Privacy Policy

Inspace Inc. ("inspace," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains
how we collect, use, store, disclose, and protect personal information in connection with our AI Workplace Agent
platform, website, mobile applications, and related services (collectively, the "Services"). It applies to all users
including enterprise administrators, employees of our customers, and website visitors.

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please
discontinue use. Enterprise customers who have executed a Data Processing Agreement (DPA) with inspace should refer to that agreement, which governs in the event of any conflict with this Policy.

1. Who We Are

Inspace Inc. is a Delaware corporation headquartered in Boston, Massachusetts, USA. We operate an autonomous
AI Workplace Agent platform deployed across enterprises in multiple countries. Our platform orchestrates workplace resources including desk and room booking, visitor management, employee services, building integrations, and AI-powered interactions.

For inquiries regarding this Policy or your data rights, contact our Privacy Officer at: support@inspace.app or by
mail at: Inspace Inc., 77 Sleeper Street, Boston, MA 02210, USA.

2. Scope of This Policy

This Policy applies to personal information processed through:

• The inspace web and mobile applications
• The inspace AI Agent (including Voice AI, Slack AI Agent, and chat interfaces)
• Visitor management and AI Receptionist functionality
• Integrations with third-party systems (e.g. Microsoft 365, Google Workspace, Slack, Teams, building
management systems)
• The inspace.app website and any related marketing pages
• API access for enterprise deployments

This Policy does not apply to third-party services or applications that you connect to inspace. Those services are governed by their own privacy policies.

3. Information We Collect

3.1 Information You Provide Directly

• Account registration details: name, email address, job title, company name
• Profile information: photo, phone number, communication preferences
• Visitor information you enter when pre-registering guests
• Service requests, messages sent to AI Agents, and form submissions
• Support inquiries and feedback

3.2 Information Collected Automatically

• Usage Data: space bookings, check-ins, cancellations, resource interactions, feature usage
• Device Data: IP address, device type, operating system, browser type, unique device identifiers
• Location Data: floor-level or zone-level presence data derived from network or NFC/BLE signals (where
enabled)
• Voice and Interaction Data: transcripts or logs of voice commands and AI Agent conversations (where Voice
AI is enabled)
• Sensor and Integration Data: occupancy signals from connected sensors, access control events, HVAC and
lighting interaction data (where building integrations are active)
• Log Data: server logs, error reports, timestamps, and session information

3.3 Information from Third Parties

• Directory and identity data synced from your employer's SSO provider (e.g. Google
Workspace, M365, OneLogin, Okta)
• Calendar availability data from integrated calendar systems
• Visitor data submitted by hosts or reception teams
• Data provided by your employer (as our enterprise customer) in connection with platform configuration and
deployment

3.4 Aggregated and De-identified Data

We may aggregate and de-identify personal information to generate anonymized workplace analytics and
benchmarks. This data cannot reasonably be used to identify you and is not subject to this Policy.

4. How We Use Your Information

We process your personal information for the following purposes and on the following legal bases:

Purpose Legal Basis

• Providing and operating the Services: Contract performance; Legitimate interests
• AI Agent processing (voice, chat, booking orchestration): Contract performance; Consent (where required)
• Identity verification and access control: Contract performance; Legal obligation
• Visitor management and AI Receptionist features: Contract performance; Legitimate interests
• Workplace analytics and space utilization reporting: Legitimate interests; Contract performance
• Service improvement and AI model optimization: Legitimate interests (see Section 7)
• Security monitoring and fraud prevention: Legitimate interests; Legal obligation
• Legal compliance and regulatory obligations: Legal obligation
• Marketing communications (with opt-out): Consent; Legitimate interests
• Responding to support requests: Contract performance; Legitimate interests

5. AI Processing and Voice Data
Where you or your employer enables Voice AI or conversational AI Agent features, inspace may process voice
commands, natural language queries, and AI conversation logs to execute workplace actions on your behalf. This
data is used solely to fulfill the requested action and improve response accuracy.

