Privacy Policy (v1.0) — Art2link ESB

Effective Date: January 1, 2026
Company: Cerebrum City Corporation (“Cerebrum City”, “we”, “us”)
Product: Art2link ESB (the “Product”)
Contact: privacy@cerebrumcity.com | 730 Peachtree St NE, Atlanta, GA 30308 

1 Scope

This Privacy Policy explains how we collect, use, disclose, and retain information when you: 

• install or use Art2link ESB in your Azure tenant/subscription (“Customer Deployment”), 
• purchase subscriptions or services from us, or 
• contact us for support. 

We do not operate a consumer marketing website with cookies or tracking at this time.

2 Roles and Responsibilities

Customer Deployments. The Product is deployed into the customer’s Azure tenant/subscription. The customer controls their own data stored and processed in that environment. 

Cerebrum City as Controller. Cerebrum City acts as an independent data controller for: 

• subscription administration and licensing, 

• our licensing/instance validation service data (described below), 

• communications and support administration. 

Cerebrum City as Processor (only when engaged). If you hire us for production support and grant access to your environment or provide logs that include personal data, we may act as a data processor for that support activity, limited to what is necessary to perform the services.

3 Information We Collect

3.1 Licensing and Instance Validation Data (collected centrally by us) 

To maintain subscription status and validate the installed instance, our license/validation service stores: 

• Tenant/owner identifier for the deployment (the Azure tenant that installed it), 

• Product version of the deployed instance, 

• Daily step count (aggregate number of “steps” executed in a 24-hour period), 

• timestamps associated with reporting/validation, 

• subscription status (active, expired, non-payment, etc.). 

A “Step” is a unit of measure representing an execution unit within the Product (for example, a map/transformation, or a connection to a system or database). The Product exposes Steps to users to display and track transactions configured by the user. 

We do not collect message payloads, business content, user activity logs, IP addresses, or error traces as part of standard telemetry. Standard telemetry is limited to the daily step count and the metadata above. 

3.2 Support and Professional Services Data (only if you engage us) 

If you purchase production support or professional services, we may process: 

• contact and account details (name, work email, phone, role), 

• support tickets, communications, and attachments/log exports you provide, 

• access credentials or temporary access you grant (if applicable). 

By default, Cerebrum City does not have access to customer resources. 

3.3 Payment and Contract Administration 

We may store billing and contract information necessary to manage subscriptions and services.

4 How We Use Information

We use collected information to: 

• validate subscription status and maintain instance licensing, 

• calculate and verify the daily step count for subscription administration, 

• provide customer support and professional services (when purchased), 

• comply with legal obligations and enforce our agreements, 

• protect the security and integrity of our services.

5 Remote Disablement for Non-Payment

If subscription fees are not paid, the Product may be remotely disabled/shut down through licensing enforcement, as described in the applicable agreement(s). 

6 Sharing and Disclosure

We do not sell personal information. 

We may disclose information: 

• to service providers that help us operate licensing/subscription operations (if any), bound by confidentiality and appropriate safeguards, 

• to comply with law, regulation, or legal process, 

• to protect rights, safety, and prevent fraud, 

• in connection with a corporate transaction (merger, acquisition, asset sale), consistent with applicable law.

7 Data Retention

We retain licensing/instance validation data and related subscription records until 90 days after contract expiration, unless a longer retention period is required by law or necessary to resolve disputes. 

Support records may be retained for the same period, or longer if required for legal/contractual reasons. 

8 Security

We use reasonable administrative, technical, and organizational safeguards appropriate to the nature of the data we store. 

Customer Deployments are controlled by the customer. Security posture depends on customer configuration and edition: 

• Starter Edition may use a locally configured SQL admin account for DB access and storage access keys within the customer environment. 

• Enterprise Edition is designed for RBAC-based access in the customer environment. 

Cerebrum City is not granted access by default. 

9 Geographic Scope

We currently sell to customers in the United States. If we expand to other regions, we will update this policy and, where applicable, add required contractual terms. 

10 Your Choices and Rights

For subscription/admin data, you can request access, correction, or deletion where applicable by contacting: privacy@cerebrumcity.com. 

For Customer Deployment data under the customer’s control, requests should be directed to the customer (as controller). 

11 Changes

We may update this Privacy Policy. Updates become effective on the posted Effective Date. 

12 Contact

Cerebrum City Corporation
730 Peachtree St NE, Atlanta, GA 30308
privacy@cerebrumcity.com