TransIT AI
Sign up

Document under legal review.

This document is current as of May 14, 2026 and is being reviewed by counsel. Material revisions may follow within the next few weeks. The latest version is always the one displayed on this page; we encourage you to check back periodically.

Privacy Policy

Transit AI Software Inc. Last Updated: May 14, 2026 Effective Date: May 14, 2026

1. Introduction

Transit AI Software Inc. (“Transit AI,” “we,” “us,” or “our”) respects your privacy and is committed to transparent handling of personal information. This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect personal information in connection with our software-as-a-service platform available at https://transitai.app and related services (collectively, the “Service”).

This Policy applies to:

  • Visitors to https://transitai.app and our marketing pages
  • Customers who subscribe to the Service and individuals using the Service on behalf of a Customer (“Authorized Users”)
  • Individuals who contact us, request support, or otherwise interact with us

This Policy does not apply to information processed by third parties that you separately engage (for example, your own AI Provider when you use the Bring Your Own Key option, or other software vendors).

Capitalized terms not defined here have the meanings given in our Terms of Service.

2. Controller / Business

For purposes of the EU and UK General Data Protection Regulation (“GDPR” and “UK GDPR”), the State of California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), and similar laws, Transit AI Software Inc. is the controller / business with respect to information we collect about visitors, prospects, and the individual contact persons for Customers.

When Customers use the Service to access their own systems and direct us to process information from those systems, Transit AI acts as a processor / service provider on behalf of the Customer, and the Customer is the controller / business. Our processing of that information is governed by the Terms of Service and any data processing addendum the parties enter into.

3. Information We Collect

We collect the following categories of personal information. The specific items collected depend on how you interact with us.

3.1 Information You Provide

  • Account information: name, email address, password (hashed), employer or organization, job title, and similar identifiers.
  • Billing information: billing name, billing address, last four digits of payment card and card brand, transaction history. Full payment card numbers are processed directly by our payment processor and are not stored by Transit AI.
  • Communications: the content of emails, support tickets, chat messages, and other communications you send us.
  • BYOK credentials: API keys for third-party AI Providers (e.g., Anthropic or OpenAI) that you choose to provide. These are stored encrypted at rest.
  • Marketing preferences: subscription status for newsletters, product updates, and similar.

3.2 Information We Collect Automatically

  • Service usage data: logs of features used, queries submitted, sessions initiated, errors encountered, and similar usage telemetry.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, language, time zone, and referring URLs.
  • Cookies and similar technologies: as described in Section 9.

3.3 Information We Collect From Third Parties

  • Payment processors: confirmation of payment, fraud signals, and limited card metadata from Stripe (or a successor payment processor).
  • Authentication providers: if you sign in using a single sign-on or identity provider, we receive identity information consistent with that provider’s terms and your selections.
  • Service providers and analytics: aggregated and pseudonymized usage data from analytics and monitoring tools.

3.4 Customer Data Processed Through the Service

When you use the Service to investigate your network devices, servers, or other systems, the Service collects, transmits, and processes data from those systems (“Customer Data”). Customer Data may include configuration data, log entries, command output, hostnames, IP addresses, device identifiers, user account names, and any other data that exists on the systems you direct the Service to access.

We process Customer Data on behalf of the Customer as a processor / service provider. We do not use Customer Data to develop, train, retrain, fine-tune, or improve any artificial intelligence or machine learning model, whether ours or a third party’s.

3.5 Sensitive Personal Information

We do not intentionally collect “sensitive personal information” or “special category data” as defined under CCPA/CPRA, GDPR, or similar laws. However, Customer Data accessed through the Service may incidentally contain such information depending on what exists on Customer Systems. Customers are responsible for determining whether sensitive information is present on their systems and for configuring access accordingly.

4. How We Use Information

We use personal information for the following purposes:

PurposeCategories Used
Providing, operating, and maintaining the ServiceAccount, usage, technical, Customer Data
Processing payments and managing billingAccount, billing
Authenticating users and securing accountsAccount, technical
Detecting, preventing, and responding to fraud, abuse, and security incidentsAll categories as needed
Communicating about the Service (transactional emails, alerts, support)Account, communications
Providing customer supportAccount, communications, usage
Sending marketing communications (with consent or where permitted)Account, marketing preferences
Analyzing and improving the Service (in aggregated or de-identified form)Usage, technical
Complying with legal obligations and enforcing our Terms of ServiceAll categories as needed
Corporate transactions (e.g., merger, acquisition, financing)All categories as needed

For individuals in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following legal bases:

  • Contract performance: to provide the Service you (or your employer) have subscribed to.
  • Legitimate interests: to operate, secure, and improve the Service; to communicate with you about the Service; to prevent fraud and abuse. We have considered and balanced these interests against your rights.
  • Consent: where we ask for it (for example, certain marketing communications or non-essential cookies). You may withdraw consent at any time.
  • Legal obligation: to comply with applicable laws, court orders, and regulatory requests.

