Effective date: July 1, 2019
Last update: January 22, 2026

1. INTRODUCTION & SCOPE

This Privacy Policy describes how Trestle Labs Private Limited (“Trestle Labs”, “we”, “us”, or “our”) collects, uses, stores, processes, transfers, and discloses information in connection with the use of its products, platforms, applications, websites, software services, application programming interfaces (APIs), hardware-enabled solutions, and related offerings (collectively, the “Services”).

The Services are offered under the Kibo brand and may be made available to individual users, enterprises, educational institutions, government bodies, and other organizations through various deployment models, including cloud-based services, APIs, and institution-managed or client-managed environments.

This Privacy Policy applies to information collected:

• When you visit or interact with our websites or online properties;
• When you create or manage an account with us;
• When you use or access the Services directly or on behalf of a Customer or Client; and
• When User Content or related information is processed through the Services.

This Privacy Policy does not apply to:

• Third-party websites, applications, or services that may be linked to or integrated with the Services but are not operated or controlled by Trestle Labs; or
• Information processed by a Customer or Client outside the scope of the Services.

We recognize that the information processed through the Services may include personal, sensitive, or confidential data. We are committed to handling such information responsibly, transparently, and in accordance with applicable data protection and privacy laws, contractual obligations, and recognized security practices.

This Privacy Policy explains:

• The categories of information we collect and process;
• The purposes for which such information is used;
• How information may be shared or transferred;
• The rights and choices available to users and clients; and
• The measures we take to protect information processed through the Services.

By accessing or using any of the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with its terms. Where you use the Services on behalf of a Customer or Client, your use of the Services is also subject to that Customer’s or Client’s applicable policies and instructions.

2. DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

• “User” refers to any individual who accesses or uses the Services, whether directly or on behalf of a Customer or Client.
  
  
• “Customer” or “Client” refers to an organization, institution, enterprise, government body, or other legal entity that has entered into an agreement with Trestle Labs for the use of the Services, and on whose behalf Users may access or use the Services.
  
  
• “Services” refers to all products, platforms, applications, software, hardware-enabled solutions, websites, APIs, and related offerings provided or operated by Trestle Labs under the Kibo brand or otherwise.
  
  
• “User Content” refers to any data, documents, images, files, text, audio, or other content that is submitted, uploaded, transmitted, or otherwise made available for processing through the Services by or on behalf of a User or Client.
  
  
• “Personal Data” refers to any information that identifies or relates to an identified or identifiable individual, directly or indirectly, as defined under applicable data protection laws.
  
  
• “Sensitive Personal Data” refers to personal data that is considered sensitive under applicable laws, including, where applicable, information relating to government-issued identifiers, financial data, health information, biometric data, or other special categories of data.
  
  
• “Metadata” refers to technical, operational, or contextual information generated in connection with the use of the Services or the processing of User Content, such as timestamps, file characteristics, processing status, usage metrics, or system logs. Metadata does not include the substantive content of User Content itself.

3. ROLE OF TRESTLE LABS

The role of Trestle Labs with respect to information processed through the Services depends on the nature of the Services used and the context in which they are provided.

3.1 Trestle Labs as Data Controller

Trestle Labs acts as a data controller with respect to Personal Data collected and processed in connection with:

• Access to and use of Trestle Labs’ websites, marketing pages, and online properties;
• Account creation, authentication, and administration for users accessing the Services directly;
• Communications, inquiries, demos, trials, events, and support interactions initiated directly with Trestle Labs;
• Billing, invoicing, and contractual management.

In these contexts, Trestle Labs determines the purposes and means of processing such Personal Data and processes it in accordance with this Privacy Policy.

3.2 Trestle Labs as Data Processor

Trestle Labs acts as a data processor when processing User Content and related Personal Data on behalf of a Customer or Client in connection with the provision of the Services, including enterprise, institutional, government, or API-based deployments.