We do not use voice or conversation data to build advertising profiles or sell data to third parties. Enterprise
customers may configure data retention settings for AI interaction logs. Where an employer deploys Voice AI, employees should be informed of this capability by their employer as part of workplace privacy notices.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on the inspace website and web application to:

• Authenticate sessions and maintain login state
• Remember user preferences and settings
• Measure usage patterns and improve platform performance
• Support security features and fraud prevention

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain
until deleted or expired). You may configure your browser to refuse cookies, though this may affect platform
functionality. We do not use cookies for behavioral advertising.

7. How We Share Your Information


7.1 With Your Employer (Enterprise Customers)
If you access inspace through your employer, your employer is our customer and acts as a data controller for your
personal data within the platform. We process that data on their behalf as a data processor. Your employer's
workplace and HR policies govern how they access and use your data within inspace.

7.2 With Service Providers (Sub-processors)

We share personal information with trusted third-party service providers who assist in operating our platform,
including cloud infrastructure, AI processing, analytics, customer support, and security services. All sub-processorsare bound by data processing agreements and may not use your data for their own purposes. A current list of our sub-processors is available upon request at support@inspace.app.

7.3 Integrations You Authorize

When you or your administrator connects inspace to third-party services (e.g. Slack, Microsoft Teams, Google
Calendar, M365, building management systems), data may be exchanged with those services as necessary to
provide the integration. inspace is not responsible for the privacy practices of third-party services.

7.4 Legal Disclosures

We may disclose personal information when required by law, court order, subpoena, or government investigation, or where disclosure is necessary to protect the rights, property, or safety of inspace, our customers, or others. We will notify affected parties where legally permitted to do so.

7.5 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

7.6 What We Do Not Do

• We do not sell your personal information to third parties
• We do not share personal information with advertisers
• We do not use workplace data to train general-purpose AI models without explicit consent

8. International Data Transfers

inspace operates globally, with infrastructure hosted primarily in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home country.

Where such transfers occur, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement (IDTA) where applicable
• Data Processing Agreements with all enterprise customers and sub-processors

For more information about our international transfer mechanisms, contact support@inspace.app.

9. Data Security

inspace implements industry-standard technical and organizational security measures to protect your personal
information, including:

• TLS/SSL encryption for all data in transit
• Encryption at rest for stored personal data
• Role-based access controls limiting internal data access to authorized personnel
• Multi-factor authentication for administrative access
• Regular security assessments and penetration testing
• Incident response procedures with customer notification obligations

In the event of a data breach affecting your personal information, we will notify affected parties and relevant
supervisory authorities as required by applicable law, typically within 72 hours of becoming aware.

No method of transmission over the Internet is 100% secure. Account holders are responsible for maintaining the confidentiality of their credentials and should notify us immediately of any unauthorized access.

10. Data Retention
We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Policy, or as required by applicable law. General retention guidelines:

Data Type Retention Period

• Account and profile data: Duration of account + 90 days post-deletion
• Booking and usage logs: 24 months (configurable by enterprise admin)
• AI Agent conversation logs: 90 days (configurable by enterprise admin)
• Visitor records: 12 months or as set by enterprise admin
• Security and access logs: 12 months
• Financial and billing records: 7 years (legal requirement)

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:
• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request transfer of your personal information in a machine-readable format.
• Restriction: Request that we limit how we process your personal information in certain circumstances.
• Objection: Object to processing based on legitimate interests, including profiling.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without
affecting prior processing.
• Opt-out of Marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in
any email or by contacting us.

To exercise any of these rights, contact us at support@inspace.app. We will respond within 30 days (or as required by applicable law). If you are an employee accessing inspace through your employer, some requests may need to be directed to your employer as the data controller.

CCPA / CPRA Rights (California Residents)

California residents have additional rights under the CCPA/CPRA, including the right to know what personal
information is collected, the right to opt-out of the sale or sharing of personal information (we do not sell or share
personal information for cross-context behavioral advertising), and the right to non-discrimination for exercising
privacy rights. To submit a CCPA request, email support@inspace.app with the subject line "CCPA Privacy
Request."

GDPR Rights (EEA / UK Residents)

If you are located in the EEA or UK, you have rights under GDPR / UK GDPR as described above. You also have the
right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or your national DPA in the
EU) if you believe your rights have been violated.