6. How We Disclose Information

We do not sell personal information for money. We disclose personal information in the following circumstances:

6.1 Service Providers and Sub-processors

We share information with third-party vendors who help us operate the Service, under contracts that require them to protect the information and use it only for the purposes we specify. These include:

  • Cloud infrastructure and edge-network providers that host the Service’s backend
  • Payment processors (e.g., Stripe)
  • Email and communication providers (transactional and support email delivery)
  • Customer support tools
  • Analytics and error monitoring providers
  • Identity and authentication providers
  • AI Providers that supply the underlying language models used by the Service (see Section 6.2)

6.2 AI Providers

The Service uses third-party AI Providers, including Anthropic (Claude) and OpenAI, to process prompts and Customer Data necessary to generate Output. Transmissions to AI Providers are governed by their respective terms and privacy practices. We use AI Provider services in a manner that, to our knowledge, does not permit the AI Provider to train, retrain, or fine-tune its models on Customer Data or prompts. If you use the Bring Your Own Key option, your relationship with the relevant AI Provider is direct and is governed by that provider’s terms.

6.3 Affiliates

We may share information with our corporate affiliates for the purposes described in this Policy.

We may disclose information if we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or governmental request
  • Enforce our Terms of Service
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect the rights, property, or safety of Transit AI, our customers, or others

6.5 Corporate Transactions

If Transit AI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a different privacy policy.

We may share information at your direction or with your consent.

6.7 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including for analytics, research, and marketing.

7. International Data Transfers

Transit AI is based in the United States, and we and our service providers may process personal information in the United States and other countries that may have data protection laws different from those of your country.

For transfers of personal data from the EEA, the United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions, where applicable), or other lawful transfer mechanisms.

You may request a copy of the relevant transfer safeguards by contacting us at support@transitai.app.

8. Data Retention

We retain personal information for as long as needed to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific retention practices:

  • Account information: retained while the Account is active and for a reasonable period afterward to handle disputes, enforce agreements, and comply with legal obligations.
  • Billing records: retained as required by applicable tax, accounting, and corporate laws (typically seven years in the U.S.).
  • Customer Data: retained according to Customer’s instructions and the Customer’s Subscription terms; deleted or returned upon termination of the Subscription, subject to legal hold requirements.
  • Usage logs and security records: typically retained for up to twenty-four (24) months.
  • Marketing data: retained until you unsubscribe or otherwise opt out.

When personal information is no longer needed, we delete, anonymize, or aggregate it.

9. Cookies and Similar Technologies

We and our service providers use cookies, web beacons, local storage, and similar technologies to operate and secure the Service, remember your preferences, and analyze usage. We use:

  • Strictly necessary cookies: required for login, security, and core functionality.
  • Functional cookies: remember preferences such as language and display settings.
  • Analytics cookies: help us understand how the Service is used so we can improve it.

You can control cookies through your browser settings. Disabling certain cookies may impair functionality. Where required by law, we present a cookie banner allowing you to manage non-essential cookies. We honor Global Privacy Control signals as described in Section 20.

10. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest for sensitive data, access controls, network segregation, monitoring, and regular review of security practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident affecting personal information, we will notify affected individuals and regulators as required by applicable law.

11. Your Privacy Rights

Depending on your location, you may have the rights described below. We honor all applicable rights regardless of where you live, to the extent the law requires.

11.1 Rights Available Across Most Jurisdictions

  • Right to know / access: request confirmation of whether we process information about you and obtain a copy.
  • Right to correct: request correction of inaccurate information.
  • Right to delete: request deletion, subject to legal exceptions (e.g., we may retain information needed for billing, fraud prevention, or legal compliance).
  • Right to portability: receive certain information in a portable, machine-readable format.
  • Right to opt out of sale or sharing: opt out of any “sale” or “sharing” (including for cross-context behavioral advertising) as those terms are defined under applicable law. We do not currently sell or share personal information in this sense.
  • Right to opt out of targeted advertising: we do not currently engage in targeted advertising.
  • Right to opt out of profiling that produces legal or similarly significant effects. We do not currently engage in such profiling for our own purposes.
  • Right to limit use of sensitive personal information: we do not use or disclose sensitive personal information for purposes that trigger the right to limit under CCPA/CPRA.
  • Right to non-discrimination for exercising privacy rights.

11.2 How to Exercise Your Rights

You may submit requests by:

  • Emailing support@transitai.app
  • Logging into your Account and using the privacy controls available there (where provided)

We will verify your request using information already on file. We may request additional information if needed to confirm your identity. You may use an authorized agent to submit a request on your behalf where permitted by law; we will require proof of the agent’s authority.

We will respond within the time required by applicable law (typically forty-five (45) days under U.S. state laws and one (1) month under GDPR/UK GDPR). If we cannot honor your request, we will explain why. Where required, you may appeal our decision by replying to our response.