In such cases:

• The Customer or Client acts as the primary data controller (or data fiduciary, as applicable) and determines the purposes and scope of processing;
  
  
• Trestle Labs processes User Content and related Personal Data solely in accordance with the Customer’s or Client’s applicable agreements and this Privacy Policy;
  
  
• Trestle Labs does not determine the independent purpose for which User Content is processed and does not assume responsibility for the lawfulness of the data provided by the Customer or Client.

3.3 Users Acting on Behalf of a Client

Where a User accesses or uses the Services on behalf of a Customer or Client (such as an employer, educational institution, government department, or other organization), the processing of User Content and related Personal Data is subject to the instructions, policies, and permissions established by that Customer or Client.

Users should direct any requests regarding access, correction, or deletion of User Content processed on behalf of a Client to the relevant Customer or Client, in accordance with their internal policies.

4. INFORMATION WE COLLECT

We collect information in connection with the provision, operation, and support of the Services. The categories of information collected depend on how the Services are accessed and used, whether directly by an individual or on behalf of a Customer or Client.

4.1 Account and Business Information

When an account is created or managed, or when you interact with us directly, we may collect information such as:

• Name, email address, and other contact details;
• Organization name, role, or affiliation (where applicable);
• Account credentials and authentication-related information;
• Billing, invoicing, and contractual information;
• Communications exchanged with us in connection with account administration, support, or service inquiries.

This information is primarily used to establish, administer, and support access to the Services.

4.2 User Content

We collect and process User Content only when such content is submitted, uploaded, transmitted, or otherwise made available for processing through the Services by or on behalf of a User or Client.

User Content may include documents, images, files, text, audio, or other data provided for processing in connection with the Services. The nature and scope of User Content processed depend on the specific Services used, the configuration or deployment model, and the instructions of the Customer or Client.

User Content is processed solely in accordance with this Privacy Policy and applicable agreements governing the use of the Services.

4.3 Metadata and Operational Data

We collect technical and operational information generated through the use of the Services, including:

• Processing timestamps and status information;
• File or content characteristics such as format, size among others;
• Feature usage and interaction data;
• System performance metrics and diagnostic data;
• Logs related to access, requests, and service operations.
  
  

This information does not typically include the substantive content of User Content, unless explicitly required for the provision of the Services and agreed under applicable agreements.

4.4 Device, Platform, and Usage Information

When the Services are accessed, we may collect limited information about the device, system, or platform used, such as:

• Operating system or application version;
• Browser or client type;
• General usage patterns related to the Services.

This information is used to ensure compatibility, performance, security, and reliability of the Services and to diagnose technical issues.

4.5 Website and Online Interaction Information

When you visit our websites or online properties, we may collect information related to your interaction with those sites, such as:

• Internet Protocol (IP) address;
• Pages viewed, navigation paths, and referral information;
• Date and time of access;
• Data submitted to contact us;
• Information collected through cookies or similar technologies, where applicable.

Such information is used to operate and improve our websites, understand visitor engagement, and maintain security.

4.6 Support and Communications

If you contact us for support, feedback, or assistance, we may collect and retain the information you provide, including contact details and the content of communications, to respond to your request and improve our support services.

5. USER CONTENT & DOCUMENT PROCESSING

The Services are designed to process User Content in order to deliver intelligent document processing, content understanding, accessibility, analytics, and data protection capabilities, as configured or requested by a User or Client.

User Content is processed solely in connection with the provision of the Services and in accordance with the applicable Service configuration, deployment model, and documented instructions of the Customer or Client.

5.1 Scope of Processing

Depending on the Services used, enabled features, and applicable use case, User Content may be processed for purposes that include, but are not limited to:

(a) Document and Content Intelligence

• Digitization and conversion of documents into machine-readable or accessible formats;
• Optical character recognition (OCR), Optical mark recognition (OMR) and text recognition from printed or handwritten content;
• Classification, segmentation, and organization of documents;
• Extraction, structuring, normalization, and validation of data from documents;
• Creation of searchable or structured outputs (such as searchable PDFs, structured text formats, or tabular data);
• Generation of summaries, insights, and derived representations of content;
• Indexing, searchability, and retrieval of content.