12. Children's Privacy

Our Services are designed for use by professionals in enterprise workplace environments and are not directed at
individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will delete it promptly.

13. Third-Party Links and Integrations

Our platform may contain links to third-party websites or connect with third-party services. inspace is not responsible for the privacy practices of those services. We encourage you to review the privacy policies of any third-party services you access through inspace.

14. California Privacy and Wiretapping Disclosure (CIPA)

This section applies to visitors and users located in California and is provided in compliance with the California
Invasion of Privacy Act (CIPA) and related statutes.

14.1 No Unlawful Interception

inspace does not use session replay tools, real-time communication interception technology, or any third-party
scripts designed to intercept the content of your communications without disclosure. Any data collected through our
website or platform is collected with your knowledge and consent as described in this Policy.

14.2 Third-Party Tools Disclosure

Our website and platform may use third-party tools for analytics, customer support, and service operations (such as chat support widgets, error monitoring, and usage analytics). Where such tools process communications or
interaction data, they do so as service providers acting on our behalf and are contractually prohibited from using that data for their own purposes. By using our Services, you consent to this processing as disclosed herein.

14.3 Consent to Monitoring
By accessing the inspace website or using our Services, you expressly acknowledge and consent to the collection of interaction data as described in this Privacy Policy. This consent satisfies any applicable notice and consent
requirements under CIPA, the Electronic Communications Privacy Act (ECPA), and similar laws.

15. Dispute Resolution and Arbitration Agreement

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO
FILE A LAWSUIT IN COURT.

15.1 Informal Resolution First
Before initiating any formal dispute, you agree to contact us at support@inspace.app and give us 30 days to
attempt to resolve the issue informally. Most concerns can be resolved quickly this way.

15.2 Binding Individual Arbitration
If informal resolution fails, you and Inspace Inc. agree that any dispute, claim, or controversy arising out of or relating to this Privacy Policy, the Services, or the collection, use, or disclosure of your personal information - including any claims arising under CIPA, the CCPA, ECPA, or similar privacy statutes - shall be resolved exclusively by binding individual arbitration administered by JAMS under its applicable rules, except as stated in Section 15.4.
The arbitration shall be conducted by a single arbitrator in Boston, Massachusetts, or via videoconference. The
arbitrator shall apply applicable substantive law. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

15.3 Class Action Waiver

YOU AND INSPACE INC. EACH WAIVE THE RIGHT TO PARTICIPATE IN A CLASS ACTION, CLASS
ARBITRATION, REPRESENTATIVE ACTION, OR PRIVATE ATTORNEY GENERAL ACTION. All disputes must
be brought in your individual capacity only, and not as a plaintiff or class member in any purported class or
representative proceeding. The arbitrator may not consolidate more than one person's claims.

15.4 Exceptions

This arbitration agreement does not apply to: (a) claims that qualify for small claims court; (b) claims for injunctive or equitable relief to protect intellectual property rights; or (c) claims that applicable law expressly requires to be
resolved in court.

15.5 Opt-Out Right
You may opt out of this arbitration agreement within 30 days of first accepting this Privacy Policy by sending written notice to support@inspace.app with the subject line "Arbitration Opt-Out" and including your name and the email address associated with your account. Opting out does not affect any other terms of this Policy.

15.6 Governing Law

This Privacy Policy and any disputes arising hereunder shall be governed by the laws of the Commonwealth of
Massachusetts, without regard to its conflict of law provisions, except where superseded by applicable federal law.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal
requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated Policy on our website with a new effective date
• Sending an email notification to registered account holders
• Displaying an in-app notification where appropriate

Your continued use of the Services after the effective date of any updated Policy constitutes acceptance of the
revised terms.

17. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact:

Privacy Officer: support@inspace.app
General Inquiries: hello@inspace.app
Mailing Address: Inspace Inc., 77 Sleeper Street, Boston, MA 02210, USA
DPA Requests: support@inspace.app (subject: DPA Request)

This Privacy Policy was last updated on April 20, 2025. Previous versions are available upon request.