12. State-Specific Disclosures (United States)

This section provides disclosures required under specific U.S. state privacy laws. If you are a resident of one of these states, the rights in this section apply in addition to those described in Section 11.

12.1 California (CCPA/CPRA)

In the preceding 12 months, we have collected the categories of personal information identified in Section 3 from the sources identified in Section 3 for the purposes identified in Section 4, and disclosed those categories to the recipients identified in Section 6.

Notice at Collection. The categories of personal information we collect under the CCPA are:

  • Identifiers (name, email, IP address, account identifiers)
  • Customer records (billing information)
  • Commercial information (transaction history, Subscription details)
  • Internet or network activity (usage logs, device data)
  • Geolocation information (approximate, derived from IP address)
  • Professional or employment-related information (employer, job title)
  • Inferences drawn from the above

We retain each category according to the criteria described in Section 8.

Sale and Sharing. We do not sell personal information for monetary consideration, and we do not “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We do not knowingly sell or share personal information of consumers under 16.

Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA Regulation §7027 (e.g., to provide the Service requested, to detect security incidents, to comply with law).

California Shine the Light. California Civil Code §1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing. We do not disclose personal information for those parties’ direct marketing purposes.

12.2 Other State Laws

Residents of the following states have rights substantially similar to those described in Section 11, under their respective state privacy laws: Colorado (CPA), Connecticut (CTDPA), Delaware (DPDPA), Indiana (ICDPA), Iowa (ICDPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Montana (MCDPA), Nebraska (NDPA), New Hampshire (NHPA), New Jersey (NJDPA), Oregon (OCPA), Rhode Island, Tennessee (TIPA), Texas (TDPSA), Utah (UCPA), and Virginia (VCDPA). Additional state laws may apply depending on the date of your request.

To exercise rights under these laws, use the procedures in Section 11.2. If we deny your request, you may appeal by replying to our denial; we will respond to appeals within the time required by your state’s law (typically 45 or 60 days). Some states also permit you to contact the state attorney general if you are not satisfied with our handling of an appeal.

12.3 Washington and Nevada

  • Washington: the Washington “My Health My Data” Act applies to certain consumer health data. We do not knowingly collect consumer health data as defined under that Act.
  • Nevada: Nevada residents may direct us not to sell certain covered information by emailing support@transitai.app. We do not currently sell such information.

12.4 Illinois

We do not collect or process biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act.

13. European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have rights under the GDPR or UK GDPR, including those described in Section 11 plus:

  • Right to object to processing based on legitimate interests, including for direct marketing
  • Right to restrict processing in certain circumstances
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing
  • Right to lodge a complaint with your local supervisory authority (a list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en; UK residents may contact the ICO at https://ico.org.uk/)

To exercise these rights, use the procedures in Section 11.2.

14. Canada

If you are located in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (including Quebec’s Law 25) may give you the right to access, correct, and withdraw consent to the processing of your personal information. To exercise these rights, contact support@transitai.app. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/ or your provincial regulator.

15. Brazil

If you are located in Brazil, the General Data Protection Law (LGPD) gives you rights to access, correct, anonymize, port, and delete your personal data, and to information about sharing. Contact support@transitai.app. You may also contact the National Data Protection Authority (ANPD).

16. Australia and Other Jurisdictions

If you are located in Australia or another jurisdiction with applicable privacy laws, you may have rights similar to those described in Section 11. Contact support@transitai.app, and we will respond consistent with applicable law.

17. Children

The Service is not directed to individuals under 18, and we do not knowingly collect personal information from individuals under 18. If we learn we have collected personal information from a person under 18, we will delete it. Parents or guardians who believe their child has provided personal information may contact us at support@transitai.app.

18. Automated Decision-Making

The Service uses artificial intelligence to generate Output in response to user prompts and Customer Systems data. The Service is designed to be used as a tool to support human decision-making and is not used by Transit AI to make decisions that produce legal or similarly significant effects about individuals. Customers using the Service are responsible for any decisions they make based on Output.

The Service may contain links to third-party websites or services that we do not operate. This Policy does not apply to those websites or services. Review their privacy policies before providing personal information.

20. Do Not Track and Global Privacy Control

Some browsers transmit a “Do Not Track” signal. There is no industry consensus on how to interpret these signals, and we do not respond to them at this time.

We do honor recognized opt-out preference signals such as Global Privacy Control (GPC) to the extent required by applicable law. If we detect a GPC signal from a browser visiting our Service, we treat it as a request to opt out of any “sale” or “sharing” of personal information from that browser.

21. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be notified by email or through the Service before they take effect. Continued use of the Service after the effective date constitutes acceptance.

22. Contact Us

For privacy questions, requests, or complaints, contact:

Transit AI Software Inc.

Email: support@transitai.app

Website: https://transitai.app

If you are in the EEA, UK, or Switzerland and need to contact a representative for GDPR purposes, please email us and we will identify the appropriate contact. If you are in Canada, our Privacy Officer can be reached at the same email address.