(b) Language, Audio, and Accessibility Processing

• Translation and language transformation across supported languages;
• Audio generation, audio access, and audio-based content enablement;
• Transcription of audio or audio-visual content;
• Processing of audio, visual, or multimodal content to derive contextual or analytical outputs;
• Accessibility-focused transformations to enable inclusive access to content.

(c) Data Protection, Compliance, and Forensic Processing

• Detection, classification, masking, or redaction of personal or sensitive data;
• Identification of patterns or indicators related to data integrity, authenticity, or document tampering;
• Processing required to support compliance, risk assessment, or investigative use cases enabled through the Services.

(d) Processing Pipelines and Custom Workflows

• Execution of use-case-specific or industry-specific processing pipelines configured by or for a Client;
• Contextual or domain-specific processing logic applied to User Content based on the intended workflow or integration.

The above processing activities may involve multiple stages of transformation, analysis, and output generation and are performed only to the extent necessary to deliver the requested Services.

5.2 Processing Context and Deployment Models

User Content may be processed:

• Locally or within a Client’s environment, where supported by the applicable Service or deployment model; and/or
• On systems operated by or on behalf of Trestle Labs, where server-based processing is required to deliver the requested functionality.

Processing may occur through different modes of integration, including application interfaces, APIs, or automated workflows, and may be deployed in cloud-based, client-managed, or on-premise environments, as applicable.

5.3 Purpose Limitation and Control

Trestle Labs processes User Content solely to perform the functionalities and workflows enabled through the Services. Processing is limited to what is reasonably necessary to deliver the configured outcomes and does not extend beyond the scope of the Services provided.

Trestle Labs does not claim ownership of User Content. Responsibility for the lawfulness, accuracy, and appropriateness of User Content provided to the Services rests with the User or Client that submits or authorizes such content for processing.

5.4 Relationship to Metadata

Processing of User Content may generate Metadata as part of normal service operation. Metadata is used to support service delivery, monitoring, diagnostics, security, quality assurance, and performance optimization and does not replace or constitute the substantive content of User Content itself.

6. PURPOSE LIMITATION & USE OF DATA

Trestle Labs collects and processes information solely for legitimate, defined purposes related to the provision, operation, security, and improvement of the Services. Information is not processed in a manner that is incompatible with these purposes.

The specific use of information depends on the category of data involved and the context in which the Services are used.

6.1 Use of User Content

User Content is processed only to perform the functionalities and workflows enabled through the Services, as configured or requested by the User or Client.

Such use may include processing necessary to:

• Deliver the requested document, audio, video, or data intelligence outputs;
• Generate structured, transformed, or derived outputs required by the configured workflow;
• Support accessibility, compliance, or investigative use cases enabled by the Services;
• Provide processing results, reports, or outputs back to the User or Client.

User Content is not processed for purposes unrelated to the delivery of the Services and is not used in a manner that overrides or contradicts the instructions or agreements governing the Client’s use of the Services.

6.2 Use of Metadata and Operational Data

Metadata and operational data generated through the use of the Services may be used to:

• Operate, maintain, and support the Services;
• Monitor system performance, availability, and reliability;
• Detect, prevent, and respond to security incidents or misuse;
• Diagnose technical issues and improve service quality;
• Generate usage metrics, logs, and operational reports for Clients;
• Support auditability, compliance, and internal governance requirements.

Such data is typically used in aggregated or contextual form and does not replace or expose the substantive content of User Content.

6.3 Use of Account, Business, and Communication Data

Account-related and business information may be used to:

• Create, manage, and administer user accounts;
• Authenticate access to the Services;
• Provide customer support and respond to inquiries;
• Manage billing, invoicing, and contractual relationships;
• Communicate service-related notices, updates, and operational information;
• Maintain records required for legal, regulatory, or audit purposes.

