirements

We may disclose information when required to do so by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

7.4 With Your Consent

We may share information with third parties in ways not described above if you have given us your explicit consent to do so.

8. Data Retention

We retain different categories of data for different periods based on operational necessity and legal requirements:

You may request earlier deletion of specific categories of data by contacting privacy@34five.ai. Note that deleting certain data types (e.g., your personality profile) may affect the personalization quality of your Aura™ interactions.

9. Data Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we handle. These include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and least-privilege principles for internal systems
• Regular security audits and penetration testing
• Anonymization and pseudonymization of Behavioral Biometric Data where feasible
• Incident response procedures including breach notification protocols

No system is completely secure. If you believe your account or data has been compromised, please contact us immediately at security@34five.ai.

10. Your Privacy Rights

Depending on where you are located, you may have the following rights regarding your personal information.

10.1 Rights Under GDPR / UK GDPR (EEA and UK Residents)

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal retention requirements
• Right to restriction: Request that we limit processing of your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making: Request human review of decisions made solely by automated means, including profiling, that significantly affect you
• Right to withdraw consent: Withdraw consent at any time for consent-based processing (including Biometric Data and personality profiling), without affecting the lawfulness of prior processing

To exercise these rights, contact our Data Protection Officer at privacy@34five.ai.

10.2 Rights Under the CCPA / CPRA (California Residents)

California residents have the right to:

• Know what personal information we collect, use, disclose, and sell
• Delete personal information we have collected, subject to certain exceptions
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell personal information)
• Limit use of sensitive personal information (including biometric data, precise geolocation, and inferences about personality or psychological characteristics) to the purposes disclosed at collection
• Non-discrimination — we will not discriminate against you for exercising your privacy rights

Categories of sensitive personal information we collect: biometric identifiers; inferences drawn to create personality profiles; voice recordings.

To submit a CCPA rights request, email privacy@34five.ai. We will respond within 45 days. Requests may be submitted by an authorized agent with appropriate documentation.

Do Not Sell or Share My Personal Information: As noted, we do not sell personal information. If this practice ever changes, we will update this Policy and provide a clear opt-out mechanism.

10.3 Rights Under Other State Laws

Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws have rights substantially similar to those described above. Contact privacy@34five.ai to exercise these rights.

10.4 Canadian Residents (PIPEDA / Law 25)

Canadian users have the right to access and correct their personal information and to withdraw consent for non-essential processing. Contact our privacy officer at privacy@34five.ai.

11. Automated Decision-Making and Profiling

Our Services use automated processes to build personality profiles, infer emotional states, and adapt Aura™ behavior. We do not use these processes to make legally significant decisions about you (such as employment, credit, or insurance decisions) without human review.

If our Services are deployed in HR or employment contexts — such as onboarding, performance review, or team dynamics assessment — you have the right to request human involvement in any decision that significantly affects you. Administrators deploying 34Five in such contexts must disclose this use to participants as required by applicable law.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If our platform is used in educational settings and may involve users under 18, the deploying institution must obtain appropriate parental or guardian consent and comply with COPPA (for US users under 13) and applicable local laws.

If you believe a minor has provided personal information through our Services, contact us at privacy@34five.ai and we will take steps to delete it promptly.

13. International Data Transfers

34Five is based in the United States. If you access our Services from outside the US, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

For transfers of personal data from the EEA or UK to countries without an adequacy decision, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs) as applicable

A copy of the applicable transfer mechanism is available upon request at privacy@34five.ai.

14. Third-Party Links and Integrations

Our platform integrates with third-party services such as Zoom, Microsoft Teams, Google Meet, ElevenLabs, and others. When you use these integrations, you are also subject to those services' privacy policies. We are not responsible for the privacy practices of third-party services and encourage you to review their policies.

15. Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies for purposes including authentication, security, analytics, and personalization. You can manage cookie preferences through:

• Our cookie consent banner when you first visit
• Your browser settings
• Industry opt-out tools such as the NAI opt-out and the DAA WebChoices tool

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top and, for material changes, notify you by email or prominent notice within the platform at least 30 days before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated Policy.

17. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us: