Privacy Policy

Last updated: February 1, 2026

Thest ("we," "our," or "us") is committed to protecting the privacy of individuals who visit our website, engage with our services, or otherwise interact with our company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at thest.io or use any of our AI consulting services.

By accessing our website or engaging our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our website or services.

Information We Collect

We collect information that you provide directly to us, as well as information that is gathered automatically when you interact with our website and services. The types of information we may collect include:

• Personal identification information: name, email address, phone number, job title, and company name, provided when you fill out a contact form, subscribe to our newsletter, or engage us for consulting services.
• Account and billing information: billing address, payment method details, and invoicing information necessary to process payments for our consulting engagements.
• Professional information: resume or CV data, LinkedIn profile details, and professional background information submitted through our careers page or partnership inquiries.
• Communications data: any messages, feedback, questions, or other content you send to us via email, contact forms, or other communication channels.
• Technical information: IP address, browser type and version, operating system, device type, screen resolution, referring URLs, pages visited, time and date of visits, and other diagnostic data collected automatically through cookies and similar technologies.
• Usage data: information about how you navigate and interact with our website, including click patterns, scroll depth, session duration, and feature usage.

How We Use Your Information

We use the information we collect for a variety of business and operational purposes, including:

• Service delivery: to provide, operate, and maintain our AI consulting services, including project scoping, solution design, model development, deployment, and ongoing support.
• Communication: to respond to your inquiries, send project updates, deliver requested information, and provide customer support.
• Marketing and outreach: to send newsletters, industry insights, event invitations, and promotional materials about our services, where you have opted in to receive such communications.
• Website improvement: to analyze usage patterns, diagnose technical issues, optimize user experience, and improve the content and functionality of our website.
• Security and fraud prevention: to detect, prevent, and address security incidents, fraudulent activity, and other harmful or unauthorized actions.
• Legal compliance: to comply with applicable laws, regulations, legal processes, and government requests.
• Business operations: to manage our internal business processes, including billing, accounting, auditing, and record-keeping.
• Recruitment: to evaluate candidates who apply for positions through our careers page and manage the hiring process.

Information Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

• Service providers: we engage trusted third-party companies and individuals to perform services on our behalf, such as cloud hosting, email delivery, analytics, payment processing, and customer relationship management. These providers are contractually obligated to protect your data and may only use it to perform the services we have engaged them for.
• Business transfers: in the event of a merger, acquisition, reorganization, bankruptcy, or other corporate transaction, your information may be transferred as part of the business assets. We will notify you of any such change and the choices you may have regarding your information.
• Legal requirements: we may disclose your information if required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• With your consent: we may share your information with third parties when you have given us explicit consent to do so.
• Aggregated or de-identified data: we may share aggregated or de-identified information that cannot reasonably be used to identify you, for purposes such as industry benchmarking, research, or analytics.

Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest.
• Regular security assessments, penetration testing, and vulnerability scanning of our infrastructure and applications.
• Strict access controls and role-based permissions ensuring that only authorized personnel can access personal data on a need-to-know basis.
• Employee security awareness training conducted on a regular basis to maintain a strong security culture.
• Incident response procedures to promptly identify, contain, and remediate any data security incidents.
• SOC 2 Type II and ISO 27001 compliance to ensure our processes meet rigorous industry standards.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our safeguards.

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand how visitors interact with our content. Cookies are small data files stored on your device when you visit a website.

We use the following types of cookies:

• Essential cookies: these are necessary for the website to function properly. They enable core features such as page navigation, secure areas access, and cookie consent preferences. These cookies do not collect personally identifiable information.
• Analytics cookies: these help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve our website structure, content, and user experience.
• Functional cookies: these allow the website to remember choices you make, such as your preferred language or region, and provide enhanced, more personalized features.
• Marketing cookies: these may be set through our site by advertising partners. They may be used to build a profile of your interests and show you relevant content on other sites. They do not directly store personal information but uniquely identify your browser and device.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality and your experience on our website. When you first visit our site, a cookie consent banner will allow you to accept or decline non-essential cookies.

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These rights may include:

• Right of access: you may request a copy of the personal information we hold about you.
• Right to rectification: you may request that we correct any inaccurate or incomplete personal information.
• Right to erasure: you may request the deletion of your personal information, subject to certain legal exceptions.
• Right to restrict processing: you may request that we limit the ways in which we use your personal information.
• Right to data portability: you may request a copy of your personal information in a structured, commonly used, and machine-readable format.
• Right to object: you may object to the processing of your personal information for certain purposes, including direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at privacy@thest.io. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may ask you to verify your identity before fulfilling your request.

Third-Party Services

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by Thest. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices or content of any third-party sites.

We may use third-party services in the course of operating our business, including but not limited to:

• Cloud infrastructure providers (e.g., Amazon Web Services, Google Cloud Platform, Microsoft Azure) for hosting, data storage, and computing resources.
• Analytics platforms (e.g., Google Analytics) for website traffic analysis and performance monitoring.
• Email service providers for delivering newsletters, transactional emails, and marketing communications.
• Payment processors for securely handling billing and payment transactions.
• Customer relationship management (CRM) tools for managing client interactions and project communications.

Each of these third-party providers has its own privacy policy governing the use of your information. We encourage you to review the privacy policies of any third-party services you interact with through our website.

Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have inadvertently collected personal information from a child under 16, we will take prompt steps to delete such information from our records.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@thest.io so that we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, providing additional notice such as an email notification or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@thest.io
• General inquiries: info@thest.io
• Contact form: thest.io/contact

We take every privacy inquiry seriously and will do our best to address your concerns promptly and thoroughly.