6.4 Service Improvement and Development

Information collected through the Services may be used to improve the functionality, performance, reliability, and usability of the Services, including through analysis of usage patterns, system behavior, and operational metrics.

Such improvement activities are conducted in a manner consistent with this Privacy Policy and applicable contractual obligations and do not involve the use of User Content beyond what is necessary to deliver or support the Services.

6.5 Exclusions and Limitations

Trestle Labs does not:

• Sell or rent User Content or Personal Data;
• Use User Content for third-party advertising purposes;
• Provide User Content to third parties except as necessary to operate and support the Services or as required by law;
• Process information in a manner that is inconsistent with this Privacy Policy or applicable agreements.

6.6 Automated Outputs and Customer Responsibility

The Services may generate automated outputs such as classifications, extracted fields, structured data, summaries, or risk indicators as part of service delivery. Customers and Clients are responsible for determining how such outputs are used and for implementing appropriate review and validation processes, including human review where required by law or internal policy.

7. DATA RETENTION & DELETION

Trestle Labs retains information only for as long as is reasonably necessary to fulfill the purposes for which it is collected and processed, unless a longer retention period is required or permitted by applicable law, contractual obligations, or legitimate business requirements.

Retention periods vary depending on the category of information and the context in which the Services are used.

7.1 Retention of User Content

User Content submitted for processing through the Services is retained only for the duration necessary to perform the requested processing and deliver the corresponding outputs.

Unless otherwise configured or contractually agreed:

• User Content is typically deleted shortly after processing is completed; and
• Temporary storage may be used during processing, subject to a defined time-to-live (TTL) or similar technical controls.

Where a Customer or Client configures longer retention, requests storage of outputs, or requires retention for operational, audit, or compliance purposes, User Content may be retained in accordance with such instructions and applicable agreements.

7.2 Retention of Metadata and Operational Data

Metadata, logs, and other operational data generated through the use of the Services may be retained for longer periods as reasonably necessary to:

• Operate and support the Services;
• Maintain system security, integrity, and availability;
• Diagnose issues and investigate incidents;
• Support auditability, compliance, and internal governance;
• Generate usage reports or service performance metrics for Clients.

Such data is retained in accordance with internal retention practices and does not typically include the substantive content of User Content.

7.3 Retention of Account, Business, and Communication Data

Account information, billing records, contractual documentation, and communications may be retained for the duration of the business relationship and thereafter as required for:

• Legal or regulatory compliance;
• Financial, tax, or accounting obligations;
• Resolution of disputes or enforcement of agreements;
• Internal record-keeping and audit purposes.

7.4 Deletion and Return of Data

Upon termination or expiration of access to the Services, User Content and related data may be deleted or returned in accordance with the applicable agreement, Client instructions, and this Privacy Policy.

Deletion may be subject to:

• Reasonable technical and operational limitations;
• Backup, archival, or disaster-recovery processes;
• Legal or regulatory retention requirements.

Once data is deleted from active systems, residual copies may persist for a limited period in backups or archives until such systems are refreshed or overwritten in accordance with standard operational practices.

7.5 Client-Managed and Institutional Contexts

Where the Services are used on behalf of a Customer or Client, including enterprise, government, educational, or institutional deployments, data retention and deletion are governed primarily by the Client’s instructions, policies, and applicable agreements.

Users acting on behalf of a Client should direct any requests regarding retention or deletion of User Content to the relevant Client or organization.

8. DATA SHARING & SUB-PROCESSORS

Trestle Labs does not sell, rent, or trade User Content or Personal Data. Information is shared only in limited circumstances and solely to the extent necessary to provide, operate, and support the Services or to comply with legal obligations.

8.1 Sharing with Service Providers and Sub-Processors

Trestle Labs may engage third-party service providers and sub-processors to perform functions necessary to operate and support the Services, such as infrastructure operations, security, analytics, or support services.

