Evidence
Evidence Page
Digital Twin Generators
Research
Artificial Intelligence
Clinical Research
Company
About
Careers
Blog
Press
Evidence
Home

Privacy

Effective Date: August 5, 2025

Introduction

This Privacy Notice describes how Unlearn.ai Inc. ("we", "us," "our", or the "Controller") collects, uses, and discloses information about individuals who use our website (https://www.unlearn.ai), applications, services, tools and features, or otherwise interact with us (collectively, the "Services"). For the purposes of this Privacy Notice, "you" and "your" means you as the user of the Services or another individual whose information we have collected pursuant to this Privacy Notice.

Please read this Privacy Notice carefully. By using any of the Services, you acknowledge that you have read and understood this Privacy Notice. If you do not agree to this Privacy Notice, please do not use or access the Services.


1. Changes to This Privacy Notice

We may modify this Privacy Notice from time to time, in which case we will update the "Effective Date" at the top of this Privacy Notice. If we make material changes to the way in which we use or disclose information we collect, we will notify you by email (if you have provided one) or by means of a prominent notice on our website before the changes take effect. If you do not agree to any updates to this Privacy Notice, please do not continue using or accessing the Services.

2. Data Controller Information

Unlearn.ai Inc. is the data controller responsible for your personal data. Our contact details are:

Unlearn.ai Inc. 303 2nd St Suite N460 San Francisco, California 94107 United States Email: compliance@unlearn.ai

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our DPO using the details set out below:

Email: dpo@unlearn.ai, Address: 303 2nd Street Ste N460, San Francisco, CA 94107

4. Collection and Use of Your Information

When you use or access the Services, we collect certain categories of information about you from a variety of sources. We process this data based on specific legal bases as outlined below.

4.1 Information You Provide to Us

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you directly submit through our Services includes:

  • Basic contact details, such as name, company, job title, and email. We use this information to create and maintain your account and provide the Services, and to communicate with you (including to tell you about products or services that may be of interest to you).
    • Legal basis: Contractual necessity, legitimate interests, or consent depending on the context
  • Account information, such as username and password. We use this information to provide the Services and to maintain and secure your account with us.
    • Legal basis: Contractual necessity
  • Applicant details, such as information included in your resume or CV, references, and job history. We use applicant details to process your application for employment and to evaluate your candidacy.
    • Legal basis: Pre-contractual steps at your request, legitimate interests
  • Any other information you choose to include in communications with us, for example, when sending a message through the Services.
    • Legal basis: Consent or legitimate interests depending on the context

4.2 Information We Collection Automatically

We also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, web beacons/clear gifs, tags, HTML 5 Browser Local Storage, and other geolocation tracking technologies, etc. ("Tracking Technologies"). Usage Data includes:

  • Device information, such as device type, operating system, unique device identifier, and internet
    protocol (IP) address.
  • Location information, such as approximate location via IP address tracking, if you choose to provide it.
  • Other information regarding your interaction with the Services, such as browser type, log data, date and time stamps, clickstream data, interactions with marketing emails, and ad impressions.

We use Usage Data to tailor features and content to you, market to you, provide you with offers or promotions, run analytics and better understand user interaction with the Services.

Legal basis: Consent or legitimate interests depending on the type of tracking technology

4.3 Information Collected From Other Sources

We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. Such information includes:

  • Analytics data we receive from analytics providers such as FullStory, Sentry and Auth0 and Google
    Analytics.
  • Information we receive from career websites, such as LinkedIn, Monster, or Indeed, which we use to
    process your application for employment.
  • Information we receive from consumer marketing databases or other data enrichment companies,
    which we use to better customize advertising and marketing to you.
  • Information we receive when you choose to link any social media platforms to your account, such
    as Facebook or Twitter, which we use to maintain your account and login information.

Legal basis: Legitimate interests or consent depending on the context

Any information we receive from outside sources will be treated in accordance with this Privacy Notice. We are not responsible for the accuracy of the information provided to us by third parties and are not responsible for any third party's policies or practices.

4.4 Special Categories of Personal Data and Sensitive Personal Information

We do not intentionally collect any special categories of personal data (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) unless:

  • You have given us your explicit consent to do so;
  • The processing is necessary to protect your vital interests or those of another person and you are physically or legally incapable of giving consent;
  • The processing relates to personal data which you have manifestly made public;
  • The processing is necessary for the establishment, exercise, or defense of legal claims; or
  • The processing is necessary for reasons of substantial public interest.

Under California law, "sensitive personal information" includes precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, and biometric information, among others. We only collect and process sensitive personal information when necessary for the purposes identified in this Privacy Notice and with appropriate safeguards in place.

Legal basis: Explicit consent or other legal bases as permitted under GDPR Article 9 and applicable US laws

5. Purposes of Processing

In addition to the specific uses described above, we may use your information for the following purposes:

  • To provide you with the Services and to maintain our business relationship
  • To enhance the safety and security of our Services (e.g., troubleshooting, data analysis, testing, system maintenance, and reporting)
  • To provide customer support
  • To send service and other non-marketing communications
  • To monitor and analyze trends
  • To conduct internal research and development
  • To comply with applicable legal obligations
  • To enforce any applicable terms of service
  • To protect the Services, our rights, and the rights of our employees, users or other individuals

We may also deidentify or anonymize your information such that it cannot reasonably be used to infer information about you or otherwise be linked to you ("deidentified information"), and we may use such deidentified information for any purpose.

6. Cookies and Other Tracking Technologies

As described above, we collect Usage Data through Tracking Technologies, including Google Analytics and FullStory, Sentry and Auth0.

For example, we use FullStory to better understand our users' experience, (e.g. how much time they spend on which pages, which links they choose to click, what users do and don't like, etc.) and this enables us to build and maintain the Services with user feedback. FullStory uses cookies and other technologies to collect this information and process it on our behalf.

We use the following categories of cookies:

  • Strictly necessary cookies: These cookies are essential for you to browse the website and use its
    features, such as accessing secure areas of the site. These cookies cannot be turned off.
  • Functional cookies: These cookies allow our website to remember choices you have made in the past, like what language you prefer, or what your user name and password are so you can automatically log in.
  • Analytics cookies: These cookies collect information about how you use a website, like which pages you visited and which links you clicked on. Their sole purpose is to improve website functions.
  • Marketing cookies: These cookies track your online activity to help advertisers deliver more relevant
    advertising or to limit how many times you see an ad.

You can control the use of non-essential cookies through our cookie consent banner or cookie preference center. Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of cookies. If you so choose, you may block or delete certain of our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including any portal features and general functionality, to work incorrectly.

To opt out of tracking by Google Analytics, click here.

7. Legal Bases for Processing

Under the GDPR, we must have a legal basis for processing your personal data. The legal bases we rely on include:

  • Consent: Where you have given us clear consent to process your personal data for a specific purpose.
  • Contractual necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Vital interests: Where processing is necessary to protect someone's life.
  • Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate
    interests of a third party, unless there is a good reason to protect your personal data which overrides
    those legitimate interests.

Where we rely on legitimate interests, these interests include:

  • Providing, improving, and securing our Services
  • Marketing our products and services
  • Understanding how our Services are used
  • Preventing fraud and ensuring network security
  • Managing our business operations efficiently


8. Disclosure of Your Information

We may disclose your information to third parties for legitimate purposes subject to this Privacy Notice, including the following categories of third parties:

  • Vendors or other service providers who help us provide the Services, including for system
    administration, cloud storage, security, customer relationship management, marketing communications, web analytics, location tracking and website routing, and payment processing.
  • Third parties for marketing purposes, where you have consented to such sharing.
  • Third parties to whom you request or direct us to disclose information, such as through your use of
    social media widgets or login integration.
  • Professional advisors, such as auditors, law firms, or accounting firms.
  • Third parties in connection with or anticipation of an asset sale, merger, or other business
    transaction    , including in the context of a bankruptcy.

We may also disclose your information as needed to comply with applicable law or any obligations thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any applicable terms of service, and to ensure the safety and security of our business, employees, and users.

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) or your country of residence. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European
    Commission which give personal data the same protection it has in Europe (Standard Contractual
    Clauses).
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10. Data Retention

We retain your information for as long as is reasonably necessary for the purposes specified in this Privacy Notice. When determining the length of time to retain your information, we consider various criteria, including:

  • The purpose for which we collected or processed the data
  • Our legal obligations under applicable law to retain data for certain periods
  • Statute of limitations under applicable law
  • Potential disputes
  • Guidelines issued by relevant data protection authorities

Specifically, we typically retain:

  • Account information for as long as your account is active plus 5 years, unless a longer retention period is required or permitted by law.
  • Marketing information for up to 2 years after your last interaction with us.
  • Website usage data for up to 2 years.
  • Applicant information for up to 2 years after the conclusion of the application process.

11. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Despite our reasonable efforts to protect your information, no security measures are impenetrable, and we cannot guarantee "perfect security." Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Your Rights

Depending on your location, you may have certain rights in relation to your personal data:

12.1 Rights Under GDPR (European Economic Area, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right to access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete
    personal data we hold about you.
  • Right to erasure: You have the right to request that we delete your personal data in certain
    circumstances.
  • Right to restrict processing: You have the right to request that we restrict the processing of your
    personal data in certain circumstances.
  • Right to data portability: You have the right to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.
  • Right to object: You have the right to object to our processing of your personal data based on legitimate interests, for direct marketing purposes, or for scientific/historical research and statistics.
  • Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

12.2 Rights Under California Privacy Laws

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: You have the right to know what personal information we collect, use, disclose, and sell
    about you.
  • Right to delete: You have the right to request deletion of personal information that we collect from you, subject to certain exceptions.
  • Right to correct: You have the right to request correction of inaccurate personal information.
  • Right to opt-out of sale or sharing: You have the right to opt out of the sale or sharing of your personal information.
  • Right to limit use and disclosure of sensitive personal information: You have the right to limit the use
    and disclosure of sensitive personal information.
  • Right to non-discrimination: You have the right not to be discriminated against for exercising your
    CCPA rights.

To exercise your California privacy rights, please click on the "Do Not Sell or Share My Personal Information" link on our website or contact us using the information in the "Contacting Us" section below.

12.3 Rights Under Other US State Privacy Laws

If you are a resident of Colorado, Connecticut, Delaware, Florida, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, or Virginia, you may have similar rights to access, delete, correct, and opt out of the sale of your personal information under your state's privacy law.

12.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at compliance@unlearn.ai. We will respond to your request within the timeframe required by applicable law. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

13. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

14. Automated Decision-Making and AI Technology

As an AI healthtech company, we use artificial intelligence and automated decision-making in our Services. When we use automated decision-making that has a significant effect on you, we will:

  • Provide meaningful information about the logic involved
  • Explain the significance and envisaged consequences of such processing
  • Ensure human oversight and intervention where appropriate
  • Implement appropriate technical and organizational measures to ensure the accuracy and fairness of our AI systems

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except in certain circumstances permitted by law.

15. Healthcare Data and HIPAA Compliance

As a healthtech company, we may process healthcare data that is subject to specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA). When we act as a business associate under HIPAA, we comply with all applicable requirements, including:

  • Implementing appropriate safeguards to protect the privacy and security of protected health information
  • Limiting uses and disclosures of protected health information
  • Providing individuals with their rights with respect to their protected health information
  • Complying with breach notification requirements

Our processing of healthcare data is also subject to state-specific health privacy laws, such as the Washington My Health My Data Act, where applicable.

16. Social Features

Certain features of the services allow you to initiate interactions between the services and third-party services or platforms, such as social networks ("social features"). Social features include features that allow you to access our pages on third-party platforms, and from there "like" or "share" our content. Use of social features may allow a third party to collect and/or use your information. If you use social features, information you post or make accessible may be publicly displayed by the third-party service. Both we and the third party may have access to information about you and your use of both the services and the third-party service.

17. Third Party Websites and Links

We may provide links to third-party websites or platforms. If you follow links to sites or platforms that we do not control and are not affiliated with us, you should review the applicable privacy notice, policies and other terms. We are not responsible for the privacy or security of, or information found on, these sites or platforms. Information you provide on public or semi-public venues, such as third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

18. Do Not Track Signals

Your browser settings may allow you to transmit a "Do Not Track" signal when you visit various websites. Like many websites, our website is not designed to respond to "Do Not Track" signals received from browsers. To learn more about "Do Not Track" signals, you can visit http://www.allaboutdnt.com/.

19. Changes to This Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time in accordance with our requirements and circumstances, or where required by applicable laws and regulations. We encourage you to periodically review this page for the latest information on our privacy practices. If major changes occur to this Privacy Policy, we may inform you via email or another manner that we believe reasonably likely to reach you.

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Services.

20. Contacting Us

Should you have any questions about our privacy practices or this Privacy Notice, or if you wish to exercise any of your rights in relation to your personal data, please contact us at: Email: compliance@unlearn.ai Address: 303 2nd St Suite N460, San Francisco, California 94107, United States

The AI partner of choice for top pharma and biotechs
Contact Us
Evidence
Evidence PageDigital Twin Generators
Research
Artificial IntelligenceClinical Research
company
AboutCareersBlogPress
Connect
© 2025 Unlearn.ai, Inc. All rights reserved.
TermsPrivacyData Acknowledgements