Where such third parties are engaged:

• Access to information is limited to what is reasonably necessary for the performance of the relevant services; and
• Such parties are bound by confidentiality, data protection, and security obligations consistent with this Privacy Policy.

8.2 Processing on Behalf of Clients

When Trestle Labs processes User Content on behalf of a Customer or Client, including in enterprise, government, educational, or institutional deployments, any sharing of information with sub-processors occurs solely to fulfill the Client’s instructions and deliver the Services.

In such cases:

• The Customer or Client remains responsible for determining the purposes and scope of processing; and
• Trestle Labs acts only within the scope of applicable agreements, documented instructions, and this Privacy Policy.

8.3 No Sharing with Third-Party Advertisers

Trestle Labs does not share, sell, rent, or otherwise disclose User Content or Personal Data to third-party advertising networks, data brokers, or advertising intermediaries for the purpose of targeted advertising, profiling, or cross-platform marketing.

Trestle Labs may, however, use contact information collected directly from Users or Clients to send communications originating from Trestle Labs that relate to:

• Service updates, announcements, or operational notices; and
• Information about Trestle Labs’ own products, services, features, or offerings,

provided that such communications are sent in accordance with applicable laws and any consent, preference, or opt-out mechanisms required under those laws.

In all cases, Personal Data used for such communications is not shared with third parties for their independent advertising or marketing purposes.

8.4 Legal and Regulatory Disclosure

Trestle Labs may disclose information if required to do so by applicable law, regulation, legal process, or governmental request, or where disclosure is reasonably necessary to:

• Comply with legal obligations;
• Respond to lawful requests from public authorities;
• Protect the rights, property, or safety of Trestle Labs, its Clients, Users, or others;
• Enforce applicable terms, agreements, or policies; or
• Investigate, prevent, or address security incidents, fraud, or misuse of the Services.

8.5 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or similar transaction involving Trestle Labs, information processed through the Services may be transferred as part of that transaction, subject to appropriate confidentiality and data protection commitments.

Any successor entity will be required to honor the commitments set forth in this Privacy Policy with respect to such information.

9. CROSS-BORDER DATA TRANSFERS

Trestle Labs operates globally and may process or store information in multiple locations in order to provide and support the Services.

Information collected or processed through the Services, including Personal Data, User Content, Metadata, and operational data, may be transferred to, accessed from, or processed in countries other than the country in which the User or Client is located.

Where such cross-border transfers occur, Trestle Labs takes reasonable steps to ensure that information is protected in accordance with this Privacy Policy and applicable data protection laws, including by implementing appropriate contractual, technical, and organizational safeguards.

By accessing or using the Services, you acknowledge and understand that information may be transferred, stored, or processed in jurisdictions that may have data protection laws that differ from those of your jurisdiction.

In enterprise, government, or institutional deployments, cross-border data transfers, where applicable, may be further governed by the terms of the relevant agreement, deployment configuration, or Client instructions.

10. SECURITY MEASURES

Trestle Labs implements reasonable and appropriate technical, organizational, and administrative measures designed to protect information processed through the Services against unauthorized access, disclosure, alteration, or destruction.

Security measures are implemented taking into account the nature of the information processed, the context of processing, the state of the art of technology, and the potential risks associated with such processing.

10.1 Technical and Organizational Safeguards

Security measures implemented by Trestle Labs may include, as appropriate:

• Access controls and authentication mechanisms to restrict access to authorized personnel;
• Encryption or equivalent protections for information in transit and, where appropriate, at rest;
• Monitoring, logging, and auditing of system activity to detect and respond to security events;
• Segregation of environments and role-based access to systems and data;
• Regular updates, maintenance, and vulnerability management practices.

10.2 Operational Security

Access to information processed through the Services is limited to personnel who require such access for the performance of their duties and who are subject to confidentiality obligations.

Trestle Labs maintains internal policies and procedures governing information security, incident response, and access management and reviews such controls periodically.

10.3 Shared Responsibility

The security of information also depends on Users and Clients. Users and Clients are responsible for:

• Maintaining the confidentiality of account credentials;
• Implementing appropriate safeguards within their own environments;
• Ensuring that access to the Services is provided only to authorized individuals.

Trestle Labs is not responsible for security incidents resulting from actions or omissions outside its reasonable control, including failures in systems, networks, or environments managed by Users or Clients.

10.4 Limitations

While Trestle Labs takes reasonable measures to protect information processed through the Services, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, Trestle Labs cannot guarantee absolute security of information.

11. YOUR RIGHTS

Depending on your relationship with Trestle Labs and the context in which the Services are used, you may have certain rights with respect to your Personal Data under applicable data protection laws.

The availability and scope of these rights may vary based on whether Trestle Labs acts as a data controller or a data processor and on the nature of the Services used.

11.1 Rights Relating to Personal Data

Subject to applicable laws and contractual arrangements, you may have the right to:

• Request access to Personal Data processed about you;
• Request correction or updating of inaccurate or incomplete Personal Data;
• Request deletion or erasure of Personal Data;
• Request restriction or limitation of processing of Personal Data, where applicable;

These rights are not absolute and may be subject to limitations or exceptions under applicable laws.

11.2 Requests Where Data Is Processed on Behalf of a Customer

Where Personal Data or User Content is processed by Trestle Labs on behalf of a Customer or Client, Trestle Labs acts as a data processor.

In such cases:

• Requests relating to access, correction, deletion, or restriction of User Content should be directed to the relevant Customer or Client, in accordance with their internal policies; and
• Trestle Labs will support the Customer or Client in responding to such requests, as required by applicable agreements and laws.

11.3 Exercising Your Rights

Where Trestle Labs acts as a data controller, you may submit requests relating to your Personal Data by contacting us using the details provided in the Contact Information section of this Privacy Policy.

We may take reasonable steps to verify your identity before responding to a request and may request additional information to help us understand and process your request.

Responses to verified requests will be provided within reasonable timeframes, subject to applicable legal requirements.

11.4 Communications Preferences

You may manage or opt out of non-essential communications from Trestle Labs in accordance with applicable laws and the instructions included in such communications.

Service-related communications necessary for the operation, security, or administration of the Services may not be subject to opt-out.

12. EDUCATIONAL, INSTITUTIONAL & GOVERNMENT USE

The Services may be provided to and used by educational institutions, government bodies, public sector organizations, non-profit organizations, and other institutions (collectively, “Institutions”) for purposes such as education, research, administration, accessibility, compliance, digitization, or public service delivery.

Where the Services are used in such contexts, the following principles apply.

12.1 Institutional Control and Responsibility

When an Institution engages Trestle Labs to provide the Services:

• The Institution acts as the primary data controller (or data fiduciary, as applicable) with respect to User Content and Personal Data processed through the Services;
• The Institution determines the purposes, scope, and duration of processing, as well as applicable retention, access, and deletion policies;
• Trestle Labs processes User Content and related information solely in accordance with the Institution’s applicable agreements, and this Privacy Policy.

12.2 Use by End Users Under Institutional Authority

Individuals such as students, educators, librarians, staff members, officers, or other authorized users may access or use the Services under the authority of an Institution.

In such cases:

• End users act on behalf of, and under the supervision or authorization of, the Institution;
• The Institution is responsible for informing end users of applicable policies governing the use of the Services;
• Requests relating to access, correction, or deletion of User Content processed on behalf of an Institution should be directed to the Institution in accordance with its internal procedures.

12.3 Educational Content and Copyright Compliance

The Services may enable activities such as digitization, transformation, translation, audio generation, or accessibility enhancement of educational or informational materials.

Users and Institutions are responsible for ensuring that:

• Content submitted for processing is owned by them, is in the public domain, or is used with appropriate permissions and under applicable laws;
• Use of copyrighted material complies with applicable copyright laws, including educational exceptions, fair use, or fair dealing provisions, where applicable;
• Necessary licenses or permissions are obtained for content that does not fall within such exceptions.

Trestle Labs does not assume responsibility for unauthorized use of copyrighted materials submitted to the Services.

12.4 Accessibility and Inclusive Access

The Services may be used by Institutions to support accessibility, inclusion, and assistive use cases.

While Trestle Labs designs the Services to enable accessible processing and delivery of content, Institutions remain responsible for determining how such Services are deployed, accessed, and governed within their environments, including compliance with applicable accessibility, education, or public-sector regulations.

13. CHILDREN & MINORS

The Services are not directed at children or minors for independent, unsupervised use.

The Services may, however, be used by children or minors under the supervision, authorization, and responsibility of an educational institution, government body, parent, guardian, or other authorized organization (each, an “Authorized Entity”), such as in schools, colleges, libraries, or public institutions.

13.1 Use Under Authorized Supervision

Where children or minors access or use the Services:

• Such use occurs only under the authority and oversight of an Authorized Entity;
• The Authorized Entity is responsible for obtaining any required parental or guardian consent and for ensuring compliance with applicable child protection and data protection laws;
• Trestle Labs processes any User Content or Personal Data solely in accordance with the written instructions of the Authorized Entity and applicable agreements, and in accordance with this Privacy Policy.

13.2 No Knowing Independent Collection

Trestle Labs does not knowingly collect Personal Data directly from children or minors for independent use of the Services.

If Trestle Labs becomes aware that Personal Data relating to a child or minor has been collected outside an authorized institutional or supervised context, reasonable steps will be taken to delete such information in accordance with applicable laws.

13.3 Requests Relating to Children or Minors

Requests relating to access, correction, or deletion of data associated with children or minors should be directed to the relevant Authorized Entity, parent, or guardian, as applicable.

Where Trestle Labs acts as a data processor on behalf of an Institution or Authorized Entity, such requests will be handled in accordance with the applicable agreement and instructions of that entity.

14. CHANGE OF CONTROL

In the event that Trestle Labs undergoes a corporate transaction such as a merger, acquisition, reorganization, sale of assets, insolvency, or similar change of control, information processed through the Services may be transferred as part of that transaction.

Any such transfer will be subject to appropriate confidentiality and data protection commitments. The successor entity or acquiring organization will be required to honor the commitments set forth in this Privacy Policy with respect to such information, unless and until the Privacy Policy is updated in accordance with the Changes to This Privacy Policy section.

Where Trestle Labs processes User Content on behalf of a Customer or Client, such transfer will remain subject to the applicable agreements and documented instructions governing the processing of such User Content.

15. CHANGES TO THIS PRIVACY POLICY

Trestle Labs may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, business practices, technology, or the Services.

When we make changes, we will revise the “Effective Date” or “Last Updated” date at the top of this Privacy Policy. Updated versions of this Privacy Policy will be made available through our websites or Services, as applicable.

Where required by applicable law, we will provide additional notice of material changes in an appropriate manner. Continued access to or use of the Services after the effective date of an updated Privacy Policy constitutes acknowledgment of the updated terms, to the extent permitted by law.

We encourage you to review this Privacy Policy periodically to stay informed about how information is processed through the Services.

16. CONTACT INFORMATION & GRIEVANCE REDRESSAL

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of information through the Services, you may contact Trestle Labs at:

Email: privacy@trestlelabs.com

In accordance with the Digital Personal Data Protection Act, 2023 (India), individuals may submit requests or grievances relating to the processing of Personal Data through the Services using the contact details above. Such requests will be reviewed and addressed in accordance with applicable laws, contractual obligations, and internal procedures.

Where the Services are used on behalf of a Customer or Client (including enterprise, institutional, or government deployments), requests or grievances relating to User Content or Personal Data may also be subject to the policies and procedures of the relevant Customer or Client, who acts as the primary data controller or data fiduciary.

‍